Newfie Dave
-
Posts
9 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by Newfie Dave
-
-
MBAM & HJT Logs Below:
Malwarebytes' Anti-Malware 1.33
Database version: 1683
Windows 5.1.2600 Service Pack 3
1/23/2009 12:11:55 PM
mbam-log-2009-01-23 (12-11-55).txt
Scan type: Quick Scan
Objects scanned: 56293
Time elapsed: 7 minute(s), 47 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
AND HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:22:40 PM, on 1/23/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tsn.ca/nhl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [msnsyslog] C:\WINDOWS\msnlogm.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MalwareRemovalBot] C:\Program Files\MalwareRemovalBot\MalwareRemovalBot.exe -boot
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {00000000-0000-0000-0000-000020050660} - http://207.234.185.217/ABoxInst_int15.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/...031/CTSUEng.cab
O16 - DPF: {666006C6-C743-11D5-BA02-00C04F2EFC0F} - https://portal.abitibiconsolidated.com/Port...ca32/icaweb.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: Applets - C:\WINDOWS\system32\wwpns.dll (file missing)
O20 - Winlogon Notify: OptimalLayout - C:\WINDOWS\system32\nv0029dmg.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
O24 - Desktop Component 0: (no name) - http://www.ski-doo.com/NR/rdonlyres/7037FA..._thumbnails.jpg
--
End of file - 8879 bytes
Still getting the Popup Warning Window.
-
MBAM & HJT Logs Below:
Malwarebytes' Anti-Malware 1.33
Database version: 1683
Windows 5.1.2600 Service Pack 3
1/23/2009 12:11:55 PM
mbam-log-2009-01-23 (12-11-55).txt
Scan type: Quick Scan
Objects scanned: 56293
Time elapsed: 7 minute(s), 47 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
AND HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:22:40 PM, on 1/23/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tsn.ca/nhl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [msnsyslog] C:\WINDOWS\msnlogm.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MalwareRemovalBot] C:\Program Files\MalwareRemovalBot\MalwareRemovalBot.exe -boot
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {00000000-0000-0000-0000-000020050660} - http://207.234.185.217/ABoxInst_int15.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/...031/CTSUEng.cab
O16 - DPF: {666006C6-C743-11D5-BA02-00C04F2EFC0F} - https://portal.abitibiconsolidated.com/Port...ca32/icaweb.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: Applets - C:\WINDOWS\system32\wwpns.dll (file missing)
O20 - Winlogon Notify: OptimalLayout - C:\WINDOWS\system32\nv0029dmg.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
O24 - Desktop Component 0: (no name) - http://www.ski-doo.com/NR/rdonlyres/7037FA..._thumbnails.jpg
--
End of file - 8879 bytes
Still getting the Popup Warning Window.
-
Thank you for the reply. I will post all requested once complete.
D
-
Thank You for your time
-
We cannot help you because you have been using cracks.
Whats a crack?
-
Hi.
Download Lop S&D < here
Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)
As requested:
--------------------\\ Lop S&D 4.2.5-0 XP/Vista
Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel Pentium III processor )
BIOS : Award Modular BIOS v4.51PG
USER : Karen ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:38 Go (Free:9 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( Wed 01/21/2009|17:56 )
--------------------\\ Listing folders in APPLIC~1
[06/09/2003|08:56] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Identities
[12/06/2008|10:30] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft
[08/02/2006|09:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> 1.0.0.0
[08/18/2008|06:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[05/20/2005|11:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe Systems
[11/19/2007|05:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple
[11/19/2007|05:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[09/11/2004|06:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> ArcSoft
[12/06/2008|11:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> avg8
[01/21/2009|12:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Avira
[09/01/2005|08:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Babylon
[03/21/2005|07:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> BeInSync Settings
[11/25/2006|07:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Borland
[10/07/2005|02:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InstallShield
[12/06/2008|09:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Kaspersky Lab Setup Files
[12/07/2003|09:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Kazaa
[05/16/2006|02:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Kodak
[05/01/2005|04:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Macromedia
[04/12/2005|04:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Macrovision
[01/19/2009|08:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes
[04/23/2008|07:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> MediaLife
[01/25/2007|09:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[09/16/2003|04:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> MSN6
[10/01/2005|07:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> pixelStorm
[06/20/2008|05:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Pure Networks
[06/04/2003|01:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> QuickTime
[02/05/2006|10:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SkillJam
[01/12/2009|10:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SkillRide
[03/28/2006|03:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spybot - Search & Destroy
[04/11/2005|04:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Symantec
[08/08/2007|10:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP
[09/29/2007|08:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Trymedia
[10/07/2003|09:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Ulead Systems
[03/29/2005|12:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Viewpoint
[08/08/2007|09:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WildTangent
[09/10/2005|01:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage
[01/04/2008|04:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WLInstaller
[03/08/2007|09:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> yahoo!
[03/08/2007|09:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Yahoo! Companion
[06/04/2003|10:04] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft
[10/02/2005|05:19] C:\DOCUME~1\Karen\APPLIC~1\<DIR> .bt2
[12/08/2008|09:51] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Adobe
[12/16/2003|12:47] C:\DOCUME~1\Karen\APPLIC~1\<DIR> AdobeUM
[03/28/2006|03:44] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Aim
[01/11/2006|03:53] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Apple Computer
[12/25/2003|08:38] C:\DOCUME~1\Karen\APPLIC~1\<DIR> ArcSoft
[12/06/2008|11:23] C:\DOCUME~1\Karen\APPLIC~1\<DIR> AVGTOOLBAR
[03/21/2005|08:10] C:\DOCUME~1\Karen\APPLIC~1\<DIR> BeInSync
[12/31/2006|02:51] C:\DOCUME~1\Karen\APPLIC~1\<DIR> BitTorrent
[08/24/2007|12:36] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Camfrog
[10/07/2005|02:11] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Corel
[12/27/2005|11:57] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Creative
[04/23/2008|07:59] C:\DOCUME~1\Karen\APPLIC~1\<DIR> CyberLink
[12/16/2003|09:22] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Freedom
[06/26/2006|07:16] C:\DOCUME~1\Karen\APPLIC~1\<DIR> GewfieNoofy
[11/19/2005|07:18] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Google
[11/28/2006|05:49] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Help
[01/12/2007|09:30] C:\DOCUME~1\Karen\APPLIC~1\<DIR> ICAClient
[03/08/2007|10:39] C:\DOCUME~1\Karen\APPLIC~1\<DIR> ICQ
[09/21/2004|05:14] C:\DOCUME~1\Karen\APPLIC~1\<DIR> ICQLite
[07/28/2003|02:41] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Identities
[11/01/2003|10:20] C:\DOCUME~1\Karen\APPLIC~1\<DIR> ieSpell
[06/26/2006|07:31] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Ilikebeans
[04/06/2005|11:47] C:\DOCUME~1\Karen\APPLIC~1\<DIR> IsolatedStorage
[12/07/2003|12:44] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Kazaa Lite
[03/28/2006|03:41] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Lavasoft
[05/01/2005|04:56] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Macromedia
[01/19/2009|08:51] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Malwarebytes
[01/19/2009|08:36] C:\DOCUME~1\Karen\APPLIC~1\<DIR> MalwareRemovalBot
[04/23/2008|07:57] C:\DOCUME~1\Karen\APPLIC~1\<DIR> MediaLife
[08/20/2008|05:56] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Microsoft
[01/14/2007|07:19] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Mozilla
[09/16/2003|04:03] C:\DOCUME~1\Karen\APPLIC~1\<DIR> MSN6
[10/10/2005|09:32] C:\DOCUME~1\Karen\APPLIC~1\<DIR> NetMedia Providers
[11/15/2005|08:04] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Opera
[04/28/2007|09:50] C:\DOCUME~1\Karen\APPLIC~1\<DIR> OTVREG
[10/21/2006|05:33] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Paltalk
[02/16/2006|02:28] C:\DOCUME~1\Karen\APPLIC~1\<DIR> PC Tools
[10/10/2005|09:32] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Publish Providers
[01/11/2007|09:17] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Real
[07/01/2005|10:10] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Registry Cleaner
[05/15/2006|02:08] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Rogers Yahoo! Messenger
[06/23/2004|03:54] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Shockwave.com
[12/16/2006|01:48] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Skype
[02/01/2004|01:06] C:\DOCUME~1\Karen\APPLIC~1\<DIR> SmartDraw
[03/23/2006|08:35] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Sonic Foundry
[11/28/2005|03:47] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Sony
[09/11/2004|12:49] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Sun
[06/20/2003|04:41] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Symantec
[10/14/2006|04:13] C:\DOCUME~1\Karen\APPLIC~1\<DIR> teamspeak2
[08/22/2003|03:46] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Ulead Systems
[08/24/2007|07:01] C:\DOCUME~1\Karen\APPLIC~1\<DIR> WildTangent
[03/09/2007|07:01] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Yahoo!
[08/11/2003|03:19] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Yahoo! Messenger
[07/18/2006|03:45] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Macromedia
[12/06/2008|10:30] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft
[12/06/2008|10:30] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft
--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks
[01/21/2009 03:00 AM][--a------] C:\WINDOWS\tasks\MalwareRemovalBot Scheduled Scan.job
[01/20/2009 05:31 PM][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[01/21/2009 05:00 PM][--ah-----] C:\WINDOWS\tasks\9406B6C39551419B.job
[01/21/2009 04:39 PM][--a------] C:\WINDOWS\tasks\Symantec NetDetect.job
[01/20/2009 12:32 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/23/2001 08:30 AM][-rah-----] C:\WINDOWS\tasks\desktop.ini
( 9406B6C39551419B.job )=( c:\docume~1\karen\applic~1\thisus~1\TitleTickEq.exe )
--------------------\\ Listing Folders in C:\Program Files
[12/08/2008|09:51] C:\Program Files\<DIR> Adobe
[10/09/2005|08:16] C:\Program Files\<DIR> Ahead
[11/19/2007|05:57] C:\Program Files\<DIR> Apple Software Update
[09/11/2004|03:57] C:\Program Files\<DIR> ArcSoft
[10/29/2006|01:53] C:\Program Files\<DIR> Atmega Load At Home
[10/29/2006|10:14] C:\Program Files\<DIR> Audible
[12/06/2008|11:05] C:\Program Files\<DIR> AVG
[01/21/2009|12:19] C:\Program Files\<DIR> Avira
[10/02/2003|06:25] C:\Program Files\<DIR> Borland
[10/02/2005|05:23] C:\Program Files\<DIR> BT2Net
[11/29/2007|04:07] C:\Program Files\<DIR> Camfrog
[04/17/2008|08:38] C:\Program Files\<DIR> CCleaner
[07/16/2003|02:24] C:\Program Files\<DIR> cgi-bin
[02/12/2007|06:20] C:\Program Files\<DIR> Citrix
[06/20/2008|05:10] C:\Program Files\<DIR> Common Files
[04/18/2008|04:07] C:\Program Files\<DIR> Creative
[05/09/2006|11:28] C:\Program Files\<DIR> DIFX
[10/19/2003|01:58] C:\Program Files\<DIR> directx
[06/04/2003|01:22] C:\Program Files\<DIR> EuroTool
[08/09/2007|05:41] C:\Program Files\<DIR> FreshDevices
[07/03/2006|11:36] C:\Program Files\<DIR> ftapirate
[03/01/2004|09:06] C:\Program Files\<DIR> Garmin
[08/24/2007|08:28] C:\Program Files\<DIR> Google
[01/10/2009|01:05] C:\Program Files\<DIR> ICQ
[03/09/2007|12:39] C:\Program Files\<DIR> ICQLite
[03/25/2007|12:08] C:\Program Files\<DIR> InstallShield Installation Information
[12/11/2008|03:20] C:\Program Files\<DIR> Internet Explorer
[11/19/2007|06:01] C:\Program Files\<DIR> iPod
[11/19/2007|06:01] C:\Program Files\<DIR> iTunes
[03/17/2007|06:43] C:\Program Files\<DIR> Java
[01/20/2009|12:30] C:\Program Files\<DIR> Kaspersky Lab
[05/16/2006|02:12] C:\Program Files\<DIR> KODAK
[05/15/2006|04:43] C:\Program Files\<DIR> LimeWire
[01/24/2008|12:48] C:\Program Files\<DIR> Loader
[01/11/2007|09:01] C:\Program Files\<DIR> Logitech
[02/16/2007|06:57] C:\Program Files\<DIR> Macromedia
[03/22/2006|06:18] C:\Program Files\<DIR> Magellan
[07/22/2008|08:47] C:\Program Files\<DIR> Magnifier 2.4
[01/19/2009|08:51] C:\Program Files\<DIR> Malwarebytes' Anti-Malware
[12/03/2008|03:02] C:\Program Files\<DIR> Messenger
[06/04/2003|11:49] C:\Program Files\<DIR> Microsoft ActiveSync
[05/10/2007|05:13] C:\Program Files\<DIR> Microsoft CAPICOM 2.1.0.2
[06/04/2003|10:06] C:\Program Files\<DIR> microsoft frontpage
[10/15/2006|10:28] C:\Program Files\<DIR> Microsoft Office
[06/04/2003|11:46] C:\Program Files\<DIR> Microsoft Visual Studio
[08/16/2003|09:11] C:\Program Files\<DIR> Microsoft Windows Script
[10/18/2006|02:10] C:\Program Files\<DIR> Microsoft Works
[10/12/2006|09:01] C:\Program Files\<DIR> Microsoft.NET
[12/02/2008|01:10] C:\Program Files\<DIR> Movie Maker
[02/22/2007|05:41] C:\Program Files\<DIR> Mozilla Firefox
[12/02/2008|01:10] C:\Program Files\<DIR> msn
[07/19/2006|02:35] C:\Program Files\<DIR> MSN Gaming Zone
[09/08/2007|02:27] C:\Program Files\<DIR> MSXML 4.0
[12/02/2008|01:03] C:\Program Files\<DIR> NetMeeting
[07/17/2005|09:12] C:\Program Files\<DIR> neXBC
[02/13/2007|05:33] C:\Program Files\<DIR> Nortel Networks
[03/22/2005|09:28] C:\Program Files\<DIR> Norton AntiVirus
[04/07/2005|04:20] C:\Program Files\<DIR> Norton SystemWorks
[10/27/2004|11:44] C:\Program Files\<DIR> OfficeUpdate11
[06/04/2003|10:03] C:\Program Files\<DIR> Online Services
[08/08/2007|10:02] C:\Program Files\<DIR> Online TV Player 3
[09/01/2006|10:40] C:\Program Files\<DIR> outlook
[12/02/2008|01:03] C:\Program Files\<DIR> Outlook Express
[01/19/2009|11:08] C:\Program Files\<DIR> Phoenix Installer
[06/08/2007|05:47] C:\Program Files\<DIR> Project64 1.6
[03/01/2005|05:05] C:\Program Files\<DIR> Project64 v1.5
[06/20/2008|05:09] C:\Program Files\<DIR> Pure Networks
[11/19/2007|06:00] C:\Program Files\<DIR> QuickTime
[03/28/2006|03:54] C:\Program Files\<DIR> Spybot - Search & Destroy
[08/08/2007|10:09] C:\Program Files\<DIR> Symantec
[04/07/2005|05:39] C:\Program Files\<DIR> SymNetDrv
[01/21/2009|01:42] C:\Program Files\<DIR> TClock
[09/08/2007|07:58] C:\Program Files\<DIR> Tierra
[03/08/2007|06:40] C:\Program Files\<DIR> Total Video Converter
[01/21/2009|04:31] C:\Program Files\<DIR> Trend Micro
[07/10/2004|12:30] C:\Program Files\<DIR> Uninstall Information
[08/08/2007|09:50] C:\Program Files\<DIR> WildGames
[01/04/2008|04:20] C:\Program Files\<DIR> Windows Live
[01/09/2009|11:55] C:\Program Files\<DIR> Windows Media Connect 2
[01/10/2009|02:05] C:\Program Files\<DIR> Windows Media Player
[12/02/2008|01:03] C:\Program Files\<DIR> Windows NT
[07/19/2006|07:57] C:\Program Files\<DIR> WindowsUpdate
[09/18/2006|09:54] C:\Program Files\<DIR> WinRAR
[08/18/2004|11:42] C:\Program Files\<DIR> WinZip
[06/04/2003|10:06] C:\Program Files\<DIR> xerox
[03/08/2007|09:29] C:\Program Files\<DIR> Yahoo!
--------------------\\ Listing Folders in C:\Program Files\Common Files
[08/30/2006|06:28] C:\Program Files\Common Files\<DIR> {E43BA2D9-0257-1033-0822-000430020001}
[08/18/2008|06:05] C:\Program Files\Common Files\<DIR> Adobe
[05/20/2005|11:40] C:\Program Files\Common Files\<DIR> Adobe Systems Shared
[10/08/2005|09:04] C:\Program Files\Common Files\<DIR> Ahead
[03/19/2007|06:33] C:\Program Files\Common Files\<DIR> AnswerWorks 4.0
[11/19/2007|05:56] C:\Program Files\Common Files\<DIR> Apple
[06/04/2003|11:46] C:\Program Files\Common Files\<DIR> Designer
[10/07/2005|02:03] C:\Program Files\Common Files\<DIR> InstallShield
[01/02/2007|12:28] C:\Program Files\Common Files\<DIR> Intuit
[03/17/2007|06:38] C:\Program Files\Common Files\<DIR> Java
[04/01/2005|10:11] C:\Program Files\Common Files\<DIR> KODAK
[06/04/2003|11:31] C:\Program Files\Common Files\<DIR> L&H
[01/11/2007|08:58] C:\Program Files\Common Files\<DIR> Logitech
[05/01/2005|04:49] C:\Program Files\Common Files\<DIR> Macromedia
[05/01/2005|04:51] C:\Program Files\Common Files\<DIR> Macromedia Shared
[12/06/2008|11:05] C:\Program Files\Common Files\<DIR> Microsoft Shared
[06/04/2003|10:01] C:\Program Files\Common Files\<DIR> MSSoap
[06/04/2003|07:21] C:\Program Files\Common Files\<DIR> ODBC
[07/18/2006|10:42] C:\Program Files\Common Files\<DIR> okuw
[06/20/2008|05:10] C:\Program Files\Common Files\<DIR> Pure Networks Shared
[01/11/2007|09:17] C:\Program Files\Common Files\<DIR> Real
[06/04/2003|10:01] C:\Program Files\Common Files\<DIR> Services
[12/29/2006|12:51] C:\Program Files\Common Files\<DIR> snp2std
[06/04/2003|07:20] C:\Program Files\Common Files\<DIR> SpeechEngines
[04/27/2006|03:02] C:\Program Files\Common Files\<DIR> SWF Studio
[08/08/2007|10:09] C:\Program Files\Common Files\<DIR> Symantec Shared
[12/02/2008|01:03] C:\Program Files\Common Files\<DIR> System
[12/05/2004|01:39] C:\Program Files\Common Files\<DIR> VocalTec
[01/04/2008|04:19] C:\Program Files\Common Files\<DIR> WindowsLiveInstaller
[07/18/2006|01:07] C:\Program Files\Common Files\<DIR> ?racle
--------------------\\ Process
( 24 Processes )
iexplore.exe ~ [PID:1356]
--------------------\\ Searching with S_Lop
No Lop folder found !
--------------------\\ Searching for Lop Files - Folders
C:\DOCUME~1\Karen\Cookies\karen@adultfriendfinder[2].txt
C:\DOCUME~1\Karen\Cookies\karen@advertising[1].txt
C:\DOCUME~1\Karen\Cookies\karen@adopt.euroclick[1].txt
C:\WINDOWS\Tasks\9406B6C39551419B.job
--------------------\\ Searching within the Registry
..... OK !
--------------------\\ Checking the Hosts file
Hosts file CLEAN
--------------------\\ Searching for hidden files with Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-21 17:59:45
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
C:\WINDOWS\System32\shelldata\cfg\8\(6)Burton(6) : MSN - Hockey Zman11.dat 401 bytes hidden from API
C:\WINDOWS\System32\shelldata\cfg\8\(8) The more than new reality, closer to the heart (8) : MSN - Hockey Zman11.dat 11 bytes hidden from API
C:\WINDOWS\System32\shelldata\cfg\8\- Lyrics are for poets, this is censoredin Rock 'n Roll : MSN - Hockey Zman11.dat 267 bytes hidden from API
C:\WINDOWS\System32\shelldata\cfg\8\kerri_ann23@hotmail.com : MSN - Hockey Zman11.dat 916 bytes hidden from API
C:\WINDOWS\System32\shelldata\cfg\8\kerri_ann_boone@hotmail.com : MSN - Hockey Zman11.dat 25 bytes hidden from API
C:\WINDOWS\System32\shelldata\cfg\8\KewlDude1031 : AIM - HockeyZman11.dat 1516 bytes hidden from API
C:\WINDOWS\System32\shelldata\cfg\8\killermonkey2k3 : AIM - HockeyZman11.dat 5118 bytes hidden from API
C:\WINDOWS\System32\shelldata\cfg\8\kylep008 : AIM - HockeyZman11.dat 3498 bytes hidden from API
C:\WINDOWS\System32\shelldata\cfg\8\rangerfanalex : AIM - HockeyZman11.dat 1005 bytes hidden from API
C:\WINDOWS\System32\shelldata\cfg\8\RETRIBUTION 2 : AIM - HockeyZman11.dat 1195 bytes hidden from API
C:\WINDOWS\System32\shelldata\cfg\8\Rick : MSN - Hockey Zman11.dat 1896 bytes hidden from API
C:\WINDOWS\System32\shelldata\cfg\8\rpittman20 : AIM - HockeyZman11.dat 267 bytes hidden from API
C:\WINDOWS\System32\shelldata\cfg\8\funmaster123@hotmail.com : MSN - Hockey Zman11.dat 114 bytes hidden from API
C:\WINDOWS\System32\shelldata\cfg\8\Gamertag KUJO : AIM - HockeyZman11.dat 2101 bytes hidden from API
C:\WINDOWS\System32\shelldata\cfg\8\Geoff_Barrow_7 : MSN - Hockey Zman11.dat 432 bytes hidden from API
C:\WINDOWS\System32\shelldata\cfg\8\girl__power33@hotmail.com : MSN - Hockey Zman11.dat 45 bytes hidden from API
C:\WINDOWS\System32\shelldata\cfg\8\FSCWIDEOUT : AIM - Hockey Zman11.dat 458 bytes hidden from API
C:\WINDOWS\System32\shelldata\cfg\8\FSCWIDEOUT : AIM - HockeyZman11.dat 16900 bytes hidden from API
C:\WINDOWS\System32\shelldata\cfg\8\Hamma Head77 : AIM - HockeyZman11.dat 1699 bytes hidden from API
C:\WINDOWS\System32\shelldata\cfg\8\tsullivan@roadrunner.nf.net : MSN - Hockey Zman11.dat 99 bytes hidden from API
C:\WINDOWS\System32\shelldata\cfg\8\brokenpost31 : AIM - HockeyZman11.dat 286 bytes hidden from API
C:\WINDOWS\System32\shelldata\cfg\8\bsmums311 : AIM - HockeyZman11.dat 3784 bytes hidden from API
C:\WINDOWS\System32\shelldata\cfg\8\SHathaway : MSN - Hockey Zman11.dat 2203 bytes hidden from API
C:\WINDOWS\System32\shelldata\cfg\8\hezclancey@hotmail.com : MSN - Hockey Zman11.dat 2703 bytes hidden from API
C:\WINDOWS\System32\shelldata\cfg\8\Hockey@GolfRocks_Barrow_7 : MSN - Hockey Zman11.dat 2858 bytes hidden from API
C:\WINDOWS\System32\shelldata\cfg\8\HockeyZman11 : AIM - HockeyZman11.dat 251 bytes hidden from API
C:\WINDOWS\System32\shelldata\cfg\8\hotdog700 : AIM - HockeyZman11.dat 10560 bytes hidden from API
C:\WINDOWS\System32\shelldata\cfg\8\striker3771 : AIM - HockeyZman11.dat 2018 bytes hidden from API
C:\WINDOWS\System32\shelldata\cfg\8\StumbleBum7 2K3 : AIM - HockeyZman11.dat 5811 bytes hidden from API
C:\WINDOWS\System32\shelldata\cfg\8\SwVoDoo : AIM - HockeyZman11.dat 3558 bytes hidden from API
C:\WINDOWS\System32\shelldata\cfg\8\tabithaeagles817@hotmail.com : MSN - Hockey Zman11.dat 324 bytes hidden from API
C:\WINDOWS\System32\shelldata\cfg\8\DisRaeger : AIM - HockeyZman11.dat 4374 bytes hidden from API
C:\WINDOWS\System32\shelldata\cfg\8\zapmen_07@hotmail.com : MSN - Hockey Zman11.dat 245 bytes hidden from API
C:\WINDOWS\System32\shelldata\cfg\8\
-
Ok,
As requested. I am still having problems and here are the note pad C & P.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:31:44 PM, on 1/21/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tsn.ca/nhl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [msnsyslog] C:\WINDOWS\msnlogm.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MalwareRemovalBot] C:\Program Files\MalwareRemovalBot\MalwareRemovalBot.exe -boot
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://www.tropicalglen.com
O16 - DPF: {00000000-0000-0000-0000-000020050660} - http://207.234.185.217/ABoxInst_int15.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/...031/CTSUEng.cab
O16 - DPF: {666006C6-C743-11D5-BA02-00C04F2EFC0F} - https://portal.abitibiconsolidated.com/Port...ca32/icaweb.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: Applets - C:\WINDOWS\system32\wwpns.dll (file missing)
O20 - Winlogon Notify: OptimalLayout - C:\WINDOWS\system32\nv0029dmg.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
O24 - Desktop Component 0: (no name) - http://www.ski-doo.com/NR/rdonlyres/7037FA..._thumbnails.jpg
--
End of file - 9301 bytes
AND
Avira AntiVir Personal
Report file date: Wednesday, January 21, 2009 12:23
Scanning for 1244138 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: HOME
Version information:
BUILD.DAT : 8.2.0.337 16934 Bytes 11/18/2008 13:05:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 11/18/2008 12:51:26
AVSCAN.DLL : 8.1.4.0 40705 Bytes 5/26/2008 12:26:40
LUKE.DLL : 8.1.4.5 164097 Bytes 6/12/2008 17:14:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 5/26/2008 12:28:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 16:00:36
ANTIVIR1.VDF : 7.1.1.113 2817536 Bytes 1/14/2009 15:51:02
ANTIVIR2.VDF : 7.1.1.148 440832 Bytes 1/20/2009 15:51:06
ANTIVIR3.VDF : 7.1.1.159 140288 Bytes 1/21/2009 15:51:09
Engineversion : 8.2.0.57
AEVDF.DLL : 8.1.0.6 102772 Bytes 10/14/2008 14:35:56
AESCRIPT.DLL : 8.1.1.26 340347 Bytes 1/21/2009 15:51:26
AESCN.DLL : 8.1.1.5 123251 Bytes 11/7/2008 19:36:41
AERDL.DLL : 8.1.1.3 438645 Bytes 11/4/2008 18:28:38
AEPACK.DLL : 8.1.3.5 393588 Bytes 1/21/2009 15:51:24
AEOFFICE.DLL : 8.1.0.33 196987 Bytes 1/21/2009 15:51:21
AEHEUR.DLL : 8.1.0.84 1540471 Bytes 1/21/2009 15:51:19
AEHELP.DLL : 8.1.2.0 119159 Bytes 1/21/2009 15:51:14
AEGEN.DLL : 8.1.1.10 323957 Bytes 1/21/2009 15:51:13
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/14/2008 14:35:56
AECORE.DLL : 8.1.5.2 172405 Bytes 1/21/2009 15:51:11
AEBB.DLL : 8.1.0.3 53618 Bytes 10/14/2008 14:35:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/9/2008 13:10:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 5/16/2008 13:58:01
AVREP.DLL : 8.0.0.2 98344 Bytes 7/31/2008 16:32:15
AVREG.DLL : 8.0.0.1 33537 Bytes 5/9/2008 15:56:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 12:59:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 6/12/2008 16:57:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/22/2008 21:58:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 6/12/2008 17:19:40
NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 16:35:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 6/12/2008 18:18:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 6/27/2008 18:04:37
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: Wednesday, January 21, 2009 12:23
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'devldr32.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'nmsrvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'avgwdsvc.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
26 processes with 26 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[iNFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[iNFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '64' files ).
Starting the file scan:
Begin scan in 'C:\' <Local Disk>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\BeInSync Settings\Temp\jeepersdx2_1_2_020.zip
[0] Archive type: ZIP
--> jEEPers.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP0.exe
[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP0.htm
[DETECTION] Contains recognition pattern of the EXP/HTML.Mht.2.1 exploit
[NOTE] The file was moved to '49a748a1.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP1.exe
[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm
[NOTE] The file was moved to '49a848a2.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP10.exe
[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm
[NOTE] The file was moved to '49a848a4.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP11.exe
[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm
[NOTE] The file was moved to '49a848a6.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP12.exe
[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm
[NOTE] The file was moved to '49a848a8.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP13.exe
[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm
[NOTE] The file was moved to '49a848ac.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP14.exe
[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm
[NOTE] The file was moved to '49a848ad.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP15.exe
[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm
[NOTE] The file was moved to '49a848af.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP16.exe
[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm
[NOTE] The file was moved to '49a848b0.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP17.exe
[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm
[NOTE] The file was moved to '49a848b5.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP18.exe
[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm
[NOTE] The file was moved to '49a848ba.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP19.exe
[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm
[NOTE] The file was moved to '49a848bd.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP2.exe
[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm
[NOTE] The file was moved to '49a948c0.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP20.exe
[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm
[NOTE] The file was moved to '49a948c1.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP21.exe
[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm
[NOTE] The file was moved to '49a948c4.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP22.exe
[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm
[NOTE] The file was moved to '49a948c8.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP23.exe
[DETECTION] Contains recognition pattern of the WORM/Krepper.C worm
[NOTE] The file was moved to '49a948cf.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP28.exe
[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm
[NOTE] The file was moved to '49a948d1.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP29.exe
[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm
[NOTE] The file was moved to '49a948d6.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP3.exe
[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm
[NOTE] The file was moved to '49aa48d8.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP30.exe
[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm
[NOTE] The file was moved to '49aa48dc.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP31.exe
[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm
[NOTE] The file was moved to '49aa48df.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP4.exe
[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm
[NOTE] The file was moved to '49ab48e1.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP5.exe
[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm
[NOTE] The file was moved to '49ac48e6.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP6.exe
[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm
[NOTE] The file was moved to '49ad48e9.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP7.exe
[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm
[NOTE] The file was moved to '49ae48ec.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP8.exe
[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm
[NOTE] The file was moved to '49af48ef.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP9.exe
[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm
[NOTE] The file was moved to '49b048f1.qua'!
C:\Documents and Settings\Karen\Desktop\Dads Pics\setupxv.exe
[DETECTION] Contains recognition pattern of the DR/FakeAlert.QV dropper
[NOTE] The file was moved to '49eb4ac3.qua'!
C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Downloaded ZIP FILES\at128megav1[1].1a.zip
[0] Archive type: ZIP
--> jEEPers.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
--> jeepersdx2_1_2_020.zip
[1] Archive type: ZIP
--> jEEPers.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '49a84ae9.qua'!
C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Downloaded ZIP FILES\beavis_v08.zip
[0] Archive type: ZIP
--> jEEPers.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '49d84ada.qua'!
C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Downloaded ZIP FILES\chatternut_9.zip
[0] Archive type: ZIP
--> jEEPers.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '49d84add.qua'!
C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Downloaded ZIP FILES\jeepersdx2_1_2_020.zip
[0] Archive type: ZIP
--> jEEPers.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '49dc4ade.qua'!
C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Downloaded ZIP FILES\juggalo[1].xs.atmega.fix.bev.zip
[0] Archive type: ZIP
--> Juggalo_X's atmega fix (15.08.04)/6000 receiver fix/jEEPers.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
--> Juggalo_X's atmega fix (15.08.04)/All other receivers fix/jEEPers.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '49de4af0.qua'!
C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Downloaded ZIP FILES\juggalo[1].xs.atmega.fix.v2.2.zip
[0] Archive type: ZIP
--> Juggalo.Xs.atmega.fix.V2.1/Juggalo.Xs.atmega.fix.V2.1/Juggalo.Xs.atmega.fix.V2.1/Juggalo.Xs.atmega.fix.BEV/Juggalo_X's atmega fix (15.08.04)/6000 receiver fix/jEEPers.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
--> Juggalo.Xs.atmega.fix.V2.1/Juggalo.Xs.atmega.fix.V2.1/Juggalo.Xs.atmega.fix.V2.1/Juggalo.Xs.atmega.fix.BEV/Juggalo_X's atmega fix (15.08.04)/All other receivers fix/jEEPers.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '49de4af1.qua'!
C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Downloaded ZIP FILES\juggalo_xs[1].atmega.fix.zip
[0] Archive type: ZIP
--> Juggalo_X's atmega fix (15.08.04)/jEEPers.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '485a4072.qua'!
C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Jeepers\angelvision v1[1].0.zip
[0] Archive type: ZIP
--> jEEPers.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '49de4af3.qua'!
C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Jeepers\jEEPers.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '49bc4acc.qua'!
C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Jeepers\All other receivers fix\jEEPers.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '49bc4ace.qua'!
C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Jeepers\AtMega -Anti- Freeze@100kb\jEEPers.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '483958ef.qua'!
C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Jeepers\BEV ATMEGA FIX FOR JEEPERS\jeepers.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '49dc4aef.qua'!
C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Jeepers\BEV-Atmega-128-Tiers-Fix-And-Keys-Of-2007-04-12\jEEPers.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '49bc4ad0.qua'!
C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Jeepers\freeway2.0 S1\jEEPers.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '49bc4ad1.qua'!
C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Jeepers\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.BEV\Juggalo_X's atmega fix (15.08.04)\6000 receiver fix\jEEPers.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '48367662.qua'!
C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Jeepers\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.BEV\Juggalo_X's atmega fix (15.08.04)\All other receivers fix\jEEPers.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '49bc4ad2.qua'!
C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Jeepers\Juggalo_X's atmega fix (15.08.04)\jEEPers.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '483958f3.qua'!
C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Jeepers\Juggalo_X's atmega fix (15.08.04)\6000 receiver fix\jEEPers.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '49bc4ad3.qua'!
C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Jeepers\Juggalo_X's atmega fix (15.08.04)\All other receivers fix\jEEPers.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '483a5314.qua'!
C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Jeepers\JUGGTEST\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.BEV\Juggalo_X's atmega fix (15.08.04)\6000 receiver fix\jEEPers.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '48370f04.qua'!
C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Jeepers\JUGGTEST\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.BEV\Juggalo_X's atmega fix (15.08.04)\All other receivers fix\jEEPers.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '49bc4ad4.qua'!
C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Jeepers\Juggtest2\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.BEV\Juggalo_X's atmega fix (15.08.04)\6000 receiver fix\jEEPers.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '48370f05.qua'!
C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Jeepers\Juggtest2\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.BEV\Juggalo_X's atmega fix (15.08.04)\All other receivers fix\jEEPers.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '49bc4ad6.qua'!
C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Jeepers\Juggtest2\Juggalo_X's atmega fix (15.08.04)\6000 receiver fix\jEEPers.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '49bc4ad5.qua'!
C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Jeepers\Juggtest2\Juggalo_X's atmega fix (15.08.04)\All other receivers fix\jEEPers.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '483b6f06.qua'!
C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Jeepers\OriginalJuniorRoba\jEEPers.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '483958f7.qua'!
C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Jeepers\SatJammin BV V5.1\SatJammin BV V5.1.zip
[0] Archive type: ZIP
--> jEEPers.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '49eb4af4.qua'!
C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\OriginalJuniorRoba\jEEPers.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '49bc4adf.qua'!
C:\Documents and Settings\Karen\Desktop\Downloads\Bins\BEV Stuff\Jeepers\jEEPers.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '49bc4ae3.qua'!
C:\Documents and Settings\Karen\Desktop\Downloads\Bins\BEV Stuff\Jeepers\jeepersdx2_1_2_020.zip
[0] Archive type: ZIP
--> jEEPers.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '49dc4b04.qua'!
C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\DISH N2\Atmega N2 Fixes\Atmega N2\Atmega N2.rar
[0] Archive type: RAR
--> Atmega N2\jeepers.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '49e44b1e.qua'!
C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\DISH N2\Atmega N2 Fixes\Atmega N2\jan 3 amega card fix.zip
[0] Archive type: ZIP
--> Jan 3 Amega card fix/jeepers.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '49e54b0c.qua'!
C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\DISH N2\Atmega N2 Fixes\Atmega N2\jeepers.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '49dc4b10.qua'!
C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\DISH N2\ATMEGA PROGRAM JUNE 06\CrackedAtmegaPrivateFix\cracked_atmega_load___home_private_fix_v1.rar
[0] Archive type: RAR
--> AtmegaCrack.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49d84b21.qua'!
C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\DISH N2\ATMEGA PROGRAM JUNE 06\Cracked_Atmega_Load___Home_Private_Fix_v1\AtmegaCrack.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49e44b25.qua'!
C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\DISH N2\BEV MOD\BEV N2\satvia no rsa all-in-1.zip
[0] Archive type: ZIP
--> SatVia No RSA ALL-IN-1/jEEPers.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '49eb4b14.qua'!
C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\DISH N2\BEV MOD\BEV N2\SatVia No RSA ALL-IN-1\jEEPers.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '49bc4af9.qua'!
C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\DISH N2\BEV N2 ATMEGA SATVIA V5\SatVia ALL-IN-ONE V5\jEEPers.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '483a533a.qua'!
C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\DISH N2\Jeepers eeprom and hex\jeepers.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '49dc4b1b.qua'!
C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\DISH N2\Jeepers eeprom and hex\Atmega N2\Atmega N2.rar
[0] Archive type: RAR
--> Atmega N2\jeepers.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '49e44b2b.qua'!
C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\DISH N2\Jeepers eeprom and hex\Atmega N2\atmega n2.zip
[0] Archive type: ZIP
--> Atmega N2/Atmega N2.rar
[1] Archive type: RAR
--> Atmega N2\jeepers.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
--> Atmega N2/jeepers.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '486252ec.qua'!
C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\DISH N2\Jeepers eeprom and hex\Atmega N2\jeepers.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '49dc4b1d.qua'!
C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\DISH N2\Updated Files\attachment
[0] Archive type: ZIP
--> jeepers.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '49eb4b2e.qua'!
C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\DISH N2\Updated Files\jEEPers.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '49bc4b00.qua'!
C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\DISH N2\Updated Files\satvia no rsa all-in-1c.zip
[0] Archive type: ZIP
--> SatVia No RSA ALL-IN-1c/jEEPers.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '49eb4b1d.qua'!
C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\DISH N2\Updated Files\Atmega N2\Atmega N2.rar
[0] Archive type: RAR
--> Atmega N2\jeepers.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '49e44b30.qua'!
C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\DISH N2\Updated Files\Atmega N2\jeepers.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '49dc4b22.qua'!
C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\DISH N2\Updated Files\Atmega N2\Jan 3 Amega card fix\jeepers.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '49dc4b23.qua'!
C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\DISH N2\Updated Files\misterfery hits back\jeepers.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '49dc4b24.qua'!
C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\DISH N2\Updated Files\SatVia No RSA ALL-IN-1\jEEPers.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '49bc4b04.qua'!
C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\DISH N2\Updated Files\SatVia No RSA ALL-IN-1a\jEEPers.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '49bc4b05.qua'!
C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\Jeepers\jEEPers.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '49bc4b08.qua'!
C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\Jeepers\All other receivers fix\jEEPers.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '49bc4b0e.qua'!
C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\Jeepers\April16-DN\JEEPERS.EXE
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '4839592f.qua'!
C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\Jeepers\atmega\jEEPers.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '49bc4b10.qua'!
C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\Jeepers\EITS 2.0.2 DN Mega128\jEEPers.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '48395931.qua'!
C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\Jeepers\EITS 2.0.3 DN Mega128 PFG\jEEPers.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '49bc4b11.qua'!
C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\Jeepers\EITS 229 DN May29\jEEPers.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '48395932.qua'!
C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\Jeepers\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.BEV\Juggalo_X's atmega fix (15.08.04)\6000 receiver fix\jEEPers.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '49bc4b13.qua'!
C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\Jeepers\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.BEV\Juggalo_X's atmega fix (15.08.04)\All other receivers fix\jEEPers.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '483677a4.qua'!
C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\Jeepers\Juggalo_X's atmega fix (15.08.04)\jEEPers.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '49bc4b14.qua'!
C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\Jeepers\Juggalo_X's atmega fix (15.08.04)\6000 receiver fix\jEEPers.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '482c08cd.qua'!
C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\Jeepers\Juggalo_X's atmega fix (15.08.04)\All other receivers fix\jEEPers.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '49bc4b15.qua'!
C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\Jeepers\JUGGTEST\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.BEV\Juggalo_X's atmega fix (15.08.04)\6000 receiver fix\jEEPers.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '482924fe.qua'!
C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\Jeepers\JUGGTEST\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.BEV\Juggalo_X's atmega fix (15.08.04)\All other receivers fix\jEEPers.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '49bc4b17.qua'!
C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\Jeepers\Juggtest2\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.BEV\Juggalo_X's atmega fix (15.08.04)\6000 receiver fix\jEEPers.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '49bc4b16.qua'!
C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\Jeepers\Juggtest2\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.BEV\Juggalo_X's atmega fix (15.08.04)\All other receivers fix\jEEPers.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '482924ff.qua'!
C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\Jeepers\Juggtest2\Juggalo_X's atmega fix (15.08.04)\6000 receiver fix\jEEPers.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '482d04f0.qua'!
C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\Jeepers\Juggtest2\Juggalo_X's atmega fix (15.08.04)\All other receivers fix\jEEPers.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '49bc4b19.qua'!
C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\Jeepers\NEW VIP ATMEGA AUTOROLL\SatMan_s_147kb_Redux_Including_6000_and_full_AutoRoll_now_with_Dynamic_time
_Zones.rar
[0] Archive type: RAR
--> jEEPers.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '49eb4b34.qua'!
C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\Jeepers\NEW VIP ATMEGA AUTOROLL\3m ver2.3\jEEPers.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '482c08c2.qua'!
C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\Jeepers\OriginalJuniorRoba\jEEPers.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '49bc4b1a.qua'!
C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\Jeepers\SatJammin_DN_V7.1C_For_WCU_support\jEEPers.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '49bc4b1f.qua'!
C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\Jeepers\SatMan's 3m 5.6m @ 98KB's 100+kb Reduction B\jEEPers.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '49bc4b20.qua'!
C:\Documents and Settings\Karen\Desktop\Downloads\Dish phoenix 2.1.4 for jeepers by sathaks\jEEPers.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '49bc4b2b.qua'!
C:\Documents and Settings\Karen\Desktop\Downloads\No Rsa For Dummies\SatVia ALL-IN-ONE V5\jEEPers.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '49bc4b2d.qua'!
C:\Documents and Settings\Karen\Desktop\Downloads\ROM 102\ROM 102\WINEXPLORER 5.0\WinExplorer.exe
[DETECTION] Is the TR/Agent.1249280.C Trojan
[NOTE] The file was moved to '49e54b6d.qua'!
C:\Documents and Settings\Karen\Desktop\Downloads\ROM 102\ZIP FILES ROM102\winexplorer5.zip
[0] Archive type: ZIP
--> WinExplorer.exe
[DETECTION] Is the TR/Agent.1249280.C Trojan
[NOTE] The file was moved to '49e54b7d.qua'!
C:\Documents and Settings\Karen\Desktop\Downloads\SatJammin BV V5.1\SatJammin BV V5.1.zip
[0] Archive type: ZIP
--> jEEPers.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '49eb4b76.qua'!
C:\Documents and Settings\Karen\Local Settings\Temporary Internet Files\Content.IE5\VD4KULMJ\setupxv[1].exe
[DETECTION] Contains recognition pattern of the DR/FakeAlert.QV dropper
[NOTE] The file was moved to '49eb50d7.qua'!
C:\Documents and Settings\Karen\My Documents\My Received Files\MsgPlus.exe
[0] Archive type: RSRC
--> Object
[1] Archive type: ZIP
--> 70000011.exe
[DETECTION] Is the TR/Dldr.Swizzor.G.2 Trojan
[NOTE] The file was moved to '49de51aa.qua'!
C:\Program Files\Norton AntiVirus\Quarantine\48A8584C
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Program Files\Norton AntiVirus\Quarantine\48A8584C
[DETECTION] Contains recognition pattern of the DIAL/302102 dialer
[NOTE] The file was moved to '49b8576a.qua'!
C:\Program Files\TClock\tclock.exe
[DETECTION] Is the TR/Tclock.A.3 Trojan
[NOTE] The file was moved to '49e357d1.qua'!
C:\Program Files\TClock\tclock_install.exe
[0] Archive type: NSIS
--> [unknownDir]/tclock.exe
[DETECTION] Is the TR/Tclock.A.3 Trojan
[DETECTION] Is the TR/Tclock.A.1 Trojan
[NOTE] The file was moved to '49e357d2.qua'!
C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002235.exe
[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm
[NOTE] The file was moved to '49a7584f.qua'!
C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002236.exe
[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm
[NOTE] The file was moved to '49a75850.qua'!
C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002237.exe
[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm
[NOTE] The file was moved to '482c45e9.qua'!
C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002238.exe
[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm
[NOTE] The file was moved to '49a75852.qua'!
C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002239.exe
[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm
[NOTE] The file was moved to '49a75851.qua'!
C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002240.exe
[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm
[NOTE] The file was moved to '482c45eb.qua'!
C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002241.exe
[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm
[NOTE] The file was moved to '49a75854.qua'!
C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002242.exe
[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm
[NOTE] The file was moved to '49a75853.qua'!
C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002243.exe
[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm
[NOTE] The file was moved to '482c45ed.qua'!
C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002244.exe
[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm
[NOTE] The file was moved to '49a75856.qua'!
C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002245.exe
[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm
[NOTE] The file was moved to '49a75855.qua'!
C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002246.exe
[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm
[NOTE] The file was moved to '482c45ef.qua'!
C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002247.exe
[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm
[NOTE] The file was moved to '49a75857.qua'!
C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002248.exe
[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm
[NOTE] The file was moved to '482c45e0.qua'!
C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002249.exe
[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm
[NOTE] The file was moved to '49a75858.qua'!
C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002250.exe
[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm
[NOTE] The file was moved to '49a75859.qua'!
C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002251.exe
[DETECTION] Contains recognition pattern of the WORM/Krepper.C worm
[NOTE] The file was moved to '49a7585a.qua'!
C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002252.exe
[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm
[NOTE] The file was moved to '482c45e3.qua'!
C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002253.exe
[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm
[NOTE] The file was moved to '49a7585b.qua'!
C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002254.exe
[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm
[NOTE] The file was moved to '49a7585c.qua'!
C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002255.exe
[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm
[NOTE] The file was moved to '49a7585d.qua'!
C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002256.exe
[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm
[NOTE] The file was moved to '482c45e6.qua'!
C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002257.exe
[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm
[NOTE] The file was moved to '49a7585e.qua'!
C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002258.exe
[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm
[NOTE] The file was moved to '49a7585f.qua'!
C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002259.exe
[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm
[NOTE] The file was moved to '482c45d8.qua'!
C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002260.exe
[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm
[NOTE] The file was moved to '49a75860.qua'!
C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002261.exe
[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm
[NOTE] The file was moved to '49a75861.qua'!
C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002262.exe
[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm
[NOTE] The file was moved to '49a75862.qua'!
C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002263.exe
[DETECTION] Contains recognition pattern of the DR/FakeAlert.QV dropper
[NOTE] The file was moved to '482c45db.qua'!
C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002264.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '49a75863.qua'!
C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002265.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '49a75865.qua'!
C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002266.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '482c45de.qua'!
C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002267.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '49a75866.qua'!
C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002268.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '49a75867.qua'!
C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002269.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '482c45d0.qua'!
C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002270.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '49a75869.qua'!
C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002271.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '49a75868.qua'!
C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002272.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '482c45d1.qua'!
C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002273.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '49a7586a.qua'!
C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002274.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '482c45d2.qua'!
C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002275.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '49a7586b.qua'!
C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002276.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '482c45d4.qua'!
C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002277.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '49a7586d.qua'!
C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002278.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '482c45d3.qua'!
C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002279.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '49a7586c.qua'!
C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002280.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '482c45d5.qua'!
C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002281.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '482c45d6.qua'!
C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002282.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '49a7586f.qua'!
C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002283.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '49a7586e.qua'!
C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002284.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '482c45d7.qua'!
C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002285.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '482c45c8.qua'!
C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002286.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '49a75871.qua'!
C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002287.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '482c45ca.qua'!
C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002288.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '482c45d9.qua'!
C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002289.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '49a75864.qua'!
C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002290.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '482c45dd.qua'!
C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002291.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '482c45df.qua'!
C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002292.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '49a75873.qua'!
C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002293.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '482c45cc.qua'!
C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002294.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '49a75870.qua'!
C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002295.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '482c45c9.qua'!
C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002296.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '49a75872.qua'!
C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002297.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '49a75875.qua'!
C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002298.EXE
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '482c45ce.qua'!
C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002299.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '49a75877.qua'!
C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002300.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '482c45cb.qua'!
C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002301.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '49a75874.qua'!
C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002302.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '482c45cd.qua'!
C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002303.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '482c45c0.qua'!
C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002304.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '49a75879.qua'!
C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002305.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '482c45c2.qua'!
C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002306.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '49a75876.qua'!
C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002307.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '482c45cf.qua'!
C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002308.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '482c45e1.qua'!
C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002309.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '49a7587b.qua'!
C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002310.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '482c45c4.qua'!
C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002311.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '49a7587d.qua'!
C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002312.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '482c45e5.qua'!
C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002313.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '482c45e7.qua'!
C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002314.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '49a75848.qua'!
C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002315.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '482c45c6.qua'!
C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002316.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '49a7587f.qua'!
C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002317.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '482c4538.qua'!
C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002318.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '49a75878.qua'!
C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002319.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '482c45c1.qua'!
C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002320.exe
[DETECTION] Is the TR/Agent.1249280.C Trojan
[NOTE] The file was moved to '49a7587a.qua'!
C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002321.exe
[DETECTION] Is the TR/Tclock.A.3 Trojan
[NOTE] The file was moved to '49a75881.qua'!
C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002322.exe
[0] Archive type: NSIS
--> [unknownDir]/tclock.exe
[DETECTION] Is the TR/Tclock.A.3 Trojan
[DETECTION] Is the TR/Tclock.A.1 Trojan
[NOTE] The file was moved to '482c453a.qua'!
C:\unzipped\juggalo[1].xs.atmega.fix.v2.2\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.BEV\Juggalo_X's atmega fix (15.08.04)\6000 receiver fix\jEEPers.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '49bc5890.qua'!
C:\unzipped\juggalo[1].xs.atmega.fix.v2.2\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.BEV\Juggalo_X's atmega fix (15.08.04)\All other receivers fix\jEEPers.exe
[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample
[NOTE] The file was moved to '49bc5891.qua'!
C:\WINDOWS\videoc.ocx
[DETECTION] Is the TR/DwnLdr.ARN Trojan
[NOTE] The file was moved to '49db58c7.qua'!
C:\WINDOWS\$NtUninstallKB810217$\admin.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB810217$\admin.exe
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB810217$\author.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB810217$\author.exe
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB810217$\cfgwiz.exe
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB810217$\fp4amsft.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB810217$\fp4anscp.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB810217$\fp4apws.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB810217$\fp4areg.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB810217$\fp4atxt.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB810217$\fp4autl.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB810217$\fp4avnb.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB810217$\fp4avss.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB810217$\fp4awebs.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB810217$\fp4awel.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB810217$\fpadmcgi.exe
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB810217$\fpadmdll.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB810217$\fpcount.exe
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB810217$\fpexedll.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB810217$\fpmmc.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB810217$\fpremadm.exe
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB810217$\fpsrvadm.exe
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB810217$\fpsrvwin.exe
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB810217$\shtml.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB810217$\shtml.exe
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB810217$\tcptest.exe
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB817778$\6to4svc.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB817778$\inetmib1.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB817778$\iphlpapi.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB817778$\ipv6.exe
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB817778$\ipv6mon.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB817778$\netoc.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB817778$\netsh.exe
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB817778$\tcpip6.sys
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB817778$\tunmp.sys
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB817778$\ws2_32.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB817778$\wship6.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB824105$\netbt.sys
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallQ322011$\fxsclnt.exe
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallQ329170$\srv.sys
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallQ329834$\raspptp.sys
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallQ810565$\migwiz.exe
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallQ810565$\pchshell.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallQ810577$\mrxsmb.sys
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallQ811493$\ntkrnlpa.exe
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallQ811493$\ntoskrnl.exe
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallQ814995$\acgenral.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallQ815485$\ndis.sys
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallQ815485$\ndisuio.sys
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallQ815485$\netshell.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallQ815485$\wzcdlg.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallQ817606$\srv.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\in5b4s.dll
[DETECTION] Is the TR/Spy.241664 Trojan
[NOTE] The file was moved to '49ac5eb6.qua'!
End of the scan: Wednesday, January 21, 2009 14:18
Used time: 1:55:48 Hour(s)
The scan has been done completely.
8639 Scanning directories
304408 Files were scanned
213 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
2 files were deleted
0 files were repaired
205 files were moved to quarantine
0 files were renamed
53 Files cannot be scanned
304142 Files not concerned
2647 Archives were scanned
53 Warnings
207 Notes
WHAT NEXT DOC?
-
Folks,
I was running Kaspersky 2009 and for some reason it would not Quarantine or remove detected malware / virus's. When I would open IE it would sometimes take up to a minute for the program to respond and another 20-30 seconds (or longer)for the page to display on Cable connection. However, when IE was already running, the web pages responded faster. Before this issue, the complete process before would take less than 8-10 seconds to do all.
So I was told about Malwarebytes and DL it yesterday. It has made a tremendous improvement on the speed but start up of IE is still a little slow at times. However, what bothers me more is the Popup window I get whenever a page links to another popup window I get this Square Shaped Popup message in the center of the page which blocks the link page I was going to. The popup is about 4 inches by 4 inches with the word Warning on the top bar. In the bottom of the box it displays a check box with the message " Do not show this message again" to the right and Cancell to the right of that.
I feel this particular issue is the root to all my problems. I Downloaded MBytes, ran the update, ran the quick scan, ran the full scan. Rebooted and went to safe Mode and ran Full Scan again. rebooted but still that Popup Problem.
Any advice would be appreciated
ND
Notepad Files as Stated in Request
in Resolved Malware Removal Logs
Posted
As Requested: However, I could not find AVG Antivirus in my Control panel / Add/Remove Programs list to remove
ComboFix 09-01-21.04 - Karen 2009-01-24 10:59:30.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.262 [GMT -3.5:30]
Running from: c:\documents and settings\Karen\Desktop\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning disabled* (Outdated)
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Common Files\racle~1
c:\program files\INSTALL.LOG
c:\program files\outlook
c:\windows\system32\bszip.dll
c:\windows\system32\drivers\npf.sys
c:\windows\system32\nicgx.dat
c:\windows\system32\packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\wanpacket.dll
c:\windows\system32\wpcap.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Legacy_R_SERVER
-------\Legacy_WINDOWS_OVERLAY_COMPONENTS
-------\Legacy_ZESOFT
-------\Service_NPF
((((((((((((((((((((((((( Files Created from 2008-12-24 to 2009-01-24 )))))))))))))))))))))))))))))))
.
2009-01-22 18:35 . 2009-01-22 18:35 <DIR> d----c--- C:\as_xyz
2009-01-21 17:55 . 2009-01-21 18:07 <DIR> d----c--- C:\Lop SD
2009-01-21 16:31 . 2009-01-21 16:31 <DIR> d-------- c:\program files\Trend Micro
2009-01-21 12:19 . 2009-01-21 12:19 <DIR> d-------- c:\program files\Avira
2009-01-21 12:19 . 2009-01-21 12:19 <DIR> d----c--- c:\documents and settings\All Users\Application Data\Avira
2009-01-19 20:51 . 2009-01-19 20:51 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-19 20:51 . 2009-01-19 20:51 <DIR> d-------- c:\documents and settings\Karen\Application Data\Malwarebytes
2009-01-19 20:51 . 2009-01-19 20:51 <DIR> d----c--- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-19 20:51 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-19 20:51 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-19 20:32 . 2009-01-19 20:36 <DIR> d-------- c:\documents and settings\Karen\Application Data\MalwareRemovalBot
2009-01-10 02:09 . 2009-01-10 02:09 23,392 --a------ c:\windows\system32\nscompat.tlb
2009-01-10 02:09 . 2009-01-10 02:09 16,832 --a------ c:\windows\system32\amcompat.tlb
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-24 14:02 --------- d-----w c:\program files\Project64 1.6
2009-01-24 04:55 --------- d-----w c:\program files\ICQ
2009-01-24 04:41 --------- dc----w c:\documents and settings\All Users\Application Data\SkillRide
2009-01-23 14:54 --------- d-----w c:\program files\CCleaner
2009-01-22 22:48 --------- d-----w c:\program files\Common Files\Adobe
2009-01-21 17:12 --------- d-----w c:\program files\TClock
2009-01-20 16:00 --------- d-----w c:\program files\Kaspersky Lab
2009-01-20 02:38 --------- d-----w c:\program files\Phoenix Installer
2009-01-10 03:25 --------- d-----w c:\program files\Windows Media Connect 2
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-07 02:53 --------- d-----w c:\documents and settings\Karen\Application Data\AVGTOOLBAR
2008-12-07 02:36 --------- dc----w c:\documents and settings\All Users\Application Data\avg8
2008-12-07 02:35 --------- d-----w c:\program files\AVG
2008-12-07 00:33 --------- dc----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2007-11-24 18:24 724,984 ----a-w c:\documents and settings\Karen\gotomypc_437.exe
2007-04-13 20:25 722,176 ----a-w c:\documents and settings\Karen\gotomypc_428.exe
2006-12-05 18:58 4,096 -csha-w c:\program files\Thumbs.db
2006-12-03 21:35 563,712 ----a-w c:\documents and settings\Karen\gotomypc_370.exe
2006-06-13 15:26 560 -c--a-w c:\documents and settings\Karen\PCDOC.BAT
2006-05-14 23:14 105,312 -c--a-w c:\documents and settings\Karen\Application Data\GDIPFONTCACHEV1.DAT
2006-05-10 23:46 563,712 -c--a-w c:\documents and settings\Karen\370_gotomypc.exe
2004-12-04 16:30 462,919 -c--a-w c:\documents and settings\Karen\gotomypc.exe
2004-07-03 09:09 1,080,320 -c--a-w c:\documents and settings\Karen\Souls.exe
2004-05-22 16:39 162,304 -c--a-w c:\documents and settings\Karen\SRNet.dll
2006-01-28 12:28 56 -csh--r c:\windows\system32\345DF350AE.sys
2006-01-28 12:28 3,766 -csha-w c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-01-19 4670968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [2004-12-14 263824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= ctwdm32.dll
"MSVideo"= CxCap.drv
"VIDC.JPGL"= jpgl.dll
"VIDC.SK52"= Pdv30x.dll
"VIDC.SK54"= Pdv30x.dll
"VIDC.VVC1"= VVC1.DLL
"msvideo3"= STVqx3tg.dll
"vidc.YV12"= vvlcodec.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Corel Registration.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Corel Registration.lnk
backup=c:\windows\pss\Corel Registration.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CorelCENTRAL 9.LNK]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\CorelCENTRAL 9.LNK
backup=c:\windows\pss\CorelCENTRAL 9.LNKCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CorelCENTRAL Alarms.LNK]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\CorelCENTRAL Alarms.LNK
backup=c:\windows\pss\CorelCENTRAL Alarms.LNKCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Application Director 9.LNK]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Desktop Application Director 9.LNK
backup=c:\windows\pss\Desktop Application Director 9.LNKCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk
backup=c:\windows\pss\MyWebSearch Email Plugin.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^South Park Desktop Friends.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\South Park Desktop Friends.lnk
backup=c:\windows\pss\South Park Desktop Friends.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Karen^Start Menu^Programs^Startup^BitTorrent.lnk]
path=c:\documents and settings\Karen\Start Menu\Programs\Startup\BitTorrent.lnk
backup=c:\windows\pss\BitTorrent.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Karen^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
path=c:\documents and settings\Karen\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk
backup=c:\windows\pss\MyWebSearch Email Plugin.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Karen^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
path=c:\documents and settings\Karen\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
backup=c:\windows\pss\PowerReg Scheduler V3.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Karen^Start Menu^Programs^Startup^ShortKeys Lite.lnk]
path=c:\documents and settings\Karen\Start Menu\Programs\Startup\ShortKeys Lite.lnk
backup=c:\windows\pss\ShortKeys Lite.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Karen^Start Menu^Programs^Startup^VP-EYE.lnk]
path=c:\documents and settings\Karen\Start Menu\Programs\Startup\VP-EYE.lnk
backup=c:\windows\pss\VP-EYE.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gsosjbi]
c:\program files\Common Files\?racle\w?nlogon.exe [?]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
???? [?]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
???? [?]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 21:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 20:42 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera]
--a------ 2005-12-06 13:08 20480 c:\windows\FixCamera.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-11-15 13:11 267048 c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
--a------ 2007-03-21 06:05 67128 c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaLifeService]
--------- 2005-05-12 21:23 110739 c:\program files\Logitech\MediaLife\MediaLifeService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mirabilis ICQ]
--a------ 2003-10-14 13:06 38984 c:\progra~1\ICQ\ICQNet.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--a------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDRealtime]
--a--c--- 2003-03-15 22:46 168448 c:\windows\realtime.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-11-14 23:43 286720 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp2std]
--a------ 2006-09-15 14:21 675840 c:\windows\vsnp2std.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnp2std]
--a------ 2005-11-24 17:01 106496 c:\windows\tsnp2std.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-01-19 12:49 4670968 c:\program files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
--a------ 2003-03-04 08:50 19968 c:\windows\LOGI_MWX.EXE
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ\\Icq.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\Yserver.exe"= c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\ICQLite\\ICQLite.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4020:TCP"= 4020:TCP:127.0.0.1.
"4020:UDP"= 4020:UDP:127.0.0.1.
"67:UDP"= 67:UDP:DHCP Discovery Service
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)
R0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\drivers\tffsport.sys [2006-06-29 149376]
R1 hwinterface;hwinterface;c:\windows\system32\drivers\hwinterface.sys [2006-06-14 3026]
R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-06 231704]
R4 DLPORTIO;DLPORTIO;c:\windows\DLPORTIO.sys [2007-09-13 3584]
S3 DCamUSBNW800;D-Link CIF Webcam;c:\windows\system32\drivers\pcam800.sys [2004-09-11 210792]
S3 STVqx3;Intel Play QX3 Microscope;c:\windows\system32\drivers\STVqx3.SYS [2006-03-01 131776]
.
Contents of the 'Scheduled Tasks' folder
2009-01-24 c:\windows\Tasks\9406B6C39551419B.job
- c:\docume~1\karen\applic~1\thisus~1\Title Tick Eq.exe []
2009-01-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
2009-01-24 c:\windows\Tasks\MalwareRemovalBot Scheduled Scan.job
- c:\program files\MalwareRemovalBot\MalwareRemovalBot.exe []
2009-01-24 c:\windows\Tasks\MalwareRemovalBot Scheduled Scan.job
- c:\program files\MalwareRemovalBot []
2009-01-24 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-12-14 12:24]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-MalwareRemovalBot - c:\program files\MalwareRemovalBot\MalwareRemovalBot.exe
MSConfigStartUp-about list - c:\docume~1\Karen\APPLIC~1\THISUS~1\oozeaxis.exe
MSConfigStartUp-AIM - c:\program files\AIM\aim.exe
MSConfigStartUp-BitTorrent - c:\program files\BitTorrent\bittorrent.exe
MSConfigStartUp-defender - c:\\dfndrdd_6.exe
MSConfigStartUp-GameSpot - c:\program files\Kontiki\bin\kontiki.exe
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-MessengerPlus2 - c:\documents and settings\Karen\Desktop\Jonathans Folder\MsgPlus.exe
MSConfigStartUp-Microsoft Tray - c:\my shared folder\grand theft auto vice city setup launcher.exe
MSConfigStartUp-mmtask - c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe
MSConfigStartUp-MMTray - c:\progra~1\MUSICM~1\MUSICM~2\mm_tray.exe
MSConfigStartUp-ms035853735-46 - c:\windows\ms035853735-46.exe
MSConfigStartUp-ms0553735-4658 - c:\windows\ms0553735-4658.exe
MSConfigStartUp-MsnMsgr - c:\program files\MSN Messenger\msnmsgr.exe
MSConfigStartUp-NAV Agent - c:\progra~1\NORTON~1\NORTON~1\navapw32.exe
MSConfigStartUp-New - c:\progra~1\NEWDOT~1\NEWDOT~1.DLL
MSConfigStartUp-nmapp - c:\program files\Pure Networks\Network Magic\nmapp.exe
MSConfigStartUp-NvCplDaemon - c:\windows\System32\NvCpl.dll
MSConfigStartUp-outlook - c:\program files\outlook\outlook.exe
MSConfigStartUp-PopupJammer - c:\program files\Advanced Searchbar\jammer.exe
MSConfigStartUp-qrgli - c:\docume~1\Karen\APPLIC~1\dfooalyq.exe
MSConfigStartUp-Skype - c:\program files\Skype\Phone\Skype.exe
MSConfigStartUp-Spyware Doctor - c:\program files\Spyware Doctor\swdoctor.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.5.0_11\bin\jusched.exe
MSConfigStartUp-SurfSideKick 3 - c:\program files\SurfSideKick 3\Ssk.exe
MSConfigStartUp-TaskReg - c:\documents and settings\Karen\Desktop\Jonathans Folder\Dragon Ball Z Game (1).exe
MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
MSConfigStartUp-VideoraXbox360Converter - c:\documents and settings\Karen\Desktop\Jonathan's Folder\Music Files\VideoraXbox360Converter\VideoraXbox360Converter.exe
MSConfigStartUp-win3207735-465853 - c:\windows\win3207735-465853.exe
MSConfigStartUp-win320835-4658537 - c:\windows\win320835-4658537.exe
MSConfigStartUp-Zero Knowledge Freedom - c:\program files\Zero Knowledge\Freedom\Freedom.exe
MSConfigStartUp-Logitech Hardware Abstraction Layer - KHALMNPR.EXE
MSConfigStartUp-nwiz - nwiz.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.tsn.ca/nhl/
uDefault_Search_Url =
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
Trusted Zone: aol.com\free
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-24 11:06:13
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSSdk21]
"ImagePath"="\??\c:\windows\system32\Drivers\HNPsSdk.drv"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE
c:\windows\system32\devldr32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-01-24 11:13:56 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-24 14:43:52
Pre-Run: 10,944,761,856 bytes free
Post-Run: 10,892,746,752 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
314 --- E O F --- 2009-01-14 07:17:20
AND HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:17:18 AM, on 1/24/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tsn.ca/nhl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/...031/CTSUEng.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
--
End of file - 6804 bytes