Jump to content

Recommended Posts

Hello I have been infected with this virus that has disables my ie8 my antivirus protection and my firewall along with who knows what else. my system is win xp pro with all the latest updates. I was able to run a virus scan called a-square whitch removed several tracking cookies. Below i have included a hijackthis scan, I don't know if this scan can help, as i don't know that much about computers.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 9:32:04 AM, on 4/9/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\brsvc01a.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\brss01a.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Microsoft LifeCam\MSCamS32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

c:\Program Files\Zune\ZuneBusEnum.exe

C:\Program Files\IncrediMail\bin\IncMail.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe

C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Documents and Settings\Larry\Local Settings\Application Data\gjx.exe

C:\Program Files\IncrediMail\Bin\ImApp.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.charter.net/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157

O3 - Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - (no file)

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe

O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--

End of file - 4950 bytes

Can Someone please help me with this. Thank You Larry

Link to post
Share on other sites

Welcome to the forum.

Enable hidden files:

http://www.howtogeek.com/howto/windows/display-hidden-folders-in-xp/

From your HJT log, this is one of the problems:

C:\Documents and Settings\Larry\Local Settings\Application Data\gjx.exe

See if you can delete it, rename it to .old or end task on it.

Then............

Carefully read and follow this Guide.

Make sure you run rkill or exehelper and then immediately run MBAM as desribed.

Most important....update MBAM before you run it.

Post the logs back here, Let me know....MrC

Link to post
Share on other sites

I was able to removw the gjx.exe file. and I do have scan logs to post below.

This log file is located at C:\rkill.log.

Please post this only if requested to by the person helping you.

Otherwise you can close this log when you wish.

Rkill was run on 04/09/2011 at 16:59:20.

Operating System: Microsoft Windows XP

Processes terminated by Rkill or while it was running:

C:\WINDOWS\system32\verclsid.exe

Rkill completed on 04/09/2011 at 16:59:24.

I must have lost the exehelper log, as I can't find it on the pc. see the Malwarebytes scan log next.

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6307

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

4/8/2011 12:55:02 AM

mbam-log-2011-04-08 (00-55-02).txt

Scan type: Full scan (C:\|)

Objects scanned: 203011

Time elapsed: 1 hour(s), 20 minute(s), 15 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 4

Registry Values Infected: 2

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 8

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\K8CE6CA1JO (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Q7NZMT7RLB (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Q7NZMT7RLB (Trojan.FakeAlert.SA) -> Value: Q7NZMT7RLB -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NtWqIVLZEWZU (Trojan.FakeAlert) -> Value: NtWqIVLZEWZU -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\documents and settings\Larry\application data\Adobe\plugs\kb724109921.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\documents and settings\Larry\application data\Adobe\plugs\kb724110187.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\prndrvrj.dll (Heuristics.Shuriken) -> Quarantined and deleted successfully.

c:\WINDOWS\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\WINDOWS\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\WINDOWS\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> Quarantined and deleted successfully.

c:\documents and settings\Larry\local settings\Temp\Lqr.exe (Trojan.FakeAlert.SA) -> Delete on reboot.

c:\documents and settings\Larry\local settings\Temp\Lqx.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Here's another one.

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6307

Windows 5.1.2600 Service Pack 3 (Safe Mode)

Internet Explorer 8.0.6001.18702

4/9/2011 6:39:20 PM

mbam-log-2011-04-09 (18-39-20).txt

Scan type: Full scan (C:\|)

Objects scanned: 201737

Time elapsed: 11 minute(s), 15 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 4

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\Q7NZMT7RLB (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Larry\Local Settings\Application Data\gjx.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

I am once again able to usr the internet, I no longer have the fake antivirus or security center no constant popups of web site. Things are looking up right now. Some settings have changed, but I think I can sort through them. Let me know if more needs to be done . Thanks Larry

Link to post
Share on other sites

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

These are located in your control panels Security Center under Resources > Change the way "Security Center Alerts me"

I just uncheck them all, if you check them, the next time MB runs it will turn them back on, so I just have MB ignore them.

--------------------------

Update and run a Quick scan with MBAM, your data base is a little out of date

6307 <---yours

6321 <--current

Let me know, MrC

Link to post
Share on other sites

Unable to adjust "change the way security center alerts me" as the choice is greyed out unable to click on that option!! Below please see my updated MB quick scan log.

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6328

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

4/10/2011 10:17:01 PM

mbam-log-2011-04-10 (22-17-01).txt

Scan type: Quick scan

Objects scanned: 158648

Time elapsed: 3 minute(s), 3 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\documents and settings\Larry\local settings\application data\gjx.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\documents and settings\Larry\local settings\application data\xjr.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Thank You Larry it appears that the gjx.exe and it's twin has reappeared!

Link to post
Share on other sites

Please do this.......

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Double click on the icon on your desktop.

Click the Scan All Users checkbox.

Push the Quick Scan button.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)

OTL.txt <-- Will be opened

Extra.txt <-- Will be minimized

MrC

Link to post
Share on other sites

rex.bmpLike your profile Pic. Is that a beagle? I'm a huge dog lover. I will try to post a pic of my old friend.

here are the scan logs.

OTL logfile created on: 4/11/2011 10:02:47 AM - Run 1

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Larry\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 74.00% Memory free

3.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.53 Gb Total Space | 62.57 Gb Free Space | 83.95% Space Free | Partition Type: NTFS

Computer Name: VMACHINE | User Name: Larry | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/11 10:01:44 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Larry\Desktop\OTL.exe

PRC - [2011/03/18 13:02:23 | 000,353,736 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\Bin\IncMail.exe

PRC - [2011/03/18 13:02:23 | 000,255,432 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\Bin\ImApp.exe

PRC - [2011/03/16 13:44:15 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2011/03/01 21:07:20 | 003,261,072 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe

PRC - [2011/03/01 21:07:20 | 000,931,472 | R--- | M] (Carbonite, Inc.) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe

PRC - [2011/01/10 15:23:41 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2011/01/10 15:23:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2010/11/11 14:55:56 | 000,057,072 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Zune\ZuneBusEnum.exe

PRC - [2010/08/24 02:38:18 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

PRC - [2010/06/04 08:10:36 | 000,822,384 | ---- | M] (The Weather Channel Interactive, Inc.) -- C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe

PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

PRC - [2008/08/21 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/05/17 14:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe

========== Modules (SafeList) ==========

MOD - [2011/04/11 10:01:44 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Larry\Desktop\OTL.exe

MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/03/16 13:44:15 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011/03/01 21:07:20 | 003,261,072 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe -- (CarboniteService)

SRV - [2011/01/10 15:23:41 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2010/11/11 14:57:04 | 000,268,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)

SRV - [2010/11/11 14:57:02 | 000,444,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)

SRV - [2010/11/11 14:55:56 | 006,351,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)

SRV - [2010/11/11 14:55:56 | 000,057,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Zune\ZuneBusEnum.exe -- (ZuneBusEnum)

SRV - [2010/08/24 02:38:18 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)

SRV - [2007/05/17 14:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)

========== Driver Services (SafeList) ==========

DRV - [2011/03/16 13:44:17 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2011/01/10 15:23:53 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2010/12/16 12:14:01 | 000,195,424 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)

DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2010/06/17 15:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2010/01/29 02:04:28 | 002,074,480 | ---- | M] (Microsoft Corporation

) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VX6000Xp.sys -- (VX6000)

DRV - [2009/03/24 02:25:00 | 000,966,912 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2860.sys -- (RT80x86)

DRV - [2008/12/10 10:56:18 | 000,187,392 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)

DRV - [2008/08/07 15:42:36 | 000,016,512 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RAPIProtocol.sys -- (RAPIProtocol)

DRV - [2008/06/17 16:49:22 | 004,756,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2006/11/02 08:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2660266228-3332220392-942532097-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.charter.net/

IE - HKU\S-1-5-21-2660266228-3332220392-942532097-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: MapShare-status@tomtom.com:1.7

FF - prefs.js..extensions.enabledItems: baseTheme@tomtom.com:1.0.2

[2011/02/26 10:01:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Larry\Application Data\Mozilla\Extensions

[2011/02/26 10:01:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Larry\Application Data\Mozilla\Extensions\home2@tomtom.com

[2011/02/26 10:03:49 | 000,000,000 | ---D | M] (Map status indicator) -- C:\PROGRAM FILES\TOMTOM HOME 2\XUL\EXTENSIONS\MAPSHARE-STATUS@TOMTOM.COM

O1 HOSTS File: ([2008/08/21 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\S-1-5-21-2660266228-3332220392-942532097-1004\..\Toolbar\WebBrowser: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.

O3 - HKU\S-1-5-21-2660266228-3332220392-942532097-1004\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O3 - HKU\S-1-5-21-2660266228-3332220392-942532097-1004\..\Toolbar\WebBrowser: (no name) - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No CLSID value found.

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)

O4 - HKU\S-1-5-21-2660266228-3332220392-942532097-1004..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)

O4 - HKU\S-1-5-21-2660266228-3332220392-942532097-1004..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-2660266228-3332220392-942532097-1004\Software\Policies\Microsoft\Internet Explorer\control panel present

O7 - HKU\S-1-5-21-2660266228-3332220392-942532097-1004\Software\Policies\Microsoft\Internet Explorer\restrictions present

O7 - HKU\S-1-5-21-2660266228-3332220392-942532097-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O15 - HKU\S-1-5-21-2660266228-3332220392-942532097-1004\..Trusted Domains: localhost ([]* in Local intranet)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010/08/10 08:55:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{1b812318-3f8e-11e0-bf13-001b784fb7cb}\Shell\AutoRun\command - "" = E:\InstallTomTomHOME.exe

O33 - MountPoints2\{e489361c-ff54-11df-ba22-000d096226d9}\Shell\AutoRun\command - "" = setupSNK.exe

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/11 10:01:41 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Larry\Desktop\OTL.exe

[2011/04/09 20:05:33 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Larry\Recent

[2011/04/09 09:31:47 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2011/04/09 09:31:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Larry\Start Menu\Programs\HiJackThis

[2011/04/08 23:06:38 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC

[2011/04/08 12:24:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe

[2011/04/07 21:46:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Larry\Application Data\B967B65CD94C23DB6C23F14546166AC9

[2011/04/02 00:50:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Carbonite

[2011/03/31 16:02:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Larry\Application Data\ElevatedDiagnostics

[2011/03/31 16:00:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell

[2011/03/27 10:33:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Registry Patrol

[2011/03/25 13:00:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Larry\Local Settings\Application Data\PackageAware

[2011/03/21 23:06:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes

[2011/03/21 23:05:40 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2011/03/21 23:05:37 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/11 10:01:44 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Larry\Desktop\OTL.exe

[2011/04/11 09:55:32 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{8B8C8C92-2F64-470D-88ED-20EE1683545D}.job

[2011/04/10 22:26:32 | 000,432,686 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011/04/10 22:26:32 | 000,067,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2011/04/10 22:22:38 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/04/10 22:22:06 | 000,000,310 | -HS- | M] () -- C:\WINDOWS\tasks\zkrz.job

[2011/04/10 22:22:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/04/09 19:24:09 | 000,181,040 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2011/04/09 16:50:11 | 000,012,866 | -HS- | M] () -- C:\Documents and Settings\Larry\Local Settings\Application Data\x757a8xms21ga4n4x4pu18w54vh6aohpyrq

[2011/04/09 16:50:11 | 000,012,866 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\x757a8xms21ga4n4x4pu18w54vh6aohpyrq

[2011/04/09 09:31:56 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\Larry\Desktop\HiJackThis.lnk

[2011/04/08 20:34:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2011/04/08 00:57:15 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011/04/07 11:06:54 | 000,011,634 | ---- | M] () -- C:\Documents and Settings\Larry\My Documents\Medco #10 envelope.odt

[2011/04/01 09:34:45 | 001,182,173 | ---- | M] () -- C:\Documents and Settings\Larry\My Documents\2007 GMC Canyon for Sale in Center Line, Michigan for $0_00.mht

[2011/03/31 15:05:56 | 000,001,400 | ---- | M] () -- C:\WINDOWS\Brpfx04a.ini

[2011/03/18 13:02:46 | 000,001,736 | ---- | M] () -- C:\Documents and Settings\Larry\Application Data\Microsoft\Internet Explorer\Quick Launch\IncrediMail 2.0.lnk

[2011/03/16 13:44:17 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys

[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/09 09:31:47 | 000,002,447 | ---- | C] () -- C:\Documents and Settings\Larry\Desktop\HiJackThis.lnk

[2011/04/08 20:38:28 | 000,012,866 | -HS- | C] () -- C:\Documents and Settings\Larry\Local Settings\Application Data\x757a8xms21ga4n4x4pu18w54vh6aohpyrq

[2011/04/08 20:38:28 | 000,012,866 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\x757a8xms21ga4n4x4pu18w54vh6aohpyrq

[2011/04/07 21:12:01 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011/04/07 20:02:35 | 000,000,310 | -HS- | C] () -- C:\WINDOWS\tasks\zkrz.job

[2011/04/01 09:34:43 | 001,182,173 | ---- | C] () -- C:\Documents and Settings\Larry\My Documents\2007 GMC Canyon for Sale in Center Line, Michigan for $0_00.mht

[2011/02/15 20:05:46 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Larry\Local Settings\Application Data\housecall.guid.cache

[2011/01/26 12:07:28 | 000,000,084 | ---- | C] () -- C:\WINDOWS\opt_2460.ini

[2011/01/26 12:07:28 | 000,000,051 | ---- | C] () -- C:\WINDOWS\brmx2001.ini

[2011/01/21 21:53:00 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat

[2010/12/29 16:44:41 | 000,950,384 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2010/12/18 14:15:38 | 000,000,020 | ---- | C] () -- C:\WINDOWS\popcinfot.dat

[2010/12/18 14:15:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat

[2010/12/11 12:05:49 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2010/12/09 23:10:16 | 000,013,650 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat

[2010/12/06 14:42:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Brownie.ini

[2010/12/04 23:31:57 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Larry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/12/04 23:08:38 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini

[2010/12/04 23:07:20 | 000,001,400 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini

[2010/12/04 23:07:20 | 000,000,462 | ---- | C] () -- C:\WINDOWS\brwmark.ini

[2010/12/04 23:07:20 | 000,000,152 | ---- | C] () -- C:\WINDOWS\brpcfx.ini

[2010/12/04 23:07:20 | 000,000,079 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI

[2010/12/04 23:07:20 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF04A.dat

[2010/12/04 15:57:51 | 000,015,497 | ---- | C] () -- C:\WINDOWS\VX6KStd.ini

[2010/12/04 15:49:59 | 000,000,120 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI

[2010/12/02 20:06:23 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2010/12/02 19:32:11 | 000,451,072 | ---- | C] () -- C:\WINDOWS\System32\ISSRemoveSP.exe

[2010/08/27 02:11:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2010/08/12 14:03:29 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe

[2010/08/12 14:03:05 | 000,001,996 | ---- | C] () -- C:\WINDOWS\System32\drivers\HDACfg.dat

[2010/08/12 13:59:03 | 001,481,884 | ---- | C] () -- C:\WINDOWS\System32\igkrng400.bin

[2010/08/12 13:59:03 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v5016.dll

[2010/08/10 08:57:19 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2010/08/10 08:53:43 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2010/08/10 08:42:37 | 000,432,686 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2010/08/10 08:42:37 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2010/08/10 08:42:37 | 000,067,516 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2010/08/10 08:42:37 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2010/08/10 08:42:37 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2010/08/10 08:42:36 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2010/08/10 08:42:36 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2010/08/10 08:42:36 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2010/08/10 08:42:36 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2010/08/10 08:42:36 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2010/08/10 08:42:31 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2010/08/10 08:42:31 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin

[2010/08/10 01:49:22 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2010/08/10 01:48:41 | 000,181,040 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2009/08/31 14:00:22 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\WBCustomizer.dll

[2009/08/31 14:00:21 | 000,185,344 | ---- | C] () -- C:\WINDOWS\System32\MemWarp.dll

[2009/01/05 16:44:10 | 000,053,248 | ---- | C] () -- C:\WINDOWS\bdoscandel.exe

[2009/01/05 16:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini

========== LOP Check ==========

[2010/08/13 10:45:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ESET

[2010/12/13 16:40:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Carbonite

[2010/08/13 10:45:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET

[2011/01/16 13:22:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure

[2010/12/04 15:35:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM

[2010/12/04 15:33:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail

[2010/12/16 12:14:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Medtronic

[2010/12/18 14:22:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games

[2010/12/09 23:10:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ralink Driver

[2011/02/21 12:03:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!

[2011/02/26 10:02:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom

[2010/12/14 00:44:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2010/08/13 10:45:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\ESET

[2011/04/07 22:08:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\B967B65CD94C23DB6C23F14546166AC9

[2011/03/31 16:02:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\ElevatedDiagnostics

[2010/08/13 10:45:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\ESET

[2011/02/11 11:50:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\f-secure

[2010/12/15 11:17:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\Millennia

[2010/12/13 12:09:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\OpenOffice.org

[2011/02/28 10:55:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\Sammsoft

[2011/02/26 10:01:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\TomTom

[2011/04/08 20:34:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

[2011/04/11 09:55:32 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{8B8C8C92-2F64-470D-88ED-20EE1683545D}.job

[2011/04/10 22:22:06 | 000,000,310 | -HS- | M] () -- C:\WINDOWS\Tasks\zkrz.job

========== Purity Check ==========

< End of report >

OTL Extras logfile created on: 4/11/2011 10:02:47 AM - Run 1

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Larry\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 74.00% Memory free

3.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.53 Gb Total Space | 62.57 Gb Free Space | 83.95% Space Free | Partition Type: NTFS

Computer Name: VMACHINE | User Name: Larry | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 1

"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 1

"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1542:TCP" = 1542:TCP:*:Enabled:Realtek WPS TCP Prot

"1542:UDP" = 1542:UDP:*:Enabled:Realtek WPS UDP Prot

"53:UDP" = 53:UDP:*:Enabled:Realtek AP UDP Prot

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe" = C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe:*:Enabled:RtWlan

"C:\Program Files\IncrediMail\Bin\IncMail.exe" = C:\Program Files\IncrediMail\Bin\IncMail.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)

"C:\Program Files\IncrediMail\Bin\ImApp.exe" = C:\Program Files\IncrediMail\Bin\ImApp.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)

"C:\Program Files\IncrediMail\Bin\ImpCnt.exe" = C:\Program Files\IncrediMail\Bin\ImpCnt.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)

"C:\Program Files\Microsoft LifeCam\LifeCam.exe" = C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)

"C:\Program Files\Microsoft LifeCam\LifeExp.exe" = C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)

"C:\Legacy\FamilySearch\LegacyFS.exe" = C:\Legacy\FamilySearch\LegacyFS.exe:*:Enabled:LegacyFS

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)

"{18DB3375-0649-4EA3-959A-44F1ACD278BA}" = IncrediMail

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java 6 Update 23

"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes

"{2C4E2E4E-A7C9-4CCB-BF03-FE6EBD5D4AB7}" = Windows Mobile Device Updater Component

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2

"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)

"{63AFACBC-4795-4A1B-8037-5085DC03FC54}" = Microsoft LifeCam

"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)

"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)

"{7006ED29-58F2-40C3-AE87-039287AD20B6}" = Zune

"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules

"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT2860 Wireless LAN Card

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)

"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)

"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)

"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D94A8E22-DF2B-4107-9E51-608A60A7671D}" = Personal Ancestral File 5

"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime

"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype

Link to post
Share on other sites

Please do this:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-2660266228-3332220392-942532097-1004\..\Toolbar\WebBrowser: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
    O3 - HKU\S-1-5-21-2660266228-3332220392-942532097-1004\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O3 - HKU\S-1-5-21-2660266228-3332220392-942532097-1004\..\Toolbar\WebBrowser: (no name) - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No CLSID value found.
    [2011/04/09 16:50:11 | 000,012,866 | -HS- | M] () -- C:\Documents and Settings\Larry\Local Settings\Application Data\x757a8xms21ga4n4x4pu18w54vh6aohpyrq
    [2011/04/09 16:50:11 | 000,012,866 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\x757a8xms21ga4n4x4pu18w54vh6aohpyrq
    :Commands
    [emptytemp]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

MrC

Link to post
Share on other sites

Hello again See the otl (new) scan log below. Thanks

All processes killed

========== OTL ==========

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9D425283-D487-4337-BAB6-AB8354A81457} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_USERS\S-1-5-21-2660266228-3332220392-942532097-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{9D425283-D487-4337-BAB6-AB8354A81457} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.

Registry value HKEY_USERS\S-1-5-21-2660266228-3332220392-942532097-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

Registry value HKEY_USERS\S-1-5-21-2660266228-3332220392-942532097-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F0F8ECBE-D460-4B34-B007-56A92E8F84A7} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0F8ECBE-D460-4B34-B007-56A92E8F84A7}\ not found.

C:\Documents and Settings\Larry\Local Settings\Application Data\x757a8xms21ga4n4x4pu18w54vh6aohpyrq moved successfully.

C:\Documents and Settings\All Users\Application Data\x757a8xms21ga4n4x4pu18w54vh6aohpyrq moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 16384 bytes

->Temporary Internet Files folder emptied: 32768 bytes

User: All Users

User: Default User

->Temp folder emptied: 16384 bytes

->Temporary Internet Files folder emptied: 32768 bytes

User: Larry

->Temp folder emptied: 15704614 bytes

->Temporary Internet Files folder emptied: 64625911 bytes

->Java cache emptied: 0 bytes

->Flash cache emptied: 5491 bytes

User: LocalService

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 656040 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 587281 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 1847498 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 16384 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 80.00 mb

OTL by OldTimer - Version 3.2.22.3 log created on 04112011_112159

Files\Folders moved on Reboot...

C:\Documents and Settings\Larry\Local Settings\Temporary Internet Files\Content.IE5\HRN1M9EN\index[3].htm moved successfully.

C:\Documents and Settings\Larry\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

C:\Documents and Settings\Larry\Local Settings\Temporary Internet Files\SuggestedSites.dat moved successfully.

Registry entries deleted on Reboot...

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6333

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

4/11/2011 11:39:43 AM

mbam-log-2011-04-11 (11-39-43).txt

Scan type: Quick scan

Objects scanned: 156833

Time elapsed: 2 minute(s), 28 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Before I done this last scan I checked quarnntine in Mbam and found 20 trogen viruses. I though I deleted those yesterday or saturday. Ideas?

Link to post
Share on other sites

seems alright but check out the following.

My internet is connected all the time, and this antivirus catches most of them. Why am i getting so many of these things??

Larry

Avira AntiVir Personal

Report file date: Monday, April 11, 2011 12:00

Scanning for 2539327 virus strains and unwanted programs.

The program is running as an unrestricted full version.

Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus

Serial number : 0000149996-ADJIE-0000001

Platform : Windows XP

Windows version : (Service Pack 3) [5.1.2600]

Boot mode : Normally booted

Username : SYSTEM

Computer name : VMACHINE

Version information:

BUILD.DAT : 10.0.0.635 31822 Bytes 3/7/2011 12:15:00

AVSCAN.EXE : 10.0.3.5 435368 Bytes 1/10/2011 22:23:31

AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 20:57:04

LUKE.DLL : 10.0.3.2 104296 Bytes 1/10/2011 22:23:40

LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 07:40:49

VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 17:05:36

VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 22:23:50

VBASE002.VDF : 7.11.3.0 1950720 Bytes 2/9/2011 18:13:53

VBASE003.VDF : 7.11.5.225 1980416 Bytes 4/7/2011 19:44:05

VBASE004.VDF : 7.11.5.226 2048 Bytes 4/7/2011 19:44:05

VBASE005.VDF : 7.11.5.227 2048 Bytes 4/7/2011 19:44:06

VBASE006.VDF : 7.11.5.228 2048 Bytes 4/7/2011 19:44:06

VBASE007.VDF : 7.11.5.229 2048 Bytes 4/7/2011 19:44:07

VBASE008.VDF : 7.11.5.230 2048 Bytes 4/7/2011 19:44:07

VBASE009.VDF : 7.11.5.231 2048 Bytes 4/7/2011 19:44:07

VBASE010.VDF : 7.11.5.232 2048 Bytes 4/7/2011 19:44:07

VBASE011.VDF : 7.11.5.233 2048 Bytes 4/7/2011 19:44:08

VBASE012.VDF : 7.11.5.234 2048 Bytes 4/7/2011 19:44:08

VBASE013.VDF : 7.11.5.235 2048 Bytes 4/7/2011 19:44:08

VBASE014.VDF : 7.11.5.236 2048 Bytes 4/7/2011 19:44:09

VBASE015.VDF : 7.11.5.237 2048 Bytes 4/7/2011 19:44:10

VBASE016.VDF : 7.11.5.238 2048 Bytes 4/7/2011 19:44:10

VBASE017.VDF : 7.11.5.239 2048 Bytes 4/7/2011 19:44:11

VBASE018.VDF : 7.11.5.240 2048 Bytes 4/7/2011 19:44:11

VBASE019.VDF : 7.11.5.241 2048 Bytes 4/7/2011 19:44:12

VBASE020.VDF : 7.11.5.242 2048 Bytes 4/7/2011 19:44:12

VBASE021.VDF : 7.11.5.243 2048 Bytes 4/7/2011 19:44:12

VBASE022.VDF : 7.11.5.244 2048 Bytes 4/7/2011 19:44:12

VBASE023.VDF : 7.11.5.245 2048 Bytes 4/7/2011 19:44:12

VBASE024.VDF : 7.11.5.246 2048 Bytes 4/7/2011 19:44:13

VBASE025.VDF : 7.11.5.247 2048 Bytes 4/7/2011 19:44:13

VBASE026.VDF : 7.11.5.248 2048 Bytes 4/7/2011 19:44:13

VBASE027.VDF : 7.11.5.249 2048 Bytes 4/7/2011 19:44:14

VBASE028.VDF : 7.11.5.250 2048 Bytes 4/7/2011 19:44:16

VBASE029.VDF : 7.11.5.251 2048 Bytes 4/7/2011 19:44:17

VBASE030.VDF : 7.11.5.252 2048 Bytes 4/7/2011 19:44:18

VBASE031.VDF : 7.11.6.20 119296 Bytes 4/10/2011 02:24:23

Engineversion : 8.2.4.206

AEVDF.DLL : 8.1.2.1 106868 Bytes 1/10/2011 22:23:26

AESCRIPT.DLL : 8.1.3.58 1266042 Bytes 4/4/2011 19:47:31

AESCN.DLL : 8.1.7.2 127349 Bytes 1/10/2011 22:23:26

AESBX.DLL : 8.1.3.2 254324 Bytes 1/10/2011 22:23:26

AERDL.DLL : 8.1.9.9 639347 Bytes 3/26/2011 17:23:12

AEPACK.DLL : 8.2.6.0 549237 Bytes 4/9/2011 02:23:35

AEOFFICE.DLL : 8.1.1.20 205177 Bytes 4/4/2011 19:45:50

AEHEUR.DLL : 8.1.2.97 3428726 Bytes 4/9/2011 02:23:25

AEHELP.DLL : 8.1.16.1 246134 Bytes 2/28/2011 18:14:14

AEGEN.DLL : 8.1.5.4 397684 Bytes 4/4/2011 19:42:28

AEEMU.DLL : 8.1.3.0 393589 Bytes 1/10/2011 22:23:18

AECORE.DLL : 8.1.20.2 196982 Bytes 4/9/2011 02:21:12

AEBB.DLL : 8.1.1.0 53618 Bytes 1/10/2011 22:23:18

AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/10/2011 22:23:32

AVPREF.DLL : 10.0.0.0 44904 Bytes 1/10/2011 22:23:30

AVREP.DLL : 10.0.0.8 62209 Bytes 6/17/2010 22:27:13

AVREG.DLL : 10.0.3.2 53096 Bytes 1/10/2011 22:23:31

AVSCPLR.DLL : 10.0.3.2 84328 Bytes 1/10/2011 22:23:31

AVARKT.DLL : 10.0.22.6 231784 Bytes 1/10/2011 22:23:27

AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/10/2011 22:23:28

SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 22:27:22

AVSMTP.DLL : 10.0.0.17 63848 Bytes 1/10/2011 22:23:31

NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 22:27:21

RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 21:10:20

RCTEXT.DLL : 10.0.58.0 97128 Bytes 1/10/2011 22:23:52

Configuration settings for the scan:

Jobname.............................: Local Hard Disks

Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\alldiscs.avp

Logging.............................: low

Primary action......................: interactive

Secondary action....................: ignore

Scan master boot sector.............: on

Scan boot sector....................: on

Boot sectors........................: C:,

Process scan........................: on

Scan registry.......................: on

Search for rootkits.................: off

Integrity checking of system files..: off

Scan all files......................: Intelligent file selection

Scan archives.......................: on

Recursion depth.....................: 20

Smart extensions....................: on

Macro heuristic.....................: on

File heuristic......................: medium

Start of the scan: Monday, April 11, 2011 12:00

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'iexplore.exe' - '1' Module(s) have been scanned

Scan process 'iexplore.exe' - '1' Module(s) have been scanned

Scan process 'iexplore.exe' - '1' Module(s) have been scanned

Scan process 'ImApp.exe' - '1' Module(s) have been scanned

Scan process 'IncMail.exe' - '1' Module(s) have been scanned

Scan process 'ctfmon.exe' - '1' Module(s) have been scanned

Scan process 'DesktopWeather.exe' - '1' Module(s) have been scanned

Scan process 'CarboniteUI.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'alg.exe' - '1' Module(s) have been scanned

Scan process 'ZuneBusEnum.exe' - '1' Module(s) have been scanned

Scan process 'TomTomHOMEService.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'MSCamS32.exe' - '1' Module(s) have been scanned

Scan process 'mdm.exe' - '1' Module(s) have been scanned

Scan process 'avshadow.exe' - '1' Module(s) have been scanned

Scan process 'jqs.exe' - '1' Module(s) have been scanned

Scan process 'carboniteservice.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'Explorer.EXE' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'rundll32.exe' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'brss01a.exe' - '1' Module(s) have been scanned

Scan process 'brsvc01a.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Starting to scan executable files (registry).

The registry was scanned ( '1000' files ).

Starting the file scan:

Begin scan in 'C:\'

C:\System Volume Information\_restore{AEE1C417-7BC3-4239-AD37-D233982E5FB2}\RP14\A0000865.exe

[DETECTION] Is the TR/Trash.Gen Trojan

C:\System Volume Information\_restore{AEE1C417-7BC3-4239-AD37-D233982E5FB2}\RP14\A0000866.exe

[DETECTION] Is the TR/Trash.Gen Trojan

Beginning disinfection:

C:\System Volume Information\_restore{AEE1C417-7BC3-4239-AD37-D233982E5FB2}\RP14\A0000866.exe

[DETECTION] Is the TR/Trash.Gen Trojan

[NOTE] The file could not be copied to quarantine!

[NOTE] The file does not exist!

C:\System Volume Information\_restore{AEE1C417-7BC3-4239-AD37-D233982E5FB2}\RP14\A0000865.exe

[DETECTION] Is the TR/Trash.Gen Trojan

[NOTE] The file could not be copied to quarantine!

[NOTE] The file does not exist!

End of the scan: Monday, April 11, 2011 13:45

Used time: 30:13 Minute(s)

The scan has been done completely.

6634 Scanned directories

289025 Files were scanned

2 Viruses and/or unwanted programs were found

0 Files were classified as suspicious

0 files were deleted

0 Viruses and unwanted programs were repaired

0 Files were moved to quarantine

0 Files were renamed

0 Files cannot be scanned

289023 Files not concerned

13634 Archives were scanned

0 Warnings

0 Notes

Link to post
Share on other sites

Like your profile Pic. Is that a beagle? I'm a huge dog lover. I will try to post a pic of my old friend.

Nice dog!

That's just a generic picture of a dog, here's my friends:

http://img.photobucket.com/albums/v257/MrChalee/IMG_0053.jpg

------------------------

Your scan is OK, it just found 2 items in system restore.

You're OK.

--------------------------------------

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any questions...please post back.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.