Jump to content

Recommended Posts

Please help me in removing fakealert.mn, Malware Remover will not load, neither will sever others i have tried. I have tried to run AVG in safe mode but it will not remove it either. I have seen where someone has helped removing a malware that had the same symptoms. Is there any one who can help me with this. Thanks in advance. Debbie

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.

If ComboFix will not run, do this instead:

Download Win32kDiag.exe by AD to your Desktop. Double click on it. It will make a diagnostic and produce a report on the desktop. Post that report on your next reply.

-screen317

Link to post
Share on other sites

Avira finished running and got rid of the popups. I was able to run Combofix it ran and here is the log that it printed out. Thank you so much! If I could only send chocloate chip cokies over the internet. Here is the log Combfix printed out. Please let me know what else i need to do. Thanks again. Debbie

ComboFix 09-09-27.05 - Owner 09/28/2009 16:29.1.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.990.471 [GMT -5:00]

Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\INSTALL.LOG

c:\program files\Protection System

c:\program files\Protection System\core.cga

c:\program files\Protection System\coreext.dll

c:\program files\Protection System\firewall.dll

c:\program files\Protection System\help.ico

c:\program files\Protection System\uninstall.exe

c:\program files\WinBudget

c:\program files\WinBudget\bin\matrix.dat

c:\windows\Installer\355746.msi

c:\windows\Installer\584c5e.msi

c:\windows\Installer\680a85.msi

c:\windows\Installer\680a9a.msi

c:\windows\Installer\7f04f.msi

c:\windows\Installer\80edc1.msi

c:\windows\Installer\d2367.msi

c:\windows\Installer\f1a07.msi

c:\windows\system32\_004481_.tmp.dll

c:\windows\system32\_004482_.tmp.dll

c:\windows\system32\_004483_.tmp.dll

c:\windows\system32\_004484_.tmp.dll

c:\windows\system32\_004491_.tmp.dll

c:\windows\system32\_004492_.tmp.dll

c:\windows\system32\_004493_.tmp.dll

c:\windows\system32\_004495_.tmp.dll

c:\windows\system32\_004496_.tmp.dll

c:\windows\system32\_004497_.tmp.dll

c:\windows\system32\_004499_.tmp.dll

c:\windows\system32\_004500_.tmp.dll

c:\windows\system32\_004502_.tmp.dll

c:\windows\system32\_004503_.tmp.dll

c:\windows\system32\_004504_.tmp.dll

c:\windows\system32\_004506_.tmp.dll

c:\windows\system32\_004509_.tmp.dll

c:\windows\system32\_004510_.tmp.dll

c:\windows\system32\_004514_.tmp.dll

c:\windows\system32\_004515_.tmp.dll

c:\windows\system32\_004517_.tmp.dll

c:\windows\system32\_004520_.tmp.dll

c:\windows\system32\_004522_.tmp.dll

c:\windows\system32\_004523_.tmp.dll

c:\windows\system32\_004524_.tmp.dll

c:\windows\system32\_004525_.tmp.dll

c:\windows\system32\_004528_.tmp.dll

c:\windows\system32\_004529_.tmp.dll

c:\windows\system32\_004530_.tmp.dll

c:\windows\system32\_004531_.tmp.dll

c:\windows\system32\_004532_.tmp.dll

c:\windows\system32\_004537_.tmp.dll

c:\windows\system32\_004539_.tmp.dll

c:\windows\system32\adeeg.bak1

c:\windows\system32\adeeg.bak2

c:\windows\system32\adeeg.tmp

c:\windows\system32\drivers\UACpeyksxcujn.sys

c:\windows\system32\huucjpmv.ini

c:\windows\system32\superiorads-uninst.exe

c:\windows\system32\SYSInfo.ocx

c:\windows\system32\tmp39.tmp

c:\windows\system32\UACbeukuptiej.dll

c:\windows\system32\UACcfmpuwylkr.log

c:\windows\system32\UACgvjlgrmmgn.dll

c:\windows\system32\UAChcnvddiugi.dll

c:\windows\system32\uacinit.dll

c:\windows\system32\UACkodwqquxsl.dat

c:\windows\system32\UACyrnwcokvuw.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_UACd.sys

-------\Legacy_UACd.sys

((((((((((((((((((((((((( Files Created from 2009-08-28 to 2009-09-28 )))))))))))))))))))))))))))))))

.

2009-09-28 20:49 . 2009-09-28 20:49 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes

2009-09-28 20:45 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-09-28 20:45 . 2009-09-28 20:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-09-28 20:45 . 2009-09-28 20:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-09-28 20:45 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-09-28 18:43 . 2009-09-28 18:43 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2009-09-28 18:39 . 2009-07-28 21:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-09-28 18:39 . 2009-03-30 15:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys

2009-09-28 18:39 . 2009-02-13 17:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2009-09-28 18:39 . 2009-02-13 17:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2009-09-28 18:39 . 2009-09-28 18:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2009-09-28 18:39 . 2009-09-28 18:39 -------- d-----w- c:\program files\Avira

2009-09-26 00:51 . 2008-12-11 13:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys

2009-09-26 00:51 . 2009-08-24 19:05 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys

2009-09-26 00:51 . 2009-08-19 16:01 86888 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys

2009-09-26 00:51 . 2009-09-26 00:51 -------- d-----w- c:\program files\Common Files\PC Tools

2009-09-26 00:51 . 2008-12-10 16:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys

2009-09-26 00:51 . 2009-09-28 18:12 -------- d-----w- c:\program files\Spyware Doctor

2009-09-26 00:51 . 2009-09-26 00:51 -------- d-----w- c:\documents and settings\Owner\Application Data\PC Tools

2009-09-26 00:51 . 2009-09-26 00:51 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools

2009-09-25 17:07 . 2009-08-28 01:14 81920 ----a-w- c:\windows\eSellerateControl350.dll

2009-09-25 17:07 . 2009-08-28 01:14 356352 ----a-w- c:\windows\eSellerateEngine.dll

2009-09-25 17:06 . 2009-09-25 17:08 -------- d-----w- c:\program files\FakeAlert Removal Tool

2009-09-25 12:28 . 2009-09-25 12:28 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE

2009-09-25 12:28 . 2009-09-25 12:28 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

2009-09-17 04:20 . 2009-09-18 00:40 -------- d-----w- c:\documents and settings\Owner\Application Data\IObit

2009-09-17 04:20 . 2009-09-17 04:20 -------- d-----w- c:\program files\IObit

2009-09-13 19:24 . 2009-09-15 21:07 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll

2009-09-10 17:01 . 2009-09-10 17:01 -------- d-sh--w- c:\documents and settings\Default User\IETldCache

2009-09-09 22:28 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll

2009-09-04 14:59 . 2009-09-04 14:59 -------- d-----w- c:\documents and settings\Owner\Application Data\AVG8

2009-09-04 02:00 . 2009-09-04 02:00 -------- d-----w- c:\program files\My Downloaded Games

2009-09-04 02:00 . 2009-09-04 02:00 -------- d-----w- c:\program files\BoontyGames

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-09-28 18:50 . 2007-03-11 11:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-09-28 18:45 . 2007-05-22 22:51 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2009-09-28 18:08 . 2007-03-11 11:38 -------- d-----w- c:\program files\Spybot - Search & Destroy

2009-09-25 00:05 . 2008-08-30 22:09 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8

2009-09-23 03:40 . 2007-03-29 02:10 -------- d-----w- c:\program files\TestWorks

2009-09-10 17:02 . 2007-09-08 02:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2009-08-28 15:48 . 2007-03-16 04:21 244056 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-08-24 01:03 . 2009-08-24 01:03 -------- d-----w- c:\program files\MAXA Cookie Manager

2009-08-14 11:58 . 2009-09-26 00:51 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat

2009-08-05 09:01 . 2004-08-12 13:01 204800 ----a-w- c:\windows\system32\mswebdvd.dll

2009-07-30 14:11 . 2008-08-30 22:41 11952 ----a-w- c:\windows\system32\avgrsstx.dll

2009-07-30 14:11 . 2008-08-30 22:41 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-07-30 14:11 . 2008-08-30 22:41 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2009-07-17 19:01 . 2004-08-12 12:55 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-14 04:43 . 2004-08-12 13:10 286208 ----a-w- c:\windows\system32\wmpdxm.dll

2009-07-03 17:09 . 2007-02-19 15:15 915456 ----a-w- c:\windows\system32\wininet.dll

2003-12-18 16:33 . 2009-09-13 19:23 20102 ----a-w- c:\program files\Readme.txt

2003-09-03 12:46 . 2009-09-13 19:23 10960 ----a-w- c:\program files\EULA.txt

2004-08-12 13:07 . 2004-08-12 13:07 94784 --sh--w- c:\windows\twain.dll

2008-04-14 00:12 . 2008-10-29 00:46 413696 --sha-w- c:\windows\system32\SET29B.tmp

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2009-09-02 16:58 1107200 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Blue]

@="{E300CD91-100F-4E67-9AF3-1384A6124015}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]

@="{E300CD91-100F-4E67-9AF3-1384A6124015}"

[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]

2009-01-09 21:13 583312 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]

@="{95A27763-F62A-4114-9072-E81D87DE3B68}"

[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]

2009-01-09 21:13 583312 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Blue]

@="{E300CD91-100F-4E67-9AF3-1384A6124015}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]

@="{E300CD91-100F-4E67-9AF3-1384A6124015}"

[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]

2009-01-09 21:13 583312 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Red]

@="{01CCCC8C-1D50-4b13-B96D-4B922DD3128B}"

[HKEY_CLASSES_ROOT\CLSID\{01CCCC8C-1D50-4b13-B96D-4B922DD3128B}]

2009-01-09 21:13 583312 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]

@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"

[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]

2009-01-09 21:13 583312 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Coast to Coast AM"="c:\program files\Coast to Coast AM Media Center\Coast to Coast AM Media Center.exe" [2005-06-08 983040]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-06-30 2329224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-09-17 2022680]

"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2009-01-09 669840]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-07-30 14:11 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Reminder.lnk]

backup=c:\windows\pss\Event Reminder.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk.disabled]

backup=c:\windows\pss\InterVideo WinCinema Manager.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]

backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks 2002 Delivery Agent.lnk.disabled]

backup=c:\windows\pss\QuickBooks 2002 Delivery Agent.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]

backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Yahoo! Autosync.lnk]

backup=c:\windows\pss\Yahoo! Autosync.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Adobe Gamma.lnk]

backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^ID Vault.lnk]

backup=c:\windows\pss\ID Vault.lnkStartup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Size grid

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"KodakDigitalDisplayService"=2 (0x2)

"iPod Service"=3 (0x3)

"IntuitUpdateService"=2 (0x2)

"gusvc"=2 (0x2)

"Fax"=2 (0x2)

"Apple Mobile Device"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

"MMTray"=c:\program files\MusicMatch\MusicMatch Jukebox\mm_tray.exe

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe"

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

"nwiz"=nwiz.exe /install

"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

"NeroCheck"=c:\windows\system32\NeroCheck.exe

"EM_EXEC"=c:\progra~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\StubInstaller.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=

"c:\\Program Files\\Sierra\\Homeworld2\\Bin\\Release\\Homeworld2.exe"=

"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=

"c:\\Program Files\\Raven\\Star Trek Voyager Elite Force\\stvoyHM.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

"c:\\Program Files\\Kodak\\Digital Display\\KodakDigitalDisplaySoftware.exe"=

"c:\\Program Files\\Kodak\\Digital Display\\OrbKodakLauncher\\DllStartupService.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [8/30/2008 5:41 PM 12552]

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [9/25/2009 7:51 PM 206256]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/30/2008 5:41 PM 335240]

R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/30/2008 5:41 PM 108552]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [9/28/2009 1:39 PM 108289]

R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [1/8/2009 9:52 AM 297752]

R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [4/26/2009 9:28 PM 1370488]

R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 6:45 AM 13088]

R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [9/25/2009 7:51 PM 348752]

R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [8/30/2008 5:41 PM 29208]

R3 SMCSTUB;SMCSTUB;c:\windows\system32\drivers\smcstub.sys [10/15/2007 10:21 AM 55680]

S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [8/30/2008 5:41 PM 29208]

S3 cdiskdun;cdiskdun;\??\c:\docume~1\Owner\LOCALS~1\Temp\cdiskdun.sys --> c:\docume~1\Owner\LOCALS~1\Temp\cdiskdun.sys [?]

S3 EGEARAspiWD;EGEARAspiWD;\??\c:\docume~1\Owner\LOCALS~1\Temp\EGEARAspiWD.sys --> c:\docume~1\Owner\LOCALS~1\Temp\EGEARAspiWD.sys [?]

S3 mtsftkey;mtsftkey;c:\windows\system32\drivers\mtsftkey.sys [10/15/2007 10:21 AM 60032]

S3 pafd;pafd;\??\c:\docume~1\Owner\LOCALS~1\Temp\pafd.sys --> c:\docume~1\Owner\LOCALS~1\Temp\pafd.sys [?]

S4 KodakDigitalDisplayService;KodakDigitalDisplayService;c:\program files\Kodak\Digital Display\OrbKodakLauncher\DllStartupService.exe [8/14/2008 1:10 PM 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Contents of the 'Scheduled Tasks' folder

2009-09-01 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-09-20 c:\windows\Tasks\Registry Medic Schedule.job

- c:\program files\Registry Medic\RegMedic.exe [2007-05-28 23:11]

2007-05-26 c:\windows\Tasks\RegistryMedicAuotScan.job

- c:\program files\Registry Medic\RegMedical.exe [2007-05-25 00:14]

2009-09-18 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job

- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2007-03-11 20:31]

2009-08-27 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job

- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2008-10-12 20:31]

2009-09-28 c:\windows\Tasks\User_Feed_Synchronization-{D8F08181-DAC3-43EA-A58F-2C9409863ECB}.job

- c:\windows\system32\msfeedssync.exe [2007-02-19 09:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://coasttocoastam.com/

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: {0F06A1AD-90E2-4052-ACE0-BF85E8313AD1} = 205.152.132.32,205.152.37.23

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2dkbw6yd.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p=

FF - prefs.js: browser.search.selectedEngine - Ixquick

FF - prefs.js: browser.startup.homepage - hxxp://www.coasttocoastam.com/

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=

FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll

FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll

FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll

FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll

FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll

FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll

FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

FF - user.js: browser.cache.memory.capacity - 16000

FF - user.js: browser.chrome.favicons - fales

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autofill - true

FF - user.js: content.max.tokenizing.time - 3000000

FF - user.js: content.maxtextrun - 4095

FF - user.js: content.notify.backoffcount - 5

FF - user.js: content.notify.interval - 1000000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 1000000

FF - user.js: dom.disable_window_status_change - true

FF - user.js: network.http.max-connections - 48

FF - user.js: network.http.max-connections-per-server - 16

FF - user.js: network.http.max-persistent-connections-per-proxy - 16

FF - user.js: network.http.max-persistent-connections-per-server - 8

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.firstrequest - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: nglayout.initialpaint.delay - 1000

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

.

- - - - ORPHANS REMOVED - - - -

BHO-{9C4DE643-2FDA-469F-8881-4EB3C137F1D4} - (no file)

Notify-geeda - (no file)

Notify-WgaLogon - (no file)

SafeBoot-AVG Anti-Spyware Driver

SafeBoot-AVG Anti-Spyware Guard

AddRemove-Protection System - c:\program files\Protection System\Uninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-09-28 16:49

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\.bcp\PersistentHandler]

@DACL=(02 0000)

@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"

[HKEY_LOCAL_MACHINE\software\Classes\.pot\PersistentHandler]

@DACL=(02 0000)

@="{98de59a0-d175-11cd-a7bd-00006b827d94}"

[HKEY_LOCAL_MACHINE\software\Classes\.pps\PersistentHandler]

@DACL=(02 0000)

@="{98de59a0-d175-11cd-a7bd-00006b827d94}"

[HKEY_LOCAL_MACHINE\software\Classes\.ppt\PersistentHandler]

@DACL=(02 0000)

@="{98de59a0-d175-11cd-a7bd-00006b827d94}"

[HKEY_LOCAL_MACHINE\software\Classes\.prc\PersistentHandler]

@DACL=(02 0000)

@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"

[HKEY_LOCAL_MACHINE\software\Classes\.rtf\PersistentHandler]

@DACL=(02 0000)

@="{2e2294a9-50d7-4fe7-a09f-e6492e185884}"

[HKEY_LOCAL_MACHINE\software\Classes\.srf\PersistentHandler]

@DACL=(02 0000)

@="{eec97550-47a9-11cf-b952-00aa0051fe20}"

[HKEY_LOCAL_MACHINE\software\Classes\.trg\PersistentHandler]

@DACL=(02 0000)

@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"

[HKEY_LOCAL_MACHINE\software\Classes\.user\PersistentHandler]

@DACL=(02 0000)

@="{eec97550-47a9-11cf-b952-00aa0051fe20}"

[HKEY_LOCAL_MACHINE\software\Classes\.xls\PersistentHandler]

@DACL=(02 0000)

@="{98de59a0-d175-11cd-a7bd-00006b827d94}"

[HKEY_LOCAL_MACHINE\software\Classes\.xlt\PersistentHandler]

@DACL=(02 0000)

@="{98de59a0-d175-11cd-a7bd-00006b827d94}"

[HKEY_LOCAL_MACHINE\software\Classes\.xslt\PersistentHandler]

@DACL=(02 0000)

@="{7E9D8D44-6926-426F-AA2B-217A819A5CCE}"

[HKEY_LOCAL_MACHINE\software\Classes\mapi\Shell]

@DACL=(02 0000)

@=""

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2856)

c:\windows\system32\WININET.dll

c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\scardsvr.exe

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Carbonite\Carbonite Backup\CarboniteService.exe

c:\progra~1\AVG\AVG8\avgam.exe

c:\program files\AVG\AVG8\avgrsx.exe

c:\progra~1\AVG\AVG8\avgnsx.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\tcpsvcs.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\windows\system32\searchindexer.exe

.

**************************************************************************

.

Completion time: 2009-09-28 17:04 - machine was rebooted

ComboFix-quarantined-files.txt 2009-09-28 22:04

Pre-Run: 106,685,128,704 bytes free

Post-Run: 106,610,241,536 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

447 --- E O F --- 2009-09-10 17:07

Link to post
Share on other sites

Ran Malwarebyte and HJT here are there print outs....

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:43:00 PM, on 9/28/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\PROGRA~1\AVG\AVG8\avgfws8.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe

C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\PROGRA~1\AVG\AVG8\avgam.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\WINDOWS\system32\tcpsvcs.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Coast to Coast AM Media Center\Coast to Coast AM Media Center.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Program Files\IObit\Advanced SystemCare 3\IObitUpdate.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://coasttocoastam.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {9C4DE643-2FDA-469F-8881-4EB3C137F1D4} - (no file)

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Documents and Settings\Owner\Desktop\Malwarebytes' Anti-Malware\try this.exe" /runcleanupscript

O4 - HKCU\..\Run: [Coast to Coast AM] C:\Program Files\Coast to Coast AM Media Center\Coast to Coast AM Media Center.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testAc...OnlineGames.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15031/CTPID.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{0F06A1AD-90E2-4052-ACE0-BF85E8313AD1}: NameServer = 205.152.132.32,205.152.37.23

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O20 - Winlogon Notify: geeda - C:\WINDOWS\

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe

O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--

End of file - 10345 bytes

*********************

Malwarebytes' Anti-Malware 1.41

Database version: 2869

Windows 5.1.2600 Service Pack 3

9/28/2009 9:38:34 PM

mbam-log-2009-09-28 (21-38-34).txt

Scan type: Full Scan (C:\|)

Objects scanned: 313195

Time elapsed: 1 hour(s), 36 minute(s), 42 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 9

Registry Values Infected: 2

Registry Data Items Infected: 1

Folders Infected: 2

Files Infected: 10

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\BitDownload (Trojan.Swizzor) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\www.host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\Local Page (Hijack.SearchPage) -> Bad: (http://www.iesearch.com/) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.

Folders Infected:

C:\Documents and Settings\Owner\Start Menu\Programs\BitDownload (Trojan.Swizzor) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Start Menu\Programs\Protection System (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.

Files Infected:

C:\Qoobox\Quarantine\C\WINDOWS\system32\superiorads-uninst.exe.vir (Adware.AdRotator) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32\UACgvjlgrmmgn.dll.vir (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32\UACyrnwcokvuw.dll.vir (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1CBF298F-19C3-426B-8501-5E6F25609C70}\RP0\A0000003.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1CBF298F-19C3-426B-8501-5E6F25609C70}\RP0\A0000005.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1CBF298F-19C3-426B-8501-5E6F25609C70}\RP1\A0000092.exe (Adware.AdRotator) -> Quarantined and deleted successfully.

C:\Documents and Settings\Owner\Start Menu\Programs\BitDownload\BitDownload Downloads.lnk (Trojan.Swizzor) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Start Menu\Programs\Protection System\Protection System Support.lnk (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Start Menu\Programs\Protection System\Protection System.lnk (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Start Menu\Programs\Protection System\Uninstall Protection System.lnk (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.

Link to post
Share on other sites

  • Staff

Hello,

My apologies for the delay.

Please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop. Do not run it yet.

Next, please open Notepad - don't use any other text editor than notepad or the script will fail.

Copy/paste the text in the quotebox below into Notepad:

Driver::

cdiskdun

EGEARAspiWD

pafd

Save this as CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Also update MBAM. run a Quick Scan, and post its log.

Next, please use the Internet Explorer browser and click here to use the F-Secure Online Scanner.

  • Click Start Scanning.
  • You should get a notification bar (on top) to install the ActiveX control.
  • Click on it and select to install the ActiveX.
  • Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.
  • In case you are having problems with installing the ActiveX/starting the scan, please read here.
  • Click the Full System Scan button.
  • It will start to download scanner components and databases. This can take a while.
  • The main scan will start.
  • Once the scan has finished scanning, click the Automatic cleaning (recommended) button
  • It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
  • The cleaning can take a while, so please be patient.
  • Then click the Show report button and Copy/Paste what is present under results in your next reply.

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

Here is Combo Fix log, HJD Log and MBAM log .... Running the F- Secure online scanner and security Next .... will post them next...

Combo Fix Log...............................

ComboFix 09-09-30.05 - Owner 09/30/2009 23:20.3.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.990.440 [GMT -5:00]

Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_CDISKDUN

-------\Legacy_EGEARASPIWD

-------\Legacy_PAFD

-------\Service_cdiskdun

-------\Service_EGEARAspiWD

-------\Service_pafd

((((((((((((((((((((((((( Files Created from 2009-09-01 to 2009-10-01 )))))))))))))))))))))))))))))))

.

2009-10-01 02:40 . 2009-10-01 04:17 -------- d-----w- C:\Combo-Fix

2009-09-30 19:43 . 2009-09-30 19:43 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\WMTools Downloaded Files

2009-09-30 19:07 . 2009-09-30 19:07 -------- d-----w- c:\program files\Common Files\xing shared

2009-09-29 03:26 . 2009-09-29 03:26 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2009-09-29 03:26 . 2009-09-29 03:26 -------- d-----w- c:\program files\SUPERAntiSpyware

2009-09-29 03:26 . 2009-09-29 03:26 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com

2009-09-29 02:42 . 2009-09-29 02:42 -------- d-----w- c:\program files\Trend Micro

2009-09-28 20:49 . 2009-09-28 20:49 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes

2009-09-28 20:45 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-09-28 20:45 . 2009-09-28 20:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-09-28 20:45 . 2009-09-28 20:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-09-28 20:45 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-09-28 18:43 . 2009-09-28 18:43 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2009-09-28 18:39 . 2009-07-28 21:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-09-28 18:39 . 2009-03-30 15:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys

2009-09-28 18:39 . 2009-02-13 17:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2009-09-28 18:39 . 2009-02-13 17:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2009-09-28 18:39 . 2009-09-28 18:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2009-09-28 18:39 . 2009-09-28 18:39 -------- d-----w- c:\program files\Avira

2009-09-26 00:51 . 2008-12-11 13:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys

2009-09-26 00:51 . 2009-08-24 19:05 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys

2009-09-26 00:51 . 2009-08-19 16:01 86888 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys

2009-09-26 00:51 . 2009-09-26 00:51 -------- d-----w- c:\program files\Common Files\PC Tools

2009-09-26 00:51 . 2008-12-10 16:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys

2009-09-26 00:51 . 2009-09-28 18:12 -------- d-----w- c:\program files\Spyware Doctor

2009-09-26 00:51 . 2009-09-26 00:51 -------- d-----w- c:\documents and settings\Owner\Application Data\PC Tools

2009-09-26 00:51 . 2009-09-26 00:51 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools

2009-09-25 17:06 . 2009-09-29 03:24 -------- d-----w- c:\program files\FakeAlert Removal Tool

2009-09-25 12:28 . 2009-09-25 12:28 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE

2009-09-25 12:28 . 2009-09-25 12:28 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

2009-09-17 04:20 . 2009-09-18 00:40 -------- d-----w- c:\documents and settings\Owner\Application Data\IObit

2009-09-17 04:20 . 2009-09-17 04:20 -------- d-----w- c:\program files\IObit

2009-09-13 19:24 . 2009-09-15 21:07 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll

2009-09-10 17:01 . 2009-09-10 17:01 -------- d-sh--w- c:\documents and settings\Default User\IETldCache

2009-09-09 22:28 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll

2009-09-04 14:59 . 2009-09-04 14:59 -------- d-----w- c:\documents and settings\Owner\Application Data\AVG8

2009-09-04 02:00 . 2009-09-04 02:00 -------- d-----w- c:\program files\My Downloaded Games

2009-09-04 02:00 . 2009-09-04 02:00 -------- d-----w- c:\program files\BoontyGames

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-09-30 19:08 . 2007-03-12 00:01 -------- d-----w- c:\program files\Common Files\Real

2009-09-30 19:07 . 2006-07-11 23:35 348160 ----a-w- c:\windows\system32\msvcr71.dll

2009-09-30 19:07 . 2007-03-11 11:38 499712 ----a-w- c:\windows\system32\msvcp71.dll

2009-09-29 03:26 . 2007-03-11 11:38 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2009-09-28 18:50 . 2007-03-11 11:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-09-28 18:45 . 2007-05-22 22:51 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2009-09-28 18:08 . 2007-03-11 11:38 -------- d-----w- c:\program files\Spybot - Search & Destroy

2009-09-25 00:05 . 2008-08-30 22:09 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8

2009-09-23 03:40 . 2007-03-29 02:10 -------- d-----w- c:\program files\TestWorks

2009-09-10 17:02 . 2007-09-08 02:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2009-08-28 15:48 . 2007-03-16 04:21 244056 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-08-24 01:03 . 2009-08-24 01:03 -------- d-----w- c:\program files\MAXA Cookie Manager

2009-08-14 11:58 . 2009-09-26 00:51 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat

2009-08-05 09:01 . 2004-08-12 13:01 204800 ----a-w- c:\windows\system32\mswebdvd.dll

2009-07-30 14:11 . 2008-08-30 22:41 11952 ----a-w- c:\windows\system32\avgrsstx.dll

2009-07-30 14:11 . 2008-08-30 22:41 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-07-30 14:11 . 2008-08-30 22:41 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2009-07-17 19:01 . 2004-08-12 12:55 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-14 04:43 . 2004-08-12 13:10 286208 ----a-w- c:\windows\system32\wmpdxm.dll

2009-07-03 17:09 . 2007-02-19 15:15 915456 ------w- c:\windows\system32\wininet.dll

2003-12-18 16:33 . 2009-09-13 19:23 20102 ----a-w- c:\program files\Readme.txt

2003-09-03 12:46 . 2009-09-13 19:23 10960 ----a-w- c:\program files\EULA.txt

2004-08-12 13:07 . 2004-08-12 13:07 94784 --sh--w- c:\windows\twain.dll

2008-04-14 00:12 . 2008-10-29 00:46 413696 --sha-w- c:\windows\system32\SET29B.tmp

.

((((((((((((((((((((((((((((( SnapShot@2009-09-28_21.49.51 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-10-01 04:33 . 2009-10-01 04:33 16384 c:\windows\Temp\Perflib_Perfdata_464.dat

+ 2009-09-30 20:09 . 2006-07-03 04:43 10752 c:\windows\system32\ReinstallBackups\0011\DriverFiles\SPIRun.dll

+ 2009-09-30 20:09 . 2003-10-02 10:48 53248 c:\windows\system32\ReinstallBackups\0011\DriverFiles\P17CPI.dll

+ 2009-09-30 20:09 . 2008-04-14 00:12 23552 c:\windows\system32\ReinstallBackups\0011\DriverFiles\i386\wdmaud.drv

+ 2009-09-30 20:09 . 2008-04-13 18:45 49408 c:\windows\system32\ReinstallBackups\0011\DriverFiles\i386\stream.sys

+ 2009-09-30 20:09 . 2008-04-13 18:45 60160 c:\windows\system32\ReinstallBackups\0011\DriverFiles\i386\drmk.sys

+ 2009-09-30 20:09 . 2002-04-10 17:41 65536 c:\windows\system32\ReinstallBackups\0011\DriverFiles\A3d.dll

+ 2007-04-09 06:40 . 2007-04-09 06:40 14848 c:\windows\system32\P17RunE.dll

- 2009-08-27 18:04 . 2008-04-13 18:45 49408 c:\windows\system32\drivers\stream.sys

+ 2009-08-27 18:04 . 2008-04-13 18:45 49408 c:\windows\system32\drivers\stream.sys

+ 2009-08-27 18:04 . 2008-04-13 18:45 49408 c:\windows\system32\dllcache\stream.sys

+ 2009-08-27 18:04 . 2008-04-13 18:45 60160 c:\windows\system32\dllcache\drmk.sys

+ 2007-03-13 06:51 . 2007-03-13 06:51 45568 c:\windows\system32\ctppld.dll

+ 2007-05-07 15:45 . 2007-05-07 15:45 86016 c:\windows\system32\ctcoinst.dll

+ 2006-12-04 18:56 . 2006-12-04 18:56 42496 c:\windows\system32\AddCat.exe

+ 2009-09-29 03:26 . 2009-09-29 03:26 65024 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe

+ 2009-09-29 03:26 . 2009-09-29 03:26 18944 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe

+ 2009-09-30 20:09 . 2004-12-22 11:58 8704 c:\windows\system32\ReinstallBackups\0011\DriverFiles\i386\Pfmodnt.sys

+ 2009-09-30 20:09 . 2008-04-14 00:11 4096 c:\windows\system32\ReinstallBackups\0011\DriverFiles\i386\ksuser.dll

+ 2009-09-30 19:07 . 2009-09-30 19:07 5632 c:\windows\system32\pndx5032.dll

- 2007-10-03 03:16 . 2007-10-03 23:24 5632 c:\windows\system32\pndx5032.dll

+ 2009-09-30 19:07 . 2009-09-30 19:07 6656 c:\windows\system32\pndx5016.dll

- 2007-10-03 03:16 . 2007-10-03 23:24 6656 c:\windows\system32\pndx5016.dll

+ 2007-03-11 01:11 . 2008-04-14 00:11 4096 c:\windows\system32\dllcache\ksuser.dll

+ 2006-12-15 07:41 . 2006-12-15 07:41 8192 c:\windows\ResDefE.exe

+ 2009-09-29 03:26 . 2009-09-29 03:26 5120 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe

+ 2009-07-12 05:02 . 2009-07-12 05:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll

+ 2009-09-30 19:08 . 2009-09-30 19:08 185920 c:\windows\system32\rmoc3260.dll

+ 2009-09-30 20:09 . 2006-01-25 06:55 137728 c:\windows\system32\ReinstallBackups\0011\DriverFiles\P17res.dll

+ 2009-09-30 20:09 . 2007-05-08 00:59 137216 c:\windows\system32\ReinstallBackups\0011\DriverFiles\OemSpi.dll

+ 2009-09-30 20:09 . 2008-04-13 19:19 146048 c:\windows\system32\ReinstallBackups\0011\DriverFiles\i386\portcls.sys

+ 2009-09-30 20:09 . 2008-04-13 19:16 141056 c:\windows\system32\ReinstallBackups\0011\DriverFiles\i386\ks.sys

+ 2009-09-30 20:09 . 2005-06-27 10:37 133632 c:\windows\system32\ReinstallBackups\0011\DriverFiles\i386\CtDvInst.dll

+ 2009-09-30 19:07 . 2009-09-30 19:07 278528 c:\windows\system32\pncrt.dll

- 2007-03-12 00:01 . 2007-10-03 23:24 278528 c:\windows\system32\pncrt.dll

+ 2007-10-06 19:19 . 2006-12-03 20:12 137216 c:\windows\system32\P17res.dll

+ 2007-04-09 06:42 . 2007-04-09 06:42 148480 c:\windows\system32\OemSpiE.dll

- 2009-08-27 18:04 . 2008-04-13 19:19 146048 c:\windows\system32\drivers\portcls.sys

+ 2009-08-27 18:04 . 2008-04-13 19:19 146048 c:\windows\system32\drivers\portcls.sys

+ 2009-08-27 18:04 . 2008-04-13 19:19 146048 c:\windows\system32\dllcache\portcls.sys

+ 2009-08-27 18:04 . 2008-04-13 19:16 141056 c:\windows\system32\dllcache\ks.sys

+ 2007-10-06 19:19 . 2007-05-07 15:45 163328 c:\windows\system32\ctdvinst.dll

+ 2007-07-02 13:17 . 2007-07-02 13:17 512512 c:\windows\system32\CTAPO32.dll

+ 2009-09-29 17:00 . 2009-09-29 17:00 195584 c:\windows\Installer\a28b86.msi

+ 2009-09-30 20:09 . 2007-03-22 16:35 1659008 c:\windows\system32\ReinstallBackups\0011\DriverFiles\i386\p17xfilt.sys

+ 2009-09-30 20:09 . 2006-09-25 09:58 1173504 c:\windows\system32\ReinstallBackups\0011\DriverFiles\i386\P17xfi.sys

+ 2007-06-13 06:58 . 2007-06-13 06:58 1131520 c:\windows\system32\drivers\P17.sys

+ 2009-09-29 03:26 . 2009-09-29 03:26 1583616 c:\windows\Installer\29f539.msi

.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2006-01-12 21:40 . 2006-01-12 21:40 155648 c:\program files\Common Files\Ahead\Lib\bak\NeroCheck.exe

2007-10-03 03:16 . 2007-10-03 23:23 185632 c:\program files\Common Files\Real\Update_OB\bak\realsched.exe

2009-09-30 19:07 . 2009-09-30 19:07 198160 c:\program files\Common Files\Real\Update_OB\realsched.exe

2006-10-07 12:20 . 2007-07-18 00:23 6731312 c:\program files\Grisoft\AVG Anti-Spyware 7.5\bak\avgas.exe

2007-03-11 11:38 . 2007-09-21 13:38 421888 c:\program files\Grisoft\AVG7\bak\avgcc.exe

2007-03-11 07:17 . 2007-02-19 14:58 169984 c:\windows\pchealth\helpctr\binaries\bak\MSConfig.exe

2007-03-11 07:17 . 2008-04-14 00:12 169984 c:\windows\pchealth\helpctr\binaries\msconfig.exe

2004-08-12 12:56 . 2004-08-12 12:56 15360 c:\windows\system32\bak\ctfmon.exe

2004-08-12 12:56 . 2008-04-14 00:12 15360 c:\windows\system32\ctfmon.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2009-09-02 16:58 1107200 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Blue]

@="{E300CD91-100F-4E67-9AF3-1384A6124015}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]

@="{E300CD91-100F-4E67-9AF3-1384A6124015}"

[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]

2009-01-09 21:13 583312 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]

@="{95A27763-F62A-4114-9072-E81D87DE3B68}"

[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]

2009-01-09 21:13 583312 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Blue]

@="{E300CD91-100F-4E67-9AF3-1384A6124015}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]

@="{E300CD91-100F-4E67-9AF3-1384A6124015}"

[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]

2009-01-09 21:13 583312 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Red]

@="{01CCCC8C-1D50-4b13-B96D-4B922DD3128B}"

[HKEY_CLASSES_ROOT\CLSID\{01CCCC8C-1D50-4b13-B96D-4B922DD3128B}]

2009-01-09 21:13 583312 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]

@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"

[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]

2009-01-09 21:13 583312 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Coast to Coast AM"="c:\program files\Coast to Coast AM Media Center\Coast to Coast AM Media Center.exe" [2005-06-08 983040]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-06-30 2329224]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-09-15 1998576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-09-29 2023704]

"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2009-01-09 669840]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"Malwarebytes Anti-Malware (reboot)"="c:\documents and settings\Owner\Desktop\Malwarebytes' Anti-Malware\try this.exe" [N/A]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-30 198160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-07-30 14:11 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geeda]

[bU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]

[bU]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Reminder.lnk]

backup=c:\windows\pss\Event Reminder.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk.disabled]

backup=c:\windows\pss\InterVideo WinCinema Manager.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]

backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks 2002 Delivery Agent.lnk.disabled]

backup=c:\windows\pss\QuickBooks 2002 Delivery Agent.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]

backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Yahoo! Autosync.lnk]

backup=c:\windows\pss\Yahoo! Autosync.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Adobe Gamma.lnk]

backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^ID Vault.lnk]

backup=c:\windows\pss\ID Vault.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"KodakDigitalDisplayService"=2 (0x2)

"iPod Service"=3 (0x3)

"IntuitUpdateService"=2 (0x2)

"gusvc"=2 (0x2)

"Fax"=2 (0x2)

"Apple Mobile Device"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

"MMTray"=c:\program files\MusicMatch\MusicMatch Jukebox\mm_tray.exe

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe"

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

"nwiz"=nwiz.exe /install

"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

"NeroCheck"=c:\windows\system32\NeroCheck.exe

"EM_EXEC"=c:\progra~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\StubInstaller.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=

"c:\\Program Files\\Sierra\\Homeworld2\\Bin\\Release\\Homeworld2.exe"=

"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=

"c:\\Program Files\\Raven\\Star Trek Voyager Elite Force\\stvoyHM.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

"c:\\Program Files\\Kodak\\Digital Display\\KodakDigitalDisplaySoftware.exe"=

"c:\\Program Files\\Kodak\\Digital Display\\OrbKodakLauncher\\DllStartupService.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [8/30/2008 5:41 PM 12552]

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [9/25/2009 7:51 PM 206256]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/30/2008 5:41 PM 335240]

R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/30/2008 5:41 PM 108552]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [9/15/2009 11:42 AM 9968]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/15/2009 11:42 AM 74480]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [9/28/2009 1:39 PM 108289]

R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [1/8/2009 9:52 AM 297752]

R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [4/26/2009 9:28 PM 1370488]

R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 6:45 AM 13088]

R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [9/25/2009 7:51 PM 348752]

R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [8/30/2008 5:41 PM 29208]

R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/15/2009 11:42 AM 7408]

R3 SMCSTUB;SMCSTUB;c:\windows\system32\drivers\smcstub.sys [10/15/2007 10:21 AM 55680]

S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [8/30/2008 5:41 PM 29208]

S3 mtsftkey;mtsftkey;c:\windows\system32\drivers\mtsftkey.sys [10/15/2007 10:21 AM 60032]

S4 KodakDigitalDisplayService;KodakDigitalDisplayService;c:\program files\Kodak\Digital Display\OrbKodakLauncher\DllStartupService.exe [8/14/2008 1:10 PM 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Contents of the 'Scheduled Tasks' folder

2009-09-01 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-09-20 c:\windows\Tasks\Registry Medic Schedule.job

- c:\program files\Registry Medic\RegMedic.exe [2007-05-28 23:11]

2007-05-26 c:\windows\Tasks\RegistryMedicAuotScan.job

- c:\program files\Registry Medic\RegMedical.exe [2007-05-25 00:14]

2009-09-18 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job

- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2007-03-11 20:31]

2009-09-29 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job

- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2008-10-12 20:31]

2009-10-01 c:\windows\Tasks\User_Feed_Synchronization-{D8F08181-DAC3-43EA-A58F-2C9409863ECB}.job

- c:\windows\system32\msfeedssync.exe [2007-02-19 09:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://coasttocoastam.com/

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: {0F06A1AD-90E2-4052-ACE0-BF85E8313AD1} = 205.152.132.32,205.152.37.23

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2dkbw6yd.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p=

FF - prefs.js: browser.search.selectedEngine - Ixquick

FF - prefs.js: browser.startup.homepage - hxxp://www.coasttocoastam.com/

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=

FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll

FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll

FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll

FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll

FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll

FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll

FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

FF - user.js: browser.cache.memory.capacity - 16000

FF - user.js: browser.chrome.favicons - fales

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autofill - true

FF - user.js: content.max.tokenizing.time - 3000000

FF - user.js: content.maxtextrun - 4095

FF - user.js: content.notify.backoffcount - 5

FF - user.js: content.notify.interval - 1000000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 1000000

FF - user.js: dom.disable_window_status_change - true

FF - user.js: network.http.max-connections - 48

FF - user.js: network.http.max-connections-per-server - 16

FF - user.js: network.http.max-persistent-connections-per-proxy - 16

FF - user.js: network.http.max-persistent-connections-per-server - 8

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.firstrequest - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: nglayout.initialpaint.delay - 1000

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

.

- - - - ORPHANS REMOVED - - - -

BHO-{9C4DE643-2FDA-469F-8881-4EB3C137F1D4} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-09-30 23:33

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\.bcp\PersistentHandler]

@DACL=(02 0000)

@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"

[HKEY_LOCAL_MACHINE\software\Classes\.pot\PersistentHandler]

@DACL=(02 0000)

@="{98de59a0-d175-11cd-a7bd-00006b827d94}"

[HKEY_LOCAL_MACHINE\software\Classes\.pps\PersistentHandler]

@DACL=(02 0000)

@="{98de59a0-d175-11cd-a7bd-00006b827d94}"

[HKEY_LOCAL_MACHINE\software\Classes\.ppt\PersistentHandler]

@DACL=(02 0000)

@="{98de59a0-d175-11cd-a7bd-00006b827d94}"

[HKEY_LOCAL_MACHINE\software\Classes\.prc\PersistentHandler]

@DACL=(02 0000)

@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"

[HKEY_LOCAL_MACHINE\software\Classes\.rtf\PersistentHandler]

@DACL=(02 0000)

@="{2e2294a9-50d7-4fe7-a09f-e6492e185884}"

[HKEY_LOCAL_MACHINE\software\Classes\.srf\PersistentHandler]

@DACL=(02 0000)

@="{eec97550-47a9-11cf-b952-00aa0051fe20}"

[HKEY_LOCAL_MACHINE\software\Classes\.trg\PersistentHandler]

@DACL=(02 0000)

@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"

[HKEY_LOCAL_MACHINE\software\Classes\.user\PersistentHandler]

@DACL=(02 0000)

@="{eec97550-47a9-11cf-b952-00aa0051fe20}"

[HKEY_LOCAL_MACHINE\software\Classes\.xls\PersistentHandler]

@DACL=(02 0000)

@="{98de59a0-d175-11cd-a7bd-00006b827d94}"

[HKEY_LOCAL_MACHINE\software\Classes\.xlt\PersistentHandler]

@DACL=(02 0000)

@="{98de59a0-d175-11cd-a7bd-00006b827d94}"

[HKEY_LOCAL_MACHINE\software\Classes\.xslt\PersistentHandler]

@DACL=(02 0000)

@="{7E9D8D44-6926-426F-AA2B-217A819A5CCE}"

[HKEY_LOCAL_MACHINE\software\Classes\mapi\Shell]

@DACL=(02 0000)

@=""

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1016)

c:\program files\SUPERAntiSpyware\SASWINLO.dll

c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2300)

c:\windows\system32\WININET.dll

c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\scardsvr.exe

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\AVG\AVG8\avgwdsvc.exe

c:\program files\AVG\AVG8\avgfws8.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Carbonite\Carbonite Backup\CarboniteService.exe

c:\program files\AVG\AVG8\avgam.exe

c:\program files\AVG\AVG8\avgrsx.exe

c:\program files\AVG\AVG8\avgnsx.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

c:\windows\system32\tcpsvcs.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\windows\system32\searchindexer.exe

.

**************************************************************************

.

Completion time: 2009-10-01 23:44 - machine was rebooted

ComboFix-quarantined-files.txt 2009-10-01 04:44

ComboFix2.txt 2009-09-28 22:04

Pre-Run: 106,061,332,480 bytes free

Post-Run: 106,090,672,128 bytes free

462 --- E O F --- 2009-09-29 17:00

HJT Log .......................

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:49:15 PM, on 9/30/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\PROGRA~1\AVG\AVG8\avgfws8.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe

C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\PROGRA~1\AVG\AVG8\avgam.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Coast to Coast AM Media Center\Coast to Coast AM Media Center.exe

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\WINDOWS\system32\tcpsvcs.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://coasttocoastam.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Documents and Settings\Owner\Desktop\Malwarebytes' Anti-Malware\try this.exe" /runcleanupscript

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [Coast to Coast AM] C:\Program Files\Coast to Coast AM Media Center\Coast to Coast AM Media Center.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testAc...OnlineGames.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15031/CTPID.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{0F06A1AD-90E2-4052-ACE0-BF85E8313AD1}: NameServer = 205.152.132.32,205.152.37.23

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O20 - Winlogon Notify: geeda - C:\WINDOWS\

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe

O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--

End of file - 10387 bytes

MBAM Log.......................

Malwarebytes' Anti-Malware 1.41

Database version: 2881

Windows 5.1.2600 Service Pack 3

10/1/2009 12:00:20 AM

mbam-log-2009-10-01 (00-00-20).txt

Scan type: Quick Scan

Objects scanned: 120775

Time elapsed: 7 minute(s), 16 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Running the F- Secure online scanner and security Next .... will post them next...

Link to post
Share on other sites

Hi Chris,

I have tried several time to run F-Secure but internet explorer will not let it run the error message i get is below... suggestions...

Thanks for all you are doing for me!!!!! :D

Internet Explorer has closed this webpage to help protect your computer

A malfunctioning or malicious add-on has caused Internet Explorer to close this webpage.

What you can do:

Go to your home page

Try to return to f-secure.com

More information

Link to post
Share on other sites

Hi Chris,

I am going out of town, will be back late Saturday night. I will check Sunday morning to see what you suggest.

Thanks again for all you are doing for me.!!!!

I think we have it almost beat. I do not have any more pop ups and no more attempt at it trying to load itself again.

Take Care, Debbie

Link to post
Share on other sites

Thanks for letting me know.

How odd that the online scanners aren't working. Update MBAM, run a Quick Scan, and post its log. If nothing shows up, it's likely you're good to go.

Do run my Security Check though, and post its log.

-screen317

Hi Chirs,

The best i can figure out is that is has something to do with the Data Execution Prevention. I do not know how to set it to accept your the F-Secure. If that can be done that would let it work. I will run the process you asked and post them in the next 30 min to and hour.

Thanks Debbie

Link to post
Share on other sites

Hi Chris,

Here is the MBMA Qucik Scan Log......

Malwarebytes' Anti-Malware 1.41

Database version: 2905

Windows 5.1.2600 Service Pack 3

10/4/2009 11:18:36 AM

mbam-log-2009-10-04 (11-18-36).txt

Scan type: Quick Scan

Objects scanned: 122779

Time elapsed: 20 minute(s), 6 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Here is the Security Check Log......

Results of screen317's Security Check version 0.99.0

Windows XP Service Pack 3

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Disabled!

AVG 8.5

Avira AntiVir Personal - Free Antivirus

Avira updated!

``````````````````````````````

Anti-malware/Other Utilities Check:

Out of date Spybot installed!

Spybot - Search & Destroy 1.4

Spyware Doctor 6.1

Spybot - Search & Destroy

SUPERAntiSpyware Free Edition

HijackThis 2.0.2

Java SE Runtime Environment 6 Update 1

Adobe Flash Player 10

Adobe Reader 8.1.5

Out of date Adobe Reader installed!

``````````````````````````````

Process Check:

objlist.exe by Laurent

AVG avgwdsvc.exe

AVG avgtray.exe

AVG avgrsx.exe

AVG avgnsx.exe

AVG avgemc.exe

Avira Antivir avgnt.exe

Avira Antivir avguard.exe

``````````````````````````````

DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

Link to post
Share on other sites

  • Staff

Hi,

The best i can figure out is that is has something to do with the Data Execution Prevention.
How do you figure? What happens when you disable DEP all together? Does the online scan work?

I notice that you are using more than one antivirus program (Avira and AVG). This is very dangerous, as multiple AVs can interfere with one another and actually allow MORE viruses to get through. I strongly suggest you go to Start -> Control Panel -> Add or Remove Programs and uninstall all but one antivirus program.

While you are in Add or Remove Programs, uninstall the following:

Spybot - Search & Destroy 1.4

Spybot - Search & Destroy

Adobe Reader 8.1.5

Restart your computer.

Get the latest version of Adobe Reader.

Let me know what issues remain.

-screen317

Link to post
Share on other sites

Hi Chris,

About the DEP, It has been several days now and if i remember right one of the screens that came up mentioned that DEP would not let this run and if I would allow it F-Secure would run. I can not remember where I saw it now.

Will do on the AV's and other instructions in the morning. It is almost midnight here.

Take care, Debbie

Link to post
Share on other sites

Hi Chirs,

I have removed and updated all of your suggestions. I do not seem to be having any other issues. Everything is running ok except for not being able to download the F-Secure, we did not seem to need it, unless you need the report to make sure everything is ok. I do not know how to disable it altogether. If you think we need to just let me know. I am willing to tackle it.

One question can Malware bytes be scheduled to run automatically?

Thanks,

Take Care,

Debbie

Link to post
Share on other sites

  • Staff

Let's try one more online scan, just to make sure it's not a coincidence.

Please use the Internet Explorer browser, and do an online scan with Kaspersky Online Scanner

Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Accept, when prompted to download and install the program files and database of malware definitions.

  • Click Run at the Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save Report As... button.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

**Note**

To optimize scanning time and produce a more sensible report for review:

  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.