Jump to content

Cannot remove antivirus protect 2009


Recommended Posts

antivirus protect showed up on my computer last night and malwarebytes was able to remove all but 4 infected registry entries. My computer continues to work slowly. I have also downloaded and run avira and that didn't even detect the infected items!

The four registry entries are:

HKEY_LOCAL.MAchine/software/microsoft/windows/currentversion/explorer/browsersettings/bf

HKEY_LOCAL.MAchine/software/microsoft/windows/currentversion/explorer/browsersettings/bk

HHKEY_LOCAL.MAchine/software/microsoft/windows/currentversion/explorer/browsersettings/iu

KEY_LOCAL.MAchine/software/microsoft/windows/currentversion/explorer/browsersettings/mu

Below I have posted my hijackthis log and my malwarebytes log.

Please help!

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2:11:41 PM, on 3/19/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\Program Files\MozyHome\mozybackup.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O1 - Hosts: 195.245.119.131 browser-security.microsoft.com

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: (no name) - {CE9E101A-6A50-43DE-9522-2ED3DEBC669B} - C:\WINDOWS\system32\capesnp.dll (file missing)

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [system tool] C:\WINDOWS\sysguard.exe

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

O4 - Global Startup: AutorunsDisabled

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://ezproxy.library.nyu.edu:6305/lib/ny...s/ebraryRdr.cab

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1209244847249

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = nyu.edu

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = nyu.edu

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = nyu.edu

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: MozyHome Backup Service (mozybackup) - Unknown owner - C:\Program Files\MozyHome\mozybackup.exe

O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

--

End of file - 5662 bytes

Malwarebytes' Anti-Malware 1.33Database version: 1675

Windows 5.1.2600 Service Pack 2

3/19/2009 1:38:13 PM

mbam-log-2009-03-19 (13-38-09).txt

Scan type: Quick Scan

Objects scanned: 49927

Time elapsed: 3 minute(s), 53 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 4

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> No action taken.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

  • Staff

Hi,

First of all, your version of AVG is way outdated. It's already AVG8 now, so please update.

Also, please update MalwareBytes, because the databaseversion and Program is outdated as well.

Redownload Malwarebytes and install it.

  • Start MalwareBytes and click the Update tab. There click "Check for updates"
  • Once the updates are downloaded, perform a full scan again.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log, then we'll proceed from there with new steps.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Link to post
Share on other sites

Thank you for your suggestions you sent earlier. We have done what you suggested. We have updated to the newest paid version of AVG. We have updated to the newest paid version of Malwarebytes. We have run scans using AVG, Malwarebytes, and Antivir. There are 4 registry entries that Malwarebytes does not seem to be able to remove - even after a reboot. Antivir has been sending us a continuous stream of warnings to quarantine/delete/deny access to files it finds. Most of these look like the same thing.

If there is anything you can do to help, please let us know.

I have posted this here and as a new topic in "hijack this logs"

Here are the Hijack This and Malwarebytes Logs.

Thank you, Charles and Julia Burnell

Hijack This Log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:53:56 PM, on 3/20/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\Program Files\MozyHome\mozybackup.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

C:\PROGRA~1\AVG\AVG8\avgam.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\MozyHome\mozystat.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\I0MELS7J\aswclnr[2].exe

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\I0MELS7J\aswclnr[2].tmp

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O1 - Hosts: 195.245.119.131 browser-security.microsoft.com

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: (no name) - {CE9E101A-6A50-43DE-9522-2ED3DEBC669B} - C:\WINDOWS\system32\capesnp.dll (file missing)

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: AutorunsDisabled

O4 - Global Startup: MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://ezproxy.library.nyu.edu:6305/lib/ny...s/ebraryRdr.cab

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1209244847249

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = nyu.edu

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = nyu.edu

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = nyu.edu

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: MozyHome Backup Service (mozybackup) - Mozy, Inc. - C:\Program Files\MozyHome\mozybackup.exe

O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

--

End of file - 7030 bytes

MalwareBytes Log File:

Malwarebytes' Anti-Malware 1.34

Database version: 1879

Windows 5.1.2600 Service Pack 2

3/20/2009 8:50:15 PM

mbam-log-2009-03-20 (20-50-15).txt

Scan type: Quick Scan

Objects scanned: 66569

Time elapsed: 18 minute(s), 46 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 4

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Delete on reboot.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Documents and Settings\Owner\Local Settings\Temp\rlumwtlk.dat (Rootkit.Agent) -> Delete on reboot.

Link to post
Share on other sites

  • Staff

Hi,

* Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the log from ComboFix in your next reply.

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix..This because Security Software may see some components ComboFix uses (prep.com for example) as suspicious and blocks the tool, or even deletes it. Please visit HERE if you don't know how.

By the way, now you're having 2 Antivirus installed. AVG and Avira... ?

Never install more than one Antivirus and Firewall! Rather than giving you extra protection, it will decrease the reliability of it seriously!

The reason for this is that if both products have their automatic (Real-Time) protection switched on, your system may lock up due to both software products attempting to access the same file at the same time.

Also because more than one Antivirus and Firewall installed are not compatible with eachother, it can cause system performance problems and a serious system slowdown.

So you have to make a decision here and keep the Antivirus you prefer and uninstall the other one.

Then reboot after uninstalling. :(

Link to post
Share on other sites

Thank you again for you quick response and for all the helpful information. We have run ComboFix and I will include the log on this post.

About having two antivirus programs - we found instructions on this website that recommended downloading Avira Antivir. Also, following the instructions in this topic we updated AVG to AVG8. These both seem to be good programs. On the plus side for AVG we just paid for the most up-to-date version. On the plus side for Avira it was the only one announcing virus/malware activity yesterday. How do we choose which to keep? Although this is a much lower priority than getting the malware off our computer, any advice would be appreciated.

Now that we have run ComboFix are we free of the malware? Malwarebytes still finds but does not delete the Registry entries we mentioned at the beginning. It looked like ComboFix removed something with .ini as the file type.

This computer is about to get on an airplane and go to New York with Julia. Charles won't be able to help much after this. I appreciate your help very much. Thank You.

ComboFix Log:

ComboFix 09-03-19.02 - Owner 2009-03-21 7:46:16.3 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.503.199 [GMT -3:00]

Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated)

AV: AVG Anti-Virus *On-access scanning disabled* (Updated)

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\kebkxyfp.ini

.

((((((((((((((((((((((((( Files Created from 2009-02-21 to 2009-03-21 )))))))))))))))))))))))))))))))

.

2009-03-21 07:21 . 2009-03-21 07:22 <DIR> d-------- C:\ComFix

2009-03-20 23:23 . 2009-03-20 23:23 <DIR> d-------- c:\program files\Process Explorer

2009-03-20 19:34 . 2009-03-20 20:31 <DIR> d-------- c:\windows\system32\CatRoot_bak

2009-03-20 19:33 . 2008-06-13 10:10 272,128 --------- c:\windows\system32\drivers\bthport.sys

2009-03-20 19:33 . 2008-06-13 10:10 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys

2009-03-20 19:19 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui

2009-03-20 17:45 . 2009-03-20 21:36 <DIR> d--h----- C:\$AVG8.VAULT$

2009-03-20 17:35 . 2009-03-20 17:35 325,640 --a------ c:\windows\system32\drivers\avgldx86.sys

2009-03-20 17:35 . 2009-03-20 17:35 107,912 --a------ c:\windows\system32\drivers\avgtdix.sys

2009-03-20 17:35 . 2009-03-20 17:35 12,552 --a------ c:\windows\system32\drivers\avgrkx86.sys

2009-03-20 17:35 . 2009-03-20 17:35 10,520 --a------ c:\windows\system32\avgrsstx.dll

2009-03-20 17:34 . 2009-03-20 17:37 <DIR> d-------- c:\windows\system32\drivers\Avg

2009-03-20 17:34 . 2009-03-20 17:34 <DIR> d-------- c:\program files\AVG

2009-03-20 17:34 . 2009-03-20 18:06 <DIR> d-------- c:\documents and settings\Owner\Application Data\AVGTOOLBAR

2009-03-20 17:34 . 2009-03-20 17:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8

2009-03-19 14:34 . 2009-03-19 14:34 <DIR> d-------- c:\program files\Avira

2009-03-19 14:34 . 2009-03-19 14:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira

2009-03-19 14:34 . 2009-02-13 11:31 55,640 --a------ c:\windows\system32\drivers\avgntflt.sys

2009-03-19 14:11 . 2009-03-19 14:11 <DIR> d-------- c:\program files\Trend Micro

2009-03-19 13:42 . 2009-03-19 13:42 395 --a------ C:\My Documents.lnk

2009-03-18 23:11 . 2009-03-18 23:11 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes

2009-03-18 18:03 . 2009-03-20 17:35 <DIR> d-------- c:\documents and settings\Administrator

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-21 01:59 --------- d-----w c:\documents and settings\Owner\Application Data\Move Networks

2009-03-20 22:10 --------- d-----w c:\program files\Malwarebytes' Anti-Malware

2009-03-20 21:56 --------- d-----w c:\program files\a-squared Free

2009-03-20 21:54 --------- d-----w c:\program files\MozyHome

2009-03-18 04:21 --------- d-----w c:\documents and settings\LocalService\Application Data\SACore

2009-02-11 13:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-02-11 13:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys

2009-02-09 10:19 1,846,272 ----a-w c:\windows\system32\win32k.sys

2009-02-08 19:50 --------- d-----w c:\program files\Common Files\supportsoft

2009-02-08 17:33 --------- d-----w c:\documents and settings\Owner\Application Data\SupportSoft

2009-01-24 18:25 --------- d-----w c:\program files\CCleaner

2009-01-20 05:43 18,560 ----a-w c:\windows\system32\ssrangdr.dll

2008-11-06 14:28 18,650 ----a-w c:\program files\Common Files\ehuv._sy

2008-11-06 14:28 17,131 ----a-w c:\program files\Common Files\xasibor.scr

2008-11-06 14:28 14,815 ----a-w c:\documents and settings\Owner\Application Data\ejetoc.sys

2008-11-06 14:28 14,458 ----a-w c:\program files\Common Files\jefyvonap.sys

2008-11-06 14:28 14,115 ----a-w c:\program files\Common Files\etyxebylu.reg

2008-11-06 14:28 13,056 ----a-w c:\program files\Common Files\yfimanet.scr

.

((((((((((((((((((((((((((((( SnapShot@2009-02-08_15.20.22.53 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-07-07 20:06:43 253,952 ----a-w c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll

+ 2008-07-07 20:26:58 253,952 ----a-w c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll

+ 2008-07-07 20:23:18 253,952 ----a-w c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll

+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB950974\spmsg.dll

+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB950974\spuninst.exe

+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB950974\update\spcustom.dll

+ 2007-11-30 12:39:18 755,576 ----a-w c:\windows\$hf_mig$\KB950974\update\update.exe

+ 2007-11-30 12:39:19 382,840 ----a-w c:\windows\$hf_mig$\KB950974\update\updspapi.dll

+ 2008-05-07 04:55:40 1,288,192 ----a-w c:\windows\$hf_mig$\KB951698\SP2QFE\quartz.dll

+ 2008-05-07 05:12:40 1,288,192 ----a-w c:\windows\$hf_mig$\KB951698\SP3GDR\quartz.dll

+ 2008-05-07 05:04:15 1,288,192 ----a-w c:\windows\$hf_mig$\KB951698\SP3QFE\quartz.dll

+ 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB951698\spmsg.dll

+ 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB951698\spuninst.exe

+ 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB951698\update\spcustom.dll

+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB951698\update\update.exe

+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB951698\update\updspapi.dll

+ 2006-08-16 12:08:32 100,352 ----a-w c:\windows\$hf_mig$\KB951748\SP2QFE\6to4svc.dll

+ 2008-06-20 10:44:08 138,368 ----a-w c:\windows\$hf_mig$\KB951748\SP2QFE\afd.sys

+ 2008-06-20 17:36:11 147,968 ----a-w c:\windows\$hf_mig$\KB951748\SP2QFE\dnsapi.dll

+ 2008-06-20 17:36:11 245,248 ----a-w c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll

+ 2008-06-20 10:44:42 360,960 ----a-w c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys

+ 2008-06-20 09:32:39 225,920 ----a-w c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip6.sys

+ 2008-06-20 11:40:08 138,496 ----a-w c:\windows\$hf_mig$\KB951748\SP3GDR\afd.sys

+ 2008-06-20 17:46:57 147,968 ----a-w c:\windows\$hf_mig$\KB951748\SP3GDR\dnsapi.dll

+ 2008-06-20 17:46:57 245,248 ----a-w c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll

+ 2008-06-20 11:51:12 361,600 ----a-w c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys

+ 2008-06-20 11:08:27 225,856 ----a-w c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip6.sys

+ 2008-06-20 11:48:03 138,496 ----a-w c:\windows\$hf_mig$\KB951748\SP3QFE\afd.sys

+ 2008-06-20 17:43:05 147,968 ----a-w c:\windows\$hf_mig$\KB951748\SP3QFE\dnsapi.dll

+ 2008-06-20 17:43:05 245,248 ----a-w c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll

+ 2008-06-20 11:59:02 361,600 ----a-w c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys

+ 2008-06-20 11:16:44 225,856 ----a-w c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip6.sys

+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB951748\spmsg.dll

+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB951748\spuninst.exe

+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB951748\update\spcustom.dll

+ 2007-11-30 12:39:18 755,576 ----a-w c:\windows\$hf_mig$\KB951748\update\update.exe

+ 2007-11-30 12:39:19 382,840 ----a-w c:\windows\$hf_mig$\KB951748\update\updspapi.dll

+ 2008-06-24 16:28:00 74,240 ----a-w c:\windows\$hf_mig$\KB952954\SP2QFE\mscms.dll

+ 2008-06-24 16:43:16 74,240 ----a-w c:\windows\$hf_mig$\KB952954\SP3GDR\mscms.dll

+ 2008-06-24 16:53:10 74,240 ----a-w c:\windows\$hf_mig$\KB952954\SP3QFE\mscms.dll

+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB952954\spmsg.dll

+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB952954\spuninst.exe

+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB952954\update\spcustom.dll

+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB952954\update\update.exe

+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB952954\update\updspapi.dll

+ 2008-10-22 09:47:25 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP2QFE\tzchange.exe

+ 2008-10-23 10:06:59 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP3GDR\tzchange.exe

+ 2008-10-23 10:17:49 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP3QFE\tzchange.exe

+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB955839\spmsg.dll

+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB955839\spuninst.exe

+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB955839\update\spcustom.dll

+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB955839\update\update.exe

+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB955839\update\updspapi.dll

+ 2008-10-23 12:51:04 284,160 ----a-w c:\windows\$hf_mig$\KB956802\SP2QFE\gdi32.dll

+ 2008-10-23 12:36:14 286,720 ----a-w c:\windows\$hf_mig$\KB956802\SP3GDR\gdi32.dll

+ 2008-10-23 12:43:42 286,720 ----a-w c:\windows\$hf_mig$\KB956802\SP3QFE\gdi32.dll

+ 2008-07-08 13:02:01 17,272 ----a-w c:\windows\$hf_mig$\KB956802\spmsg.dll

+ 2008-07-08 13:02:02 231,288 ----a-w c:\windows\$hf_mig$\KB956802\spuninst.exe

+ 2008-07-08 13:02:01 26,488 ----a-w c:\windows\$hf_mig$\KB956802\update\spcustom.dll

+ 2008-07-09 07:38:29 755,576 ----a-w c:\windows\$hf_mig$\KB956802\update\update.exe

+ 2008-07-09 07:38:37 382,840 ----a-w c:\windows\$hf_mig$\KB956802\update\updspapi.dll

+ 2009-02-09 10:20:05 1,847,424 ----a-w c:\windows\$hf_mig$\KB958690\SP2QFE\win32k.sys

+ 2009-02-09 11:13:27 1,846,784 ----a-w c:\windows\$hf_mig$\KB958690\SP3GDR\win32k.sys

+ 2009-02-09 11:08:53 1,847,552 ----a-w c:\windows\$hf_mig$\KB958690\SP3QFE\win32k.sys

+ 2008-07-09 07:38:24 17,272 ----a-w c:\windows\$hf_mig$\KB958690\spmsg.dll

+ 2008-07-09 07:38:25 231,288 ----a-w c:\windows\$hf_mig$\KB958690\spuninst.exe

+ 2008-07-09 07:38:24 26,488 ----a-w c:\windows\$hf_mig$\KB958690\update\spcustom.dll

+ 2008-07-09 07:38:29 755,576 ----a-w c:\windows\$hf_mig$\KB958690\update\update.exe

+ 2008-07-09 07:38:37 382,840 ----a-w c:\windows\$hf_mig$\KB958690\update\updspapi.dll

+ 2008-12-05 06:41:26 144,896 ----a-w c:\windows\$hf_mig$\KB960225\SP2QFE\schannel.dll

+ 2008-12-05 06:54:55 144,896 ----a-w c:\windows\$hf_mig$\KB960225\SP3GDR\schannel.dll

+ 2008-12-05 06:58:08 144,896 ----a-w c:\windows\$hf_mig$\KB960225\SP3QFE\schannel.dll

+ 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB960225\spmsg.dll

+ 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB960225\spuninst.exe

+ 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB960225\update\spcustom.dll

+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB960225\update\update.exe

+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB960225\update\updspapi.dll

+ 2008-06-17 19:02:19 8,461,312 ----a-w c:\windows\$hf_mig$\KB967715\SP3GDR\shell32.dll

+ 2008-06-17 19:04:34 8,461,824 ----a-w c:\windows\$hf_mig$\KB967715\SP3QFE\shell32.dll

+ 2008-07-09 07:38:24 17,272 ----a-w c:\windows\$hf_mig$\KB967715\spmsg.dll

+ 2008-07-09 07:38:25 231,288 ----a-w c:\windows\$hf_mig$\KB967715\spuninst.exe

+ 2008-07-09 07:38:24 26,488 ----a-w c:\windows\$hf_mig$\KB967715\update\spcustom.dll

+ 2008-07-09 07:38:29 755,576 ----a-w c:\windows\$hf_mig$\KB967715\update\update.exe

+ 2008-07-09 07:38:37 382,840 ----a-w c:\windows\$hf_mig$\KB967715\update\updspapi.dll

+ 2008-06-13 13:10:50 272,128 ------w c:\windows\Driver Cache\i386\bthport.sys

- 2006-05-05 09:41:45 453,120 ------w c:\windows\Driver Cache\i386\mrxsmb.sys

+ 2008-10-24 11:10:42 453,632 ------w c:\windows\Driver Cache\i386\mrxsmb.sys

- 2007-02-28 09:08:48 2,136,064 ------w c:\windows\Driver Cache\i386\ntkrnlmp.exe

+ 2008-08-14 09:58:27 2,136,064 ------w c:\windows\Driver Cache\i386\ntkrnlmp.exe

- 2007-02-28 08:38:55 2,057,600 ------w c:\windows\Driver Cache\i386\ntkrnlpa.exe

+ 2008-08-14 09:22:13 2,057,728 ------w c:\windows\Driver Cache\i386\ntkrnlpa.exe

- 2007-02-28 08:38:57 2,015,744 ------w c:\windows\Driver Cache\i386\ntkrpamp.exe

+ 2008-08-14 09:22:14 2,015,744 ------w c:\windows\Driver Cache\i386\ntkrpamp.exe

- 2007-02-28 09:10:57 2,180,352 ------w c:\windows\Driver Cache\i386\ntoskrnl.exe

+ 2008-08-14 10:00:45 2,180,352 ------w c:\windows\Driver Cache\i386\ntoskrnl.exe

+ 2009-02-08 19:11:27 884,736 ----a-w c:\windows\gmer.dll

+ 2008-04-18 00:13:02 811,008 ----a-w c:\windows\gmer.exe

+ 2008-03-01 13:06:20 124,928 -c----w c:\windows\ie7updates\KB961260-IE7\advpack.dll

+ 2008-03-01 13:06:21 347,136 -c----w c:\windows\ie7updates\KB961260-IE7\dxtmsft.dll

+ 2008-03-01 13:06:21 214,528 -c----w c:\windows\ie7updates\KB961260-IE7\dxtrans.dll

+ 2008-03-01 13:06:21 133,120 -c----w c:\windows\ie7updates\KB961260-IE7\extmgr.dll

+ 2008-03-01 13:06:21 63,488 -c----w c:\windows\ie7updates\KB961260-IE7\icardie.dll

+ 2008-02-29 08:55:23 70,656 -c----w c:\windows\ie7updates\KB961260-IE7\ie4uinit.exe

+ 2008-03-01 13:06:21 153,088 -c----w c:\windows\ie7updates\KB961260-IE7\ieakeng.dll

+ 2008-03-01 13:06:21 230,400 -c----w c:\windows\ie7updates\KB961260-IE7\ieaksie.dll

+ 2008-02-15 05:44:25 161,792 -c----w c:\windows\ie7updates\KB961260-IE7\ieakui.dll

+ 2008-03-01 13:06:22 383,488 -c----w c:\windows\ie7updates\KB961260-IE7\ieapfltr.dll

+ 2008-03-01 13:06:22 384,512 -c----w c:\windows\ie7updates\KB961260-IE7\iedkcs32.dll

+ 2008-03-01 13:06:24 6,066,176 -c----w c:\windows\ie7updates\KB961260-IE7\ieframe.dll

+ 2008-03-01 13:06:24 44,544 -c----w c:\windows\ie7updates\KB961260-IE7\iernonce.dll

+ 2008-03-01 13:06:25 267,776 -c----w c:\windows\ie7updates\KB961260-IE7\iertutil.dll

+ 2008-02-22 10:00:51 13,824 -c----w c:\windows\ie7updates\KB961260-IE7\ieudinit.exe

+ 2008-02-29 08:55:46 625,664 -c----w c:\windows\ie7updates\KB961260-IE7\iexplore.exe

+ 2008-03-01 13:06:25 27,648 -c----w c:\windows\ie7updates\KB961260-IE7\jsproxy.dll

+ 2008-03-01 13:06:26 459,264 -c----w c:\windows\ie7updates\KB961260-IE7\msfeeds.dll

+ 2008-03-01 13:06:26 52,224 -c----w c:\windows\ie7updates\KB961260-IE7\msfeedsbs.dll

+ 2008-03-01 22:36:30 3,591,680 -c----w c:\windows\ie7updates\KB961260-IE7\mshtml.dll

+ 2008-03-01 13:06:28 478,208 -c----w c:\windows\ie7updates\KB961260-IE7\mshtmled.dll

+ 2008-03-01 13:06:28 193,024 -c----w c:\windows\ie7updates\KB961260-IE7\msrating.dll

+ 2008-03-01 13:06:29 671,232 -c----w c:\windows\ie7updates\KB961260-IE7\mstime.dll

+ 2008-03-01 13:06:29 102,912 -c----w c:\windows\ie7updates\KB961260-IE7\occache.dll

+ 2008-03-01 13:06:29 44,544 -c----w c:\windows\ie7updates\KB961260-IE7\pngfilt.dll

+ 2007-03-06 01:22:41 213,216 -c----w c:\windows\ie7updates\KB961260-IE7\spuninst\spuninst.exe

+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB961260-IE7\spuninst\updspapi.dll

+ 2008-03-01 13:06:29 105,984 -c----w c:\windows\ie7updates\KB961260-IE7\url.dll

+ 2008-03-01 13:06:30 1,159,680 -c----w c:\windows\ie7updates\KB961260-IE7\urlmon.dll

+ 2008-03-01 13:06:30 233,472 -c----w c:\windows\ie7updates\KB961260-IE7\webcheck.dll

+ 2008-03-01 13:06:31 826,368 -c----w c:\windows\ie7updates\KB961260-IE7\wininet.dll

- 2008-03-01 13:06:20 124,928 ----a-w c:\windows\system32\advpack.dll

+ 2008-12-20 23:15:11 124,928 ----a-w c:\windows\system32\advpack.dll

- 2007-07-30 23:19:20 92,504 ----a-w c:\windows\system32\cdm.dll

+ 2008-10-16 17:09:44 92,696 ----a-w c:\windows\system32\cdm.dll

- 2008-03-01 13:06:20 124,928 -c----w c:\windows\system32\dllcache\advpack.dll

+ 2008-12-20 23:15:11 124,928 -c----w c:\windows\system32\dllcache\advpack.dll

- 2006-02-28 12:00:00 138,496 -c--a-w c:\windows\system32\dllcache\afd.sys

+ 2008-08-14 09:51:43 138,368 -c----w c:\windows\system32\dllcache\afd.sys

- 2007-07-30 23:19:20 92,504 -c--a-w c:\windows\system32\dllcache\cdm.dll

+ 2008-10-16 17:09:44 92,696 -c--a-w c:\windows\system32\dllcache\cdm.dll

- 2008-02-20 05:32:43 148,992 -c--a-w c:\windows\system32\dllcache\dnsapi.dll

+ 2008-06-20 17:41:10 148,992 -c--a-w c:\windows\system32\dllcache\dnsapi.dll

- 2008-03-01 13:06:21 347,136 -c----w c:\windows\system32\dllcache\dxtmsft.dll

+ 2008-12-20 23:15:12 347,136 -c----w c:\windows\system32\dllcache\dxtmsft.dll

- 2008-03-01 13:06:21 214,528 -c----w c:\windows\system32\dllcache\dxtrans.dll

+ 2008-12-20 23:15:13 214,528 -c----w c:\windows\system32\dllcache\dxtrans.dll

- 2005-07-26 04:39:45 243,200 -c--a-w c:\windows\system32\dllcache\es.dll

+ 2008-07-07 20:32:22 253,952 -c--a-w c:\windows\system32\dllcache\es.dll

- 2008-03-01 13:06:21 133,120 -c----w c:\windows\system32\dllcache\extmgr.dll

+ 2008-12-20 23:15:13 133,120 -c----w c:\windows\system32\dllcache\extmgr.dll

- 2008-02-20 06:51:05 282,624 -c--a-w c:\windows\system32\dllcache\gdi32.dll

+ 2008-10-23 13:01:36 283,648 -c--a-w c:\windows\system32\dllcache\gdi32.dll

- 2008-03-01 13:06:21 63,488 -c----w c:\windows\system32\dllcache\icardie.dll

+ 2008-12-20 23:15:13 63,488 -c----w c:\windows\system32\dllcache\icardie.dll

- 2008-02-29 08:55:23 70,656 -c----w c:\windows\system32\dllcache\ie4uinit.exe

+ 2008-12-19 09:10:15 70,656 -c----w c:\windows\system32\dllcache\ie4uinit.exe

- 2008-03-01 13:06:21 153,088 -c----w c:\windows\system32\dllcache\ieakeng.dll

+ 2008-12-20 23:15:14 153,088 -c----w c:\windows\system32\dllcache\ieakeng.dll

- 2008-03-01 13:06:21 230,400 -c----w c:\windows\system32\dllcache\ieaksie.dll

+ 2008-12-20 23:15:14 230,400 -c----w c:\windows\system32\dllcache\ieaksie.dll

- 2008-02-15 05:44:25 161,792 -c----w c:\windows\system32\dllcache\ieakui.dll

+ 2008-12-19 05:23:56 161,792 -c----w c:\windows\system32\dllcache\ieakui.dll

- 2008-03-01 13:06:22 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll

+ 2008-12-20 23:15:15 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll

- 2008-03-01 13:06:22 384,512 -c----w c:\windows\system32\dllcache\iedkcs32.dll

+ 2008-12-20 23:15:16 384,512 -c----w c:\windows\system32\dllcache\iedkcs32.dll

- 2008-03-01 13:06:24 6,066,176 -c----w c:\windows\system32\dllcache\ieframe.dll

+ 2008-12-20 23:15:21 6,066,688 -c----w c:\windows\system32\dllcache\ieframe.dll

- 2008-03-01 13:06:24 44,544 -c----w c:\windows\system32\dllcache\iernonce.dll

+ 2008-12-20 23:15:21 44,544 -c----w c:\windows\system32\dllcache\iernonce.dll

- 2008-03-01 13:06:25 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll

+ 2008-12-20 23:15:22 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll

- 2008-02-22 10:00:51 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe

+ 2008-12-19 09:10:15 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe

- 2008-02-29 08:55:46 625,664 -c----w c:\windows\system32\dllcache\iexplore.exe

+ 2008-12-19 05:25:25 634,024 -c----w c:\windows\system32\dllcache\iexplore.exe

- 2007-08-21 06:15:44 683,520 -c--a-w c:\windows\system32\dllcache\inetcomm.dll

+ 2008-04-11 18:50:43 683,520 -c--a-w c:\windows\system32\dllcache\inetcomm.dll

- 2008-03-01 13:06:25 27,648 -c----w c:\windows\system32\dllcache\jsproxy.dll

+ 2008-12-20 23:15:23 27,648 -c----w c:\windows\system32\dllcache\jsproxy.dll

- 2006-10-19 00:03:58 100,864 -c--a-w c:\windows\system32\dllcache\logagent.exe

+ 2008-06-18 04:09:22 100,864 -c--a-w c:\windows\system32\dllcache\logagent.exe

- 2006-05-05 09:41:45 453,120 -c----w c:\windows\system32\dllcache\mrxsmb.sys

+ 2008-10-24 11:10:42 453,632 -c----w c:\windows\system32\dllcache\mrxsmb.sys

- 2006-02-28 12:00:00 331,776 -c--a-w c:\windows\system32\dllcache\msadce.dll

+ 2008-05-01 14:30:33 331,776 -c--a-w c:\windows\system32\dllcache\msadce.dll

- 2005-06-29 01:46:00 74,240 -c--a-w c:\windows\system32\dllcache\mscms.dll

+ 2008-06-24 16:23:05 74,240 -c--a-w c:\windows\system32\dllcache\mscms.dll

- 2008-03-01 13:06:26 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll

+ 2008-12-20 23:15:23 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll

- 2008-03-01 13:06:26 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll

+ 2008-12-20 23:15:24 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll

- 2008-03-01 22:36:30 3,591,680 -c----w c:\windows\system32\dllcache\mshtml.dll

+ 2009-01-17 00:35:14 3,594,752 -c----w c:\windows\system32\dllcache\mshtml.dll

- 2008-03-01 13:06:28 478,208 -c----w c:\windows\system32\dllcache\mshtmled.dll

+ 2008-12-20 23:15:30 477,696 -c----w c:\windows\system32\dllcache\mshtmled.dll

- 2008-03-01 13:06:28 193,024 -c----w c:\windows\system32\dllcache\msrating.dll

+ 2008-12-20 23:15:31 193,024 -c----w c:\windows\system32\dllcache\msrating.dll

- 2008-03-01 13:06:29 671,232 -c----w c:\windows\system32\dllcache\mstime.dll

+ 2008-12-20 23:15:32 671,232 -c----w c:\windows\system32\dllcache\mstime.dll

- 2006-02-28 12:00:00 245,248 -c--a-w c:\windows\system32\dllcache\mswsock.dll

+ 2008-06-20 17:41:10 245,248 -c--a-w c:\windows\system32\dllcache\mswsock.dll

- 2007-06-26 06:08:16 1,104,896 -c--a-w c:\windows\system32\dllcache\msxml3.dll

+ 2008-09-04 16:42:02 1,106,944 -c--a-w c:\windows\system32\dllcache\msxml3.dll

- 2006-08-17 12:28:27 332,288 -c--a-w c:\windows\system32\dllcache\netapi32.dll

+ 2008-10-15 16:57:55 332,800 -c--a-w c:\windows\system32\dllcache\netapi32.dll

- 2007-02-28 09:08:48 2,136,064 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe

+ 2008-08-14 09:58:27 2,136,064 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe

- 2007-02-28 08:38:55 2,057,600 -c----w c:\windows\system32\dllcache\ntkrnlpa.exe

+ 2008-08-14 09:22:13 2,057,728 -c----w c:\windows\system32\dllcache\ntkrnlpa.exe

- 2007-02-28 08:38:57 2,015,744 -c----w c:\windows\system32\dllcache\ntkrpamp.exe

+ 2008-08-14 09:22:14 2,015,744 -c----w c:\windows\system32\dllcache\ntkrpamp.exe

- 2007-02-28 09:10:57 2,180,352 -c----w c:\windows\system32\dllcache\ntoskrnl.exe

+ 2008-08-14 10:00:45 2,180,352 -c----w c:\windows\system32\dllcache\ntoskrnl.exe

- 2008-03-01 13:06:29 102,912 -c----w c:\windows\system32\dllcache\occache.dll

+ 2008-12-20 23:15:38 102,912 -c----w c:\windows\system32\dllcache\occache.dll

- 2008-03-01 13:06:29 44,544 -c----w c:\windows\system32\dllcache\pngfilt.dll

+ 2008-12-20 23:15:38 44,544 -c----w c:\windows\system32\dllcache\pngfilt.dll

- 2007-10-29 22:43:03 1,287,680 -c--a-w c:\windows\system32\dllcache\quartz.dll

+ 2008-05-07 05:18:48 1,287,680 -c--a-w c:\windows\system32\dllcache\quartz.dll

- 2006-07-13 08:48:58 202,240 -c--a-w c:\windows\system32\dllcache\rmcast.sys

+ 2008-05-08 12:28:49 202,752 -c--a-w c:\windows\system32\dllcache\rmcast.sys

- 2007-04-25 14:21:15 144,896 -c--a-w c:\windows\system32\dllcache\schannel.dll

+ 2008-12-05 07:12:45 144,896 -c--a-w c:\windows\system32\dllcache\schannel.dll

- 2007-10-26 03:34:01 8,460,288 -c--a-w c:\windows\system32\dllcache\shell32.dll

+ 2008-07-03 13:03:29 8,460,800 -c--a-w c:\windows\system32\dllcache\shell32.dll

- 2006-08-14 10:34:41 332,928 -c--a-w c:\windows\system32\dllcache\srv.sys

+ 2008-12-11 11:57:21 333,184 -c--a-w c:\windows\system32\dllcache\srv.sys

- 2006-08-21 13:52:08 246,814 -c--a-w c:\windows\system32\dllcache\strmdll.dll

+ 2008-10-03 10:15:47 247,326 -c--a-w c:\windows\system32\dllcache\strmdll.dll

- 2007-10-30 17:20:55 360,064 -c--a-w c:\windows\system32\dllcache\tcpip.sys

+ 2008-06-20 10:45:13 360,320 -c--a-w c:\windows\system32\dllcache\tcpip.sys

- 2006-08-16 09:37:30 225,664 -c--a-w c:\windows\system32\dllcache\tcpip6.sys

+ 2008-06-20 09:52:06 225,920 -c--a-w c:\windows\system32\dllcache\tcpip6.sys

- 2008-03-01 13:06:29 105,984 -c----w c:\windows\system32\dllcache\url.dll

+ 2008-12-20 23:15:39 105,984 -c----w c:\windows\system32\dllcache\url.dll

- 2008-03-01 13:06:30 1,159,680 -c----w c:\windows\system32\dllcache\urlmon.dll

+ 2008-12-20 23:15:40 1,160,192 -c----w c:\windows\system32\dllcache\urlmon.dll

- 2008-03-01 13:06:30 233,472 -c----w c:\windows\system32\dllcache\webcheck.dll

+ 2008-12-20 23:15:40 233,472 -c----w c:\windows\system32\dllcache\webcheck.dll

- 2008-03-19 09:47:00 1,845,248 -c--a-w c:\windows\system32\dllcache\win32k.sys

+ 2009-02-09 10:19:34 1,846,272 -c--a-w c:\windows\system32\dllcache\win32k.sys

- 2008-03-01 13:06:31 826,368 -c----w c:\windows\system32\dllcache\wininet.dll

+ 2008-12-20 23:15:41 826,368 -c----w c:\windows\system32\dllcache\wininet.dll

- 2006-10-19 01:47:20 937,984 -c--a-w c:\windows\system32\dllcache\WMNetMgr.dll

+ 2008-06-18 08:03:08 938,496 -c--a-w c:\windows\system32\dllcache\WMNetmgr.dll

- 2007-06-12 03:51:12 10,834,944 -c--a-w c:\windows\system32\dllcache\wmp.dll

+ 2008-11-11 21:34:42 10,838,016 -c--a-w c:\windows\system32\dllcache\wmp.dll

- 2006-10-19 01:47:22 2,450,944 -c--a-w c:\windows\system32\dllcache\wmvcore.dll

+ 2008-06-18 08:03:14 2,458,112 -c--a-w c:\windows\system32\dllcache\WMVCore.dll

- 2007-07-30 23:19:36 549,720 -c--a-w c:\windows\system32\dllcache\wuapi.dll

+ 2008-10-16 17:12:20 561,688 -c--a-w c:\windows\system32\dllcache\wuapi.dll

- 2007-07-30 23:19:16 53,080 -c--a-w c:\windows\system32\dllcache\wuauclt.exe

+ 2008-10-16 17:09:44 51,224 -c--a-w c:\windows\system32\dllcache\wuauclt.exe

- 2007-07-30 23:19:42 1,712,984 -c--a-w c:\windows\system32\dllcache\wuaueng.dll

+ 2008-10-16 17:13:40 1,809,944 -c--a-w c:\windows\system32\dllcache\wuaueng.dll

- 2007-07-30 23:19:32 325,976 -c--a-w c:\windows\system32\dllcache\wucltui.dll

+ 2008-10-16 17:12:22 323,608 -c--a-w c:\windows\system32\dllcache\wucltui.dll

- 2007-07-30 23:18:40 33,624 -c--a-w c:\windows\system32\dllcache\wups.dll

+ 2008-10-16 17:08:58 34,328 -c--a-w c:\windows\system32\dllcache\wups.dll

- 2008-02-20 05:32:43 148,992 ----a-w c:\windows\system32\dnsapi.dll

+ 2008-06-20 17:41:10 148,992 ----a-w c:\windows\system32\dnsapi.dll

- 2006-02-28 12:00:00 138,496 ----a-w c:\windows\system32\drivers\afd.sys

+ 2008-08-14 09:51:43 138,368 ----a-w c:\windows\system32\drivers\afd.sys

- 2008-04-26 23:34:49 26,952 ----a-w c:\windows\system32\drivers\avgmfx86.sys

+ 2009-03-20 20:35:02 27,656 ----a-w c:\windows\system32\drivers\avgmfx86.sys

+ 2009-02-13 14:17:49 45,416 ----a-w c:\windows\system32\drivers\avgntdd.sys

+ 2009-02-13 14:29:11 22,360 ----a-w c:\windows\system32\drivers\avgntmgr.sys

+ 2009-02-13 17:22:54 95,576 ----a-w c:\windows\system32\drivers\avipbb.sys

+ 2009-02-08 19:11:28 85,969 ----a-w c:\windows\system32\drivers\gmer.sys

- 2006-05-05 09:41:45 453,120 ----a-w c:\windows\system32\drivers\mrxsmb.sys

+ 2008-10-24 11:10:42 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys

- 2006-07-13 08:48:58 202,240 ----a-w c:\windows\system32\drivers\rmcast.sys

+ 2008-05-08 12:28:49 202,752 ----a-w c:\windows\system32\drivers\rmcast.sys

- 2006-08-14 10:34:41 332,928 ----a-w c:\windows\system32\drivers\srv.sys

+ 2008-12-11 11:57:21 333,184 ----a-w c:\windows\system32\drivers\srv.sys

+ 2009-02-13 14:50:02 28,376 ----a-w c:\windows\system32\drivers\ssmdrv.sys

- 2007-10-30 17:20:55 360,064 ----a-w c:\windows\system32\drivers\tcpip.sys

+ 2008-06-20 10:45:13 360,320 ----a-w c:\windows\system32\drivers\tcpip.sys

- 2006-08-16 09:37:30 225,664 ----a-w c:\windows\system32\drivers\tcpip6.sys

+ 2008-06-20 09:52:06 225,920 ----a-w c:\windows\system32\drivers\tcpip6.sys

+ 2008-10-24 18:51:58 53,752 -c--a-w c:\windows\system32\DRVSTORE\mozy_D0E4F2BAD67022FABD2BB62852FB977159B1D89B\mozy.sys

- 2008-03-01 13:06:21 347,136 ----a-w c:\windows\system32\dxtmsft.dll

+ 2008-12-20 23:15:12 347,136 ----a-w c:\windows\system32\dxtmsft.dll

- 2008-03-01 13:06:21 214,528 ----a-w c:\windows\system32\dxtrans.dll

+ 2008-12-20 23:15:13 214,528 ----a-w c:\windows\system32\dxtrans.dll

- 2005-07-26 04:39:45 243,200 ----a-w c:\windows\system32\es.dll

+ 2008-07-07 20:32:22 253,952 ----a-w c:\windows\system32\es.dll

- 2008-03-01 13:06:21 133,120 ----a-w c:\windows\system32\extmgr.dll

+ 2008-12-20 23:15:13 133,120 ----a-w c:\windows\system32\extmgr.dll

- 2008-04-28 00:06:41 122,928 ----a-w c:\windows\system32\FNTCACHE.DAT

+ 2009-03-21 10:34:30 122,928 ----a-w c:\windows\system32\FNTCACHE.DAT

- 2008-02-20 06:51:05 282,624 ----a-w c:\windows\system32\gdi32.dll

+ 2008-10-23 13:01:36 283,648 ----a-w c:\windows\system32\gdi32.dll

- 2008-03-01 13:06:21 63,488 ----a-w c:\windows\system32\icardie.dll

+ 2008-12-20 23:15:13 63,488 ----a-w c:\windows\system32\icardie.dll

- 2008-02-29 08:55:23 70,656 ----a-w c:\windows\system32\ie4uinit.exe

+ 2008-12-19 09:10:15 70,656 ----a-w c:\windows\system32\ie4uinit.exe

- 2008-03-01 13:06:21 153,088 ----a-w c:\windows\system32\ieakeng.dll

+ 2008-12-20 23:15:14 153,088 ----a-w c:\windows\system32\ieakeng.dll

- 2008-03-01 13:06:21 230,400 ----a-w c:\windows\system32\ieaksie.dll

+ 2008-12-20 23:15:14 230,400 ----a-w c:\windows\system32\ieaksie.dll

- 2008-02-15 05:44:25 161,792 ----a-w c:\windows\system32\ieakui.dll

+ 2008-12-19 05:23:56 161,792 ----a-w c:\windows\system32\ieakui.dll

- 2008-03-01 13:06:22 383,488 ----a-w c:\windows\system32\ieapfltr.dll

+ 2008-12-20 23:15:15 383,488 ----a-w c:\windows\system32\ieapfltr.dll

- 2008-03-01 13:06:22 384,512 ----a-w c:\windows\system32\iedkcs32.dll

+ 2008-12-20 23:15:16 384,512 ----a-w c:\windows\system32\iedkcs32.dll

- 2008-03-01 13:06:24 6,066,176 ----a-w c:\windows\system32\ieframe.dll

+ 2008-12-20 23:15:21 6,066,688 ----a-w c:\windows\system32\ieframe.dll

- 2008-03-01 13:06:24 44,544 ----a-w c:\windows\system32\iernonce.dll

+ 2008-12-20 23:15:21 44,544 ----a-w c:\windows\system32\iernonce.dll

- 2008-03-01 13:06:25 267,776 ----a-w c:\windows\system32\iertutil.dll

+ 2008-12-20 23:15:22 267,776 ----a-w c:\windows\system32\iertutil.dll

- 2008-02-22 10:00:51 13,824 ----a-w c:\windows\system32\ieudinit.exe

+ 2008-12-19 09:10:15 13,824 ----a-w c:\windows\system32\ieudinit.exe

- 2007-08-21 06:15:44 683,520 ----a-w c:\windows\system32\inetcomm.dll

+ 2008-04-11 18:50:43 683,520 ----a-w c:\windows\system32\inetcomm.dll

- 2008-03-01 13:06:25 27,648 ----a-w c:\windows\system32\jsproxy.dll

+ 2008-12-20 23:15:23 27,648 ----a-w c:\windows\system32\jsproxy.dll

- 2006-10-19 00:03:58 100,864 ----a-w c:\windows\system32\logagent.exe

+ 2008-06-18 04:09:22 100,864 ----a-w c:\windows\system32\logagent.exe

- 2005-06-29 01:46:00 74,240 ----a-w c:\windows\system32\mscms.dll

+ 2008-06-24 16:23:05 74,240 ----a-w c:\windows\system32\mscms.dll

- 2008-03-01 13:06:26 459,264 ----a-w c:\windows\system32\msfeeds.dll

+ 2008-12-20 23:15:23 459,264 ----a-w c:\windows\system32\msfeeds.dll

- 2008-03-01 13:06:26 52,224 ----a-w c:\windows\system32\msfeedsbs.dll

+ 2008-12-20 23:15:24 52,224 ----a-w c:\windows\system32\msfeedsbs.dll

- 2008-03-01 22:36:30 3,591,680 ----a-w c:\windows\system32\mshtml.dll

+ 2009-01-17 00:35:14 3,594,752 ----a-w c:\windows\system32\mshtml.dll

- 2008-03-01 13:06:28 478,208 ----a-w c:\windows\system32\mshtmled.dll

+ 2008-12-20 23:15:30 477,696 ----a-w c:\windows\system32\mshtmled.dll

- 2008-03-01 13:06:28 193,024 ----a-w c:\windows\system32\msrating.dll

+ 2008-12-20 23:15:31 193,024 ----a-w c:\windows\system32\msrating.dll

- 2008-03-01 13:06:29 671,232 ----a-w c:\windows\system32\mstime.dll

+ 2008-12-20 23:15:32 671,232 ----a-w c:\windows\system32\mstime.dll

- 2006-02-28 12:00:00 245,248 ----a-w c:\windows\system32\mswsock.dll

+ 2008-06-20 17:41:10 245,248 ----a-w c:\windows\system32\mswsock.dll

- 2007-06-26 06:08:16 1,104,896 ----a-w c:\windows\system32\msxml3.dll

+ 2008-09-04 16:42:02 1,106,944 ----a-w c:\windows\system32\msxml3.dll

- 2007-05-15 19:43:10 1,320,800 ----a-w c:\windows\system32\msxml6.dll

+ 2008-08-29 23:06:44 1,350,664 ----a-w c:\windows\system32\msxml6.dll

- 2006-08-17 12:28:27 332,288 ----a-w c:\windows\system32\netapi32.dll

+ 2008-10-15 16:57:55 332,800 ----a-w c:\windows\system32\netapi32.dll

- 2007-02-28 08:38:55 2,057,600 ----a-w c:\windows\system32\ntkrnlpa.exe

+ 2008-08-14 09:22:13 2,057,728 ----a-w c:\windows\system32\ntkrnlpa.exe

- 2007-02-28 09:10:57 2,180,352 ----a-w c:\windows\system32\ntoskrnl.exe

+ 2008-08-14 10:00:45 2,180,352 ----a-w c:\windows\system32\ntoskrnl.exe

- 2008-03-01 13:06:29 102,912 ----a-w c:\windows\system32\occache.dll

+ 2008-12-20 23:15:38 102,912 ----a-w c:\windows\system32\occache.dll

- 2008-03-01 13:06:29 44,544 ----a-w c:\windows\system32\pngfilt.dll

+ 2008-12-20 23:15:38 44,544 ----a-w c:\windows\system32\pngfilt.dll

- 2007-10-29 22:43:03 1,287,680 ----a-w c:\windows\system32\quartz.dll

+ 2008-05-07 05:18:48 1,287,680 ----a-w c:\windows\system32\quartz.dll

- 2007-04-25 14:21:15 144,896 ----a-w c:\windows\system32\schannel.dll

+ 2008-12-05 07:12:45 144,896 ----a-w c:\windows\system32\schannel.dll

- 2007-10-26 03:34:01 8,460,288 ----a-w c:\windows\system32\shell32.dll

+ 2008-07-03 13:03:29 8,460,800 ----a-w c:\windows\system32\shell32.dll

+ 2008-10-16 17:12:20 561,688 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wuapi.dll\7.2.6001.788\wuapi.dll

+ 2008-10-16 17:08:58 34,328 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll

+ 2008-10-16 17:09:44 43,544 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.788\wups2.dll

- 2006-09-25 21:58:48 14,640 ----a-w c:\windows\system32\spmsg.dll

+ 2007-11-30 11:18:51 17,272 ------w c:\windows\system32\spmsg.dll

- 2006-10-16 20:10:58 23,856 ----a-w c:\windows\system32\spupdsvc.exe

+ 2007-07-27 12:41:38 26,488 ----a-w c:\windows\system32\spupdsvc.exe

- 2006-08-21 13:52:08 246,814 ----a-w c:\windows\system32\strmdll.dll

+ 2008-10-03 10:15:47 247,326 ----a-w c:\windows\system32\strmdll.dll

- 2007-11-13 11:31:11 60,416 ----a-w c:\windows\system32\tzchange.exe

+ 2008-10-22 09:47:07 62,976 ----a-w c:\windows\system32\tzchange.exe

- 2008-03-01 13:06:29 105,984 ----a-w c:\windows\system32\url.dll

+ 2008-12-20 23:15:39 105,984 ----a-w c:\windows\system32\url.dll

- 2008-03-01 13:06:30 1,159,680 ----a-w c:\windows\system32\urlmon.dll

+ 2008-12-20 23:15:40 1,160,192 ----a-w c:\windows\system32\urlmon.dll

- 2008-03-01 13:06:30 233,472 ----a-w c:\windows\system32\webcheck.dll

+ 2008-12-20 23:15:40 233,472 ----a-w c:\windows\system32\webcheck.dll

- 2008-03-01 13:06:31 826,368 ----a-w c:\windows\system32\wininet.dll

+ 2008-12-20 23:15:41 826,368 ----a-w c:\windows\system32\wininet.dll

- 2006-10-19 01:47:20 937,984 ----a-w c:\windows\system32\WMNetMgr.dll

+ 2008-06-18 08:03:08 938,496 ----a-w c:\windows\system32\WMNetmgr.dll

- 2007-06-12 03:51:12 10,834,944 ----a-w c:\windows\system32\wmp.dll

+ 2008-11-11 21:34:42 10,838,016 ----a-w c:\windows\system32\wmp.dll

- 2006-10-19 01:47:20 295,936 ----a-w c:\windows\system32\wmpeffects.dll

+ 2008-06-24 21:12:58 295,936 ----a-w c:\windows\system32\wmpeffects.dll

- 2006-10-19 01:47:22 2,450,944 ----a-w c:\windows\system32\wmvcore.dll

+ 2008-06-18 08:03:14 2,458,112 ----a-w c:\windows\system32\WMVCore.dll

- 2007-07-30 23:19:36 549,720 ----a-w c:\windows\system32\wuapi.dll

+ 2008-10-16 17:12:20 561,688 ----a-w c:\windows\system32\wuapi.dll

- 2007-07-30 23:19:16 53,080 ----a-w c:\windows\system32\wuauclt.exe

+ 2008-10-16 17:09:44 51,224 ----a-w c:\windows\system32\wuauclt.exe

- 2007-07-30 23:19:42 1,712,984 ----a-w c:\windows\system32\wuaueng.dll

+ 2008-10-16 17:13:40 1,809,944 ----a-w c:\windows\system32\wuaueng.dll

- 2007-07-30 23:19:32 325,976 ----a-w c:\windows\system32\wucltui.dll

+ 2008-10-16 17:12:22 323,608 ----a-w c:\windows\system32\wucltui.dll

- 2007-07-30 23:18:40 33,624 ----a-w c:\windows\system32\wups.dll

+ 2008-10-16 17:08:58 34,328 ----a-w c:\windows\system32\wups.dll

- 2007-07-30 23:19:12 43,352 ----a-w c:\windows\system32\wups2.dll

+ 2008-10-16 17:09:44 43,544 ----a-w c:\windows\system32\wups2.dll

+ 2009-03-21 10:34:54 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_7d4.dat

+ 2006-12-02 01:56:00 96,256 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll

+ 2006-12-02 03:25:52 1,101,824 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll

+ 2006-12-02 03:25:56 1,093,120 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll

+ 2006-12-02 03:25:58 69,632 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll

+ 2006-12-02 03:26:00 57,856 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll

+ 2006-12-02 03:08:00 40,960 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll

+ 2006-12-02 03:08:00 45,056 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll

+ 2006-12-02 03:08:00 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll

+ 2006-12-02 03:08:00 57,344 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll

+ 2006-12-02 03:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll

+ 2006-12-02 03:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll

+ 2006-12-02 03:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll

+ 2006-12-02 03:08:00 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll

+ 2006-12-02 03:08:00 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll

+ 2006-12-02 03:46:44 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll

+ 2008-07-29 11:05:06 161,784 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll

+ 2008-07-29 06:54:08 225,280 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll

+ 2008-07-29 11:05:08 572,928 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll

+ 2008-07-29 11:05:08 655,872 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll

+ 2008-07-29 11:05:08 3,768,312 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll

+ 2008-07-29 11:05:10 3,783,672 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll

+ 2008-07-29 09:07:42 59,904 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll

+ 2008-07-29 09:07:42 59,904 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll

+ 2008-07-29 11:05:06 38,912 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll

+ 2008-07-29 11:05:06 39,936 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll

+ 2008-07-29 11:05:08 66,560 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll

+ 2008-07-29 11:05:08 56,832 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll

+ 2008-07-29 11:05:06 65,024 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll

+ 2008-07-29 11:05:08 65,024 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll

+ 2008-07-29 11:05:06 66,048 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll

+ 2008-07-29 11:05:08 64,512 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll

+ 2008-07-29 11:05:08 46,592 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll

+ 2008-07-29 11:05:08 46,080 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll

+ 2008-07-29 11:05:08 62,976 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll

+ 2007-11-07 05:19:20 54,272 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll

+ 2008-04-15 17:54:19 1,724,416 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.3352_x-ww_81af8e88\GdiPlus.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\mozy2]

@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]

@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"

[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]

2009-03-16 16:35 2788152 --a------ c:\program files\MozyHome\mozyshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\mozy3]

@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]

@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"

[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]

2009-03-16 16:35 2788152 --a------ c:\program files\MozyHome\mozyshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\mozy2]

@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]

@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"

[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]

2009-03-16 16:35 2788152 --a------ c:\program files\MozyHome\mozyshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\mozy3]

@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]

@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"

[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]

2009-03-16 16:35 2788152 --a------ c:\program files\MozyHome\mozyshell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-02-28 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-02-01 385024]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-26 185896]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-20 1932568]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-02-11 399504]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2009-03-16 2737464]

c:\documents and settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled

MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2009-03-16 2737464]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-03-20 17:35 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-01-11 23:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2006-02-28 09:00 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

--a------ 2007-01-13 10:47 163840 c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

--a------ 2007-01-13 10:47 131072 c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2008-02-19 14:10 267048 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]

--------- 2003-09-05 18:16 184320 c:\program files\ltmoh\ltmoh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--------- 2004-10-13 13:24 1694208 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2006-01-12 17:40 155648 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

--a------ 2007-01-13 10:46 135168 c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-02-01 00:13 385024 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

--a------ 2003-10-31 20:42 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2007-09-25 02:11 132496 c:\program files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

--a------ 2004-10-14 16:26 688218 c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]

--a------ 2004-10-14 16:28 98394 c:\program files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THotkey]

--a------ 2004-12-14 20:12 368640 c:\program files\TOSHIBA\TOSHIBA Applet\THotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

--a------ 2008-04-26 05:07 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]

--a------ 2004-10-28 15:37 88363 c:\windows\agrsmmsg.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\iTunes\\iTunes.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-03-20 12552]

R0 szmarywg;szmarywg;c:\windows\system32\drivers\szmarywg.sys [2006-02-28 23424]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-20 325640]

R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-20 107912]

R1 mozyFilter;mozyFilter;c:\windows\system32\drivers\mozy.sys [2008-07-25 53752]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-03-19 108289]

R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-20 298264]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-11-25 206096]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2008-11-25 15504]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2008-11-25 179856]

S3 ssrangdr;ssrangdr;c:\windows\system32\drivers\ssrangdr.sys [2009-01-20 2560]

S3 USB-100;Realtek RTL8150 USB 10/100 Fast Ethernet Adapter;c:\windows\system32\drivers\RTL8150.SYS [2008-04-26 26505]

S4 aswArKrn;aswArKrn;\??\c:\docume~1\Owner\LOCALS~1\Temp\aswArKrn.sys --> c:\docume~1\Owner\LOCALS~1\Temp\aswArKrn.sys [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{26b0a273-68e2-11dd-a915-0013ce84f3b6}]

\Shell\AutoRun\command - dll32.exe

\Shell\open\command - dll32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86654760-14dc-11dd-a878-0013ce84f3b6}]

\Shell\Auto\command - sxs.exe

\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe

.

Contents of the 'Scheduled Tasks' folder

2009-03-20 c:\windows\Tasks\Malwarebytes' Scheduled Scan for Owner.job

- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-02-11 10:19]

2009-03-20 c:\windows\Tasks\Malwarebytes' Scheduled Update for Owner.job

- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-02-11 10:19]

2009-03-20 c:\windows\Tasks\User_Feed_Synchronization-{A19F1001-9531-4757-B462-7242CF981423}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 19:36]

.

- - - - ORPHANS REMOVED - - - -

BHO-{CE9E101A-6A50-43DE-9522-2ED3DEBC669B} - c:\windows\system32\capesnp.dll

MSConfigStartUp-AVG7_CC - c:\progra~1\Grisoft\AVG7\avgcc.exe

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-21 07:48:27

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2009-03-21 7:50:01

ComboFix-quarantined-files.txt 2009-03-21 10:49:49

ComboFix2.txt 2009-02-08 18:21:32

Pre-Run: 51,625,263,104 bytes free

Post-Run: 51,864,825,856 bytes free

638 --- E O F --- 2009-03-21 10:21:25

Link to post
Share on other sites

  • Staff

Hi,

How do we choose which to keep?
That would be your choice, which one you like the most. If you purchased AVG8, then keep it :(

* Open notepad - don't use any other texteditor than notepad or the script will fail.

Copy/paste the text in the quotebox below into notepad:

Collect::[8]

c:\windows\system32\drivers\szmarywg.sys

c:\program files\Common Files\ehuv._sy

c:\program files\Common Files\xasibor.scr

c:\documents and settings\Owner\Application Data\ejetoc.sys

c:\program files\Common Files\jefyvonap.sys

c:\program files\Common Files\etyxebylu.reg

c:\program files\Common Files\yfimanet.scr

Filelook::

c:\windows\system32\ssrangdr.dll

c:\windows\system32\drivers\ssrangdr.sys

Driver::

szmarywg

aswArKrn

Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{26b0a273-68e2-11dd-a915-0013ce84f3b6}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86654760-14dc-11dd-a878-0013ce84f3b6}]

Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScript.gif

This will start ComboFix again.

Then, please visit this site:

http://www.bleepingcomputer.com/submit-malware.php?channel=8

Where it says: "Browse to the file you want to submit", use the Browse button to navigate to the following file: C:\Qoobox\Quarantine\[8]-Submit_date_time.zip (date_time will be replaced with the date and time when this file was created)

Then click the "Send File" button below in order to upload it.

After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

Link to post
Share on other sites

Thousands of thank you's!

I have uploaded the file to bleepingcomputer.com and below I have pasted the latest combofix log. Do I look ok? can I go ahead and use my computer?

Thank you

ComboFix 09-03-19.02 - Owner 2009-03-21 22:23:27.4 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.503.192 [GMT -3:00]

Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt

AV: AntiVir Desktop *On-access scanning enabled* (Updated)

AV: AVG Anti-Virus *On-access scanning enabled* (Updated)

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Owner\Application Data\ejetoc.sys

c:\program files\Common Files\ehuv._sy

c:\program files\Common Files\etyxebylu.reg

c:\program files\Common Files\jefyvonap.sys

c:\program files\Common Files\xasibor.scr

c:\program files\Common Files\yfimanet.scr

c:\windows\system32\drivers\szmarywg.sys

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_ASWARKRN

-------\Legacy_SZMARYWG

-------\Service_aswArKrn

-------\Service_szmarywg

((((((((((((((((((((((((( Files Created from 2009-02-22 to 2009-03-22 )))))))))))))))))))))))))))))))

.

2009-03-21 07:21 . 2009-03-21 07:22 <DIR> d-------- C:\ComFix

2009-03-20 23:23 . 2009-03-20 23:23 <DIR> d-------- c:\program files\Process Explorer

2009-03-20 19:34 . 2009-03-20 20:31 <DIR> d-------- c:\windows\system32\CatRoot_bak

2009-03-20 19:33 . 2008-06-13 10:10 272,128 --------- c:\windows\system32\drivers\bthport.sys

2009-03-20 19:33 . 2008-06-13 10:10 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys

2009-03-20 19:19 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui

2009-03-20 17:45 . 2009-03-20 21:36 <DIR> d--h----- C:\$AVG8.VAULT$

2009-03-20 17:35 . 2009-03-20 17:35 325,640 --a------ c:\windows\system32\drivers\avgldx86.sys

2009-03-20 17:35 . 2009-03-20 17:35 107,912 --a------ c:\windows\system32\drivers\avgtdix.sys

2009-03-20 17:35 . 2009-03-20 17:35 12,552 --a------ c:\windows\system32\drivers\avgrkx86.sys

2009-03-20 17:35 . 2009-03-20 17:35 10,520 --a------ c:\windows\system32\avgrsstx.dll

2009-03-20 17:34 . 2009-03-21 21:41 <DIR> d-------- c:\windows\system32\drivers\Avg

2009-03-20 17:34 . 2009-03-20 17:34 <DIR> d-------- c:\program files\AVG

2009-03-20 17:34 . 2009-03-20 18:06 <DIR> d-------- c:\documents and settings\Owner\Application Data\AVGTOOLBAR

2009-03-20 17:34 . 2009-03-20 17:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8

2009-03-19 14:34 . 2009-03-19 14:34 <DIR> d-------- c:\program files\Avira

2009-03-19 14:34 . 2009-03-19 14:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira

2009-03-19 14:34 . 2009-02-13 11:31 55,640 --a------ c:\windows\system32\drivers\avgntflt.sys

2009-03-19 14:11 . 2009-03-19 14:11 <DIR> d-------- c:\program files\Trend Micro

2009-03-19 13:42 . 2009-03-19 13:42 395 --a------ C:\My Documents.lnk

2009-03-18 23:11 . 2009-03-18 23:11 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes

2009-03-18 18:03 . 2009-03-20 17:35 <DIR> d-------- c:\documents and settings\Administrator

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-21 01:59 --------- d-----w c:\documents and settings\Owner\Application Data\Move Networks

2009-03-20 22:10 --------- d-----w c:\program files\Malwarebytes' Anti-Malware

2009-03-20 21:56 --------- d-----w c:\program files\a-squared Free

2009-03-20 21:54 --------- d-----w c:\program files\MozyHome

2009-03-18 04:21 --------- d-----w c:\documents and settings\LocalService\Application Data\SACore

2009-02-11 13:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-02-11 13:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys

2009-02-08 19:50 --------- d-----w c:\program files\Common Files\supportsoft

2009-02-08 17:33 --------- d-----w c:\documents and settings\Owner\Application Data\SupportSoft

2009-01-24 18:25 --------- d-----w c:\program files\CCleaner

.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

---- c:\windows\system32\drivers\ssrangdr.sys ----

Company: SupportSoft Inc.

File Description: Support.com Mirror Miniport

File Version: 2.8.0.0 built by: WinDDK

Product Name: SSRANG Server for Windows

Copyright: Copyright © SupportSoft Inc. 2003-2008

Original file name: ssrangdr.sys

MD5: f87737d83b965efa765117051e3b9d0c

---- c:\windows\system32\ssrangdr.dll ----

Company: SupportSoft Inc.

File Description: Support.com Mirror Driver

File Version: 2.8.0.0 built by: WinDDK

Product Name: SSRANG Server for Windows

Copyright: Copyright © SupportSoft Inc. 2003-2008

Original file name: ssrangdr.dll

MD5: 49748d251e3d06d277c56e715bfb0a23

((((((((((((((((((((((((((((( SnapShot_2009-03-21_ 7.49.01.74 )))))))))))))))))))))))))))))))))))))))))

.

- 2007-07-30 23:19:46 203,096 -c--a-w c:\windows\system32\dllcache\wuweb.dll

+ 2008-10-16 17:13:40 202,776 -c--a-w c:\windows\system32\dllcache\wuweb.dll

- 2007-07-30 23:19:46 203,096 ----a-w c:\windows\system32\wuweb.dll

+ 2008-10-16 17:13:40 202,776 ----a-w c:\windows\system32\wuweb.dll

+ 2009-03-22 01:27:03 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_e8.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CE9E101A-6A50-43DE-9522-2ED3DEBC669B}]

c:\windows\system32\capesnp.dll [bU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\mozy2]

@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]

@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"

[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]

2009-03-16 16:35 2788152 --a------ c:\program files\MozyHome\mozyshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\mozy3]

@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]

@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"

[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]

2009-03-16 16:35 2788152 --a------ c:\program files\MozyHome\mozyshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\mozy2]

@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]

@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"

[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]

2009-03-16 16:35 2788152 --a------ c:\program files\MozyHome\mozyshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\mozy3]

@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]

@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"

[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]

2009-03-16 16:35 2788152 --a------ c:\program files\MozyHome\mozyshell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-02-28 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-02-01 385024]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-26 185896]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-20 1932568]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-02-11 399504]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2009-03-16 2737464]

c:\documents and settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled

MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2009-03-16 2737464]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-03-20 17:35 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-01-11 23:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2006-02-28 09:00 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

--a------ 2007-01-13 10:47 163840 c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

--a------ 2007-01-13 10:47 131072 c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2008-02-19 14:10 267048 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]

--------- 2003-09-05 18:16 184320 c:\program files\ltmoh\ltmoh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--------- 2004-10-13 13:24 1694208 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2006-01-12 17:40 155648 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

--a------ 2007-01-13 10:46 135168 c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-02-01 00:13 385024 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

--a------ 2003-10-31 20:42 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2007-09-25 02:11 132496 c:\program files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

--a------ 2004-10-14 16:26 688218 c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]

--a------ 2004-10-14 16:28 98394 c:\program files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THotkey]

--a------ 2004-12-14 20:12 368640 c:\program files\TOSHIBA\TOSHIBA Applet\THotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

--a------ 2008-04-26 05:07 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]

--a------ 2004-10-28 15:37 88363 c:\windows\agrsmmsg.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\iTunes\\iTunes.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-03-20 12552]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-20 325640]

R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-20 107912]

R1 mozyFilter;mozyFilter;c:\windows\system32\drivers\mozy.sys [2008-07-25 53752]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-03-19 108289]

R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-20 298264]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-11-25 206096]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2008-11-25 15504]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2008-11-25 179856]

S3 ssrangdr;ssrangdr;c:\windows\system32\drivers\ssrangdr.sys [2009-01-20 2560]

S3 USB-100;Realtek RTL8150 USB 10/100 Fast Ethernet Adapter;c:\windows\system32\drivers\RTL8150.SYS [2008-04-26 26505]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - SZMARYWG

.

Contents of the 'Scheduled Tasks' folder

2009-03-20 c:\windows\Tasks\Malwarebytes' Scheduled Scan for Owner.job

- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-02-11 10:19]

2009-03-20 c:\windows\Tasks\Malwarebytes' Scheduled Update for Owner.job

- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-02-11 10:19]

2009-03-22 c:\windows\Tasks\User_Feed_Synchronization-{A19F1001-9531-4757-B462-7242CF981423}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 19:36]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-21 22:27:31

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\progra~1\AVG\AVG8\avgam.exe

c:\program files\AVG\AVG8\avgrsx.exe

c:\progra~1\AVG\AVG8\avgnsx.exe

c:\program files\MozyHome\mozybackup.exe

c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2009-03-21 22:30:45 - machine was rebooted

ComboFix-quarantined-files.txt 2009-03-22 01:30:37

ComboFix2.txt 2009-03-21 10:50:02

ComboFix3.txt 2009-02-08 18:21:32

Pre-Run: 51,813,756,928 bytes free

Post-Run: 51,801,972,736 bytes free

241 --- E O F --- 2009-03-21 10:21:25

Link to post
Share on other sites

  • Staff

Hi,

Thank you for the files.

Open notepad and copy and paste next present in the quotebox below in it:

(don't forget to copy and paste REGEDIT4)

REGEDIT4

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CE9E101A-6A50-43DE-9522-2ED3DEBC669B}]

Save this as fix.reg Choose to save as *all files and place it on your desktop.

It should look like this: reg.gif

Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.

* Go to start > run and copy and paste next command in the field:

ComboFix /u

Make sure there's a space between Combofix and /

Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Let me know in your next reply how things are now.

Link to post
Share on other sites

OK - We have done these final steps (we had to remember to disable AVG before we ran the uninstall of ComboFix). Everything seems to be working properly. We have uninstalled Avira Antivir and left AVG on the computer.

What should we do to prevent future invasions? Is having Malwarebytes and AVG sufficient? (We have paid versions of both). Does Malwarebytes "Immunize" like Spybot does?

Thank you for helping us through this. We simply could not have done it without your help.

Is there anything we can do for you?

Link to post
Share on other sites

  • Staff
Is having Malwarebytes and AVG sufficient?
Yes, both keep you protected from future threats.

Glad I could help. :(

Please read my Prevention page with lots of info and tips how to prevent this in the future.

And if you want to improve speed/system performance after malware removal, take a look here.

Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Happy Surfing again!

Link to post
Share on other sites

  • Staff

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.