Woodville Deb Posted September 28, 2009 ID:134381 Share Posted September 28, 2009 Please help me in removing fakealert.mn, Malware Remover will not load, neither will sever others i have tried. I have tried to run AVG in safe mode but it will not remove it either. I have seen where someone has helped removing a malware that had the same symptoms. Is there any one who can help me with this. Thanks in advance. Debbie Link to post Share on other sites More sharing options...
Woodville Deb Posted September 28, 2009 Author ID:134646 Share Posted September 28, 2009 I have an XP Home machine, I have seen where other people have run Combofix. Does anyone think that this is the way to start? Thanks to all in advance, Debbie Link to post Share on other sites More sharing options...
Staff screen317 Posted September 28, 2009 Staff ID:134719 Share Posted September 28, 2009 Hi and welcome to Malwarebytes.Please visit this webpage for instructions for running ComboFix: http://www.bleepingcomputer.com/combofix/how-to-use-combofixWhen the tool is finished, it will produce a report for you.Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.If ComboFix will not run, do this instead:Download Win32kDiag.exe by AD to your Desktop. Double click on it. It will make a diagnostic and produce a report on the desktop. Post that report on your next reply.-screen317 Link to post Share on other sites More sharing options...
Woodville Deb Posted September 28, 2009 Author ID:134841 Share Posted September 28, 2009 Avira finished running and got rid of the popups. I was able to run Combofix it ran and here is the log that it printed out. Thank you so much! If I could only send chocloate chip cokies over the internet. Here is the log Combfix printed out. Please let me know what else i need to do. Thanks again. DebbieComboFix 09-09-27.05 - Owner 09/28/2009 16:29.1.2 - NTFSx86Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.990.471 [GMT -5:00]Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exeAV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66} * Created a new restore point.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\program files\INSTALL.LOGc:\program files\Protection Systemc:\program files\Protection System\core.cgac:\program files\Protection System\coreext.dllc:\program files\Protection System\firewall.dllc:\program files\Protection System\help.icoc:\program files\Protection System\uninstall.exec:\program files\WinBudgetc:\program files\WinBudget\bin\matrix.datc:\windows\Installer\355746.msic:\windows\Installer\584c5e.msic:\windows\Installer\680a85.msic:\windows\Installer\680a9a.msic:\windows\Installer\7f04f.msic:\windows\Installer\80edc1.msic:\windows\Installer\d2367.msic:\windows\Installer\f1a07.msic:\windows\system32\_004481_.tmp.dllc:\windows\system32\_004482_.tmp.dllc:\windows\system32\_004483_.tmp.dllc:\windows\system32\_004484_.tmp.dllc:\windows\system32\_004491_.tmp.dllc:\windows\system32\_004492_.tmp.dllc:\windows\system32\_004493_.tmp.dllc:\windows\system32\_004495_.tmp.dllc:\windows\system32\_004496_.tmp.dllc:\windows\system32\_004497_.tmp.dllc:\windows\system32\_004499_.tmp.dllc:\windows\system32\_004500_.tmp.dllc:\windows\system32\_004502_.tmp.dllc:\windows\system32\_004503_.tmp.dllc:\windows\system32\_004504_.tmp.dllc:\windows\system32\_004506_.tmp.dllc:\windows\system32\_004509_.tmp.dllc:\windows\system32\_004510_.tmp.dllc:\windows\system32\_004514_.tmp.dllc:\windows\system32\_004515_.tmp.dllc:\windows\system32\_004517_.tmp.dllc:\windows\system32\_004520_.tmp.dllc:\windows\system32\_004522_.tmp.dllc:\windows\system32\_004523_.tmp.dllc:\windows\system32\_004524_.tmp.dllc:\windows\system32\_004525_.tmp.dllc:\windows\system32\_004528_.tmp.dllc:\windows\system32\_004529_.tmp.dllc:\windows\system32\_004530_.tmp.dllc:\windows\system32\_004531_.tmp.dllc:\windows\system32\_004532_.tmp.dllc:\windows\system32\_004537_.tmp.dllc:\windows\system32\_004539_.tmp.dllc:\windows\system32\adeeg.bak1c:\windows\system32\adeeg.bak2c:\windows\system32\adeeg.tmpc:\windows\system32\drivers\UACpeyksxcujn.sysc:\windows\system32\huucjpmv.inic:\windows\system32\superiorads-uninst.exec:\windows\system32\SYSInfo.ocxc:\windows\system32\tmp39.tmpc:\windows\system32\UACbeukuptiej.dllc:\windows\system32\UACcfmpuwylkr.logc:\windows\system32\UACgvjlgrmmgn.dllc:\windows\system32\UAChcnvddiugi.dllc:\windows\system32\uacinit.dllc:\windows\system32\UACkodwqquxsl.datc:\windows\system32\UACyrnwcokvuw.dll.((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Service_UACd.sys-------\Legacy_UACd.sys((((((((((((((((((((((((( Files Created from 2009-08-28 to 2009-09-28 ))))))))))))))))))))))))))))))).2009-09-28 20:49 . 2009-09-28 20:49 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes2009-09-28 20:45 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2009-09-28 20:45 . 2009-09-28 20:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes2009-09-28 20:45 . 2009-09-28 20:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2009-09-28 20:45 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys2009-09-28 18:43 . 2009-09-28 18:43 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache2009-09-28 18:39 . 2009-07-28 21:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys2009-09-28 18:39 . 2009-03-30 15:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys2009-09-28 18:39 . 2009-02-13 17:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys2009-09-28 18:39 . 2009-02-13 17:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys2009-09-28 18:39 . 2009-09-28 18:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira2009-09-28 18:39 . 2009-09-28 18:39 -------- d-----w- c:\program files\Avira2009-09-26 00:51 . 2008-12-11 13:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys2009-09-26 00:51 . 2009-08-24 19:05 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys2009-09-26 00:51 . 2009-08-19 16:01 86888 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys2009-09-26 00:51 . 2009-09-26 00:51 -------- d-----w- c:\program files\Common Files\PC Tools2009-09-26 00:51 . 2008-12-10 16:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys2009-09-26 00:51 . 2009-09-28 18:12 -------- d-----w- c:\program files\Spyware Doctor2009-09-26 00:51 . 2009-09-26 00:51 -------- d-----w- c:\documents and settings\Owner\Application Data\PC Tools2009-09-26 00:51 . 2009-09-26 00:51 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools2009-09-25 17:07 . 2009-08-28 01:14 81920 ----a-w- c:\windows\eSellerateControl350.dll2009-09-25 17:07 . 2009-08-28 01:14 356352 ----a-w- c:\windows\eSellerateEngine.dll2009-09-25 17:06 . 2009-09-25 17:08 -------- d-----w- c:\program files\FakeAlert Removal Tool2009-09-25 12:28 . 2009-09-25 12:28 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE2009-09-25 12:28 . 2009-09-25 12:28 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache2009-09-17 04:20 . 2009-09-18 00:40 -------- d-----w- c:\documents and settings\Owner\Application Data\IObit2009-09-17 04:20 . 2009-09-17 04:20 -------- d-----w- c:\program files\IObit2009-09-13 19:24 . 2009-09-15 21:07 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll2009-09-10 17:01 . 2009-09-10 17:01 -------- d-sh--w- c:\documents and settings\Default User\IETldCache2009-09-09 22:28 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll2009-09-04 14:59 . 2009-09-04 14:59 -------- d-----w- c:\documents and settings\Owner\Application Data\AVG82009-09-04 02:00 . 2009-09-04 02:00 -------- d-----w- c:\program files\My Downloaded Games2009-09-04 02:00 . 2009-09-04 02:00 -------- d-----w- c:\program files\BoontyGames.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-09-28 18:50 . 2007-03-11 11:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy2009-09-28 18:45 . 2007-05-22 22:51 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP2009-09-28 18:08 . 2007-03-11 11:38 -------- d-----w- c:\program files\Spybot - Search & Destroy2009-09-25 00:05 . 2008-08-30 22:09 -------- d-----w- c:\documents and settings\All Users\Application Data\avg82009-09-23 03:40 . 2007-03-29 02:10 -------- d-----w- c:\program files\TestWorks2009-09-10 17:02 . 2007-09-08 02:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help2009-08-28 15:48 . 2007-03-16 04:21 244056 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT2009-08-24 01:03 . 2009-08-24 01:03 -------- d-----w- c:\program files\MAXA Cookie Manager2009-08-14 11:58 . 2009-09-26 00:51 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat2009-08-05 09:01 . 2004-08-12 13:01 204800 ----a-w- c:\windows\system32\mswebdvd.dll2009-07-30 14:11 . 2008-08-30 22:41 11952 ----a-w- c:\windows\system32\avgrsstx.dll2009-07-30 14:11 . 2008-08-30 22:41 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys2009-07-30 14:11 . 2008-08-30 22:41 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys2009-07-17 19:01 . 2004-08-12 12:55 58880 ----a-w- c:\windows\system32\atl.dll2009-07-14 04:43 . 2004-08-12 13:10 286208 ----a-w- c:\windows\system32\wmpdxm.dll2009-07-03 17:09 . 2007-02-19 15:15 915456 ----a-w- c:\windows\system32\wininet.dll2003-12-18 16:33 . 2009-09-13 19:23 20102 ----a-w- c:\program files\Readme.txt2003-09-03 12:46 . 2009-09-13 19:23 10960 ----a-w- c:\program files\EULA.txt2004-08-12 13:07 . 2004-08-12 13:07 94784 --sh--w- c:\windows\twain.dll2008-04-14 00:12 . 2008-10-29 00:46 413696 --sha-w- c:\windows\system32\SET29B.tmp.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200][HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}][HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]2009-09-02 16:58 1107200 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200][HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}][HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200][HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Blue]@="{E300CD91-100F-4E67-9AF3-1384A6124015}"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]@="{E300CD91-100F-4E67-9AF3-1384A6124015}"[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]2009-01-09 21:13 583312 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]@="{95A27763-F62A-4114-9072-E81D87DE3B68}"[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]2009-01-09 21:13 583312 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Blue]@="{E300CD91-100F-4E67-9AF3-1384A6124015}"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]@="{E300CD91-100F-4E67-9AF3-1384A6124015}"[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]2009-01-09 21:13 583312 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Red]@="{01CCCC8C-1D50-4b13-B96D-4B922DD3128B}"[HKEY_CLASSES_ROOT\CLSID\{01CCCC8C-1D50-4b13-B96D-4B922DD3128B}]2009-01-09 21:13 583312 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]2009-01-09 21:13 583312 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Coast to Coast AM"="c:\program files\Coast to Coast AM Media Center\Coast to Coast AM Media Center.exe" [2005-06-08 983040]"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-06-30 2329224][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-09-17 2022680]"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2009-01-09 669840]"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588][hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]2009-07-30 14:11 11952 ----a-w- c:\windows\system32\avgrsstx.dll[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]@=""[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]@=""[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Reminder.lnk]backup=c:\windows\pss\Event Reminder.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk.disabled]backup=c:\windows\pss\InterVideo WinCinema Manager.lnk.disabledCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]backup=c:\windows\pss\Microsoft Office.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks 2002 Delivery Agent.lnk.disabled]backup=c:\windows\pss\QuickBooks 2002 Delivery Agent.lnk.disabledCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]backup=c:\windows\pss\Windows Search.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Yahoo! Autosync.lnk]backup=c:\windows\pss\Yahoo! Autosync.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Adobe Gamma.lnk]backup=c:\windows\pss\Adobe Gamma.lnkStartup[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^ID Vault.lnk]backup=c:\windows\pss\ID Vault.lnkStartupHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheckHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Size gridHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]"KodakDigitalDisplayService"=2 (0x2)"iPod Service"=3 (0x3)"IntuitUpdateService"=2 (0x2)"gusvc"=2 (0x2)"Fax"=2 (0x2)"Apple Mobile Device"=2 (0x2)[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" -quiet[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe""MMTray"=c:\program files\MusicMatch\MusicMatch Jukebox\mm_tray.exe"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe""QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime"nwiz"=nwiz.exe /install"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup"NeroCheck"=c:\windows\system32\NeroCheck.exe"EM_EXEC"=c:\progra~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="c:\\StubInstaller.exe"="c:\\Program Files\\LimeWire\\LimeWire.exe"="c:\\Program Files\\Messenger\\msmsgs.exe"="c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="c:\\Program Files\\Sierra\\Homeworld2\\Bin\\Release\\Homeworld2.exe"="c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"="c:\\Program Files\\Raven\\Star Trek Voyager Elite Force\\stvoyHM.exe"="c:\\Program Files\\AVG\\AVG8\\avgupd.exe"="c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"="c:\\Program Files\\Kodak\\Digital Display\\KodakDigitalDisplaySoftware.exe"="c:\\Program Files\\Kodak\\Digital Display\\OrbKodakLauncher\\DllStartupService.exe"="c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="c:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\Program Files\\iTunes\\iTunes.exe"=R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [8/30/2008 5:41 PM 12552]R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [9/25/2009 7:51 PM 206256]R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/30/2008 5:41 PM 335240]R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/30/2008 5:41 PM 108552]R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [9/28/2009 1:39 PM 108289]R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [1/8/2009 9:52 AM 297752]R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [4/26/2009 9:28 PM 1370488]R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 6:45 AM 13088]R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [9/25/2009 7:51 PM 348752]R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [8/30/2008 5:41 PM 29208]R3 SMCSTUB;SMCSTUB;c:\windows\system32\drivers\smcstub.sys [10/15/2007 10:21 AM 55680]S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [8/30/2008 5:41 PM 29208]S3 cdiskdun;cdiskdun;\??\c:\docume~1\Owner\LOCALS~1\Temp\cdiskdun.sys --> c:\docume~1\Owner\LOCALS~1\Temp\cdiskdun.sys [?]S3 EGEARAspiWD;EGEARAspiWD;\??\c:\docume~1\Owner\LOCALS~1\Temp\EGEARAspiWD.sys --> c:\docume~1\Owner\LOCALS~1\Temp\EGEARAspiWD.sys [?]S3 mtsftkey;mtsftkey;c:\windows\system32\drivers\mtsftkey.sys [10/15/2007 10:21 AM 60032]S3 pafd;pafd;\??\c:\docume~1\Owner\LOCALS~1\Temp\pafd.sys --> c:\docume~1\Owner\LOCALS~1\Temp\pafd.sys [?]S4 KodakDigitalDisplayService;KodakDigitalDisplayService;c:\program files\Kodak\Digital Display\OrbKodakLauncher\DllStartupService.exe [8/14/2008 1:10 PM 98304][HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP.Contents of the 'Scheduled Tasks' folder2009-09-01 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]2009-09-20 c:\windows\Tasks\Registry Medic Schedule.job- c:\program files\Registry Medic\RegMedic.exe [2007-05-28 23:11]2007-05-26 c:\windows\Tasks\RegistryMedicAuotScan.job- c:\program files\Registry Medic\RegMedical.exe [2007-05-25 00:14]2009-09-18 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2007-03-11 20:31]2009-08-27 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2008-10-12 20:31]2009-09-28 c:\windows\Tasks\User_Feed_Synchronization-{D8F08181-DAC3-43EA-A58F-2C9409863ECB}.job- c:\windows\system32\msfeedssync.exe [2007-02-19 09:31]..------- Supplementary Scan -------.uStart Page = hxxp://coasttocoastam.com/uInternet Settings,ProxyOverride = *.localIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000TCP: {0F06A1AD-90E2-4052-ACE0-BF85E8313AD1} = 205.152.132.32,205.152.37.23DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cabFF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2dkbw6yd.default\FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p=FF - prefs.js: browser.search.selectedEngine - IxquickFF - prefs.js: browser.startup.homepage - hxxp://www.coasttocoastam.com/FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dllFF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dllFF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dllFF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dllFF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dllFF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dllFF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dllFF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dllFF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\---- FIREFOX POLICIES ----FF - user.js: browser.cache.memory.capacity - 16000FF - user.js: browser.chrome.favicons - falesFF - user.js: browser.display.show_image_placeholders - trueFF - user.js: browser.turbo.enabled - trueFF - user.js: browser.urlbar.autocomplete.enabled - trueFF - user.js: browser.urlbar.autofill - trueFF - user.js: content.max.tokenizing.time - 3000000FF - user.js: content.maxtextrun - 4095FF - user.js: content.notify.backoffcount - 5FF - user.js: content.notify.interval - 1000000FF - user.js: content.notify.ontimer - trueFF - user.js: content.switch.threshold - 1000000FF - user.js: dom.disable_window_status_change - trueFF - user.js: network.http.max-connections - 48FF - user.js: network.http.max-connections-per-server - 16FF - user.js: network.http.max-persistent-connections-per-proxy - 16FF - user.js: network.http.max-persistent-connections-per-server - 8FF - user.js: network.http.pipelining - trueFF - user.js: network.http.pipelining.firstrequest - trueFF - user.js: network.http.pipelining.maxrequests - 8FF - user.js: network.http.proxy.pipelining - trueFF - user.js: network.http.request.max-start-delay - 0FF - user.js: nglayout.initialpaint.delay - 1000FF - user.js: plugin.expose_full_path - trueFF - user.js: ui.submenuDelay - 0.- - - - ORPHANS REMOVED - - - -BHO-{9C4DE643-2FDA-469F-8881-4EB3C137F1D4} - (no file)Notify-geeda - (no file)Notify-WgaLogon - (no file)SafeBoot-AVG Anti-Spyware DriverSafeBoot-AVG Anti-Spyware GuardAddRemove-Protection System - c:\program files\Protection System\Uninstall.exe**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-09-28 16:49Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------[HKEY_LOCAL_MACHINE\software\Classes\.bcp\PersistentHandler]@DACL=(02 0000)@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"[HKEY_LOCAL_MACHINE\software\Classes\.pot\PersistentHandler]@DACL=(02 0000)@="{98de59a0-d175-11cd-a7bd-00006b827d94}"[HKEY_LOCAL_MACHINE\software\Classes\.pps\PersistentHandler]@DACL=(02 0000)@="{98de59a0-d175-11cd-a7bd-00006b827d94}"[HKEY_LOCAL_MACHINE\software\Classes\.ppt\PersistentHandler]@DACL=(02 0000)@="{98de59a0-d175-11cd-a7bd-00006b827d94}"[HKEY_LOCAL_MACHINE\software\Classes\.prc\PersistentHandler]@DACL=(02 0000)@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"[HKEY_LOCAL_MACHINE\software\Classes\.rtf\PersistentHandler]@DACL=(02 0000)@="{2e2294a9-50d7-4fe7-a09f-e6492e185884}"[HKEY_LOCAL_MACHINE\software\Classes\.srf\PersistentHandler]@DACL=(02 0000)@="{eec97550-47a9-11cf-b952-00aa0051fe20}"[HKEY_LOCAL_MACHINE\software\Classes\.trg\PersistentHandler]@DACL=(02 0000)@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"[HKEY_LOCAL_MACHINE\software\Classes\.user\PersistentHandler]@DACL=(02 0000)@="{eec97550-47a9-11cf-b952-00aa0051fe20}"[HKEY_LOCAL_MACHINE\software\Classes\.xls\PersistentHandler]@DACL=(02 0000)@="{98de59a0-d175-11cd-a7bd-00006b827d94}"[HKEY_LOCAL_MACHINE\software\Classes\.xlt\PersistentHandler]@DACL=(02 0000)@="{98de59a0-d175-11cd-a7bd-00006b827d94}"[HKEY_LOCAL_MACHINE\software\Classes\.xslt\PersistentHandler]@DACL=(02 0000)@="{7E9D8D44-6926-426F-AA2B-217A819A5CCE}"[HKEY_LOCAL_MACHINE\software\Classes\mapi\Shell]@DACL=(02 0000)@="".--------------------- DLLs Loaded Under Running Processes ---------------------- - - - - - - > 'explorer.exe'(2856)c:\windows\system32\WININET.dllc:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dllc:\windows\system32\ieframe.dllc:\windows\system32\webcheck.dllc:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.------------------------ Other Running Processes ------------------------.c:\windows\system32\scardsvr.exec:\program files\Avira\AntiVir Desktop\avguard.exec:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exec:\program files\Bonjour\mDNSResponder.exec:\program files\Carbonite\Carbonite Backup\CarboniteService.exec:\progra~1\AVG\AVG8\avgam.exec:\program files\AVG\AVG8\avgrsx.exec:\progra~1\AVG\AVG8\avgnsx.exec:\program files\Common Files\LightScribe\LSSrvc.exec:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exec:\windows\system32\nvsvc32.exec:\windows\system32\tcpsvcs.exec:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exec:\windows\system32\searchindexer.exe.**************************************************************************.Completion time: 2009-09-28 17:04 - machine was rebootedComboFix-quarantined-files.txt 2009-09-28 22:04Pre-Run: 106,685,128,704 bytes freePost-Run: 106,610,241,536 bytes freeWindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsmulti(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect447 --- E O F --- 2009-09-10 17:07 Link to post Share on other sites More sharing options...
Woodville Deb Posted September 29, 2009 Author ID:134959 Share Posted September 29, 2009 Ran Malwarebyte and HJT here are there print outs....Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:43:00 PM, on 9/28/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\AntiVir Desktop\sched.exeC:\Program Files\Avira\AntiVir Desktop\avguard.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\PROGRA~1\AVG\AVG8\avgfws8.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exeC:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exeC:\PROGRA~1\AVG\AVG8\avgam.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\PROGRA~1\AVG\AVG8\avgnsx.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Spyware Doctor\pctsAuxs.exeC:\WINDOWS\system32\tcpsvcs.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\SearchIndexer.exeC:\PROGRA~1\AVG\AVG8\avgtray.exeC:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exeC:\Program Files\QuickTime\QTTask.exeC:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exeC:\Program Files\Avira\AntiVir Desktop\avgnt.exeC:\Program Files\Coast to Coast AM Media Center\Coast to Coast AM Media Center.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\IObit\Advanced SystemCare 3\AWC.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\WINDOWS\system32\SearchProtocolHost.exeC:\Program Files\IObit\Advanced SystemCare 3\IObitUpdate.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://coasttocoastam.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBRR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dllR3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dllO2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dllO2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllO2 - BHO: (no name) - {9C4DE643-2FDA-469F-8881-4EB3C137F1D4} - (no file)O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dllO2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dllO3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dllO4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.iniO4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exeO4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /minO4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Documents and Settings\Owner\Desktop\Malwarebytes' Anti-Malware\try this.exe" /runcleanupscriptO4 - HKCU\..\Run: [Coast to Coast AM] C:\Program Files\Coast to Coast AM Media Center\Coast to Coast AM Media Center.exeO4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exeO4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startupO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXEO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllO9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cabO16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cabO16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dllO16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testAc...OnlineGames.cabO16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cabO16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cabO16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15031/CTPID.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{0F06A1AD-90E2-4052-ACE0-BF85E8313AD1}: NameServer = 205.152.132.32,205.152.37.23O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dllO20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dllO20 - Winlogon Notify: geeda - C:\WINDOWS\O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exeO23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exeO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exeO23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exeO23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exeO23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe--End of file - 10345 bytes*********************Malwarebytes' Anti-Malware 1.41Database version: 2869Windows 5.1.2600 Service Pack 39/28/2009 9:38:34 PMmbam-log-2009-09-28 (21-38-34).txtScan type: Full Scan (C:\|)Objects scanned: 313195Time elapsed: 1 hour(s), 36 minute(s), 42 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 9Registry Values Infected: 2Registry Data Items Infected: 1Folders Infected: 2Files Infected: 10Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\BitDownload (Trojan.Swizzor) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.Registry Values Infected:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\www.host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.Registry Data Items Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\Local Page (Hijack.SearchPage) -> Bad: (http://www.iesearch.com/) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.Folders Infected:C:\Documents and Settings\Owner\Start Menu\Programs\BitDownload (Trojan.Swizzor) -> Quarantined and deleted successfully.C:\Documents and Settings\All Users\Start Menu\Programs\Protection System (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.Files Infected:C:\Qoobox\Quarantine\C\WINDOWS\system32\superiorads-uninst.exe.vir (Adware.AdRotator) -> Quarantined and deleted successfully.C:\Qoobox\Quarantine\C\WINDOWS\system32\UACgvjlgrmmgn.dll.vir (Trojan.Agent) -> Quarantined and deleted successfully.C:\Qoobox\Quarantine\C\WINDOWS\system32\UACyrnwcokvuw.dll.vir (Rootkit.TDSS) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{1CBF298F-19C3-426B-8501-5E6F25609C70}\RP0\A0000003.dll (Trojan.Agent) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{1CBF298F-19C3-426B-8501-5E6F25609C70}\RP0\A0000005.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{1CBF298F-19C3-426B-8501-5E6F25609C70}\RP1\A0000092.exe (Adware.AdRotator) -> Quarantined and deleted successfully.C:\Documents and Settings\Owner\Start Menu\Programs\BitDownload\BitDownload Downloads.lnk (Trojan.Swizzor) -> Quarantined and deleted successfully.C:\Documents and Settings\All Users\Start Menu\Programs\Protection System\Protection System Support.lnk (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.C:\Documents and Settings\All Users\Start Menu\Programs\Protection System\Protection System.lnk (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.C:\Documents and Settings\All Users\Start Menu\Programs\Protection System\Uninstall Protection System.lnk (Rogue.ProtectionSystem) -> Quarantined and deleted successfully. Link to post Share on other sites More sharing options...
Staff screen317 Posted September 30, 2009 Staff ID:135919 Share Posted September 30, 2009 Hello,My apologies for the delay.Please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop. Do not run it yet.Next, please open Notepad - don't use any other text editor than notepad or the script will fail.Copy/paste the text in the quotebox below into Notepad:Driver::cdiskdunEGEARAspiWDpafdSave this as CFScript Then drag the CFScript into ComboFix.exe as you see in the screenshot below.This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.Also update MBAM. run a Quick Scan, and post its log.Next, please use the Internet Explorer browser and click here to use the F-Secure Online Scanner.Click Start Scanning.You should get a notification bar (on top) to install the ActiveX control. Click on it and select to install the ActiveX.Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.In case you are having problems with installing the ActiveX/starting the scan, please read here.Click the Full System Scan button.It will start to download scanner components and databases. This can take a while.The main scan will start.Once the scan has finished scanning, click the Automatic cleaning (recommended) buttonIt could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.The cleaning can take a while, so please be patient.Then click the Show report button and Copy/Paste what is present under results in your next reply.Next, download my Security Check from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.Let me know how things are running now and what issues remain.-screen317 Link to post Share on other sites More sharing options...
Staff screen317 Posted October 1, 2009 Staff ID:136126 Share Posted October 1, 2009 Hi,There is no need to send me PMs...Post everything in this thead.Get a fresh copy of ComboFix and run this script instead:Driver::cdiskdunEGEARAspiWDpafdKILLALL:: Link to post Share on other sites More sharing options...
Woodville Deb Posted October 1, 2009 Author ID:136127 Share Posted October 1, 2009 Thanks for replying, I am trying to run combofix but combofix has stopped at stage 5 for an hour now. What do I do? Link to post Share on other sites More sharing options...
Woodville Deb Posted October 1, 2009 Author ID:136128 Share Posted October 1, 2009 Should I reboot? I tried to X it but it will not stop running. Link to post Share on other sites More sharing options...
Staff screen317 Posted October 1, 2009 Staff ID:136131 Share Posted October 1, 2009 Press CTRL + ALT + DEL, then end any Processes that end in .cfexe Link to post Share on other sites More sharing options...
Woodville Deb Posted October 1, 2009 Author ID:136132 Share Posted October 1, 2009 I did not reboot and could not stop the other one from running. I ran the new one and it removed the old one and seems to working fine now. Thanks, I will keep you posted. Link to post Share on other sites More sharing options...
Woodville Deb Posted October 1, 2009 Author ID:136143 Share Posted October 1, 2009 Here is Combo Fix log, HJD Log and MBAM log .... Running the F- Secure online scanner and security Next .... will post them next... Combo Fix Log...............................ComboFix 09-09-30.05 - Owner 09/30/2009 23:20.3.2 - NTFSx86Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.990.440 [GMT -5:00]Running from: c:\documents and settings\Owner\Desktop\ComboFix.exeCommand switches used :: c:\documents and settings\Owner\Desktop\CFScript.txtAV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Legacy_CDISKDUN-------\Legacy_EGEARASPIWD-------\Legacy_PAFD-------\Service_cdiskdun-------\Service_EGEARAspiWD-------\Service_pafd((((((((((((((((((((((((( Files Created from 2009-09-01 to 2009-10-01 ))))))))))))))))))))))))))))))).2009-10-01 02:40 . 2009-10-01 04:17 -------- d-----w- C:\Combo-Fix2009-09-30 19:43 . 2009-09-30 19:43 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\WMTools Downloaded Files2009-09-30 19:07 . 2009-09-30 19:07 -------- d-----w- c:\program files\Common Files\xing shared2009-09-29 03:26 . 2009-09-29 03:26 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com2009-09-29 03:26 . 2009-09-29 03:26 -------- d-----w- c:\program files\SUPERAntiSpyware2009-09-29 03:26 . 2009-09-29 03:26 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com2009-09-29 02:42 . 2009-09-29 02:42 -------- d-----w- c:\program files\Trend Micro2009-09-28 20:49 . 2009-09-28 20:49 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes2009-09-28 20:45 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2009-09-28 20:45 . 2009-09-28 20:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes2009-09-28 20:45 . 2009-09-28 20:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2009-09-28 20:45 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys2009-09-28 18:43 . 2009-09-28 18:43 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache2009-09-28 18:39 . 2009-07-28 21:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys2009-09-28 18:39 . 2009-03-30 15:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys2009-09-28 18:39 . 2009-02-13 17:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys2009-09-28 18:39 . 2009-02-13 17:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys2009-09-28 18:39 . 2009-09-28 18:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira2009-09-28 18:39 . 2009-09-28 18:39 -------- d-----w- c:\program files\Avira2009-09-26 00:51 . 2008-12-11 13:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys2009-09-26 00:51 . 2009-08-24 19:05 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys2009-09-26 00:51 . 2009-08-19 16:01 86888 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys2009-09-26 00:51 . 2009-09-26 00:51 -------- d-----w- c:\program files\Common Files\PC Tools2009-09-26 00:51 . 2008-12-10 16:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys2009-09-26 00:51 . 2009-09-28 18:12 -------- d-----w- c:\program files\Spyware Doctor2009-09-26 00:51 . 2009-09-26 00:51 -------- d-----w- c:\documents and settings\Owner\Application Data\PC Tools2009-09-26 00:51 . 2009-09-26 00:51 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools2009-09-25 17:06 . 2009-09-29 03:24 -------- d-----w- c:\program files\FakeAlert Removal Tool2009-09-25 12:28 . 2009-09-25 12:28 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE2009-09-25 12:28 . 2009-09-25 12:28 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache2009-09-17 04:20 . 2009-09-18 00:40 -------- d-----w- c:\documents and settings\Owner\Application Data\IObit2009-09-17 04:20 . 2009-09-17 04:20 -------- d-----w- c:\program files\IObit2009-09-13 19:24 . 2009-09-15 21:07 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll2009-09-10 17:01 . 2009-09-10 17:01 -------- d-sh--w- c:\documents and settings\Default User\IETldCache2009-09-09 22:28 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll2009-09-04 14:59 . 2009-09-04 14:59 -------- d-----w- c:\documents and settings\Owner\Application Data\AVG82009-09-04 02:00 . 2009-09-04 02:00 -------- d-----w- c:\program files\My Downloaded Games2009-09-04 02:00 . 2009-09-04 02:00 -------- d-----w- c:\program files\BoontyGames.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-09-30 19:08 . 2007-03-12 00:01 -------- d-----w- c:\program files\Common Files\Real2009-09-30 19:07 . 2006-07-11 23:35 348160 ----a-w- c:\windows\system32\msvcr71.dll2009-09-30 19:07 . 2007-03-11 11:38 499712 ----a-w- c:\windows\system32\msvcp71.dll2009-09-29 03:26 . 2007-03-11 11:38 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard2009-09-28 18:50 . 2007-03-11 11:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy2009-09-28 18:45 . 2007-05-22 22:51 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP2009-09-28 18:08 . 2007-03-11 11:38 -------- d-----w- c:\program files\Spybot - Search & Destroy2009-09-25 00:05 . 2008-08-30 22:09 -------- d-----w- c:\documents and settings\All Users\Application Data\avg82009-09-23 03:40 . 2007-03-29 02:10 -------- d-----w- c:\program files\TestWorks2009-09-10 17:02 . 2007-09-08 02:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help2009-08-28 15:48 . 2007-03-16 04:21 244056 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT2009-08-24 01:03 . 2009-08-24 01:03 -------- d-----w- c:\program files\MAXA Cookie Manager2009-08-14 11:58 . 2009-09-26 00:51 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat2009-08-05 09:01 . 2004-08-12 13:01 204800 ----a-w- c:\windows\system32\mswebdvd.dll2009-07-30 14:11 . 2008-08-30 22:41 11952 ----a-w- c:\windows\system32\avgrsstx.dll2009-07-30 14:11 . 2008-08-30 22:41 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys2009-07-30 14:11 . 2008-08-30 22:41 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys2009-07-17 19:01 . 2004-08-12 12:55 58880 ----a-w- c:\windows\system32\atl.dll2009-07-14 04:43 . 2004-08-12 13:10 286208 ----a-w- c:\windows\system32\wmpdxm.dll2009-07-03 17:09 . 2007-02-19 15:15 915456 ------w- c:\windows\system32\wininet.dll2003-12-18 16:33 . 2009-09-13 19:23 20102 ----a-w- c:\program files\Readme.txt2003-09-03 12:46 . 2009-09-13 19:23 10960 ----a-w- c:\program files\EULA.txt2004-08-12 13:07 . 2004-08-12 13:07 94784 --sh--w- c:\windows\twain.dll2008-04-14 00:12 . 2008-10-29 00:46 413696 --sha-w- c:\windows\system32\SET29B.tmp.((((((((((((((((((((((((((((( SnapShot@2009-09-28_21.49.51 ))))))))))))))))))))))))))))))))))))))))).+ 2009-10-01 04:33 . 2009-10-01 04:33 16384 c:\windows\Temp\Perflib_Perfdata_464.dat+ 2009-09-30 20:09 . 2006-07-03 04:43 10752 c:\windows\system32\ReinstallBackups\0011\DriverFiles\SPIRun.dll+ 2009-09-30 20:09 . 2003-10-02 10:48 53248 c:\windows\system32\ReinstallBackups\0011\DriverFiles\P17CPI.dll+ 2009-09-30 20:09 . 2008-04-14 00:12 23552 c:\windows\system32\ReinstallBackups\0011\DriverFiles\i386\wdmaud.drv+ 2009-09-30 20:09 . 2008-04-13 18:45 49408 c:\windows\system32\ReinstallBackups\0011\DriverFiles\i386\stream.sys+ 2009-09-30 20:09 . 2008-04-13 18:45 60160 c:\windows\system32\ReinstallBackups\0011\DriverFiles\i386\drmk.sys+ 2009-09-30 20:09 . 2002-04-10 17:41 65536 c:\windows\system32\ReinstallBackups\0011\DriverFiles\A3d.dll+ 2007-04-09 06:40 . 2007-04-09 06:40 14848 c:\windows\system32\P17RunE.dll- 2009-08-27 18:04 . 2008-04-13 18:45 49408 c:\windows\system32\drivers\stream.sys+ 2009-08-27 18:04 . 2008-04-13 18:45 49408 c:\windows\system32\drivers\stream.sys+ 2009-08-27 18:04 . 2008-04-13 18:45 49408 c:\windows\system32\dllcache\stream.sys+ 2009-08-27 18:04 . 2008-04-13 18:45 60160 c:\windows\system32\dllcache\drmk.sys+ 2007-03-13 06:51 . 2007-03-13 06:51 45568 c:\windows\system32\ctppld.dll+ 2007-05-07 15:45 . 2007-05-07 15:45 86016 c:\windows\system32\ctcoinst.dll+ 2006-12-04 18:56 . 2006-12-04 18:56 42496 c:\windows\system32\AddCat.exe+ 2009-09-29 03:26 . 2009-09-29 03:26 65024 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe+ 2009-09-29 03:26 . 2009-09-29 03:26 18944 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe+ 2009-09-30 20:09 . 2004-12-22 11:58 8704 c:\windows\system32\ReinstallBackups\0011\DriverFiles\i386\Pfmodnt.sys+ 2009-09-30 20:09 . 2008-04-14 00:11 4096 c:\windows\system32\ReinstallBackups\0011\DriverFiles\i386\ksuser.dll+ 2009-09-30 19:07 . 2009-09-30 19:07 5632 c:\windows\system32\pndx5032.dll- 2007-10-03 03:16 . 2007-10-03 23:24 5632 c:\windows\system32\pndx5032.dll+ 2009-09-30 19:07 . 2009-09-30 19:07 6656 c:\windows\system32\pndx5016.dll- 2007-10-03 03:16 . 2007-10-03 23:24 6656 c:\windows\system32\pndx5016.dll+ 2007-03-11 01:11 . 2008-04-14 00:11 4096 c:\windows\system32\dllcache\ksuser.dll+ 2006-12-15 07:41 . 2006-12-15 07:41 8192 c:\windows\ResDefE.exe+ 2009-09-29 03:26 . 2009-09-29 03:26 5120 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe+ 2009-07-12 05:02 . 2009-07-12 05:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll+ 2009-09-30 19:08 . 2009-09-30 19:08 185920 c:\windows\system32\rmoc3260.dll+ 2009-09-30 20:09 . 2006-01-25 06:55 137728 c:\windows\system32\ReinstallBackups\0011\DriverFiles\P17res.dll+ 2009-09-30 20:09 . 2007-05-08 00:59 137216 c:\windows\system32\ReinstallBackups\0011\DriverFiles\OemSpi.dll+ 2009-09-30 20:09 . 2008-04-13 19:19 146048 c:\windows\system32\ReinstallBackups\0011\DriverFiles\i386\portcls.sys+ 2009-09-30 20:09 . 2008-04-13 19:16 141056 c:\windows\system32\ReinstallBackups\0011\DriverFiles\i386\ks.sys+ 2009-09-30 20:09 . 2005-06-27 10:37 133632 c:\windows\system32\ReinstallBackups\0011\DriverFiles\i386\CtDvInst.dll+ 2009-09-30 19:07 . 2009-09-30 19:07 278528 c:\windows\system32\pncrt.dll- 2007-03-12 00:01 . 2007-10-03 23:24 278528 c:\windows\system32\pncrt.dll+ 2007-10-06 19:19 . 2006-12-03 20:12 137216 c:\windows\system32\P17res.dll+ 2007-04-09 06:42 . 2007-04-09 06:42 148480 c:\windows\system32\OemSpiE.dll- 2009-08-27 18:04 . 2008-04-13 19:19 146048 c:\windows\system32\drivers\portcls.sys+ 2009-08-27 18:04 . 2008-04-13 19:19 146048 c:\windows\system32\drivers\portcls.sys+ 2009-08-27 18:04 . 2008-04-13 19:19 146048 c:\windows\system32\dllcache\portcls.sys+ 2009-08-27 18:04 . 2008-04-13 19:16 141056 c:\windows\system32\dllcache\ks.sys+ 2007-10-06 19:19 . 2007-05-07 15:45 163328 c:\windows\system32\ctdvinst.dll+ 2007-07-02 13:17 . 2007-07-02 13:17 512512 c:\windows\system32\CTAPO32.dll+ 2009-09-29 17:00 . 2009-09-29 17:00 195584 c:\windows\Installer\a28b86.msi+ 2009-09-30 20:09 . 2007-03-22 16:35 1659008 c:\windows\system32\ReinstallBackups\0011\DriverFiles\i386\p17xfilt.sys+ 2009-09-30 20:09 . 2006-09-25 09:58 1173504 c:\windows\system32\ReinstallBackups\0011\DriverFiles\i386\P17xfi.sys+ 2007-06-13 06:58 . 2007-06-13 06:58 1131520 c:\windows\system32\drivers\P17.sys+ 2009-09-29 03:26 . 2009-09-29 03:26 1583616 c:\windows\Installer\29f539.msi.((((((((((((((((((((((((((((((((((((((((((((( AWF )))))))))))))))))))))))))))))))))))))))))))))))))))))))))).2006-01-12 21:40 . 2006-01-12 21:40 155648 c:\program files\Common Files\Ahead\Lib\bak\NeroCheck.exe2007-10-03 03:16 . 2007-10-03 23:23 185632 c:\program files\Common Files\Real\Update_OB\bak\realsched.exe2009-09-30 19:07 . 2009-09-30 19:07 198160 c:\program files\Common Files\Real\Update_OB\realsched.exe2006-10-07 12:20 . 2007-07-18 00:23 6731312 c:\program files\Grisoft\AVG Anti-Spyware 7.5\bak\avgas.exe2007-03-11 11:38 . 2007-09-21 13:38 421888 c:\program files\Grisoft\AVG7\bak\avgcc.exe2007-03-11 07:17 . 2007-02-19 14:58 169984 c:\windows\pchealth\helpctr\binaries\bak\MSConfig.exe2007-03-11 07:17 . 2008-04-14 00:12 169984 c:\windows\pchealth\helpctr\binaries\msconfig.exe2004-08-12 12:56 . 2004-08-12 12:56 15360 c:\windows\system32\bak\ctfmon.exe2004-08-12 12:56 . 2008-04-14 00:12 15360 c:\windows\system32\ctfmon.exe.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200][HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}][HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]2009-09-02 16:58 1107200 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200][HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}][HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200][HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Blue]@="{E300CD91-100F-4E67-9AF3-1384A6124015}"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]@="{E300CD91-100F-4E67-9AF3-1384A6124015}"[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]2009-01-09 21:13 583312 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]@="{95A27763-F62A-4114-9072-E81D87DE3B68}"[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]2009-01-09 21:13 583312 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Blue]@="{E300CD91-100F-4E67-9AF3-1384A6124015}"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]@="{E300CD91-100F-4E67-9AF3-1384A6124015}"[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]2009-01-09 21:13 583312 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Red]@="{01CCCC8C-1D50-4b13-B96D-4B922DD3128B}"[HKEY_CLASSES_ROOT\CLSID\{01CCCC8C-1D50-4b13-B96D-4B922DD3128B}]2009-01-09 21:13 583312 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]2009-01-09 21:13 583312 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Coast to Coast AM"="c:\program files\Coast to Coast AM Media Center\Coast to Coast AM Media Center.exe" [2005-06-08 983040]"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-06-30 2329224]"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-09-15 1998576][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-09-29 2023704]"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2009-01-09 669840]"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]"Malwarebytes Anti-Malware (reboot)"="c:\documents and settings\Owner\Desktop\Malwarebytes' Anti-Malware\try this.exe" [N/A]"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-30 198160]c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588][hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]2009-07-30 14:11 11952 ----a-w- c:\windows\system32\avgrsstx.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geeda] [bU][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon] [bU][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]@=""[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]@=""[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]@=""[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]@=""[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Reminder.lnk]backup=c:\windows\pss\Event Reminder.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk.disabled]backup=c:\windows\pss\InterVideo WinCinema Manager.lnk.disabledCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]backup=c:\windows\pss\Microsoft Office.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks 2002 Delivery Agent.lnk.disabled]backup=c:\windows\pss\QuickBooks 2002 Delivery Agent.lnk.disabledCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]backup=c:\windows\pss\Windows Search.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Yahoo! Autosync.lnk]backup=c:\windows\pss\Yahoo! Autosync.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Adobe Gamma.lnk]backup=c:\windows\pss\Adobe Gamma.lnkStartup[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^ID Vault.lnk]backup=c:\windows\pss\ID Vault.lnkStartup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]"KodakDigitalDisplayService"=2 (0x2)"iPod Service"=3 (0x3)"IntuitUpdateService"=2 (0x2)"gusvc"=2 (0x2)"Fax"=2 (0x2)"Apple Mobile Device"=2 (0x2)[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" -quiet[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe""MMTray"=c:\program files\MusicMatch\MusicMatch Jukebox\mm_tray.exe"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe""QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime"nwiz"=nwiz.exe /install"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup"NeroCheck"=c:\windows\system32\NeroCheck.exe"EM_EXEC"=c:\progra~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="c:\\StubInstaller.exe"="c:\\Program Files\\LimeWire\\LimeWire.exe"="c:\\Program Files\\Messenger\\msmsgs.exe"="c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="c:\\Program Files\\Sierra\\Homeworld2\\Bin\\Release\\Homeworld2.exe"="c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"="c:\\Program Files\\Raven\\Star Trek Voyager Elite Force\\stvoyHM.exe"="c:\\Program Files\\AVG\\AVG8\\avgupd.exe"="c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"="c:\\Program Files\\Kodak\\Digital Display\\KodakDigitalDisplaySoftware.exe"="c:\\Program Files\\Kodak\\Digital Display\\OrbKodakLauncher\\DllStartupService.exe"="c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="c:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\Program Files\\iTunes\\iTunes.exe"=R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [8/30/2008 5:41 PM 12552]R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [9/25/2009 7:51 PM 206256]R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/30/2008 5:41 PM 335240]R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/30/2008 5:41 PM 108552]R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [9/15/2009 11:42 AM 9968]R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/15/2009 11:42 AM 74480]R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [9/28/2009 1:39 PM 108289]R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [1/8/2009 9:52 AM 297752]R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [4/26/2009 9:28 PM 1370488]R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 6:45 AM 13088]R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [9/25/2009 7:51 PM 348752]R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [8/30/2008 5:41 PM 29208]R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/15/2009 11:42 AM 7408]R3 SMCSTUB;SMCSTUB;c:\windows\system32\drivers\smcstub.sys [10/15/2007 10:21 AM 55680]S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [8/30/2008 5:41 PM 29208]S3 mtsftkey;mtsftkey;c:\windows\system32\drivers\mtsftkey.sys [10/15/2007 10:21 AM 60032]S4 KodakDigitalDisplayService;KodakDigitalDisplayService;c:\program files\Kodak\Digital Display\OrbKodakLauncher\DllStartupService.exe [8/14/2008 1:10 PM 98304][HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP.Contents of the 'Scheduled Tasks' folder2009-09-01 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]2009-09-20 c:\windows\Tasks\Registry Medic Schedule.job- c:\program files\Registry Medic\RegMedic.exe [2007-05-28 23:11]2007-05-26 c:\windows\Tasks\RegistryMedicAuotScan.job- c:\program files\Registry Medic\RegMedical.exe [2007-05-25 00:14]2009-09-18 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2007-03-11 20:31]2009-09-29 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2008-10-12 20:31]2009-10-01 c:\windows\Tasks\User_Feed_Synchronization-{D8F08181-DAC3-43EA-A58F-2C9409863ECB}.job- c:\windows\system32\msfeedssync.exe [2007-02-19 09:31]..------- Supplementary Scan -------.uStart Page = hxxp://coasttocoastam.com/uInternet Settings,ProxyOverride = *.localIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000TCP: {0F06A1AD-90E2-4052-ACE0-BF85E8313AD1} = 205.152.132.32,205.152.37.23DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cabFF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2dkbw6yd.default\FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p=FF - prefs.js: browser.search.selectedEngine - IxquickFF - prefs.js: browser.startup.homepage - hxxp://www.coasttocoastam.com/FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dllFF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dllFF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dllFF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dllFF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dllFF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dllFF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dllFF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dllFF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\---- FIREFOX POLICIES ----FF - user.js: browser.cache.memory.capacity - 16000FF - user.js: browser.chrome.favicons - falesFF - user.js: browser.display.show_image_placeholders - trueFF - user.js: browser.turbo.enabled - trueFF - user.js: browser.urlbar.autocomplete.enabled - trueFF - user.js: browser.urlbar.autofill - trueFF - user.js: content.max.tokenizing.time - 3000000FF - user.js: content.maxtextrun - 4095FF - user.js: content.notify.backoffcount - 5FF - user.js: content.notify.interval - 1000000FF - user.js: content.notify.ontimer - trueFF - user.js: content.switch.threshold - 1000000FF - user.js: dom.disable_window_status_change - trueFF - user.js: network.http.max-connections - 48FF - user.js: network.http.max-connections-per-server - 16FF - user.js: network.http.max-persistent-connections-per-proxy - 16FF - user.js: network.http.max-persistent-connections-per-server - 8FF - user.js: network.http.pipelining - trueFF - user.js: network.http.pipelining.firstrequest - trueFF - user.js: network.http.pipelining.maxrequests - 8FF - user.js: network.http.proxy.pipelining - trueFF - user.js: network.http.request.max-start-delay - 0FF - user.js: nglayout.initialpaint.delay - 1000FF - user.js: plugin.expose_full_path - trueFF - user.js: ui.submenuDelay - 0.- - - - ORPHANS REMOVED - - - -BHO-{9C4DE643-2FDA-469F-8881-4EB3C137F1D4} - (no file)**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-09-30 23:33Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------[HKEY_LOCAL_MACHINE\software\Classes\.bcp\PersistentHandler]@DACL=(02 0000)@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"[HKEY_LOCAL_MACHINE\software\Classes\.pot\PersistentHandler]@DACL=(02 0000)@="{98de59a0-d175-11cd-a7bd-00006b827d94}"[HKEY_LOCAL_MACHINE\software\Classes\.pps\PersistentHandler]@DACL=(02 0000)@="{98de59a0-d175-11cd-a7bd-00006b827d94}"[HKEY_LOCAL_MACHINE\software\Classes\.ppt\PersistentHandler]@DACL=(02 0000)@="{98de59a0-d175-11cd-a7bd-00006b827d94}"[HKEY_LOCAL_MACHINE\software\Classes\.prc\PersistentHandler]@DACL=(02 0000)@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"[HKEY_LOCAL_MACHINE\software\Classes\.rtf\PersistentHandler]@DACL=(02 0000)@="{2e2294a9-50d7-4fe7-a09f-e6492e185884}"[HKEY_LOCAL_MACHINE\software\Classes\.srf\PersistentHandler]@DACL=(02 0000)@="{eec97550-47a9-11cf-b952-00aa0051fe20}"[HKEY_LOCAL_MACHINE\software\Classes\.trg\PersistentHandler]@DACL=(02 0000)@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"[HKEY_LOCAL_MACHINE\software\Classes\.user\PersistentHandler]@DACL=(02 0000)@="{eec97550-47a9-11cf-b952-00aa0051fe20}"[HKEY_LOCAL_MACHINE\software\Classes\.xls\PersistentHandler]@DACL=(02 0000)@="{98de59a0-d175-11cd-a7bd-00006b827d94}"[HKEY_LOCAL_MACHINE\software\Classes\.xlt\PersistentHandler]@DACL=(02 0000)@="{98de59a0-d175-11cd-a7bd-00006b827d94}"[HKEY_LOCAL_MACHINE\software\Classes\.xslt\PersistentHandler]@DACL=(02 0000)@="{7E9D8D44-6926-426F-AA2B-217A819A5CCE}"[HKEY_LOCAL_MACHINE\software\Classes\mapi\Shell]@DACL=(02 0000)@="".--------------------- DLLs Loaded Under Running Processes ---------------------- - - - - - - > 'winlogon.exe'(1016)c:\program files\SUPERAntiSpyware\SASWINLO.dllc:\windows\system32\WININET.dll- - - - - - - > 'explorer.exe'(2300)c:\windows\system32\WININET.dllc:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dllc:\windows\system32\ieframe.dllc:\windows\system32\webcheck.dllc:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.------------------------ Other Running Processes ------------------------.c:\windows\system32\scardsvr.exec:\program files\Avira\AntiVir Desktop\avguard.exec:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exec:\program files\AVG\AVG8\avgwdsvc.exec:\program files\AVG\AVG8\avgfws8.exec:\program files\Bonjour\mDNSResponder.exec:\program files\Carbonite\Carbonite Backup\CarboniteService.exec:\program files\AVG\AVG8\avgam.exec:\program files\AVG\AVG8\avgrsx.exec:\program files\AVG\AVG8\avgnsx.exec:\program files\Common Files\LightScribe\LSSrvc.exec:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exec:\windows\system32\tcpsvcs.exec:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exec:\windows\system32\searchindexer.exe.**************************************************************************.Completion time: 2009-10-01 23:44 - machine was rebootedComboFix-quarantined-files.txt 2009-10-01 04:44ComboFix2.txt 2009-09-28 22:04Pre-Run: 106,061,332,480 bytes freePost-Run: 106,090,672,128 bytes free462 --- E O F --- 2009-09-29 17:00HJT Log .......................Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:49:15 PM, on 9/30/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\AntiVir Desktop\sched.exeC:\Program Files\Avira\AntiVir Desktop\avguard.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\PROGRA~1\AVG\AVG8\avgfws8.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exeC:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exeC:\PROGRA~1\AVG\AVG8\avgam.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\PROGRA~1\AVG\AVG8\avgnsx.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exeC:\Program Files\Avira\AntiVir Desktop\avgnt.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Coast to Coast AM Media Center\Coast to Coast AM Media Center.exeC:\Program Files\Spyware Doctor\pctsAuxs.exeC:\WINDOWS\system32\tcpsvcs.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\IObit\Advanced SystemCare 3\AWC.exeC:\WINDOWS\system32\SearchIndexer.exeC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\WINDOWS\explorer.exeC:\WINDOWS\system32\notepad.exeC:\WINDOWS\system32\SearchProtocolHost.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://coasttocoastam.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBRR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dllR3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dllO2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dllO2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllO2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dllO2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dllO3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dllO4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.iniO4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exeO4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /minO4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Documents and Settings\Owner\Desktop\Malwarebytes' Anti-Malware\try this.exe" /runcleanupscriptO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKCU\..\Run: [Coast to Coast AM] C:\Program Files\Coast to Coast AM Media Center\Coast to Coast AM Media Center.exeO4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exeO4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startupO4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXEO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllO9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cabO16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cabO16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dllO16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testAc...OnlineGames.cabO16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cabO16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cabO16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15031/CTPID.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{0F06A1AD-90E2-4052-ACE0-BF85E8313AD1}: NameServer = 205.152.132.32,205.152.37.23O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dllO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dllO20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dllO20 - Winlogon Notify: geeda - C:\WINDOWS\O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exeO23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exeO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exeO23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exeO23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exeO23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe--End of file - 10387 bytesMBAM Log.......................Malwarebytes' Anti-Malware 1.41Database version: 2881Windows 5.1.2600 Service Pack 310/1/2009 12:00:20 AMmbam-log-2009-10-01 (00-00-20).txtScan type: Quick ScanObjects scanned: 120775Time elapsed: 7 minute(s), 16 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)Running the F- Secure online scanner and security Next .... will post them next... Link to post Share on other sites More sharing options...
Woodville Deb Posted October 1, 2009 Author ID:136154 Share Posted October 1, 2009 Hi Chris, I have tried several time to run F-Secure but internet explorer will not let it run the error message i get is below... suggestions... Thanks for all you are doing for me!!!!! Internet Explorer has closed this webpage to help protect your computer A malfunctioning or malicious add-on has caused Internet Explorer to close this webpage. What you can do: Go to your home page Try to return to f-secure.com More information Link to post Share on other sites More sharing options...
Staff screen317 Posted October 1, 2009 Staff ID:136471 Share Posted October 1, 2009 Try this online scanner instead:Please run a BitDefender Online scan here and post the results. Link to post Share on other sites More sharing options...
Woodville Deb Posted October 1, 2009 Author ID:136558 Share Posted October 1, 2009 Hi Chris, This one is not working either. What now?Debbie Link to post Share on other sites More sharing options...
Woodville Deb Posted October 2, 2009 Author ID:136949 Share Posted October 2, 2009 Hi Chris, I am going out of town, will be back late Saturday night. I will check Sunday morning to see what you suggest.Thanks again for all you are doing for me.!!!! I think we have it almost beat. I do not have any more pop ups and no more attempt at it trying to load itself again. Take Care, Debbie Link to post Share on other sites More sharing options...
Staff screen317 Posted October 3, 2009 Staff ID:137209 Share Posted October 3, 2009 Thanks for letting me know.How odd that the online scanners aren't working. Update MBAM, run a Quick Scan, and post its log. If nothing shows up, it's likely you're good to go.Do run my Security Check though, and post its log.-screen317 Link to post Share on other sites More sharing options...
Woodville Deb Posted October 4, 2009 Author ID:137878 Share Posted October 4, 2009 Thanks for letting me know.How odd that the online scanners aren't working. Update MBAM, run a Quick Scan, and post its log. If nothing shows up, it's likely you're good to go.Do run my Security Check though, and post its log.-screen317Hi Chirs, The best i can figure out is that is has something to do with the Data Execution Prevention. I do not know how to set it to accept your the F-Secure. If that can be done that would let it work. I will run the process you asked and post them in the next 30 min to and hour.Thanks Debbie Link to post Share on other sites More sharing options...
Woodville Deb Posted October 4, 2009 Author ID:137897 Share Posted October 4, 2009 Hi Chris,Here is the MBMA Qucik Scan Log......Malwarebytes' Anti-Malware 1.41Database version: 2905Windows 5.1.2600 Service Pack 310/4/2009 11:18:36 AMmbam-log-2009-10-04 (11-18-36).txtScan type: Quick ScanObjects scanned: 122779Time elapsed: 20 minute(s), 6 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)Here is the Security Check Log...... Results of screen317's Security Check version 0.99.0 Windows XP Service Pack 3 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Disabled! AVG 8.5 Avira AntiVir Personal - Free Antivirus Avira updated! `````````````````````````````` Anti-malware/Other Utilities Check: Out of date Spybot installed! Spybot - Search & Destroy 1.4 Spyware Doctor 6.1 Spybot - Search & Destroy SUPERAntiSpyware Free Edition HijackThis 2.0.2 Java SE Runtime Environment 6 Update 1 Adobe Flash Player 10 Adobe Reader 8.1.5 Out of date Adobe Reader installed! `````````````````````````````` Process Check: objlist.exe by Laurent AVG avgwdsvc.exe AVG avgtray.exe AVG avgrsx.exe AVG avgnsx.exe AVG avgemc.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe ``````````````````````````````DNS Vulnerability Check: GREAT! (Not vulnerable to DNS cache poisoning) `````````End of Log``````````` Link to post Share on other sites More sharing options...
Staff screen317 Posted October 6, 2009 Staff ID:138493 Share Posted October 6, 2009 Hi,The best i can figure out is that is has something to do with the Data Execution Prevention.How do you figure? What happens when you disable DEP all together? Does the online scan work?I notice that you are using more than one antivirus program (Avira and AVG). This is very dangerous, as multiple AVs can interfere with one another and actually allow MORE viruses to get through. I strongly suggest you go to Start -> Control Panel -> Add or Remove Programs and uninstall all but one antivirus program.While you are in Add or Remove Programs, uninstall the following:Spybot - Search & Destroy 1.4Spybot - Search & DestroyAdobe Reader 8.1.5Restart your computer. Get the latest version of Adobe Reader.Let me know what issues remain.-screen317 Link to post Share on other sites More sharing options...
Woodville Deb Posted October 6, 2009 Author ID:138594 Share Posted October 6, 2009 Hi Chris, About the DEP, It has been several days now and if i remember right one of the screens that came up mentioned that DEP would not let this run and if I would allow it F-Secure would run. I can not remember where I saw it now.Will do on the AV's and other instructions in the morning. It is almost midnight here.Take care, Debbie Link to post Share on other sites More sharing options...
Woodville Deb Posted October 6, 2009 Author ID:138822 Share Posted October 6, 2009 Hi Chris, I found where I saw the comment about DEP. I have attached a screen print of the window that gave the warning message. See if that helps any.Thanks as always, Keep Safe, Debbie Link to post Share on other sites More sharing options...
Woodville Deb Posted October 6, 2009 Author ID:138826 Share Posted October 6, 2009 Hi Chirs, I have removed and updated all of your suggestions. I do not seem to be having any other issues. Everything is running ok except for not being able to download the F-Secure, we did not seem to need it, unless you need the report to make sure everything is ok. I do not know how to disable it altogether. If you think we need to just let me know. I am willing to tackle it. One question can Malware bytes be scheduled to run automatically?Thanks, Take Care, Debbie Link to post Share on other sites More sharing options...
Staff screen317 Posted October 6, 2009 Staff ID:138940 Share Posted October 6, 2009 Let's try one more online scan, just to make sure it's not a coincidence.Please use the Internet Explorer browser, and do an online scan with Kaspersky Online ScannerNote: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX componentClick Accept, when prompted to download and install the program files and database of malware definitions. Click Run at the Security prompt. The program will then begin downloading and installing and will also update the database. Please be patient as this can take several minutes. Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan. Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it. Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined. Click View scan report at the bottom. Click the Save Report As... button. Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.**Note**To optimize scanning time and produce a more sensible report for review:Close any open programs.Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%. Link to post Share on other sites More sharing options...
Woodville Deb Posted October 6, 2009 Author ID:138945 Share Posted October 6, 2009 I received this error message from Kaspersky.... I will try later to see if it is running... Free Virus Scan The Kaspersky Online Scanner is temporarily unavailable. Link to post Share on other sites More sharing options...
Recommended Posts