Jump to content

Notepad Files as Stated in Request


Recommended Posts

Ok,

As requested. I am still having problems and here are the note pad C & P.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 4:31:44 PM, on 1/21/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\devldr32.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tsn.ca/nhl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O4 - HKLM\..\Run: [msnsyslog] C:\WINDOWS\msnlogm.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MalwareRemovalBot] C:\Program Files\MalwareRemovalBot\MalwareRemovalBot.exe -boot

O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm

O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O15 - Trusted Zone: http://www.tropicalglen.com

O16 - DPF: {00000000-0000-0000-0000-000020050660} - http://207.234.185.217/ABoxInst_int15.exe

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/...031/CTSUEng.cab

O16 - DPF: {666006C6-C743-11D5-BA02-00C04F2EFC0F} - https://portal.abitibiconsolidated.com/Port...ca32/icaweb.cab

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: Applets - C:\WINDOWS\system32\wwpns.dll (file missing)

O20 - Winlogon Notify: OptimalLayout - C:\WINDOWS\system32\nv0029dmg.dll (file missing)

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe

O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)

O24 - Desktop Component 0: (no name) - http://www.ski-doo.com/NR/rdonlyres/7037FA..._thumbnails.jpg

--

End of file - 9301 bytes

AND

Avira AntiVir Personal

Report file date: Wednesday, January 21, 2009 12:23

Scanning for 1244138 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 3) [5.1.2600]

Boot mode: Normally booted

Username: SYSTEM

Computer name: HOME

Version information:

BUILD.DAT : 8.2.0.337 16934 Bytes 11/18/2008 13:05:00

AVSCAN.EXE : 8.1.4.10 315649 Bytes 11/18/2008 12:51:26

AVSCAN.DLL : 8.1.4.0 40705 Bytes 5/26/2008 12:26:40

LUKE.DLL : 8.1.4.5 164097 Bytes 6/12/2008 17:14:19

LUKERES.DLL : 8.1.4.0 12033 Bytes 5/26/2008 12:28:52

ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 16:00:36

ANTIVIR1.VDF : 7.1.1.113 2817536 Bytes 1/14/2009 15:51:02

ANTIVIR2.VDF : 7.1.1.148 440832 Bytes 1/20/2009 15:51:06

ANTIVIR3.VDF : 7.1.1.159 140288 Bytes 1/21/2009 15:51:09

Engineversion : 8.2.0.57

AEVDF.DLL : 8.1.0.6 102772 Bytes 10/14/2008 14:35:56

AESCRIPT.DLL : 8.1.1.26 340347 Bytes 1/21/2009 15:51:26

AESCN.DLL : 8.1.1.5 123251 Bytes 11/7/2008 19:36:41

AERDL.DLL : 8.1.1.3 438645 Bytes 11/4/2008 18:28:38

AEPACK.DLL : 8.1.3.5 393588 Bytes 1/21/2009 15:51:24

AEOFFICE.DLL : 8.1.0.33 196987 Bytes 1/21/2009 15:51:21

AEHEUR.DLL : 8.1.0.84 1540471 Bytes 1/21/2009 15:51:19

AEHELP.DLL : 8.1.2.0 119159 Bytes 1/21/2009 15:51:14

AEGEN.DLL : 8.1.1.10 323957 Bytes 1/21/2009 15:51:13

AEEMU.DLL : 8.1.0.9 393588 Bytes 10/14/2008 14:35:56

AECORE.DLL : 8.1.5.2 172405 Bytes 1/21/2009 15:51:11

AEBB.DLL : 8.1.0.3 53618 Bytes 10/14/2008 14:35:56

AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/9/2008 13:10:05

AVPREF.DLL : 8.0.2.0 38657 Bytes 5/16/2008 13:58:01

AVREP.DLL : 8.0.0.2 98344 Bytes 7/31/2008 16:32:15

AVREG.DLL : 8.0.0.1 33537 Bytes 5/9/2008 15:56:40

AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 12:59:23

AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 6/12/2008 16:57:49

SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/22/2008 21:58:02

SMTPLIB.DLL : 1.2.0.23 28929 Bytes 6/12/2008 17:19:40

NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 16:35:10

RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 6/12/2008 18:18:07

RCTEXT.DLL : 8.0.52.0 86273 Bytes 6/27/2008 18:04:37

Configuration settings for the scan:

Jobname..........................: Complete system scan

Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: on

Scan boot sector.................: on

Boot sectors.....................: C:,

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: off

Scan all files...................: Intelligent file selection

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Macro heuristic..................: on

File heuristic...................: medium

Start of the scan: Wednesday, January 21, 2009 12:23

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned

Scan process 'iexplore.exe' - '1' Module(s) have been scanned

Scan process 'devldr32.exe' - '1' Module(s) have been scanned

Scan process 'ctfmon.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'alg.exe' - '1' Module(s) have been scanned

Scan process 'nmsrvc.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'MDM.EXE' - '1' Module(s) have been scanned

Scan process 'avgwdsvc.exe' - '1' Module(s) have been scanned

Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

26 processes with 26 modules were scanned

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Starting to scan the registry.

The registry was scanned ( '64' files ).

Starting the file scan:

Begin scan in 'C:\' <Local Disk>

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\Documents and Settings\All Users\Application Data\BeInSync Settings\Temp\jeepersdx2_1_2_020.zip

[0] Archive type: ZIP

--> jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was deleted!

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP0.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was deleted!

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP0.htm

[DETECTION] Contains recognition pattern of the EXP/HTML.Mht.2.1 exploit

[NOTE] The file was moved to '49a748a1.qua'!

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP1.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '49a848a2.qua'!

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP10.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '49a848a4.qua'!

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP11.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '49a848a6.qua'!

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP12.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '49a848a8.qua'!

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP13.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '49a848ac.qua'!

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP14.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '49a848ad.qua'!

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP15.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '49a848af.qua'!

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP16.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '49a848b0.qua'!

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP17.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '49a848b5.qua'!

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP18.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '49a848ba.qua'!

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP19.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '49a848bd.qua'!

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP2.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '49a948c0.qua'!

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP20.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '49a948c1.qua'!

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP21.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '49a948c4.qua'!

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP22.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '49a948c8.qua'!

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP23.exe

[DETECTION] Contains recognition pattern of the WORM/Krepper.C worm

[NOTE] The file was moved to '49a948cf.qua'!

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP28.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '49a948d1.qua'!

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP29.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '49a948d6.qua'!

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP3.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '49aa48d8.qua'!

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP30.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '49aa48dc.qua'!

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP31.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '49aa48df.qua'!

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP4.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '49ab48e1.qua'!

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP5.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '49ac48e6.qua'!

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP6.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '49ad48e9.qua'!

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP7.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '49ae48ec.qua'!

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP8.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '49af48ef.qua'!

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP9.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '49b048f1.qua'!

C:\Documents and Settings\Karen\Desktop\Dads Pics\setupxv.exe

[DETECTION] Contains recognition pattern of the DR/FakeAlert.QV dropper

[NOTE] The file was moved to '49eb4ac3.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Downloaded ZIP FILES\at128megav1[1].1a.zip

[0] Archive type: ZIP

--> jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

--> jeepersdx2_1_2_020.zip

[1] Archive type: ZIP

--> jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49a84ae9.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Downloaded ZIP FILES\beavis_v08.zip

[0] Archive type: ZIP

--> jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49d84ada.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Downloaded ZIP FILES\chatternut_9.zip

[0] Archive type: ZIP

--> jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49d84add.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Downloaded ZIP FILES\jeepersdx2_1_2_020.zip

[0] Archive type: ZIP

--> jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49dc4ade.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Downloaded ZIP FILES\juggalo[1].xs.atmega.fix.bev.zip

[0] Archive type: ZIP

--> Juggalo_X's atmega fix (15.08.04)/6000 receiver fix/jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

--> Juggalo_X's atmega fix (15.08.04)/All other receivers fix/jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49de4af0.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Downloaded ZIP FILES\juggalo[1].xs.atmega.fix.v2.2.zip

[0] Archive type: ZIP

--> Juggalo.Xs.atmega.fix.V2.1/Juggalo.Xs.atmega.fix.V2.1/Juggalo.Xs.atmega.fix.V2.1/Juggalo.Xs.atmega.fix.BEV/Juggalo_X's atmega fix (15.08.04)/6000 receiver fix/jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

--> Juggalo.Xs.atmega.fix.V2.1/Juggalo.Xs.atmega.fix.V2.1/Juggalo.Xs.atmega.fix.V2.1/Juggalo.Xs.atmega.fix.BEV/Juggalo_X's atmega fix (15.08.04)/All other receivers fix/jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49de4af1.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Downloaded ZIP FILES\juggalo_xs[1].atmega.fix.zip

[0] Archive type: ZIP

--> Juggalo_X's atmega fix (15.08.04)/jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '485a4072.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Jeepers\angelvision v1[1].0.zip

[0] Archive type: ZIP

--> jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49de4af3.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Jeepers\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49bc4acc.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Jeepers\All other receivers fix\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49bc4ace.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Jeepers\AtMega -Anti- Freeze@100kb\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '483958ef.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Jeepers\BEV ATMEGA FIX FOR JEEPERS\jeepers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49dc4aef.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Jeepers\BEV-Atmega-128-Tiers-Fix-And-Keys-Of-2007-04-12\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49bc4ad0.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Jeepers\freeway2.0 S1\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49bc4ad1.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Jeepers\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.BEV\Juggalo_X's atmega fix (15.08.04)\6000 receiver fix\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '48367662.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Jeepers\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.BEV\Juggalo_X's atmega fix (15.08.04)\All other receivers fix\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49bc4ad2.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Jeepers\Juggalo_X's atmega fix (15.08.04)\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '483958f3.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Jeepers\Juggalo_X's atmega fix (15.08.04)\6000 receiver fix\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49bc4ad3.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Jeepers\Juggalo_X's atmega fix (15.08.04)\All other receivers fix\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '483a5314.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Jeepers\JUGGTEST\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.BEV\Juggalo_X's atmega fix (15.08.04)\6000 receiver fix\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '48370f04.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Jeepers\JUGGTEST\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.BEV\Juggalo_X's atmega fix (15.08.04)\All other receivers fix\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49bc4ad4.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Jeepers\Juggtest2\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.BEV\Juggalo_X's atmega fix (15.08.04)\6000 receiver fix\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '48370f05.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Jeepers\Juggtest2\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.BEV\Juggalo_X's atmega fix (15.08.04)\All other receivers fix\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49bc4ad6.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Jeepers\Juggtest2\Juggalo_X's atmega fix (15.08.04)\6000 receiver fix\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49bc4ad5.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Jeepers\Juggtest2\Juggalo_X's atmega fix (15.08.04)\All other receivers fix\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '483b6f06.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Jeepers\OriginalJuniorRoba\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '483958f7.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\Jeepers\SatJammin BV V5.1\SatJammin BV V5.1.zip

[0] Archive type: ZIP

--> jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49eb4af4.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\BEV Stuff\OriginalJuniorRoba\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49bc4adf.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\Bins\BEV Stuff\Jeepers\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49bc4ae3.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\Bins\BEV Stuff\Jeepers\jeepersdx2_1_2_020.zip

[0] Archive type: ZIP

--> jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49dc4b04.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\DISH N2\Atmega N2 Fixes\Atmega N2\Atmega N2.rar

[0] Archive type: RAR

--> Atmega N2\jeepers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49e44b1e.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\DISH N2\Atmega N2 Fixes\Atmega N2\jan 3 amega card fix.zip

[0] Archive type: ZIP

--> Jan 3 Amega card fix/jeepers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49e54b0c.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\DISH N2\Atmega N2 Fixes\Atmega N2\jeepers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49dc4b10.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\DISH N2\ATMEGA PROGRAM JUNE 06\CrackedAtmegaPrivateFix\cracked_atmega_load___home_private_fix_v1.rar

[0] Archive type: RAR

--> AtmegaCrack.exe

[DETECTION] Is the TR/Dropper.Gen Trojan

[NOTE] The file was moved to '49d84b21.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\DISH N2\ATMEGA PROGRAM JUNE 06\Cracked_Atmega_Load___Home_Private_Fix_v1\AtmegaCrack.exe

[DETECTION] Is the TR/Dropper.Gen Trojan

[NOTE] The file was moved to '49e44b25.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\DISH N2\BEV MOD\BEV N2\satvia no rsa all-in-1.zip

[0] Archive type: ZIP

--> SatVia No RSA ALL-IN-1/jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49eb4b14.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\DISH N2\BEV MOD\BEV N2\SatVia No RSA ALL-IN-1\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49bc4af9.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\DISH N2\BEV N2 ATMEGA SATVIA V5\SatVia ALL-IN-ONE V5\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '483a533a.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\DISH N2\Jeepers eeprom and hex\jeepers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49dc4b1b.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\DISH N2\Jeepers eeprom and hex\Atmega N2\Atmega N2.rar

[0] Archive type: RAR

--> Atmega N2\jeepers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49e44b2b.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\DISH N2\Jeepers eeprom and hex\Atmega N2\atmega n2.zip

[0] Archive type: ZIP

--> Atmega N2/Atmega N2.rar

[1] Archive type: RAR

--> Atmega N2\jeepers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

--> Atmega N2/jeepers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '486252ec.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\DISH N2\Jeepers eeprom and hex\Atmega N2\jeepers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49dc4b1d.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\DISH N2\Updated Files\attachment

[0] Archive type: ZIP

--> jeepers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49eb4b2e.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\DISH N2\Updated Files\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49bc4b00.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\DISH N2\Updated Files\satvia no rsa all-in-1c.zip

[0] Archive type: ZIP

--> SatVia No RSA ALL-IN-1c/jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49eb4b1d.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\DISH N2\Updated Files\Atmega N2\Atmega N2.rar

[0] Archive type: RAR

--> Atmega N2\jeepers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49e44b30.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\DISH N2\Updated Files\Atmega N2\jeepers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49dc4b22.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\DISH N2\Updated Files\Atmega N2\Jan 3 Amega card fix\jeepers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49dc4b23.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\DISH N2\Updated Files\misterfery hits back\jeepers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49dc4b24.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\DISH N2\Updated Files\SatVia No RSA ALL-IN-1\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49bc4b04.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\DISH N2\Updated Files\SatVia No RSA ALL-IN-1a\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49bc4b05.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\Jeepers\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49bc4b08.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\Jeepers\All other receivers fix\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49bc4b0e.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\Jeepers\April16-DN\JEEPERS.EXE

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '4839592f.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\Jeepers\atmega\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49bc4b10.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\Jeepers\EITS 2.0.2 DN Mega128\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '48395931.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\Jeepers\EITS 2.0.3 DN Mega128 PFG\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49bc4b11.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\Jeepers\EITS 229 DN May29\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '48395932.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\Jeepers\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.BEV\Juggalo_X's atmega fix (15.08.04)\6000 receiver fix\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49bc4b13.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\Jeepers\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.BEV\Juggalo_X's atmega fix (15.08.04)\All other receivers fix\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '483677a4.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\Jeepers\Juggalo_X's atmega fix (15.08.04)\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49bc4b14.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\Jeepers\Juggalo_X's atmega fix (15.08.04)\6000 receiver fix\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '482c08cd.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\Jeepers\Juggalo_X's atmega fix (15.08.04)\All other receivers fix\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49bc4b15.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\Jeepers\JUGGTEST\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.BEV\Juggalo_X's atmega fix (15.08.04)\6000 receiver fix\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '482924fe.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\Jeepers\JUGGTEST\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.BEV\Juggalo_X's atmega fix (15.08.04)\All other receivers fix\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49bc4b17.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\Jeepers\Juggtest2\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.BEV\Juggalo_X's atmega fix (15.08.04)\6000 receiver fix\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49bc4b16.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\Jeepers\Juggtest2\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.BEV\Juggalo_X's atmega fix (15.08.04)\All other receivers fix\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '482924ff.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\Jeepers\Juggtest2\Juggalo_X's atmega fix (15.08.04)\6000 receiver fix\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '482d04f0.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\Jeepers\Juggtest2\Juggalo_X's atmega fix (15.08.04)\All other receivers fix\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49bc4b19.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\Jeepers\NEW VIP ATMEGA AUTOROLL\SatMan_s_147kb_Redux_Including_6000_and_full_AutoRoll_now_with_Dynamic_time

_Zones.rar

[0] Archive type: RAR

--> jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49eb4b34.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\Jeepers\NEW VIP ATMEGA AUTOROLL\3m ver2.3\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '482c08c2.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\Jeepers\OriginalJuniorRoba\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49bc4b1a.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\Jeepers\SatJammin_DN_V7.1C_For_WCU_support\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49bc4b1f.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\Dish Network\Jeepers\SatMan's 3m 5.6m @ 98KB's 100+kb Reduction B\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49bc4b20.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\Dish phoenix 2.1.4 for jeepers by sathaks\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49bc4b2b.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\No Rsa For Dummies\SatVia ALL-IN-ONE V5\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49bc4b2d.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\ROM 102\ROM 102\WINEXPLORER 5.0\WinExplorer.exe

[DETECTION] Is the TR/Agent.1249280.C Trojan

[NOTE] The file was moved to '49e54b6d.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\ROM 102\ZIP FILES ROM102\winexplorer5.zip

[0] Archive type: ZIP

--> WinExplorer.exe

[DETECTION] Is the TR/Agent.1249280.C Trojan

[NOTE] The file was moved to '49e54b7d.qua'!

C:\Documents and Settings\Karen\Desktop\Downloads\SatJammin BV V5.1\SatJammin BV V5.1.zip

[0] Archive type: ZIP

--> jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49eb4b76.qua'!

C:\Documents and Settings\Karen\Local Settings\Temporary Internet Files\Content.IE5\VD4KULMJ\setupxv[1].exe

[DETECTION] Contains recognition pattern of the DR/FakeAlert.QV dropper

[NOTE] The file was moved to '49eb50d7.qua'!

C:\Documents and Settings\Karen\My Documents\My Received Files\MsgPlus.exe

[0] Archive type: RSRC

--> Object

[1] Archive type: ZIP

--> 70000011.exe

[DETECTION] Is the TR/Dldr.Swizzor.G.2 Trojan

[NOTE] The file was moved to '49de51aa.qua'!

C:\Program Files\Norton AntiVirus\Quarantine\48A8584C

[0] Archive type: HIDDEN

--> FIL\\\?\C:\Program Files\Norton AntiVirus\Quarantine\48A8584C

[DETECTION] Contains recognition pattern of the DIAL/302102 dialer

[NOTE] The file was moved to '49b8576a.qua'!

C:\Program Files\TClock\tclock.exe

[DETECTION] Is the TR/Tclock.A.3 Trojan

[NOTE] The file was moved to '49e357d1.qua'!

C:\Program Files\TClock\tclock_install.exe

[0] Archive type: NSIS

--> [unknownDir]/tclock.exe

[DETECTION] Is the TR/Tclock.A.3 Trojan

[DETECTION] Is the TR/Tclock.A.1 Trojan

[NOTE] The file was moved to '49e357d2.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002235.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '49a7584f.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002236.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '49a75850.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002237.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '482c45e9.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002238.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '49a75852.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002239.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '49a75851.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002240.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '482c45eb.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002241.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '49a75854.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002242.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '49a75853.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002243.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '482c45ed.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002244.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '49a75856.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002245.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '49a75855.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002246.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '482c45ef.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002247.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '49a75857.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002248.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '482c45e0.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002249.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '49a75858.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002250.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '49a75859.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002251.exe

[DETECTION] Contains recognition pattern of the WORM/Krepper.C worm

[NOTE] The file was moved to '49a7585a.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002252.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '482c45e3.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002253.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '49a7585b.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002254.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '49a7585c.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002255.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '49a7585d.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002256.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '482c45e6.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002257.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '49a7585e.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002258.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '49a7585f.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002259.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '482c45d8.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002260.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '49a75860.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002261.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '49a75861.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002262.exe

[DETECTION] Contains recognition pattern of the WORM/Alcra.B worm

[NOTE] The file was moved to '49a75862.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002263.exe

[DETECTION] Contains recognition pattern of the DR/FakeAlert.QV dropper

[NOTE] The file was moved to '482c45db.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002264.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49a75863.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002265.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49a75865.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002266.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '482c45de.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002267.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49a75866.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002268.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49a75867.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002269.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '482c45d0.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002270.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49a75869.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002271.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49a75868.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002272.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '482c45d1.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002273.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49a7586a.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002274.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '482c45d2.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002275.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49a7586b.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002276.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '482c45d4.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002277.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49a7586d.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002278.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '482c45d3.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002279.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49a7586c.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002280.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '482c45d5.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002281.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '482c45d6.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002282.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49a7586f.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002283.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49a7586e.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002284.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '482c45d7.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002285.exe

[DETECTION] Is the TR/Dropper.Gen Trojan

[NOTE] The file was moved to '482c45c8.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002286.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49a75871.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002287.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '482c45ca.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002288.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '482c45d9.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002289.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49a75864.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002290.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '482c45dd.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002291.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '482c45df.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002292.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49a75873.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002293.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '482c45cc.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002294.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49a75870.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002295.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '482c45c9.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002296.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49a75872.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002297.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49a75875.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002298.EXE

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '482c45ce.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002299.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49a75877.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002300.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '482c45cb.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002301.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49a75874.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002302.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '482c45cd.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002303.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '482c45c0.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002304.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49a75879.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002305.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '482c45c2.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002306.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49a75876.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002307.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '482c45cf.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002308.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '482c45e1.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002309.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49a7587b.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002310.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '482c45c4.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002311.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49a7587d.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002312.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '482c45e5.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002313.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '482c45e7.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002314.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49a75848.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002315.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '482c45c6.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002316.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49a7587f.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002317.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '482c4538.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002318.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49a75878.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002319.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '482c45c1.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002320.exe

[DETECTION] Is the TR/Agent.1249280.C Trojan

[NOTE] The file was moved to '49a7587a.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002321.exe

[DETECTION] Is the TR/Tclock.A.3 Trojan

[NOTE] The file was moved to '49a75881.qua'!

C:\System Volume Information\_restore{216519A2-BD89-4CF9-A0BA-BDFCD6B6EE50}\RP6\A0002322.exe

[0] Archive type: NSIS

--> [unknownDir]/tclock.exe

[DETECTION] Is the TR/Tclock.A.3 Trojan

[DETECTION] Is the TR/Tclock.A.1 Trojan

[NOTE] The file was moved to '482c453a.qua'!

C:\unzipped\juggalo[1].xs.atmega.fix.v2.2\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.BEV\Juggalo_X's atmega fix (15.08.04)\6000 receiver fix\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49bc5890.qua'!

C:\unzipped\juggalo[1].xs.atmega.fix.v2.2\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.V2.1\Juggalo.Xs.atmega.fix.BEV\Juggalo_X's atmega fix (15.08.04)\All other receivers fix\jEEPers.exe

[DETECTION] Contains recognition pattern of a probably damaged CC/Agent.EA sample

[NOTE] The file was moved to '49bc5891.qua'!

C:\WINDOWS\videoc.ocx

[DETECTION] Is the TR/DwnLdr.ARN Trojan

[NOTE] The file was moved to '49db58c7.qua'!

C:\WINDOWS\$NtUninstallKB810217$\admin.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB810217$\admin.exe

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB810217$\author.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB810217$\author.exe

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB810217$\cfgwiz.exe

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB810217$\fp4amsft.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB810217$\fp4anscp.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB810217$\fp4apws.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB810217$\fp4areg.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB810217$\fp4atxt.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB810217$\fp4autl.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB810217$\fp4avnb.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB810217$\fp4avss.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB810217$\fp4awebs.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB810217$\fp4awel.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB810217$\fpadmcgi.exe

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB810217$\fpadmdll.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB810217$\fpcount.exe

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB810217$\fpexedll.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB810217$\fpmmc.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB810217$\fpremadm.exe

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB810217$\fpsrvadm.exe

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB810217$\fpsrvwin.exe

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB810217$\shtml.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB810217$\shtml.exe

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB810217$\tcptest.exe

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB817778$\6to4svc.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB817778$\inetmib1.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB817778$\iphlpapi.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB817778$\ipv6.exe

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB817778$\ipv6mon.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB817778$\netoc.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB817778$\netsh.exe

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB817778$\tcpip6.sys

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB817778$\tunmp.sys

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB817778$\ws2_32.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB817778$\wship6.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB824105$\netbt.sys

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallQ322011$\fxsclnt.exe

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallQ329170$\srv.sys

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallQ329834$\raspptp.sys

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallQ810565$\migwiz.exe

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallQ810565$\pchshell.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallQ810577$\mrxsmb.sys

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallQ811493$\ntkrnlpa.exe

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallQ811493$\ntoskrnl.exe

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallQ814995$\acgenral.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallQ815485$\ndis.sys

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallQ815485$\ndisuio.sys

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallQ815485$\netshell.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallQ815485$\wzcdlg.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallQ817606$\srv.sys

[WARNING] The file could not be opened!

C:\WINDOWS\system32\in5b4s.dll

[DETECTION] Is the TR/Spy.241664 Trojan

[NOTE] The file was moved to '49ac5eb6.qua'!

End of the scan: Wednesday, January 21, 2009 14:18

Used time: 1:55:48 Hour(s)

The scan has been done completely.

8639 Scanning directories

304408 Files were scanned

213 viruses and/or unwanted programs were found

0 Files were classified as suspicious:

2 files were deleted

0 files were repaired

205 files were moved to quarantine

0 files were renamed

53 Files cannot be scanned

304142 Files not concerned

2647 Archives were scanned

53 Warnings

207 Notes

WHAT NEXT DOC?

Link to post
Share on other sites

Hi. ;)

Download Lop S&D < here

Double-click Lop S&D.exe

Choose the language, then choose Option 1 (Search)

Wait till the end of the scan

Post the log which is created: (%SystemDrive%\lopR.txt)

------------------------

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

Link to post
Share on other sites

Hi. ;)

Download Lop S&D < here

Double-click Lop S&D.exe

Choose the language, then choose Option 1 (Search)

Wait till the end of the scan

Post the log which is created: (%SystemDrive%\lopR.txt)

As requested:

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3

X86-based PC ( Uniprocessor Free : Intel Pentium III processor )

BIOS : Award Modular BIOS v4.51PG

USER : Karen ( Administrator )

BOOT : Normal boot

Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Activated)

A:\ (USB)

C:\ (Local Disk) - NTFS - Total:38 Go (Free:9 Go)

D:\ (CD or DVD)

E:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )

Option : [1] ( Wed 01/21/2009|17:56 )

--------------------\\ Listing folders in APPLIC~1

[06/09/2003|08:56] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Identities

[12/06/2008|10:30] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft

[08/02/2006|09:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> 1.0.0.0

[08/18/2008|06:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe

[05/20/2005|11:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe Systems

[11/19/2007|05:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple

[11/19/2007|05:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer

[09/11/2004|06:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> ArcSoft

[12/06/2008|11:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> avg8

[01/21/2009|12:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Avira

[09/01/2005|08:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Babylon

[03/21/2005|07:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> BeInSync Settings

[11/25/2006|07:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Borland

[10/07/2005|02:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InstallShield

[12/06/2008|09:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Kaspersky Lab Setup Files

[12/07/2003|09:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Kazaa

[05/16/2006|02:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Kodak

[05/01/2005|04:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Macromedia

[04/12/2005|04:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Macrovision

[01/19/2009|08:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes

[04/23/2008|07:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> MediaLife

[01/25/2007|09:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft

[09/16/2003|04:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> MSN6

[10/01/2005|07:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> pixelStorm

[06/20/2008|05:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Pure Networks

[06/04/2003|01:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> QuickTime

[02/05/2006|10:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SkillJam

[01/12/2009|10:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SkillRide

[03/28/2006|03:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spybot - Search & Destroy

[04/11/2005|04:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Symantec

[08/08/2007|10:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP

[09/29/2007|08:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Trymedia

[10/07/2003|09:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Ulead Systems

[03/29/2005|12:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Viewpoint

[08/08/2007|09:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WildTangent

[09/10/2005|01:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage

[01/04/2008|04:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WLInstaller

[03/08/2007|09:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> yahoo!

[03/08/2007|09:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Yahoo! Companion

[06/04/2003|10:04] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft

[10/02/2005|05:19] C:\DOCUME~1\Karen\APPLIC~1\<DIR> .bt2

[12/08/2008|09:51] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Adobe

[12/16/2003|12:47] C:\DOCUME~1\Karen\APPLIC~1\<DIR> AdobeUM

[03/28/2006|03:44] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Aim

[01/11/2006|03:53] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Apple Computer

[12/25/2003|08:38] C:\DOCUME~1\Karen\APPLIC~1\<DIR> ArcSoft

[12/06/2008|11:23] C:\DOCUME~1\Karen\APPLIC~1\<DIR> AVGTOOLBAR

[03/21/2005|08:10] C:\DOCUME~1\Karen\APPLIC~1\<DIR> BeInSync

[12/31/2006|02:51] C:\DOCUME~1\Karen\APPLIC~1\<DIR> BitTorrent

[08/24/2007|12:36] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Camfrog

[10/07/2005|02:11] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Corel

[12/27/2005|11:57] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Creative

[04/23/2008|07:59] C:\DOCUME~1\Karen\APPLIC~1\<DIR> CyberLink

[12/16/2003|09:22] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Freedom

[06/26/2006|07:16] C:\DOCUME~1\Karen\APPLIC~1\<DIR> GewfieNoofy

[11/19/2005|07:18] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Google

[11/28/2006|05:49] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Help

[01/12/2007|09:30] C:\DOCUME~1\Karen\APPLIC~1\<DIR> ICAClient

[03/08/2007|10:39] C:\DOCUME~1\Karen\APPLIC~1\<DIR> ICQ

[09/21/2004|05:14] C:\DOCUME~1\Karen\APPLIC~1\<DIR> ICQLite

[07/28/2003|02:41] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Identities

[11/01/2003|10:20] C:\DOCUME~1\Karen\APPLIC~1\<DIR> ieSpell

[06/26/2006|07:31] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Ilikebeans

[04/06/2005|11:47] C:\DOCUME~1\Karen\APPLIC~1\<DIR> IsolatedStorage

[12/07/2003|12:44] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Kazaa Lite

[03/28/2006|03:41] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Lavasoft

[05/01/2005|04:56] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Macromedia

[01/19/2009|08:51] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Malwarebytes

[01/19/2009|08:36] C:\DOCUME~1\Karen\APPLIC~1\<DIR> MalwareRemovalBot

[04/23/2008|07:57] C:\DOCUME~1\Karen\APPLIC~1\<DIR> MediaLife

[08/20/2008|05:56] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Microsoft

[01/14/2007|07:19] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Mozilla

[09/16/2003|04:03] C:\DOCUME~1\Karen\APPLIC~1\<DIR> MSN6

[10/10/2005|09:32] C:\DOCUME~1\Karen\APPLIC~1\<DIR> NetMedia Providers

[11/15/2005|08:04] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Opera

[04/28/2007|09:50] C:\DOCUME~1\Karen\APPLIC~1\<DIR> OTVREG

[10/21/2006|05:33] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Paltalk

[02/16/2006|02:28] C:\DOCUME~1\Karen\APPLIC~1\<DIR> PC Tools

[10/10/2005|09:32] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Publish Providers

[01/11/2007|09:17] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Real

[07/01/2005|10:10] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Registry Cleaner

[05/15/2006|02:08] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Rogers Yahoo! Messenger

[06/23/2004|03:54] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Shockwave.com

[12/16/2006|01:48] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Skype

[02/01/2004|01:06] C:\DOCUME~1\Karen\APPLIC~1\<DIR> SmartDraw

[03/23/2006|08:35] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Sonic Foundry

[11/28/2005|03:47] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Sony

[09/11/2004|12:49] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Sun

[06/20/2003|04:41] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Symantec

[10/14/2006|04:13] C:\DOCUME~1\Karen\APPLIC~1\<DIR> teamspeak2

[08/22/2003|03:46] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Ulead Systems

[08/24/2007|07:01] C:\DOCUME~1\Karen\APPLIC~1\<DIR> WildTangent

[03/09/2007|07:01] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Yahoo!

[08/11/2003|03:19] C:\DOCUME~1\Karen\APPLIC~1\<DIR> Yahoo! Messenger

[07/18/2006|03:45] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Macromedia

[12/06/2008|10:30] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft

[12/06/2008|10:30] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[01/21/2009 03:00 AM][--a------] C:\WINDOWS\tasks\MalwareRemovalBot Scheduled Scan.job

[01/20/2009 05:31 PM][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[01/21/2009 05:00 PM][--ah-----] C:\WINDOWS\tasks\9406B6C39551419B.job

[01/21/2009 04:39 PM][--a------] C:\WINDOWS\tasks\Symantec NetDetect.job

[01/20/2009 12:32 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT

[08/23/2001 08:30 AM][-rah-----] C:\WINDOWS\tasks\desktop.ini

( 9406B6C39551419B.job )=( c:\docume~1\karen\applic~1\thisus~1\TitleTickEq.exe )

--------------------\\ Listing Folders in C:\Program Files

[12/08/2008|09:51] C:\Program Files\<DIR> Adobe

[10/09/2005|08:16] C:\Program Files\<DIR> Ahead

[11/19/2007|05:57] C:\Program Files\<DIR> Apple Software Update

[09/11/2004|03:57] C:\Program Files\<DIR> ArcSoft

[10/29/2006|01:53] C:\Program Files\<DIR> Atmega Load At Home

[10/29/2006|10:14] C:\Program Files\<DIR> Audible

[12/06/2008|11:05] C:\Program Files\<DIR> AVG

[01/21/2009|12:19] C:\Program Files\<DIR> Avira

[10/02/2003|06:25] C:\Program Files\<DIR> Borland

[10/02/2005|05:23] C:\Program Files\<DIR> BT2Net

[11/29/2007|04:07] C:\Program Files\<DIR> Camfrog

[04/17/2008|08:38] C:\Program Files\<DIR> CCleaner

[07/16/2003|02:24] C:\Program Files\<DIR> cgi-bin

[02/12/2007|06:20] C:\Program Files\<DIR> Citrix

[06/20/2008|05:10] C:\Program Files\<DIR> Common Files

[04/18/2008|04:07] C:\Program Files\<DIR> Creative

[05/09/2006|11:28] C:\Program Files\<DIR> DIFX

[10/19/2003|01:58] C:\Program Files\<DIR> directx

[06/04/2003|01:22] C:\Program Files\<DIR> EuroTool

[08/09/2007|05:41] C:\Program Files\<DIR> FreshDevices

[07/03/2006|11:36] C:\Program Files\<DIR> ftapirate

[03/01/2004|09:06] C:\Program Files\<DIR> Garmin

[08/24/2007|08:28] C:\Program Files\<DIR> Google

[01/10/2009|01:05] C:\Program Files\<DIR> ICQ

[03/09/2007|12:39] C:\Program Files\<DIR> ICQLite

[03/25/2007|12:08] C:\Program Files\<DIR> InstallShield Installation Information

[12/11/2008|03:20] C:\Program Files\<DIR> Internet Explorer

[11/19/2007|06:01] C:\Program Files\<DIR> iPod

[11/19/2007|06:01] C:\Program Files\<DIR> iTunes

[03/17/2007|06:43] C:\Program Files\<DIR> Java

[01/20/2009|12:30] C:\Program Files\<DIR> Kaspersky Lab

[05/16/2006|02:12] C:\Program Files\<DIR> KODAK

[05/15/2006|04:43] C:\Program Files\<DIR> LimeWire

[01/24/2008|12:48] C:\Program Files\<DIR> Loader

[01/11/2007|09:01] C:\Program Files\<DIR> Logitech

[02/16/2007|06:57] C:\Program Files\<DIR> Macromedia

[03/22/2006|06:18] C:\Program Files\<DIR> Magellan

[07/22/2008|08:47] C:\Program Files\<DIR> Magnifier 2.4

[01/19/2009|08:51] C:\Program Files\<DIR> Malwarebytes' Anti-Malware

[12/03/2008|03:02] C:\Program Files\<DIR> Messenger

[06/04/2003|11:49] C:\Program Files\<DIR> Microsoft ActiveSync

[05/10/2007|05:13] C:\Program Files\<DIR> Microsoft CAPICOM 2.1.0.2

[06/04/2003|10:06] C:\Program Files\<DIR> microsoft frontpage

[10/15/2006|10:28] C:\Program Files\<DIR> Microsoft Office

[06/04/2003|11:46] C:\Program Files\<DIR> Microsoft Visual Studio

[08/16/2003|09:11] C:\Program Files\<DIR> Microsoft Windows Script

[10/18/2006|02:10] C:\Program Files\<DIR> Microsoft Works

[10/12/2006|09:01] C:\Program Files\<DIR> Microsoft.NET

[12/02/2008|01:10] C:\Program Files\<DIR> Movie Maker

[02/22/2007|05:41] C:\Program Files\<DIR> Mozilla Firefox

[12/02/2008|01:10] C:\Program Files\<DIR> msn

[07/19/2006|02:35] C:\Program Files\<DIR> MSN Gaming Zone

[09/08/2007|02:27] C:\Program Files\<DIR> MSXML 4.0

[12/02/2008|01:03] C:\Program Files\<DIR> NetMeeting

[07/17/2005|09:12] C:\Program Files\<DIR> neXBC

[02/13/2007|05:33] C:\Program Files\<DIR> Nortel Networks

[03/22/2005|09:28] C:\Program Files\<DIR> Norton AntiVirus

[04/07/2005|04:20] C:\Program Files\<DIR> Norton SystemWorks

[10/27/2004|11:44] C:\Program Files\<DIR> OfficeUpdate11

[06/04/2003|10:03] C:\Program Files\<DIR> Online Services

[08/08/2007|10:02] C:\Program Files\<DIR> Online TV Player 3

[09/01/2006|10:40] C:\Program Files\<DIR> outlook

[12/02/2008|01:03] C:\Program Files\<DIR> Outlook Express

[01/19/2009|11:08] C:\Program Files\<DIR> Phoenix Installer

[06/08/2007|05:47] C:\Program Files\<DIR> Project64 1.6

[03/01/2005|05:05] C:\Program Files\<DIR> Project64 v1.5

[06/20/2008|05:09] C:\Program Files\<DIR> Pure Networks

[11/19/2007|06:00] C:\Program Files\<DIR> QuickTime

[03/28/2006|03:54] C:\Program Files\<DIR> Spybot - Search & Destroy

[08/08/2007|10:09] C:\Program Files\<DIR> Symantec

[04/07/2005|05:39] C:\Program Files\<DIR> SymNetDrv

[01/21/2009|01:42] C:\Program Files\<DIR> TClock

[09/08/2007|07:58] C:\Program Files\<DIR> Tierra

[03/08/2007|06:40] C:\Program Files\<DIR> Total Video Converter

[01/21/2009|04:31] C:\Program Files\<DIR> Trend Micro

[07/10/2004|12:30] C:\Program Files\<DIR> Uninstall Information

[08/08/2007|09:50] C:\Program Files\<DIR> WildGames

[01/04/2008|04:20] C:\Program Files\<DIR> Windows Live

[01/09/2009|11:55] C:\Program Files\<DIR> Windows Media Connect 2

[01/10/2009|02:05] C:\Program Files\<DIR> Windows Media Player

[12/02/2008|01:03] C:\Program Files\<DIR> Windows NT

[07/19/2006|07:57] C:\Program Files\<DIR> WindowsUpdate

[09/18/2006|09:54] C:\Program Files\<DIR> WinRAR

[08/18/2004|11:42] C:\Program Files\<DIR> WinZip

[06/04/2003|10:06] C:\Program Files\<DIR> xerox

[03/08/2007|09:29] C:\Program Files\<DIR> Yahoo!

--------------------\\ Listing Folders in C:\Program Files\Common Files

[08/30/2006|06:28] C:\Program Files\Common Files\<DIR> {E43BA2D9-0257-1033-0822-000430020001}

[08/18/2008|06:05] C:\Program Files\Common Files\<DIR> Adobe

[05/20/2005|11:40] C:\Program Files\Common Files\<DIR> Adobe Systems Shared

[10/08/2005|09:04] C:\Program Files\Common Files\<DIR> Ahead

[03/19/2007|06:33] C:\Program Files\Common Files\<DIR> AnswerWorks 4.0

[11/19/2007|05:56] C:\Program Files\Common Files\<DIR> Apple

[06/04/2003|11:46] C:\Program Files\Common Files\<DIR> Designer

[10/07/2005|02:03] C:\Program Files\Common Files\<DIR> InstallShield

[01/02/2007|12:28] C:\Program Files\Common Files\<DIR> Intuit

[03/17/2007|06:38] C:\Program Files\Common Files\<DIR> Java

[04/01/2005|10:11] C:\Program Files\Common Files\<DIR> KODAK

[06/04/2003|11:31] C:\Program Files\Common Files\<DIR> L&H

[01/11/2007|08:58] C:\Program Files\Common Files\<DIR> Logitech

[05/01/2005|04:49] C:\Program Files\Common Files\<DIR> Macromedia

[05/01/2005|04:51] C:\Program Files\Common Files\<DIR> Macromedia Shared

[12/06/2008|11:05] C:\Program Files\Common Files\<DIR> Microsoft Shared

[06/04/2003|10:01] C:\Program Files\Common Files\<DIR> MSSoap

[06/04/2003|07:21] C:\Program Files\Common Files\<DIR> ODBC

[07/18/2006|10:42] C:\Program Files\Common Files\<DIR> okuw

[06/20/2008|05:10] C:\Program Files\Common Files\<DIR> Pure Networks Shared

[01/11/2007|09:17] C:\Program Files\Common Files\<DIR> Real

[06/04/2003|10:01] C:\Program Files\Common Files\<DIR> Services

[12/29/2006|12:51] C:\Program Files\Common Files\<DIR> snp2std

[06/04/2003|07:20] C:\Program Files\Common Files\<DIR> SpeechEngines

[04/27/2006|03:02] C:\Program Files\Common Files\<DIR> SWF Studio

[08/08/2007|10:09] C:\Program Files\Common Files\<DIR> Symantec Shared

[12/02/2008|01:03] C:\Program Files\Common Files\<DIR> System

[12/05/2004|01:39] C:\Program Files\Common Files\<DIR> VocalTec

[01/04/2008|04:19] C:\Program Files\Common Files\<DIR> WindowsLiveInstaller

[07/18/2006|01:07] C:\Program Files\Common Files\<DIR> ?racle

--------------------\\ Process

( 24 Processes )

iexplore.exe ~ [PID:1356]

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

C:\DOCUME~1\Karen\Cookies\karen@adultfriendfinder[2].txt

C:\DOCUME~1\Karen\Cookies\karen@advertising[1].txt

C:\DOCUME~1\Karen\Cookies\karen@adopt.euroclick[1].txt

C:\WINDOWS\Tasks\9406B6C39551419B.job

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN

--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-21 17:59:45

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden files ...

C:\WINDOWS\System32\shelldata\cfg\8\(6)Burton(6) : MSN - Hockey Zman11.dat 401 bytes hidden from API

C:\WINDOWS\System32\shelldata\cfg\8\(8) The more than new reality, closer to the heart (8) : MSN - Hockey Zman11.dat 11 bytes hidden from API

C:\WINDOWS\System32\shelldata\cfg\8\- Lyrics are for poets, this is censoredin Rock 'n Roll : MSN - Hockey Zman11.dat 267 bytes hidden from API

C:\WINDOWS\System32\shelldata\cfg\8\kerri_ann23@hotmail.com : MSN - Hockey Zman11.dat 916 bytes hidden from API

C:\WINDOWS\System32\shelldata\cfg\8\kerri_ann_boone@hotmail.com : MSN - Hockey Zman11.dat 25 bytes hidden from API

C:\WINDOWS\System32\shelldata\cfg\8\KewlDude1031 : AIM - HockeyZman11.dat 1516 bytes hidden from API

C:\WINDOWS\System32\shelldata\cfg\8\killermonkey2k3 : AIM - HockeyZman11.dat 5118 bytes hidden from API

C:\WINDOWS\System32\shelldata\cfg\8\kylep008 : AIM - HockeyZman11.dat 3498 bytes hidden from API

C:\WINDOWS\System32\shelldata\cfg\8\rangerfanalex : AIM - HockeyZman11.dat 1005 bytes hidden from API

C:\WINDOWS\System32\shelldata\cfg\8\RETRIBUTION 2 : AIM - HockeyZman11.dat 1195 bytes hidden from API

C:\WINDOWS\System32\shelldata\cfg\8\Rick : MSN - Hockey Zman11.dat 1896 bytes hidden from API

C:\WINDOWS\System32\shelldata\cfg\8\rpittman20 : AIM - HockeyZman11.dat 267 bytes hidden from API

C:\WINDOWS\System32\shelldata\cfg\8\funmaster123@hotmail.com : MSN - Hockey Zman11.dat 114 bytes hidden from API

C:\WINDOWS\System32\shelldata\cfg\8\Gamertag KUJO : AIM - HockeyZman11.dat 2101 bytes hidden from API

C:\WINDOWS\System32\shelldata\cfg\8\Geoff_Barrow_7 : MSN - Hockey Zman11.dat 432 bytes hidden from API

C:\WINDOWS\System32\shelldata\cfg\8\girl__power33@hotmail.com : MSN - Hockey Zman11.dat 45 bytes hidden from API

C:\WINDOWS\System32\shelldata\cfg\8\FSCWIDEOUT : AIM - Hockey Zman11.dat 458 bytes hidden from API

C:\WINDOWS\System32\shelldata\cfg\8\FSCWIDEOUT : AIM - HockeyZman11.dat 16900 bytes hidden from API

C:\WINDOWS\System32\shelldata\cfg\8\Hamma Head77 : AIM - HockeyZman11.dat 1699 bytes hidden from API

C:\WINDOWS\System32\shelldata\cfg\8\tsullivan@roadrunner.nf.net : MSN - Hockey Zman11.dat 99 bytes hidden from API

C:\WINDOWS\System32\shelldata\cfg\8\brokenpost31 : AIM - HockeyZman11.dat 286 bytes hidden from API

C:\WINDOWS\System32\shelldata\cfg\8\bsmums311 : AIM - HockeyZman11.dat 3784 bytes hidden from API

C:\WINDOWS\System32\shelldata\cfg\8\SHathaway : MSN - Hockey Zman11.dat 2203 bytes hidden from API

C:\WINDOWS\System32\shelldata\cfg\8\hezclancey@hotmail.com : MSN - Hockey Zman11.dat 2703 bytes hidden from API

C:\WINDOWS\System32\shelldata\cfg\8\Hockey@GolfRocks_Barrow_7 : MSN - Hockey Zman11.dat 2858 bytes hidden from API

C:\WINDOWS\System32\shelldata\cfg\8\HockeyZman11 : AIM - HockeyZman11.dat 251 bytes hidden from API

C:\WINDOWS\System32\shelldata\cfg\8\hotdog700 : AIM - HockeyZman11.dat 10560 bytes hidden from API

C:\WINDOWS\System32\shelldata\cfg\8\striker3771 : AIM - HockeyZman11.dat 2018 bytes hidden from API

C:\WINDOWS\System32\shelldata\cfg\8\StumbleBum7 2K3 : AIM - HockeyZman11.dat 5811 bytes hidden from API

C:\WINDOWS\System32\shelldata\cfg\8\SwVoDoo : AIM - HockeyZman11.dat 3558 bytes hidden from API

C:\WINDOWS\System32\shelldata\cfg\8\tabithaeagles817@hotmail.com : MSN - Hockey Zman11.dat 324 bytes hidden from API

C:\WINDOWS\System32\shelldata\cfg\8\DisRaeger : AIM - HockeyZman11.dat 4374 bytes hidden from API

C:\WINDOWS\System32\shelldata\cfg\8\zapmen_07@hotmail.com : MSN - Hockey Zman11.dat 245 bytes hidden from API

C:\WINDOWS\System32\shelldata\cfg\8\                                     

Link to post
Share on other sites

  • Root Admin

We're sorry but since you have evidence of cracked or pirated software you're using on the system we have to close this thread now.

If you feel this is inaccurate information please send any Moderator a private message explaining in detail and they will review your information in private.

HiJack This! Forum Policy

We will not be party to obvious use of key gens, cracks, warez or other illegal means of downloading software, music, videos ect. This means no P2P evidence will be supported. Logs that show these in them, will given the option to remove the P2P items. Keygens, cracks, warez and similar will have the thread closed period. It's theft and against the law.

At least one file in question is this one:

C:\DOCUME~1\Karen\Desktop\Jonathan's Folder\Jonathan's Song Folder\Downloaded\Macromedia Flash MX Pro 2004 + Keygen.zip

Link to post
Share on other sites

  • Root Admin
    Download and install CCleaner
  • CCleaner
  • Double-click on the downloaded file "ccsetup215.exe" and install the application.
  • Keep the default installation folder "C:\Program Files\CCleaner"
  • Uncheck "Add CCleaner Yahoo! Toolbar and use CCleaner from your browser"
  • Click finish when done and close ALL PROGRAMS
  • Start the CCleaner program.
  • Click on Registry and Uncheck Registry Integrity so that it does not run
  • Click on Options - Advanced and Uncheck "Only delete files in Windows Temp folders older than 48 hours"
  • Click back to Cleaner and under SYSTEM uncheck the Memory Dumps and Windows Log Files
  • Click on Run Cleaner button on the bottom right side of the program.
  • Click OK to any prompts

Please go into the Control Panel, Add/Remove and for now remove ALL versions of JAVA

When we're done you can go back and install the latest version but for now please do not install any.

Then run this tool to help cleanup any left over Java

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please download JavaRa and unzip it to your desktop.

***Please close any instances of Internet Explorer (or other web browser) before continuing!***

  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location and post it back when you reply

Then look for the following Java folders and if found delete them.

C:\Program Files\Java

C:\Program Files\Common Files\Java

C:\Documents and Settings\All Users\Application Data\Java

C:\Documents and Settings\All Users\Application Data\Sun\Java

C:\Documents and Settings\username\Application Data\Java

C:\Documents and Settings\username\Application Data\Sun\Java

Update and Scan with Malwarebytes' Anti-Malware

  • Start MalwareBytes AntiMalware (Vista users must Right click and choose RunAs Admin)
  • Please DO NOT run MBAM in Safe Mode unless requested to, you MUST run it in normal Windows mode.
    • Update Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Update

    [*]When the update is complete, select the Scanner tab

    [*]Select Perform quick scan, then click Scan.

    [*]When the scan is complete, click OK, then Show Results to view the results.

    [*]Be sure that everything is checked, and click Remove Selected.

    [*]When completed, a log will open in Notepad. please copy and paste the log into your next reply

    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Then RESTART the computer

AFTER the reboot run HJT Do a system scan and save a logfile

The post back NEW MBAM and HJT logs in that order please.

Link to post
Share on other sites

MBAM & HJT Logs Below:

Malwarebytes' Anti-Malware 1.33

Database version: 1683

Windows 5.1.2600 Service Pack 3

1/23/2009 12:11:55 PM

mbam-log-2009-01-23 (12-11-55).txt

Scan type: Quick Scan

Objects scanned: 56293

Time elapsed: 7 minute(s), 47 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

AND HJT:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:22:40 PM, on 1/23/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\devldr32.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tsn.ca/nhl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O4 - HKLM\..\Run: [msnsyslog] C:\WINDOWS\msnlogm.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MalwareRemovalBot] C:\Program Files\MalwareRemovalBot\MalwareRemovalBot.exe -boot

O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm

O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {00000000-0000-0000-0000-000020050660} - http://207.234.185.217/ABoxInst_int15.exe

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/...031/CTSUEng.cab

O16 - DPF: {666006C6-C743-11D5-BA02-00C04F2EFC0F} - https://portal.abitibiconsolidated.com/Port...ca32/icaweb.cab

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: Applets - C:\WINDOWS\system32\wwpns.dll (file missing)

O20 - Winlogon Notify: OptimalLayout - C:\WINDOWS\system32\nv0029dmg.dll (file missing)

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe

O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)

O24 - Desktop Component 0: (no name) - http://www.ski-doo.com/NR/rdonlyres/7037FA..._thumbnails.jpg

--

End of file - 8879 bytes

Still getting the Popup Warning Window.

Link to post
Share on other sites

MBAM & HJT Logs Below:

Malwarebytes' Anti-Malware 1.33

Database version: 1683

Windows 5.1.2600 Service Pack 3

1/23/2009 12:11:55 PM

mbam-log-2009-01-23 (12-11-55).txt

Scan type: Quick Scan

Objects scanned: 56293

Time elapsed: 7 minute(s), 47 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

AND HJT:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:22:40 PM, on 1/23/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\devldr32.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tsn.ca/nhl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O4 - HKLM\..\Run: [msnsyslog] C:\WINDOWS\msnlogm.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MalwareRemovalBot] C:\Program Files\MalwareRemovalBot\MalwareRemovalBot.exe -boot

O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm

O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {00000000-0000-0000-0000-000020050660} - http://207.234.185.217/ABoxInst_int15.exe

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/...031/CTSUEng.cab

O16 - DPF: {666006C6-C743-11D5-BA02-00C04F2EFC0F} - https://portal.abitibiconsolidated.com/Port...ca32/icaweb.cab

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: Applets - C:\WINDOWS\system32\wwpns.dll (file missing)

O20 - Winlogon Notify: OptimalLayout - C:\WINDOWS\system32\nv0029dmg.dll (file missing)

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe

O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)

O24 - Desktop Component 0: (no name) - http://www.ski-doo.com/NR/rdonlyres/7037FA..._thumbnails.jpg

--

End of file - 8879 bytes

Still getting the Popup Warning Window.

Link to post
Share on other sites

  • Root Admin

Yes you're still infected and we have more things to do to clean you up.

Start HJT and run Do a system scan only and place a check mark on the following items.

  • O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
  • O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
  • O4 - HKLM\..\Run: [msnsyslog] C:\WINDOWS\msnlogm.exe
  • O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
  • O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
  • O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
  • O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
  • O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
  • O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
  • O16 - DPF: {00000000-0000-0000-0000-000020050660} - http://207.234.185.217/ABoxInst_int15.exe
  • O16 - DPF: {666006C6-C743-11D5-BA02-00C04F2EFC0F} - https://portal.abitibiconsolidated.com/Port...ca32/icaweb.cab
  • O20 - Winlogon Notify: Applets - C:\WINDOWS\system32\wwpns.dll (file missing)
  • O20 - Winlogon Notify: OptimalLayout - C:\WINDOWS\system32\nv0029dmg.dll (file missing)
  • O24 - Desktop Component 0: (no name) - http://www.ski-doo.com/NR/rdonlyres/7037FA..._thumbnails.jpg
    Then Quit All Browsers including the one you're reading this in now.
    Then click on Fix checked and then quit HJT

Click on START -> CONTROL PANEL -> Display -> Desktop -> Customize Desktop... -> Web tab

Then uncheck and delete everything you find in there (except for "My Current Home Page")

Remove the checkmark from the the Lock Desktop Items box if it is checked.

Click OK and Exit the Display properties.

You show that you have a Macromedia Licensing service running but I don't really see any software

running that would require that.

Do you run some type of old Macromedia (Adobe bought them up a long time ago) software that would require that?

You also show that you have Avira and AVG Anti-Virus installed. You need to choose one or the other and

fully remove the other one. Only one Anti-Virus product can be installed as they conflict with each other.

I would probably keep the Avira but it's up to you.

When you've removed one of the AV products then please run this.

Please visit this webpage for instructions for downloading ComboFix to your
DESKTOP
:
how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

NOTE!!:

You must save and run
ComboFix.exe
on your DESKTOP and not from any other folder.

Also,
DO NOT
click the mouse or launch any other applications while this is running or it may stall the program

Additional links to download the tool:

Note:

The
Windows Recovery Console
will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click
    Yes
    to allow ComboFix to continue scanning for malware.

  • When the tool is finished, it will produce a report for you.

  • Please post the
    C:\ComboFix.txt
    along with a
    new HijackThis log
    so we may continue cleaning the system.

Link to post
Share on other sites

As Requested: However, I could not find AVG Antivirus in my Control panel / Add/Remove Programs list to remove

ComboFix 09-01-21.04 - Karen 2009-01-24 10:59:30.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.262 [GMT -3.5:30]

Running from: c:\documents and settings\Karen\Desktop\ComboFix.exe

AV: AVG Anti-Virus *On-access scanning disabled* (Outdated)

AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\Common Files\racle~1

c:\program files\INSTALL.LOG

c:\program files\outlook

c:\windows\system32\bszip.dll

c:\windows\system32\drivers\npf.sys

c:\windows\system32\nicgx.dat

c:\windows\system32\packet.dll

c:\windows\system32\pthreadVC.dll

c:\windows\system32\wanpacket.dll

c:\windows\system32\wpcap.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_NPF

-------\Legacy_R_SERVER

-------\Legacy_WINDOWS_OVERLAY_COMPONENTS

-------\Legacy_ZESOFT

-------\Service_NPF

((((((((((((((((((((((((( Files Created from 2008-12-24 to 2009-01-24 )))))))))))))))))))))))))))))))

.

2009-01-22 18:35 . 2009-01-22 18:35 <DIR> d----c--- C:\as_xyz

2009-01-21 17:55 . 2009-01-21 18:07 <DIR> d----c--- C:\Lop SD

2009-01-21 16:31 . 2009-01-21 16:31 <DIR> d-------- c:\program files\Trend Micro

2009-01-21 12:19 . 2009-01-21 12:19 <DIR> d-------- c:\program files\Avira

2009-01-21 12:19 . 2009-01-21 12:19 <DIR> d----c--- c:\documents and settings\All Users\Application Data\Avira

2009-01-19 20:51 . 2009-01-19 20:51 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2009-01-19 20:51 . 2009-01-19 20:51 <DIR> d-------- c:\documents and settings\Karen\Application Data\Malwarebytes

2009-01-19 20:51 . 2009-01-19 20:51 <DIR> d----c--- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-01-19 20:51 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2009-01-19 20:51 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2009-01-19 20:32 . 2009-01-19 20:36 <DIR> d-------- c:\documents and settings\Karen\Application Data\MalwareRemovalBot

2009-01-10 02:09 . 2009-01-10 02:09 23,392 --a------ c:\windows\system32\nscompat.tlb

2009-01-10 02:09 . 2009-01-10 02:09 16,832 --a------ c:\windows\system32\amcompat.tlb

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-24 14:02 --------- d-----w c:\program files\Project64 1.6

2009-01-24 04:55 --------- d-----w c:\program files\ICQ

2009-01-24 04:41 --------- dc----w c:\documents and settings\All Users\Application Data\SkillRide

2009-01-23 14:54 --------- d-----w c:\program files\CCleaner

2009-01-22 22:48 --------- d-----w c:\program files\Common Files\Adobe

2009-01-21 17:12 --------- d-----w c:\program files\TClock

2009-01-20 16:00 --------- d-----w c:\program files\Kaspersky Lab

2009-01-20 02:38 --------- d-----w c:\program files\Phoenix Installer

2009-01-10 03:25 --------- d-----w c:\program files\Windows Media Connect 2

2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys

2008-12-07 02:53 --------- d-----w c:\documents and settings\Karen\Application Data\AVGTOOLBAR

2008-12-07 02:36 --------- dc----w c:\documents and settings\All Users\Application Data\avg8

2008-12-07 02:35 --------- d-----w c:\program files\AVG

2008-12-07 00:33 --------- dc----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files

2007-11-24 18:24 724,984 ----a-w c:\documents and settings\Karen\gotomypc_437.exe

2007-04-13 20:25 722,176 ----a-w c:\documents and settings\Karen\gotomypc_428.exe

2006-12-05 18:58 4,096 -csha-w c:\program files\Thumbs.db

2006-12-03 21:35 563,712 ----a-w c:\documents and settings\Karen\gotomypc_370.exe

2006-06-13 15:26 560 -c--a-w c:\documents and settings\Karen\PCDOC.BAT

2006-05-14 23:14 105,312 -c--a-w c:\documents and settings\Karen\Application Data\GDIPFONTCACHEV1.DAT

2006-05-10 23:46 563,712 -c--a-w c:\documents and settings\Karen\370_gotomypc.exe

2004-12-04 16:30 462,919 -c--a-w c:\documents and settings\Karen\gotomypc.exe

2004-07-03 09:09 1,080,320 -c--a-w c:\documents and settings\Karen\Souls.exe

2004-05-22 16:39 162,304 -c--a-w c:\documents and settings\Karen\SRNet.dll

2006-01-28 12:28 56 -csh--r c:\windows\system32\345DF350AE.sys

2006-01-28 12:28 3,766 -csha-w c:\windows\system32\KGyGaAvL.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-01-19 4670968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [2004-12-14 263824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"= ctwdm32.dll

"MSVideo"= CxCap.drv

"VIDC.JPGL"= jpgl.dll

"VIDC.SK52"= Pdv30x.dll

"VIDC.SK54"= Pdv30x.dll

"VIDC.VVC1"= VVC1.DLL

"msvideo3"= STVqx3tg.dll

"vidc.YV12"= vvlcodec.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk

backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk

backup=c:\windows\pss\Adobe Gamma.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Corel Registration.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Corel Registration.lnk

backup=c:\windows\pss\Corel Registration.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CorelCENTRAL 9.LNK]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\CorelCENTRAL 9.LNK

backup=c:\windows\pss\CorelCENTRAL 9.LNKCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CorelCENTRAL Alarms.LNK]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\CorelCENTRAL Alarms.LNK

backup=c:\windows\pss\CorelCENTRAL Alarms.LNKCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Application Director 9.LNK]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Desktop Application Director 9.LNK

backup=c:\windows\pss\Desktop Application Director 9.LNKCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk

backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk

backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk

backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk

backup=c:\windows\pss\MyWebSearch Email Plugin.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^South Park Desktop Friends.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\South Park Desktop Friends.lnk

backup=c:\windows\pss\South Park Desktop Friends.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Karen^Start Menu^Programs^Startup^BitTorrent.lnk]

path=c:\documents and settings\Karen\Start Menu\Programs\Startup\BitTorrent.lnk

backup=c:\windows\pss\BitTorrent.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Karen^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]

path=c:\documents and settings\Karen\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk

backup=c:\windows\pss\MyWebSearch Email Plugin.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Karen^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]

path=c:\documents and settings\Karen\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe

backup=c:\windows\pss\PowerReg Scheduler V3.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Karen^Start Menu^Programs^Startup^ShortKeys Lite.lnk]

path=c:\documents and settings\Karen\Start Menu\Programs\Startup\ShortKeys Lite.lnk

backup=c:\windows\pss\ShortKeys Lite.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Karen^Start Menu^Programs^Startup^VP-EYE.lnk]

path=c:\documents and settings\Karen\Start Menu\Programs\Startup\VP-EYE.lnk

backup=c:\windows\pss\VP-EYE.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gsosjbi]

c:\program files\Common Files\?racle\w?nlogon.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]

???? [?]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]

???? [?]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-01-11 21:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2008-04-13 20:42 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera]

--a------ 2005-12-06 13:08 20480 c:\windows\FixCamera.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2007-11-15 13:11 267048 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]

--a------ 2007-03-21 06:05 67128 c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaLifeService]

--------- 2005-05-12 21:23 110739 c:\program files\Logitech\MediaLife\MediaLifeService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mirabilis ICQ]

--a------ 2003-10-14 13:06 38984 c:\progra~1\ICQ\ICQNet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]

--a------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDRealtime]

--a--c--- 2003-03-15 22:46 168448 c:\windows\realtime.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2007-11-14 23:43 286720 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp2std]

--a------ 2006-09-15 14:21 675840 c:\windows\vsnp2std.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnp2std]

--a------ 2005-11-24 17:01 106496 c:\windows\tsnp2std.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

--a------ 2007-01-19 12:49 4670968 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]

--a------ 2003-03-04 08:50 19968 c:\windows\LOGI_MWX.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\ICQ\\Icq.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\Yserver.exe"= c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\ICQLite\\ICQLite.exe"=

"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"4020:TCP"= 4020:TCP:127.0.0.1.

"4020:UDP"= 4020:UDP:127.0.0.1.

"67:UDP"= 67:UDP:DHCP Discovery Service

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

"AllowInboundTimestampRequest"= 1 (0x1)

"AllowInboundMaskRequest"= 1 (0x1)

"AllowInboundRouterRequest"= 1 (0x1)

"AllowOutboundDestinationUnreachable"= 1 (0x1)

"AllowOutboundSourceQuench"= 1 (0x1)

"AllowOutboundParameterProblem"= 1 (0x1)

"AllowOutboundTimeExceeded"= 1 (0x1)

"AllowRedirect"= 1 (0x1)

"AllowOutboundPacketTooBig"= 1 (0x1)

R0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\drivers\tffsport.sys [2006-06-29 149376]

R1 hwinterface;hwinterface;c:\windows\system32\drivers\hwinterface.sys [2006-06-14 3026]

R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-06 231704]

R4 DLPORTIO;DLPORTIO;c:\windows\DLPORTIO.sys [2007-09-13 3584]

S3 DCamUSBNW800;D-Link CIF Webcam;c:\windows\system32\drivers\pcam800.sys [2004-09-11 210792]

S3 STVqx3;Intel Play QX3 Microscope;c:\windows\system32\drivers\STVqx3.SYS [2006-03-01 131776]

.

Contents of the 'Scheduled Tasks' folder

2009-01-24 c:\windows\Tasks\9406B6C39551419B.job

- c:\docume~1\karen\applic~1\thisus~1\Title Tick Eq.exe []

2009-01-20 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

2009-01-24 c:\windows\Tasks\MalwareRemovalBot Scheduled Scan.job

- c:\program files\MalwareRemovalBot\MalwareRemovalBot.exe []

2009-01-24 c:\windows\Tasks\MalwareRemovalBot Scheduled Scan.job

- c:\program files\MalwareRemovalBot []

2009-01-24 c:\windows\Tasks\Symantec NetDetect.job

- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-12-14 12:24]

.

- - - - ORPHANS REMOVED - - - -

HKCU-Run-MalwareRemovalBot - c:\program files\MalwareRemovalBot\MalwareRemovalBot.exe

MSConfigStartUp-about list - c:\docume~1\Karen\APPLIC~1\THISUS~1\oozeaxis.exe

MSConfigStartUp-AIM - c:\program files\AIM\aim.exe

MSConfigStartUp-BitTorrent - c:\program files\BitTorrent\bittorrent.exe

MSConfigStartUp-defender - c:\\dfndrdd_6.exe

MSConfigStartUp-GameSpot - c:\program files\Kontiki\bin\kontiki.exe

MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

MSConfigStartUp-MessengerPlus2 - c:\documents and settings\Karen\Desktop\Jonathans Folder\MsgPlus.exe

MSConfigStartUp-Microsoft Tray - c:\my shared folder\grand theft auto vice city setup launcher.exe

MSConfigStartUp-mmtask - c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe

MSConfigStartUp-MMTray - c:\progra~1\MUSICM~1\MUSICM~2\mm_tray.exe

MSConfigStartUp-ms035853735-46 - c:\windows\ms035853735-46.exe

MSConfigStartUp-ms0553735-4658 - c:\windows\ms0553735-4658.exe

MSConfigStartUp-MsnMsgr - c:\program files\MSN Messenger\msnmsgr.exe

MSConfigStartUp-NAV Agent - c:\progra~1\NORTON~1\NORTON~1\navapw32.exe

MSConfigStartUp-New - c:\progra~1\NEWDOT~1\NEWDOT~1.DLL

MSConfigStartUp-nmapp - c:\program files\Pure Networks\Network Magic\nmapp.exe

MSConfigStartUp-NvCplDaemon - c:\windows\System32\NvCpl.dll

MSConfigStartUp-outlook - c:\program files\outlook\outlook.exe

MSConfigStartUp-PopupJammer - c:\program files\Advanced Searchbar\jammer.exe

MSConfigStartUp-qrgli - c:\docume~1\Karen\APPLIC~1\dfooalyq.exe

MSConfigStartUp-Skype - c:\program files\Skype\Phone\Skype.exe

MSConfigStartUp-Spyware Doctor - c:\program files\Spyware Doctor\swdoctor.exe

MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.5.0_11\bin\jusched.exe

MSConfigStartUp-SurfSideKick 3 - c:\program files\SurfSideKick 3\Ssk.exe

MSConfigStartUp-TaskReg - c:\documents and settings\Karen\Desktop\Jonathans Folder\Dragon Ball Z Game (1).exe

MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe

MSConfigStartUp-VideoraXbox360Converter - c:\documents and settings\Karen\Desktop\Jonathan's Folder\Music Files\VideoraXbox360Converter\VideoraXbox360Converter.exe

MSConfigStartUp-win3207735-465853 - c:\windows\win3207735-465853.exe

MSConfigStartUp-win320835-4658537 - c:\windows\win320835-4658537.exe

MSConfigStartUp-Zero Knowledge Freedom - c:\program files\Zero Knowledge\Freedom\Freedom.exe

MSConfigStartUp-Logitech Hardware Abstraction Layer - KHALMNPR.EXE

MSConfigStartUp-nwiz - nwiz.exe

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.tsn.ca/nhl/

uDefault_Search_Url =

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

uInternet Connection Wizard,ShellNext = iexplore

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com

IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm

IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm

IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm

Trusted Zone: aol.com\free

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-24 11:06:13

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSSdk21]

"ImagePath"="\??\c:\windows\system32\Drivers\HNPsSdk.drv"

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe

c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE

c:\windows\system32\devldr32.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2009-01-24 11:13:56 - machine was rebooted

ComboFix-quarantined-files.txt 2009-01-24 14:43:52

Pre-Run: 10,944,761,856 bytes free

Post-Run: 10,892,746,752 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

314 --- E O F --- 2009-01-14 07:17:20

AND HJT:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:17:18 AM, on 1/24/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\devldr32.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\explorer.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tsn.ca/nhl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm

O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/...031/CTSUEng.cab

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)

--

End of file - 6804 bytes

Link to post
Share on other sites

  • Root Admin

Please take a look at this article for the AVG removal.

How to uninstall AVG (remove it permanently from PC)

Then please run the following tool.

SDFix is a program written by AndyManchesta that can remove many different types of Trojans and Worms. How to use SDFix

When those items are done please run the following again.

Update and Scan with Malwarebytes' Anti-Malware

  • Start MalwareBytes AntiMalware (Vista users must Right click and choose RunAs Admin)
  • Please DO NOT run MBAM in Safe Mode unless requested to, you MUST run it in normal Windows mode.
    • Update Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Update

    [*]When the update is complete, select the Scanner tab

    [*]Select Perform quick scan, then click Scan.

    [*]When the scan is complete, click OK, then Show Results to view the results.

    [*]Be sure that everything is checked, and click Remove Selected.

    [*]When completed, a log will open in Notepad. please copy and paste the log into your next reply

    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Then RESTART the computer

AFTER the reboot run HJT Do a system scan and save a logfile

The post back NEW MBAM and HJT logs in that order please.

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.