Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't update Mbam.exe


  • Please log in to reply
3 replies to this topic

#1 cyndiivy

cyndiivy

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Texas
  • Local time:07:26 AM

Posted 12 November 2009 - 07:56 PM

I have Mbam.exe. I also have spyware / adware. I am not able to log on to malwarebytes.org (page will not load). Also, when I use the update tab in Mbam I only get an error message - error code 732 (0,0). One of the programs running is Advanced Virus Remover. Other problems include Outlook Express will not open, all Microsoft office Icons are gone, they are identified and will open with the exception of OE.

We have run AVG on it's normal pattern, mbam in the version I currently have (stupidly tried to reinstall it so the update I have is 09/10/09 rather than the 11/05/09 update I did have). It does not locate anything and is taking an extremely long time to run (hours). My husband also ran Super anti-spyware and Spybot while I was at work - both claimed to find things; however, I was not here to see them and have not pasted their logs.

I am most interested in finding a way to update mbam as it has been so reliable for me in the past.

Thanks for any help!

Edit: Moved topic from XP to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:26 AM

Posted 12 November 2009 - 09:50 PM

Hello we have a few things to do here.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.


If Teatimer is runniing in Spy bot we need to stop it.
TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.
  • Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  • If prompted with a legal dialog, accept the warning.
  • Click Posted Image and then on "Advanced Mode"
    Posted Image
  • You may be presented with a warning dialog. If so, press Posted Image
  • Click on Posted Image
  • Click on Posted Image
  • Uncheck this checkbox:
    Posted Image
  • Close/Exit Spybot Search and Destroy

Next on MBAM. We'll try to run it again.
1. Uninstall Malwarebytes' Anti-Malware using Add/Remove programs in the control panel.
2. Restart your computer (very important).
3. Download and run this utility. Mbam clean
4. It will ask to restart your computer (please allow it to).
5. After the computer restarts, install the latest version from here. http://www.malwarebytes.org/mbam-download.php
Note: You will need to reactivate the program using the license you were sent.
Note: If using Free version, ignore the part about putting in your license key and activating.
Launch the program and set the Protection and Registration.
Then go to the UPDATE tab if not done during installation and check for updates.
Restart the computer again and verify that MBAM is in the task tray and run a Quick Scan and post that log.


Manually Downloading Updates:
Manually download them from HERE and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 cyndiivy

cyndiivy
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Texas
  • Local time:07:26 AM

Posted 15 November 2009 - 04:06 PM

Apologies for the delay. I now have no access to the internet and my Command Prompt is gone. Additionally, Microsoft Icons all look like the Windows 3.1 standard blue/white window Icons and Outlook will not open at all.

I have the following logs: Spybot, Super Anti-Spyware and Mbam.

Spybot:
--- Search result list ---
Win32.Agent.chh: [SBI $A87D46EB] Web page (File, fixed)
C:\WINDOWS\system32\critical_warning.html
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Win32.Agent.chh: [SBI $3A38ED6A] User settings (Registry key, fixed)
HKEY_USERS\.DEFAULT\Software\AVR

Win32.Agent.chh: [SBI $3A38ED6A] User settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-2052111302-562591055-839522115-1004\Software\AVR

Win32.Agent.chh: [SBI $3A38ED6A] User settings (Registry key, fixed)
HKEY_USERS\S-1-5-18\Software\AVR

Win32.Agent.chh: [SBI $1ABA95A4] User settings (Registry change, fixed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper

Win32.Agent.chh: [SBI $1ABA95A4] User settings (Registry change, fixed)
HKEY_USERS\S-1-5-21-2052111302-562591055-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper

Win32.Agent.chh: [SBI $1ABA95A4] User settings (Registry change, fixed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper

Win32.Agent.chh: [SBI $E2C9F63A] User settings (Registry change, fixed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr

Win32.Agent.chh: [SBI $E2C9F63A] User settings (Registry change, fixed)
HKEY_USERS\S-1-5-21-2052111302-562591055-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr

Win32.Agent.chh: [SBI $E2C9F63A] User settings (Registry change, fixed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr

Win32.Agent.chh: [SBI $B62A234E] User settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\NoChangingWallpaper

Win32.Agent.chh: [SBI $D9574D89] User settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoActiveDesktopChanges

Win32.Agent.chh: [SBI $4024E68A] User settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoSetActiveDesktop

Win32.Agent.chh: [SBI $4F63ED37] User settings (Registry change, fixed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges

Win32.Agent.chh: [SBI $4F63ED37] User settings (Registry change, fixed)
HKEY_USERS\S-1-5-21-2052111302-562591055-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges

Win32.Agent.chh: [SBI $4F63ED37] User settings (Registry change, fixed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges

Win32.Agent.chh: [SBI $718DBD32] User settings (Registry change, fixed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop

Win32.Agent.chh: [SBI $718DBD32] User settings (Registry change, fixed)
HKEY_USERS\S-1-5-21-2052111302-562591055-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop

Win32.Agent.chh: [SBI $718DBD32] User settings (Registry change, fixed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop

Win32.Agent.chh: [SBI $EC4787FA] Settings (Registry value, fixed)
HKEY_USERS\S-1-5-21-2052111302-562591055-839522115-1004\Software\8636065b-fef0-4255-b14f-54639f7900a4

Win32.Agent.chh: [SBI $DC50EBD1] Executable (File, fixed)
C:\Program Files\AdvancedVirusRemover\AVR.exe
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Win32.Agent.chh: [SBI $E9C43F27] Program directory (Directory, fixed)
C:\Program Files\AdvancedVirusRemover\

Win32.Agent.chh: [SBI $F39C0E70] Link (File, fixed)
C:\Documents and Settings\DenCyn\Desktop\Advanced Virus Remover.lnk
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Win32.Agent.chh: [SBI $AED7F7CF] Link (File, fixed)
C:\Documents and Settings\DenCyn\Start Menu\Advanced Virus Remover.lnk
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Win32.Agent.ieu: [SBI $625EE580] Executable (File, fixed)
C:\Documents and Settings\DenCyn\Local Settings\Temp\b.exe
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

DNSFlush.cws: [SBI $893785D8] Autorun settings (TurboNet) (Registry value, fixed)
HKEY_USERS\S-1-5-21-2052111302-562591055-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\TurboNet

DNSFlush.cws: [SBI $893785D8] Program file (File, fixed)
C:\DOCUME~1\DenCyn\LOCALS~1\Temp\b.exe
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

DNSFlush.cws: [SBI $893785D8] Autorun settings (MailBlocker) (Registry value, fixed)
HKEY_USERS\S-1-5-21-2052111302-562591055-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MailBlocker

DNSFlush.cws: [SBI $893785D8] Program file (File, fixed)
C:\DOCUME~1\DenCyn\LOCALS~1\Temp\g.exe
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Win32.Agent.atta: [SBI $4126A8D8] Text file (File, fixed)
C:\WINDOWS\system32\Install.txt
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Win32.Delf.uc: [SBI $88B8013A] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\??\C:\WINDOWS\system32\winlogon.exe

Win32.Delf.uc: [SBI $60B5F410] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\??\C:\WINDOWS\system32\winlogon.exe

Excite: Tracking cookie (Internet Explorer: DenCyn) (Cookie, fixed)


Statcounter: Tracking cookie (Internet Explorer: DenCyn) (Cookie, fixed)


CasaleMedia: Tracking cookie (Internet Explorer: DenCyn) (Cookie, fixed)


Clickbank: Tracking cookie (Internet Explorer: DenCyn) (Cookie, fixed)



--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-08-05 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2009-10-08 Includes\Adware.sbi (*)
2009-11-10 Includes\AdwareC.sbi (*)
2009-01-22 Includes\Cookies.sbi (*)
2009-11-03 Includes\Dialer.sbi (*)
2009-10-13 Includes\DialerC.sbi (*)
2009-01-22 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2009-10-27 Includes\HijackersC.sbi (*)
2009-10-20 Includes\Keyloggers.sbi (*)
2009-10-20 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2009-11-10 Includes\Malware.sbi (*)
2009-11-10 Includes\MalwareC.sbi (*)
2009-03-25 Includes\PUPS.sbi (*)
2009-10-20 Includes\PUPSC.sbi (*)
2009-01-22 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2009-11-10 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2009-11-03 Includes\Spyware.sbi (*)
2009-11-10 Includes\SpywareC.sbi (*)
2009-06-08 Includes\Tracks.uti
2009-11-10 Includes\Trojans.sbi (*)
2009-11-10 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll



--- System information ---
Windows XP (Build: 2600) Service Pack 3 (5.1.2600)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Security Update (KB953297)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB954430)
/ Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs
/ Windows / SP1: Microsoft National Language Support Downlevel APIs
/ Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB929399)
/ Windows Media Player: Security Update for Windows Media Player (KB952069)
/ Windows Media Player: Security Update for Windows Media Player (KB954155)
/ Windows Media Player: Security Update for Windows Media Player (KB968816)
/ Windows Media Player: Security Update for Windows Media Player (KB973540)
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB911565)
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB917734)
/ Windows Media Player 11: Security Update for Windows Media Player 11 (KB936782)
/ Windows Media Player 11: Hotfix for Windows Media Player 11 (KB939683)
/ Windows Media Player 11: Security Update for Windows Media Player 11 (KB954154)
/ Windows Media Player 11: Critical Update for Windows Media Player 11 (KB959772)
/ Windows Media Player 6.4: Security Update for Windows Media Player 6.4 (KB925398)
/ Windows XP: Security Update for Windows XP (KB923689)
/ Windows XP: Security Update for Windows XP (KB941569)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB938127-v2)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB956390)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB961260)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB971961)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB972260)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB972260)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 8 (KB974455)
/ Windows XP / SP0: Update for Windows Internet Explorer 8 (KB976749)
/ Windows XP / SP10: Microsoft Compression Client Pack 1.0 for Windows XP
/ Windows XP / SP3: Windows XP Service Pack 3
/ Windows XP / SP4: Security Update for Windows XP (KB923561)
/ Windows XP / SP4: Security Update for Windows XP (KB938464)
/ Windows XP / SP4: Security Update for Windows XP (KB938464-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB946648)
/ Windows XP / SP4: Security Update for Windows XP (KB950759)
/ Windows XP / SP4: Security Update for Windows XP (KB950760)
/ Windows XP / SP4: Security Update for Windows XP (KB950762)
/ Windows XP / SP4: Security Update for Windows XP (KB950974)
/ Windows XP / SP4: Security Update for Windows XP (KB951066)
/ Windows XP / SP4: Update for Windows XP (KB951072-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB951376)
/ Windows XP / SP4: Security Update for Windows XP (KB951376-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB951698)
/ Windows XP / SP4: Security Update for Windows XP (KB951748)
/ Windows XP / SP4: Update for Windows XP (KB951978)
/ Windows XP / SP4: Security Update for Windows XP (KB952004)
/ Windows XP / SP4: Hotfix for Windows XP (KB952287)
/ Windows XP / SP4: Security Update for Windows XP (KB952954)
/ Windows XP / SP4: Security Update for Windows XP (KB954211)
/ Windows XP / SP4: Security Update for Windows XP (KB954459)
/ Windows XP / SP4: Hotfix for Windows XP (KB954550-v5)
/ Windows XP / SP4: Security Update for Windows XP (KB954600)
/ Windows XP / SP4: Security Update for Windows XP (KB955069)
/ Windows XP / SP4: Update for Windows XP (KB955839)
/ Windows XP / SP4: Security Update for Windows XP (KB956390)
/ Windows XP / SP4: Security Update for Windows XP (KB956391)
/ Windows XP / SP4: Security Update for Windows XP (KB956572)
/ Windows XP / SP4: Security Update for Windows XP (KB956744)
/ Windows XP / SP4: Security Update for Windows XP (KB956802)
/ Windows XP / SP4: Security Update for Windows XP (KB956803)
/ Windows XP / SP4: Security Update for Windows XP (KB956841)
/ Windows XP / SP4: Security Update for Windows XP (KB956844)
/ Windows XP / SP4: Security Update for Windows XP (KB957095)
/ Windows XP / SP4: Security Update for Windows XP (KB957097)
/ Windows XP / SP4: Security Update for Windows XP (KB958215)
/ Windows XP / SP4: Security Update for Windows XP (KB958644)
/ Windows XP / SP4: Security Update for Windows XP (KB958687)
/ Windows XP / SP4: Security Update for Windows XP (KB958869)
/ Windows XP / SP4: Security Update for Windows XP (KB959426)
/ Windows XP / SP4: Security Update for Windows XP (KB960225)
/ Windows XP / SP4: Security Update for Windows XP (KB960714)
/ Windows XP / SP4: Security Update for Windows XP (KB960803)
/ Windows XP / SP4: Security Update for Windows XP (KB960859)
/ Windows XP / SP4: Hotfix for Windows XP (KB961118)
/ Windows XP / SP4: Security Update for Windows XP (KB961371)
/ Windows XP / SP4: Security Update for Windows XP (KB961501)
/ Windows XP / SP4: Update for Windows XP (KB967715)
/ Windows XP / SP4: Update for Windows XP (KB968389)
/ Windows XP / SP4: Security Update for Windows XP (KB968537)
/ Windows XP / SP4: Security Update for Windows XP (KB969059)
/ Windows XP / SP4: Security Update for Windows XP (KB969947)
/ Windows XP / SP4: Security Update for Windows XP (KB970238)
/ Windows XP / SP4: Hotfix for Windows XP (KB970653-v3)
/ Windows XP / SP4: Security Update for Windows XP (KB971486)
/ Windows XP / SP4: Security Update for Windows XP (KB971557)
/ Windows XP / SP4: Security Update for Windows XP (KB971633)
/ Windows XP / SP4: Security Update for Windows XP (KB971657)
/ Windows XP / SP4: Security Update for Windows XP (KB973346)
/ Windows XP / SP4: Security Update for Windows XP (KB973354)
/ Windows XP / SP4: Security Update for Windows XP (KB973507)
/ Windows XP / SP4: Security Update for Windows XP (KB973525)
/ Windows XP / SP4: Update for Windows XP (KB973815)
/ Windows XP / SP4: Security Update for Windows XP (KB973869)
/ Windows XP / SP4: Security Update for Windows XP (KB974112)
/ Windows XP / SP4: Security Update for Windows XP (KB974571)
/ Windows XP / SP4: Security Update for Windows XP (KB975025)
/ Windows XP / SP4: Security Update for Windows XP (KB975467)


--- Startup entries list ---
Located: HK_LM:Run, AppleSyncNotifier
command: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
file: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
size: 177440
MD5: 633B66014DDEDA70C21CFD327BDC214A

Located: HK_LM:Run, ATIPTA
command: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
file: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
size: 360448
MD5: A7BB3E73327AE4690462CAFF7299F5B0

Located: HK_LM:Run, AVG8_TRAY
command: C:\PROGRA~1\AVG\AVG8\avgtray.exe
file: C:\PROGRA~1\AVG\AVG8\avgtray.exe
size: 2028312
MD5: 1ED19FC912613F7AA7EC822812DE9E0C

Located: HK_LM:Run, CaddieSyncLauncher
command: C:\Program Files\SkyGolf\SkyCaddie Desktop\CaddieSyncLauncher.exe
file: C:\Program Files\SkyGolf\SkyCaddie Desktop\CaddieSyncLauncher.exe
size: 91648
MD5: C6F4B9114AACD130CECBD65AE01FC593

Located: HK_LM:Run, ctfmon
command: RUNDLL32.EXE C:\WINDOWS\system32\fgjk4wvb.dll,w
file: C:\WINDOWS\system32\fgjk4wvb.dll
size: 65536
MD5: 45F00CC154BEAE673983E1F0EA3A32F8

Located: HK_LM:Run, Easy Dock
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files\iTunes\iTunesHelper.exe"
file: C:\Program Files\iTunes\iTunesHelper.exe
size: 141600
MD5: C418B204BED40A0979D203EBB1E9A32B

Located: HK_LM:Run, Malwarebytes Anti-Malware (reboot)
command: "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
file: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, QOELOADER
command: "C:\Program Files\Qurb\QSP-3.0.311.7\QOELoader.exe"
file: C:\Program Files\Qurb\QSP-3.0.311.7\QOELoader.exe
size: 26624
MD5: 295EB1E5B70D75068B69D110CAB28604

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 438272
MD5: F8FE880AB752F851FA02D53A036A122C

Located: HK_LM:Run, SoundMAXPnP
command: C:\Program Files\Analog Devices\Core\smax4pnp.exe
file: C:\Program Files\Analog Devices\Core\smax4pnp.exe
size: 1425408
MD5: 11CE52D63AF704D54AD0597000B3D83E

Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
file: C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
size: 144784
MD5: 836DC47E6CAD975304D1D3EB2F516A1C

Located: HK_LM:Run, TkBellExe
command: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
file: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 185784
MD5: 8A71139A5CD86AC55CF0E4383AB4AE33

Located: HK_LM:Run, winupdate86.exe
command: C:\WINDOWS\system32\winupdate86.exe
file: C:\WINDOWS\system32\winupdate86.exe
size: 49664
MD5: 9FD8B3A59C532E559F9EF12163BFA517

Located: HK_LM:RunOnce, Spybot - Search & Destroy
command: "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
file: C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89

Located: HK_LM:RunOnce, SpybotDeletingA782
command: command.com /c del "C:\DOCUME~1\DenCyn\LOCALS~1\Temp\b.exe"
file: command.com /c del "C:\DOCUME~1\DenCyn\LOCALS~1\Temp\b.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:RunOnce, SpybotDeletingA8816
command: command.com /c del "C:\WINDOWS\system32\critical_warning.html"
file: command.com /c del "C:\WINDOWS\system32\critical_warning.html"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:RunOnce, SpybotDeletingC4538
command: cmd.exe /c del "C:\WINDOWS\system32\critical_warning.html"
file: cmd.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:RunOnce, SpybotDeletingC6106
command: cmd.exe /c del "C:\DOCUME~1\DenCyn\LOCALS~1\Temp\b.exe"
file: cmd.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, TurboNet
where: .DEFAULT...
command: C:\WINDOWS\TEMP\b.exe
file: C:\WINDOWS\TEMP\b.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, Advanced Virus Remover
where: S-1-5-21-2052111302-562591055-839522115-1004...
command: C:\Program Files\AdvancedVirusRemover\AVR.exe
file: C:\Program Files\AdvancedVirusRemover\AVR.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, ccleaner
where: S-1-5-21-2052111302-562591055-839522115-1004...
command: "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
file: C:\Program Files\CCleaner\CCleaner.exe
size: 1578736
MD5: A8538F5EC6F0AC198F88A01F422787F9

Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-2052111302-562591055-839522115-1004...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 35328
MD5: 65B24A5A16061CCCD4B39E24BF7543E3

Located: HK_CU:Run, SUPERAntiSpyware
where: S-1-5-21-2052111302-562591055-839522115-1004...
command: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
file: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
size: 2001648
MD5: 7B39A679CDFF93E2EDC695F0174D4332

Located: HK_CU:RunOnce, SpybotDeletingB5910
where: S-1-5-21-2052111302-562591055-839522115-1004...
command: command.com /c del "C:\DOCUME~1\DenCyn\LOCALS~1\Temp\b.exe"
file: command.com /c del "C:\DOCUME~1\DenCyn\LOCALS~1\Temp\b.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:RunOnce, SpybotDeletingB6252
where: S-1-5-21-2052111302-562591055-839522115-1004...
command: command.com /c del "C:\WINDOWS\system32\critical_warning.html"
file: command.com /c del "C:\WINDOWS\system32\critical_warning.html"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:RunOnce, SpybotDeletingD32
where: S-1-5-21-2052111302-562591055-839522115-1004...
command: cmd.exe /c del "C:\DOCUME~1\DenCyn\LOCALS~1\Temp\b.exe"
file: cmd.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:RunOnce, SpybotDeletingD7658
where: S-1-5-21-2052111302-562591055-839522115-1004...
command: cmd.exe /c del "C:\WINDOWS\system32\critical_warning.html"
file: cmd.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, TurboNet
where: S-1-5-18...
command: C:\WINDOWS\TEMP\b.exe
file: C:\WINDOWS\TEMP\b.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: Startup (common), Kodak EasyShare software.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
file: C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: Startup (user), RCA Detective.lnk
where: C:\Documents and Settings\DenCyn\Start Menu\Programs\Startup...
command: C:\Documents and Settings\DenCyn\My Documents\RCA Detective\RCADetective.exe
file: C:\Documents and Settings\DenCyn\My Documents\RCA Detective\RCADetective.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: Startup (disabled), Adobe Reader Speed Launch (DISABLED)
command: C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE
file: C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, !SASWinLogon
command: C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
file: C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
size: 548352
MD5: 482E8F6FD557D5A0DF7363F72DF145FE

Located: WinLogon, avgrsstarter
command: avgrsstx.dll
file: avgrsstx.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, dimsntfy
command: %SystemRoot%\System32\dimsntfy.dll
file: %SystemRoot%\System32\dimsntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, khfFXrSm
command: khfFXrSm.dll
file: khfFXrSm.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!



--- Browser helper object list ---
{02478D38-C3F9-4efb-9B51-7695ECA05670} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:
description: Yahoo Companion!
classification: Legitimate
known filename: Ycomp*_*_*_*.dll
info link: http://companion.yahoo.com/
info source: TonyKlein



--- ActiveX list ---
{0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control)
DPF name:
CLSID name: Facebook Photo Uploader 5 Control
Installer: C:\WINDOWS\Downloaded Program Files\PhotoUploader5.inf
Codebase: http://upload.facebook.com/controls/2008.1...toUploader5.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: PhotoUploader5.ocx
Short name: PHOTOU~1.OCX
Date (created): 10/10/2008 3:44:58 PM
Date (last access): 11/13/2009 9:36:56 PM
Date (last write): 10/10/2008 3:44:58 PM
Filesize: 3536384
Attributes: archive
MD5: 3F703EC5DB5638C08008132A78430136
CRC32: AB0E6745
Version: 5.5.8.0

{166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control)
DPF name:
CLSID name: Shockwave ActiveX Control
Installer: C:\WINDOWS\Downloaded Program Files\erma.inf
Codebase: http://download.macromedia.com/pub/shockwa...director/sw.cab
description: Macromedia ShockWave Flash Player 7
classification: Legitimate
known filename: SWDIR.DLL
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\macromed\Director\
Long name: SwDir.dll
Short name:
Date (created): 5/6/2006 5:47:26 AM
Date (last access): 11/13/2009 9:13:32 PM
Date (last write): 9/3/2006 11:10:30 PM
Filesize: 54960
Attributes:
MD5: EB271B21EA6104B7C6946EF32D558C91
CRC32: CEC4E0C2
Version: 10.1.4.20

{193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control)
DPF name:
CLSID name: ewidoOnlineScan Control
Installer:
Codebase: http://download.ewido.net/ewidoOnlineScan.cab
description:
classification: Legitimate
known filename: EWIDOO~1.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\DOWNLO~1\
Long name: ewidoOnlineScan.dll
Short name: EWIDOO~1.DLL
Date (created): 1/3/2006 9:20:34 AM
Date (last access): 11/13/2009 9:36:50 PM
Date (last write): 1/3/2006 9:20:34 AM
Filesize: 327008
Attributes: archive
MD5: D40DBB08A55751B2A390813B0EA6955A
CRC32: 7D8648A3
Version: 1.0.0.1

{233C1507-6A77-46A4-9443-F871F945D258} (Shockwave ActiveX Control)
DPF name:
CLSID name: Shockwave ActiveX Control
Installer: C:\WINDOWS\Downloaded Program Files\erma.inf
Codebase: http://fpdownload.macromedia.com/pub/shock...director/sw.cab
description:
classification: Legitimate
known filename: SwDir.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\Macromed\Director\
Long name: SwDir.dll
Short name:
Date (created): 5/6/2006 5:47:26 AM
Date (last access): 11/14/2009 6:05:24 AM
Date (last write): 9/3/2006 11:10:30 PM
Filesize: 54960
Attributes:
MD5: EB271B21EA6104B7C6946EF32D558C91
CRC32: CEC4E0C2
Version: 10.1.4.20

{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine)
DPF name:
CLSID name: Office Update Installation Engine
Installer: C:\WINDOWS\Downloaded Program Files\opuc.inf
Codebase: http://office.microsoft.com/officeupdate/content/opuc3.cab
description:
classification: Legitimate
known filename: opuc.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\
Long name: opuc.dll
Short name:
Date (created): 11/17/2005 11:12:26 PM
Date (last access): 11/14/2009 5:14:28 AM
Date (last write): 11/17/2005 11:12:26 PM
Filesize: 533504
Attributes: archive
MD5: 24F3058766D5FC3FD0F37F6D6EE6FE9B
CRC32: F1FAEDE3
Version: 12.0.3208.1014

{48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control)
DPF name:
CLSID name: MySpace Uploader Control
Installer: C:\WINDOWS\Downloaded Program Files\MySpaceUploader.inf
Codebase: http://lads.myspace.com/upload/MySpaceUploader1006.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: MySpaceUploader.ocx
Short name: MYSPAC~1.OCX
Date (created): 2/1/2008 2:17:04 AM
Date (last access): 11/13/2009 9:36:56 PM
Date (last write): 2/1/2008 2:17:04 AM
Filesize: 2637440
Attributes: archive
MD5: 2245B3CAE09AF148D983F88F62153628
CRC32: A47295FA
Version: 1.0.0.6

{6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
DPF name:
CLSID name: WUWebControl Class
Installer: C:\WINDOWS\Downloaded Program Files\wuweb.inf
Codebase: http://update.microsoft.com/windowsupdate/...b?1143344059968
description:
classification: Legitimate
known filename: wuweb.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: wuweb.dll
Short name:
Date (created): 3/25/2006 8:54:36 PM
Date (last access): 11/14/2009 5:14:24 AM
Date (last write): 8/6/2009 6:24:18 PM
Filesize: 209632
Attributes: archive
MD5: 033AF4CE25B6D871F0DE2C982658E049
CRC32: 2C204902
Version: 7.4.7600.226

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_05
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre1.6.0_05\bin\
Long name: npjpi160_05.dll
Short name: NPJPI1~1.DLL
Date (created): 2/22/2008 1:33:32 AM
Date (last access): 11/14/2009 1:56:02 AM
Date (last write): 2/22/2008 3:25:20 AM
Filesize: 132496
Attributes: archive
MD5: 4FDFB86D78994BD71CBB779A7809E9CD
CRC32: 5A0EB880
Version: 6.0.50.13

{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\erma.inf
Codebase: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab
description:
classification: Open for discussion
known filename:
info link:
info source: Safer Networking Ltd.

{AE6C4705-0F11-4ACB-BDD4-37F138BEF289} (Image Uploader Control)
DPF name:
CLSID name: Image Uploader Control
Installer: C:\WINDOWS\Downloaded Program Files\LPUploader45.inf
Codebase: http://www.hebphoto.com/net/Uploader/LPUploader45.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: LPUploader45.ocx
Short name: LPUPLO~1.OCX
Date (created): 6/14/2007 5:19:16 PM
Date (last access): 11/13/2009 9:36:56 PM
Date (last write): 6/14/2007 5:19:16 PM
Filesize: 2639600
Attributes: archive
MD5: 5BBC370F374C0B72EB3414375A2EF4D4
CRC32: D345AA26
Version: 4.5.10.0

{B0C45AFD-2802-4285-BE1F-714C50FEE6D9} (HprmfPCFileCtrl1 Class)
DPF name:
CLSID name: HprmfPCFileCtrl1 Class
Installer: C:\WINDOWS\Downloaded Program Files\hprmfpcfc.inf
Codebase: file://E:\ALBUMS\ALBUM_A\PLUGIN\HPRMFFC.CAB
Path: C:\WINDOWS\Downloaded Program Files\
Long name: hprmfpcfc2.dll
Short name: HPRMFP~1.DLL
Date (created): 6/27/2006 11:34:38 AM
Date (last access): 11/13/2009 9:36:50 PM
Date (last write): 6/27/2006 11:34:38 AM
Filesize: 57344
Attributes: archive
MD5: D5E08BDCF08EB715F6298FA0B182205A
CRC32: CD04B604
Version: 2.0.588.1728

{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_05
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab
Path: C:\Program Files\Java\jre1.6.0_05\bin\
Long name: npjpi160_05.dll
Short name: NPJPI1~1.DLL
Date (created): 2/22/2008 1:33:32 AM
Date (last access): 11/14/2009 6:05:26 AM
Date (last write): 2/22/2008 3:25:20 AM
Filesize: 132496
Attributes: archive
MD5: 4FDFB86D78994BD71CBB779A7809E9CD
CRC32: 5A0EB880
Version: 6.0.50.13

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_05
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.6.0_05\bin\
Long name: npjpi160_05.dll
Short name: NPJPI1~1.DLL
Date (created): 2/22/2008 1:33:32 AM
Date (last access): 11/14/2009 6:05:26 AM
Date (last write): 2/22/2008 3:25:20 AM
Filesize: 132496
Attributes: archive
MD5: 4FDFB86D78994BD71CBB779A7809E9CD
CRC32: 5A0EB880
Version: 6.0.50.13

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Flash\
Long name: Flash10c.ocx
Short name:
Date (created): 7/17/2009 9:12:12 PM
Date (last access): 11/14/2009 5:37:40 AM
Date (last write): 7/17/2009 9:12:12 PM
Filesize: 3979680
Attributes: readonly archive
MD5: 43C6ACDFB92A18C3E516E6BD5F1ACD51
CRC32: D6F40D46
Version: 10.0.32.18

{DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object)
DPF name:
CLSID name: PopCapLoader Object
Installer: C:\WINDOWS\Downloaded Program Files\popcaploader.inf
Codebase: http://www.popcap.com/games/popcaploader_v10_en.cab
description:
classification: Legitimate
known filename: POPCAPLOADER.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: popcaploader.dll
Short name: POPCAP~1.DLL
Date (created): 8/26/2004 11:12:00 AM
Date (last access): 11/13/2009 9:36:58 PM
Date (last write): 8/16/2007 11:41:58 AM
Filesize: 267568
Attributes: archive
MD5: D86FECCDF9D2F81A385F1A6E2CDFD895
CRC32: FBA3A2DB
Version: 1.0.0.10

{E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class)
DPF name:
CLSID name: get_atlcom Class
Installer: C:\WINDOWS\Downloaded Program Files\gp.inf
Codebase: http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: gp.ocx
Short name:
Date (created): 9/3/2009 10:52:32 AM
Date (last access): 11/13/2009 9:36:50 PM
Date (last write): 9/3/2009 10:52:32 AM
Filesize: 46976
Attributes: archive
MD5: 6D6A557967FFFC489292B0828FEA5EF1
CRC32: 5D931F96
Version: 1.6.2.44

{FC11A119-C2F7-46F4-9E32-937ABA26816E} (AMI DicomDir TreeView Control 2.1)
DPF name:
CLSID name: AMI DicomDir TreeView Control 2.1
Installer: C:\WINDOWS\Downloaded Program Files\cdviewer.inf
Codebase: file://E:\CDVIEWER\CdViewer.cab
description:
classification: Open for discussion
known filename: AmiDicomDirTreeView21.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: AmiDicomDirTreeView21.ocx
Short name: AMIDIC~1.OCX
Date (created): 3/11/2003 3:30:38 PM
Date (last access): 11/13/2009 9:36:48 PM
Date (last write): 3/11/2003 3:30:38 PM
Filesize: 667710
Attributes: archive
MD5: E782E39C7C0C6FC3A60AC4E72A45E789
CRC32: C8D1751A
Version: 6.0.635.48



--- Process list ---
PID: 0 ( 0) [System]
PID: 604 ( 4) \SystemRoot\System32\smss.exe
size: 50688
PID: 652 ( 604) \??\C:\WINDOWS\system32\csrss.exe
size: 6144
PID: 676 ( 604) \??\C:\WINDOWS\system32\winlogon.exe
size: 507904
PID: 720 ( 676) C:\WINDOWS\system32\services.exe
size: 110592
MD5: 65DF52F5B8B6E9BBD183505225C37315
PID: 732 ( 676) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: BF2466B3E18E970D8A976FB95FC1CA85
PID: 888 ( 720) C:\WINDOWS\system32\Ati2evxx.exe
size: 389120
MD5: 4DEAA162480367B232F3EE3A6D34084B
PID: 904 ( 720) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 964 ( 720) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1060 ( 720) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1124 ( 720) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1408 ( 720) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: D8E14A61ACC1D4A6CD0D38AEBAC7FA3B
PID: 1496 ( 720) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1536 ( 720) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
size: 144712
MD5: 7E94E567C1AA5ABE6174032B3DAB6C23
PID: 1640 ( 720) C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
size: 297752
MD5: DB338A6BD3976904EB0F8343F51E64EB
PID: 1888 ( 720) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 248 ( 720) C:\PROGRA~1\AVG\AVG8\avgemc.exe
size: 908056
MD5: B9AE3C63A53396CD669EF8AE9C9CBD85
PID: 256 (1640) C:\Program Files\AVG\AVG8\avgrsx.exe
size: 486680
MD5: 65EA6EB029BB031773473AD9A78A666D
PID: 280 (1640) C:\PROGRA~1\AVG\AVG8\avgnsx.exe
size: 595736
MD5: A6CF4FF9BE1202800C22EC5A6A7CF4A6
PID: 1304 ( 248) C:\Program Files\AVG\AVG8\avgcsrvx.exe
size: 693016
MD5: 98D6BB2D06986E9E1051F2CBE3CF6E7A
PID: 1604 (1280) C:\WINDOWS\Explorer.EXE
size: 1053696
MD5: 443B7650892FAAE6F12F3AE5763C790A
PID: 1708 (1604) C:\Program Files\Analog Devices\Core\smax4pnp.exe
size: 1425408
MD5: 11CE52D63AF704D54AD0597000B3D83E
PID: 364 (1604) C:\Program Files\Qurb\QSP-3.0.311.7\QOELoader.exe
size: 26624
MD5: 295EB1E5B70D75068B69D110CAB28604
PID: 432 (1604) C:\PROGRA~1\AVG\AVG8\avgtray.exe
size: 2028312
MD5: 1ED19FC912613F7AA7EC822812DE9E0C
PID: 464 (1604) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 185784
MD5: 8A71139A5CD86AC55CF0E4383AB4AE33
PID: 468 (1604) C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
size: 144784
MD5: 836DC47E6CAD975304D1D3EB2F516A1C
PID: 780 (1604) C:\Program Files\SkyGolf\SkyCaddie Desktop\CaddieSyncLauncher.exe
size: 91648
MD5: C6F4B9114AACD130CECBD65AE01FC593
PID: 1120 (1604) C:\Program Files\iTunes\iTunesHelper.exe
size: 141600
MD5: C418B204BED40A0979D203EBB1E9A32B
PID: 1612 (1604) C:\WINDOWS\system32\winupdate86.exe
size: 49664
MD5: 9FD8B3A59C532E559F9EF12163BFA517
PID: 1372 (1604) C:\WINDOWS\system32\RUNDLL32.EXE
size: 53248
MD5: C4EF45ED6F1B7FE11B431142C93FFE14
PID: 1936 (1604) C:\WINDOWS\system32\ctfmon.exe
size: 35328
MD5: 65B24A5A16061CCCD4B39E24BF7543E3
PID: 2260 ( 720) C:\WINDOWS\System32\alg.exe
size: 64512
MD5: 34956BD04CE2B76D8534514F010E192D
PID: 3100 ( 720) C:\Program Files\iPod\bin\iPodService.exe
size: 545568
MD5: 31116E352808019E69ECA58D1A6C66B0
PID: 4064 (3244) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 2828 (1604) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID: 3796 ( 432) C:\Program Files\AVG\AVG8\avgcsrvx.exe
size: 693016
MD5: 98D6BB2D06986E9E1051F2CBE3CF6E7A
PID: 3856 ( 904) C:\Program Files\Internet Explorer\IEXPLORE.EXE
size: 638816
MD5: B60DDDD2D63CE41CB8C487FCFBB6419E
PID: 2640 (3856) C:\Program Files\Internet Explorer\IEXPLORE.EXE
size: 638816
MD5: B60DDDD2D63CE41CB8C487FCFBB6419E
PID: 3336 (3856) C:\WINDOWS\system32\ctfmon.exe
size: 35328
MD5: 65B24A5A16061CCCD4B39E24BF7543E3
PID: 2152 ( 872) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
size: 2001648
MD5: 7B39A679CDFF93E2EDC695F0174D4332
PID: 4 ( 0) System


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 11/14/2009 6:05:27 AM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.google.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://www.google.com/ie
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.ebay.com/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://www.google.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.google.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar
http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.google.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.google.com/ie
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://www.google.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


--- Winsock Layered Service Provider list ---
Protocol 0: VSockets Library over [MSAFD Tcpip [TCP/IP]]
GUID: {3CE2D2D1-60ED-42B9-8FAE-C02FB3619428}
Filename: C:\WINDOWS\system32\winhelper86.dll

Protocol 1: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 2: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 3: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 4: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 5: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CC2F0035-E452-4E49-A9E0-A5BD6A6771C6}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CC2F0035-E452-4E49-A9E0-A5BD6A6771C6}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A86BB2EE-2573-4978-B5C2-748164CAFE57}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A86BB2EE-2573-4978-B5C2-748164CAFE57}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CB5B6EE8-E828-450C-8DFB-0FF91AA306E4}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CB5B6EE8-E828-450C-8DFB-0FF91AA306E4}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F7DC9652-EC07-474E-AE10-F1613BCCD8E2}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F7DC9652-EC07-474E-AE10-F1613BCCD8E2}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{48CAAB6F-BA77-4DBE-B5CA-715DC1C6938D}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{48CAAB6F-BA77-4DBE-B5CA-715DC1C6938D}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 16: VSockets Library
GUID: {6DBCA3F0-ACCF-4F0E-8998-F976BB4FA56D}
Filename: C:\WINDOWS\system32\winhelper86.dll

Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/14/2009 at 06:31 AM

Application Version : 4.30.1004

Core Rules Database Version : 4260
Trace Rules Database Version: 1978

Scan type : Quick Scan
Total Scan Time : 00:24:51

Memory items scanned : 428
Memory threats detected : 2
Registry items scanned : 507
Registry threats detected : 2
File items scanned : 5557
File threats detected : 92

Trojan.Dropper/Sys-NV
C:\WINDOWS\SYSTEM32\WINHELPER86.DLL
C:\WINDOWS\SYSTEM32\WINHELPER86.DLL

Trojan.Agent/Gen
C:\WINDOWS\SYSTEM32\WINUPDATE86.EXE
C:\WINDOWS\SYSTEM32\WINUPDATE86.EXE
[winupdate86.exe] C:\WINDOWS\SYSTEM32\WINUPDATE86.EXE
C:\WINDOWS\Prefetch\WINUPDATE86.EXE-1F84C996.pf

Adware.Tracking Cookie
C:\Documents and Settings\DenCyn\Cookies\dencyn@iacas.adbureau[2].txt
C:\Documents and Settings\DenCyn\Cookies\dencyn@collective-media[1].txt
C:\Documents and Settings\DenCyn\Cookies\dencyn@chitika[2].txt
C:\Documents and Settings\DenCyn\Cookies\dencyn@snip.www.findstuff[2].txt
C:\Documents and Settings\DenCyn\Cookies\dencyn@ads.ourstage[2].txt
C:\Documents and Settings\DenCyn\Cookies\dencyn@invitemedia[2].txt
C:\Documents and Settings\DenCyn\Cookies\dencyn@top5countdown.mevio[2].txt
C:\Documents and Settings\DenCyn\Cookies\dencyn@shopica[2].txt
C:\Documents and Settings\DenCyn\Cookies\dencyn@ads.gamersmedia[2].txt
C:\Documents and Settings\DenCyn\Cookies\dencyn@sales.liveperson[1].txt
C:\Documents and Settings\DenCyn\Cookies\dencyn@highpeaksresort1-px.trvlclick[2].txt
C:\Documents and Settings\DenCyn\Cookies\dencyn@atlas.entrepreneur[2].txt
C:\Documents and Settings\DenCyn\Cookies\dencyn@highpeaksresort.trvlclick[2].txt
C:\Documents and Settings\DenCyn\Cookies\dencyn@revsci[1].txt
C:\Documents and Settings\DenCyn\Cookies\dencyn@media6degrees[2].txt
C:\Documents and Settings\DenCyn\Cookies\dencyn@ads.audxch[2].txt
C:\Documents and Settings\DenCyn\Cookies\dencyn@network.realmedia[1].txt
C:\Documents and Settings\DenCyn\Cookies\dencyn@www.topdaofinder[1].txt
C:\Documents and Settings\DenCyn\Cookies\dencyn@realmedia[1].txt
C:\Documents and Settings\DenCyn\Cookies\dencyn@urljs--revsci--net.reachlocal[2].txt
C:\Documents and Settings\DenCyn\Cookies\dencyn@bridge1.admarketplace[1].txt
C:\Documents and Settings\DenCyn\Cookies\dencyn@theclickcheck[1].txt
C:\Documents and Settings\DenCyn\Cookies\dencyn@at.atwola[2].txt
C:\Documents and Settings\DenCyn\Cookies\dencyn@apartmentfinder[1].txt
C:\Documents and Settings\DenCyn\Cookies\dencyn@lucidmedia[2].txt
C:\Documents and Settings\DenCyn\Cookies\dencyn@tracking.the7thchamber[2].txt
C:\Documents and Settings\DenCyn\Cookies\dencyn@interclick[1].txt
C:\Documents and Settings\DenCyn\Cookies\dencyn@couponmountain[2].txt
C:\Documents and Settings\DenCyn\Cookies\dencyn@optimize.indieclick[2].txt
C:\Documents and Settings\DenCyn\Cookies\dencyn@tacoda[1].txt
C:\Documents and Settings\DenCyn\Cookies\dencyn@ads.undertone[2].txt
C:\Documents and Settings\DenCyn\Cookies\dencyn@tracking.admarketplace[1].txt
C:\Documents and Settings\DenCyn\Cookies\dencyn@dealtime[1].txt
C:\Documents and Settings\DenCyn\Cookies\dencyn@clickthrough.kanoodle[2].txt
C:\Documents and Settings\DenCyn\Cookies\dencyn@www.bigfind[1].txt
C:\Documents and Settings\DenCyn\Cookies\dencyn@icityfind[1].txt
C:\Documents and Settings\DenCyn\Cookies\dencyn@sales.liveperson[3].txt
C:\Documents and Settings\DenCyn\Cookies\dencyn@www.justclicklocal[2].txt
C:\Documents and Settings\DenCyn\Cookies\dencyn@stat.dealtime[1].txt
C:\Documents and Settings\DenCyn\Cookies\dencyn@ad.harrenmedianetwork[1].txt
C:\Documents and Settings\DenCyn\Cookies\dencyn@dr.findlinks[1].txt
C:\Documents and Settings\DenCyn\Cookies\dencyn@adserver.adtechus[1].txt
C:\Documents and Settings\DenCyn\Cookies\dencyn@www.discountcheapdeals[2].txt
C:\Documents and Settings\DenCyn\Cookies\dencyn@1904586585.finditquickad[1].txt
C:\Documents and Settings\DenCyn\Cookies\dencyn@server.iad.liveperson[2].txt
C:\Documents and Settings\DenCyn\Cookies\dencyn@www.apartmentfinder[2].txt
C:\Documents and Settings\DenCyn\Cookies\dencyn@media.mtvnservices[2].txt
C:\Documents and Settings\DenCyn\Cookies\dencyn@a1.interclick[2].txt
C:\Documents and Settings\DenCyn\Cookies\dencyn@ads.mail[2].txt
C:\Documents and Settings\DenCyn\Cookies\dencyn@ad.adserverplus[1].txt
C:\Documents and Settings\DenCyn\Cookies\dencyn@rtsys.trvlclick[1].txt
C:\Documents and Settings\DenCyn\Cookies\dencyn@dc.tremormedia[2].txt
C:\Documents and Settings\DenCyn\Cookies\dencyn@breakmedia.checkm8[2].txt
C:\Documents and Settings\DenCyn\Cookies\dencyn@traveladvertising[1].txt
C:\Documents and Settings\DenCyn\Cookies\dencyn@adbureau[1].txt
C:\Documents and Settings\DenCyn\Cookies\dencyn@counter.surfcounters[2].txt
C:\Documents and Settings\DenCyn\Cookies\dencyn@urlb--collective-media--net.reachlocal[2].txt
C:\Documents and Settings\DenCyn\Cookies\dencyn@ads.vidsense[2].txt
C:\Documents and Settings\DenCyn\Cookies\dencyn@yieldmanager1.reachlocal[1].txt
C:\Documents and Settings\DenCyn\Cookies\dencyn@ads.financialcontent[2].txt
C:\Documents and Settings\DenCyn\Cookies\dencyn@enhance[2].txt
C:\Documents and Settings\DenCyn\Cookies\dencyn@toseeka[1].txt
C:\Documents and Settings\DenCyn\Cookies\dencyn@www.findstuff[2].txt
C:\Documents and Settings\DenCyn\Cookies\dencyn@adxpose[1].txt
C:\Documents and Settings\DenCyn\Cookies\dencyn@insightexpressai[2].txt
C:\Documents and Settings\DenCyn\Cookies\dencyn@roiservice[1].txt
C:\Documents and Settings\DenCyn\Cookies\dencyn@server.iad.liveperson[3].txt
C:\Documents and Settings\DenCyn\Cookies\dencyn@www.icityfind[1].txt
C:\Documents and Settings\DenCyn\Cookies\dencyn@wsclick.infospace[1].txt
C:\Documents and Settings\DenCyn\Cookies\dencyn@www.googleadservices[1].txt
C:\Documents and Settings\DenCyn\Cookies\dencyn@ads.indeed[2].txt
C:\Documents and Settings\DenCyn\Cookies\dencyn@www.googleadservices[3].txt
C:\Documents and Settings\DenCyn\Cookies\dencyn@www.googleadservices[2].txt
C:\Documents and Settings\DenCyn\Cookies\dencyn@nextag[2].txt
C:\Documents and Settings\DenCyn\Cookies\dencyn@urljs--revsci--net.rtrk[1].txt
C:\Documents and Settings\DenCyn\Cookies\dencyn@click.mediadome[1].txt
C:\Documents and Settings\DenCyn\Cookies\dencyn@ad.flux[2].txt
C:\Documents and Settings\DenCyn\Cookies\dencyn@ad.103092804[1].txt
C:\Documents and Settings\DenCyn\Cookies\dencyn@discountadvances[1].txt
C:\Documents and Settings\DenCyn\Cookies\dencyn@event.trvlclick[1].txt
.collective-media.net [ C:\Documents and Settings\DenCyn\Application Data\Mozilla\Profiles\default\hjvj3zer.slt\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\DenCyn\Application Data\Mozilla\Profiles\default\hjvj3zer.slt\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\DenCyn\Application Data\Mozilla\Profiles\default\hjvj3zer.slt\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\DenCyn\Application Data\Mozilla\Profiles\default\hjvj3zer.slt\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\DenCyn\Application Data\Mozilla\Profiles\default\hjvj3zer.slt\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\DenCyn\Application Data\Mozilla\Profiles\default\hjvj3zer.slt\cookies.txt ]

Rogue.AdvancedVirusRemover
HKU\S-1-5-21-2052111302-562591055-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Run#Advanced Virus Remover [ C:\Program Files\AdvancedVirusRemover\AVR.exe ]
C:\Documents and Settings\DenCyn\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced Virus Remover.lnk

Trojan.Agent/Gen-NumTemp
C:\WINDOWS\SYSTEM32\7.TMP

Adware.CouponBar
C:\WINDOWS\SYSTEM32\CPNPRT2.CID


Malwarebytes' Anti-Malware 1.41
Database version: 3151
Windows 5.1.2600 Service Pack 3 (Safe Mode)

11/14/2009 3:13:45 PM
mbam-log-2009-11-14 (15-13-45).txt

Scan type: Full Scan (C:\|)
Objects scanned: 159924
Time elapsed: 23 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 7
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\msa.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

At a loss, don't know what to do. Will not be able to read any posts until tomorrow.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:26 AM

Posted 15 November 2009 - 09:20 PM

Hello, let's give this a go..
Click Start and type
cmd
Right click cmd.exe at the top and choose Run as administrator.


Now see if this fixes your connection.
Go to Start ... Run and type in cmd same as above
Type netsh winsock reset
Click on the enter key.

Reboot your system to complete the process.


If you still have Ewido and Macromedia Flash player installed,they should go.


If you cannot use the Internet,you will need access to another computer that has a connection.
From there save mbam-setup.exe to a flash,usb,jump drive or CD. Now transfer it to the infected machine, then install and run the program.
If you cannot transfer to or install on the infected machine, try running the setup (installation) file directly from the flash drive or CD by double-clicking on mbam-setup.exe so it will install on the hard drive.
***
Manually Downloading Updates:
Manually download them from HERE and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.

Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.


Next run these.. They can be run from a Usb,flash drive or CD also...
Next run ATF and SAS:
Note.. SAS doesn't open the registry hives for other user accounts on the system, so scans should be done from each user account.

Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

From your regular user account..
Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining
.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opera browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program
.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.


Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users