Windows 7 Support
Become a Fan of PCHF on Facebook!
 User Reviews - Add Yours!
The PCHF Lounge
Go Back   PC Help Forum » Security & Safety » [Pending] HJT Logs
Reload this Page Pending: Trojan horse fakealert.mn - HELP!
Register for a Free Account

[Pending] HJT Logs - Trojan horse fakealert.mn - HELP! posted in the Security & Safety forums; I can only start in safe mode. Laptop will not start in normal mode. The screen is just blank. ROOTREPEAL (c) AD, 2007-2009 ================================================== Scan Start Time: 2009/09/29 11:45 Program ...

Advertisement
Advertisement

Reply
Recommended Driver Scanner
Page 1 of 2 1 2
Old 09-29-2009   #1
Bronze Member
 
plata66's Avatar
 
Join Date: Sep 2009
Location: California
Posts: 4
PC Experience: PC Illiterate
Default Trojan horse fakealert.mn - HELP!
I can only start in safe mode. Laptop will not start in normal mode. The screen is just blank.


ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/09/29 11:45
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP1
==================================================
Drivers
-------------------
Name: dump_iaStor.sys
Image Path: C:\Windows\System32\Drivers\dump_iaStor.sys
Address: 0x8BCDA000 Size: 815104 File Visible: No Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0x883CF000 Size: 49152 File Visible: No Signed: -
Status: -
Hidden/Locked Files
-------------------
Path: C:\Windows\System32\GATHER~1.VBS
Status: Locked to the Windows API!
Path: C:\Windows\System32\GATHER~1.XSL
Status: Locked to the Windows API!
Path: C:\Windows\System32\UACbxvipqxmsr.dll
Status: Invisible to the Windows API!
Path: C:\Windows\System32\UACdwdlxicbgx.dll
Status: Invisible to the Windows API!
Path: C:\Windows\System32\UAChcqrfdioej.dll
Status: Invisible to the Windows API!
Path: C:\Windows\System32\uacinit.dll
Status: Invisible to the Windows API!
Path: C:\Windows\System32\UACtqbprpmgyb.dat
Status: Invisible to the Windows API!
Path: C:\Windows\Temp\UAC95e8.tmp
Status: Invisible to the Windows API!
Path: C:\Windows\Temp\UACfdce.tmp
Status: Invisible to the Windows API!
Path: C:\Windows\inf\.NET CLR Data\_DATAP~1.H
Status: Locked to the Windows API!
Path: C:\Windows\inf\.NET Data Provider for SqlServer\_DATAP~2.H
Status: Locked to the Windows API!
Path: C:\Windows\PLA\Reports\REPORT~1.XML
Status: Locked to the Windows API!
Path: C:\Windows\PLA\Rules\RULESS~1.XML
Status: Locked to the Windows API!
Path: C:\Windows\PLA\System\WIRELE~1.XML
Status: Locked to the Windows API!
Path: C:\Windows\System32\drivers\UACwtoeovavoi.sys
Status: Invisible to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsof t.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_4d dfc6cd11929a02.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_ 1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8 f8.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.open mp_1fc8b3b9a1e18e3b_8.0.50727.762_none_7b33aa7d218 504d2.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_ 1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf 3c.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_ 1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91 .cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsof t.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_ 8dd7dea5d5a7a18a.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_ 1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada .cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_ 1fc8b3b9a1e18e3b_8.0.50727.42_none_d6c3e7af9bae13a 2.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsof t.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_919 3a620671dde41.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsof t.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_5c40 03bc63e949f6.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcl oc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf1783 1d131.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsof t.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8a1 4c0566bec5b24.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_ 1fc8b3b9a1e18e3b_8.0.50727.42_none_db5f52fb98cb24a d.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsof t.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_54c1 1df268b7c6d9.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsof t.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_8e0 53e8c6967ba9d.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsof t.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_ abac38a907ee8801.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsof t.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_60a5d f56e60dc5df.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_ 1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578 ea1.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_ 1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7 ed.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsof t.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_8550c 6b5d18a9128.cat
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.16884_none_9a0b8 94107fccf79\GATHER~1.XSL
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.16884_none_9a0b8 94107fccf79\REPORT~1.XML
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.21082_none_9a92f d9a211c6fd7\GATHER~1.XSL
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.21082_none_9a92f d9a211c6fd7\REPORT~1.XML
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c 90f051fc5c6\GATHER~1.VBS
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c 90f051fc5c6\GATHER~1.XSL
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c 90f051fc5c6\REPORT~1.XML
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c 90f051fc5c6\RULESS~1.XML
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c 90f051fc5c6\WIRELE~1.XML
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.22468_none_9c950 7981e2d2ad5\GATHER~1.VBS
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.22468_none_9c950 7981e2d2ad5\GATHER~1.XSL
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.22468_none_9c950 7981e2d2ad5\REPORT~1.XML
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.22468_none_9c950 7981e2d2ad5\RULESS~1.XML
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.22468_none_9c950 7981e2d2ad5\WIRELE~1.XML
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18005_none_9e2fb b5f0207ec84\GATHER~1.VBS
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18005_none_9e2fb b5f0207ec84\GATHER~1.XSL
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18005_none_9e2fb b5f0207ec84\REPORT~1.XML
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18005_none_9e2fb b5f0207ec84\RULESS~1.XML
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18005_none_9e2fb b5f0207ec84\WIRELE~1.XML
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18064_none_9dedd b8d02397ad3\GATHER~1.VBS
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18064_none_9dedd b8d02397ad3\GATHER~1.XSL
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18064_none_9dedd b8d02397ad3\REPORT~1.XML
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18064_none_9dedd b8d02397ad3\RULESS~1.XML
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18064_none_9dedd b8d02397ad3\WIRELE~1.XML
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.22170_none_9e68a 7441b62d132\GATHER~1.VBS
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.22170_none_9e68a 7441b62d132\GATHER~1.XSL
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.22170_none_9e68a 7441b62d132\REPORT~1.XML
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.22170_none_9e68a 7441b62d132\RULESS~1.XML
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.22170_none_9e68a 7441b62d132\WIRELE~1.XML
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-installutil_exe_config_rtm_31bf3856ad364e35_6.0.60 00.16720_none_c2e2272db9e7b99c\INSTAL~1.CON
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-installutil_exe_config_rtm_31bf3856ad364e35_6.0.60 00.20883_none_c32de54ed3334d11\INSTAL~1.CON
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-installutil_exe_config_rtm_31bf3856ad364e35_6.0.60 01.18111_none_c4d43609b70547f3\INSTAL~1.CON
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-installutil_exe_config_rtm_31bf3856ad364e35_6.0.60 01.22230_none_c54732b2d0340648\INSTAL~1.CON
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-machine_config_ocm_b03f5f7f11d50a3a_6.0.6000.16720 _none_f570e12815568682\MACHIN~1.COM
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-machine_config_ocm_b03f5f7f11d50a3a_6.0.6000.20883 _none_dea8f7cc2ef8cb75\MACHIN~1.COM
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-msbuild_data_files_b03f5f7f11d50a3a_6.0.6001.18111 _none_7c8b5cbf426fb0d2\MICROS~1.TAS
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-msbuild_data_files_b03f5f7f11d50a3a_6.0.6001.22230 _none_65bfcd5b5c1529e5\MICROS~1.TAS
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_policy.1.2.microsof..op.secu rity.azroles_31bf3856ad364e35_6.0.6000.16386_none_ ea83414c2e75b887\Microsoft.Interop.Security.AzRole s.config
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wpf-winfxlist_31bf3856ad364e35_6.0.6001.18096_none_408 185d4f04ca856\WINFXL~1.XML
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_ini_31bf3856ad364e35_6.0.6001.1 8096_none_33db43850c7307a2\_SMSVC~1.INI
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_ini_31bf3856ad364e35_6.0.6001.2 2208_none_34c832162545dbc8\_SMSVC~1.INI
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_reg_31bf3856ad364e35_6.0.6000.1 6708_none_2e6f68d711833115\_SMSVC~1.REG
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_reg_31bf3856ad364e35_6.0.6000.2 0864_none_2eb424f22ad51329\_SMSVC~1.REG
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_reg_31bf3856ad364e35_6.0.6001.1 8096_none_2ff255b70ef48daa\_SMSVC~1.REG
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_reg_31bf3856ad364e35_6.0.6001.2 2208_none_30df444827c761d0\_SMSVC~1.REG
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_reg_31bf3856ad364e35_6.0.6000.1 6708_none_74dcd7a292078251\_SERVI~1.REG
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_reg_31bf3856ad364e35_6.0.6000.2 0864_none_752193bdab596465\_SERVI~1.REG
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_reg_31bf3856ad364e35_6.0.6001.1 8096_none_765fc4828f78dee6\_SERVI~1.REG
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_reg_31bf3856ad364e35_6.0.6001.2 2208_none_774cb313a84bb30c\_SERVI~1.REG
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_vrg_31bf3856ad364e35_6.0.6000.1 6708_none_7aa059d88e5323b0\_SERVI~1.VRG
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_vrg_31bf3856ad364e35_6.0.6000.2 0864_none_7ae515f3a7a505c4\_SERVI~1.VRG
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_vrg_31bf3856ad364e35_6.0.6001.1 8096_none_7c2346b88bc48045\_SERVI~1.VRG
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_vrg_31bf3856ad364e35_6.0.6001.2 2208_none_7d103549a497546b\_SERVI~1.VRG
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_h_31bf3856ad364e35_6.0.6000.208 64_none_24101549d032590a\_SERVI~1.H
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_reg_31bf3856ad364e35_6.0.6001. 22208_none_c8512a7445976b57\_SERVI~1.REG
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wwf-cwetargets_i_31bf3856ad364e35_6.0.6000.16708_none_ 9e7d8c92dbaad42f\WORKFL~1.TAR
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wwf-cwetargets_i_31bf3856ad364e35_6.0.6000.20864_none_ 9ec248adf4fcb643\WORKFL~1.TAR
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wwf-cwetargets_i_31bf3856ad364e35_6.0.6001.18096_none_ a0007972d91c30c4\WORKFL~1.TAR
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-msbuild_commontypes_schema_b03f5f7f11d50a3a_6.0.60 00.16720_none_7081409dee51e2d7\MICROS~1.XSD
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-msbuild_commontypes_schema_b03f5f7f11d50a3a_6.0.60 00.20883_none_59b9574207f427ca\MICROS~1.XSD
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-msbuild_commontypes_schema_b03f5f7f11d50a3a_6.0.60 01.18111_none_705c2553eea3ef78\MICROS~1.XSD
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-msbuild_commontypes_schema_b03f5f7f11d50a3a_6.0.60 01.22230_none_599095f00849688b\MICROS~1.XSD
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-msbuild_core_schema__b03f5f7f11d50a3a_6.0.6000.167 20_none_b462fc0cbe880bcb\MICROS~1.XSD
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-msbuild_core_schema__b03f5f7f11d50a3a_6.0.6000.208 83_none_9d9b12b0d82a50be\MICROS~1.XSD
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-msbuild_core_schema__b03f5f7f11d50a3a_6.0.6001.181 11_none_b43de0c2beda186c\MICROS~1.XSD
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-msbuild_core_schema__b03f5f7f11d50a3a_6.0.6001.222 30_none_9d72515ed87f917f\MICROS~1.XSD
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-msbuild_data_files_b03f5f7f11d50a3a_6.0.6000.16720 _none_7cb07809421da431\MICROS~1.TAS
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-msbuild_data_files_b03f5f7f11d50a3a_6.0.6000.20883 _none_65e88ead5bbfe924\MICROS~1.TAS
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6000.16720_none_e a4958dde0dcb61b\_DATAP~1.H
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6000.16720_none_e a4958dde0dcb61b\_DATAP~2.H
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6000.20883_none_d 3816f81fa7efb0e\_DATAP~1.H
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6000.20883_none_d 3816f81fa7efb0e\_DATAP~2.H
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6001.18111_none_e a243d93e12ec2bc\_DATAP~1.H
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6001.18111_none_e a243d93e12ec2bc\_DATAP~2.H
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6001.22230_none_d 358ae2ffad43bcf\_DATAP~1.H
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6001.22230_none_d 358ae2ffad43bcf\_DATAP~2.H
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-csc_exe_config_b03f5f7f11d50a3a_6.0.6000.16720_non e_879a188098bde787\CSCEXE~1.CON
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-csc_exe_config_b03f5f7f11d50a3a_6.0.6000.20883_non e_70d22f24b2602c7a\CSCEXE~1.CON
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-csc_exe_config_b03f5f7f11d50a3a_6.0.6001.18111_non e_8774fd36990ff428\CSCEXE~1.CON
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-csc_exe_config_b03f5f7f11d50a3a_6.0.6001.22230_non e_70a96dd2b2b56d3b\CSCEXE~1.CON
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-dv_aspnetmmc_chm_res_b03f5f7f11d50a3a_6.0.6000.167 20_none_f49cbb9015dc43b3\DV_ASP~1.CHM
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-dv_aspnetmmc_chm_res_b03f5f7f11d50a3a_6.0.6000.208 83_none_ddd4d2342f7e88a6\DV_ASP~1.CHM
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-dv_aspnetmmc_chm_res_b03f5f7f11d50a3a_6.0.6001.181 11_none_f477a046162e5054\DV_ASP~1.CHM
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_netfx-dv_aspnetmmc_chm_res_b03f5f7f11d50a3a_6.0.6001.222 30_none_ddac10e22fd3c967\DV_ASP~1.CHM
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6001.1 8096_none_8023fb392e87c40a\_TRANS~1.INI
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6001.1 8096_none_8023fb392e87c40a\_TRANS~2.INI
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6001.2 2208_none_8110e9ca475a9830\_TRANS~1.INI
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6001.2 2208_none_8110e9ca475a9830\_TRANS~2.INI
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_reg_31bf3856ad364e35_6.0.6000.1 6708_none_7ab8208b3397ed7d\_TRANS~1.REG
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_reg_31bf3856ad364e35_6.0.6000.2 0864_none_7afcdca64ce9cf91\_TRANS~1.REG
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_reg_31bf3856ad364e35_6.0.6001.1 8096_none_7c3b0d6b31094a12\_TRANS~1.REG
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_reg_31bf3856ad364e35_6.0.6001.2 2208_none_7d27fbfc49dc1e38\_TRANS~1.REG
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_vrg_31bf3856ad364e35_6.0.6000.1 6708_none_807ba2c12fe38edc\_TRANS~1.VRG
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_vrg_31bf3856ad364e35_6.0.6000.2 0864_none_80c05edc493570f0\_TRANS~1.VRG
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_vrg_31bf3856ad364e35_6.0.6001.1 8096_none_81fe8fa12d54eb71\_TRANS~1.VRG
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_vrg_31bf3856ad364e35_6.0.6001.2 2208_none_82eb7e324627bf97\_TRANS~1.VRG
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wpf-globaluserinterfacecf_31bf3856ad364e35_6.0.6001.18 096_none_ada2ec92b42bf87e\GLOBAL~1.COM
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_vrg_31bf3856ad364e35_6.0.6000. 16708_none_c71adcbf2e98b7f5\_SERVI~1.VRG
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_vrg_31bf3856ad364e35_6.0.6000. 20864_none_c75f98da47ea9a09\_SERVI~1.VRG
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_vrg_31bf3856ad364e35_6.0.6001. 18096_none_c89dc99f2c0a148a\_SERVI~1.VRG
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_vrg_31bf3856ad364e35_6.0.6001. 22208_none_c98ab83044dce8b0\_SERVI~1.VRG
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_h_31bf3856ad364e35_6.0.6000.167 08_none_9958372092944487\_SERVI~1.H
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_h_31bf3856ad364e35_6.0.6000.208 64_none_999cf33babe6269b\_SERVI~1.H
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_h_31bf3856ad364e35_6.0.6001.180 96_none_9adb24009005a11c\_SERVI~1.H
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_h_31bf3856ad364e35_6.0.6001.222 08_none_9bc81291a8d87542\_SERVI~1.H
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_ini_31bf3856ad364e35_6.0.6000.1 6708_none_78c5c5708f85fc49\_SERVI~1.INI
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_ini_31bf3856ad364e35_6.0.6000.1 6708_none_78c5c5708f85fc49\_SERVI~2.INI
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_ini_31bf3856ad364e35_6.0.6000.2 0864_none_790a818ba8d7de5d\_SERVI~1.INI
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_ini_31bf3856ad364e35_6.0.6000.2 0864_none_790a818ba8d7de5d\_SERVI~2.INI
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_ini_31bf3856ad364e35_6.0.6001.1 8096_none_7a48b2508cf758de\_SERVI~1.INI
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_ini_31bf3856ad364e35_6.0.6001.1 8096_none_7a48b2508cf758de\_SERVI~2.INI
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_ini_31bf3856ad364e35_6.0.6001.2 2208_none_7b35a0e1a5ca2d04\_SERVI~1.INI
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_ini_31bf3856ad364e35_6.0.6001.2 2208_none_7b35a0e1a5ca2d04\_SERVI~2.INI
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wcf-m_sm_mof_31bf3856ad364e35_6.0.6000.16708_none_c293 92a082f7409d\SERVIC~1.UNI
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wcf-m_sm_mof_31bf3856ad364e35_6.0.6000.20864_none_c2d8 4ebb9c4922b1\SERVIC~1.UNI
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wcf-m_sm_mof_31bf3856ad364e35_6.0.6001.18096_none_c416 7f8080689d32\SERVIC~1.UNI
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wcf-m_sm_mof_31bf3856ad364e35_6.0.6001.22208_none_c503 6e11993b7158\SERVIC~1.UNI
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wcf-m_sm_mof_31bf3856ad364e35_6.0.6002.18005_none_c65d 461c7d46d4fb\SERVIC~1.UNI
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_h_31bf3856ad364e35_6.0.6000.167 08_none_23cb592eb6e076f6\_SERVI~1.H
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wwf-cwetargets_i_31bf3856ad364e35_6.0.6002.18005_none_ a247400ed5fa688d\WORKFL~1.TAR
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wpf-globalserifcf_31bf3856ad364e35_6.0.6000.16708_none _319b7f14a2b4f78c\GLOBAL~1.COM
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wpf-globalserifcf_31bf3856ad364e35_6.0.6000.20864_none _31e03b2fbc06d9a0\GLOBAL~1.COM
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wpf-globalserifcf_31bf3856ad364e35_6.0.6001.18096_none _331e6bf4a0265421\GLOBAL~1.COM
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wpf-globalserifcf_31bf3856ad364e35_6.0.6001.22208_none _340b5a85b8f92847\GLOBAL~1.COM
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wpf-globalserifcf_31bf3856ad364e35_6.0.6002.18005_none _356532909d048bea\GLOBAL~1.COM
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wpf-globaluserinterfacecf_31bf3856ad364e35_6.0.6000.16 708_none_ac1fffb2b6ba9be9\GLOBAL~1.COM
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wpf-globaluserinterfacecf_31bf3856ad364e35_6.0.6000.20 864_none_ac64bbcdd00c7dfd\GLOBAL~1.COM
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_h_31bf3856ad364e35_6.0.6000.167 08_none_b25b01638e2dbfa3\_TRANS~1.H
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_h_31bf3856ad364e35_6.0.6000.208 64_none_b29fbd7ea77fa1b7\_TRANS~1.H
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_h_31bf3856ad364e35_6.0.6001.180 96_none_b3ddee438b9f1c38\_TRANS~1.H
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_h_31bf3856ad364e35_6.0.6001.222 08_none_b4cadcd4a471f05e\_TRANS~1.H
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6000.1 6708_none_7ea10e5931166775\_TRANS~1.INI
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6000.1 6708_none_7ea10e5931166775\_TRANS~2.INI
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6000.2 0864_none_7ee5ca744a684989\_TRANS~1.INI
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6000.2 0864_none_7ee5ca744a684989\_TRANS~2.INI
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_reg_31bf3856ad364e35_6.0.6000. 16708_none_c5e14f032f533a9c\_SERVI~1.REG
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_reg_31bf3856ad364e35_6.0.6000. 20864_none_c6260b1e48a51cb0\_SERVI~1.REG
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_reg_31bf3856ad364e35_6.0.6001. 18096_none_c7643be32cc49731\_SERVI~1.REG
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_h_31bf3856ad364e35_6.0.6001.180 96_none_254e460eb451d38b\_SERVI~1.H
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_h_31bf3856ad364e35_6.0.6001.222 08_none_263b349fcd24a7b1\_SERVI~1.H
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wpf-winfxlist_31bf3856ad364e35_6.0.6001.22208_none_416 e7466091f7c7c\WINFXL~1.XML
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wpf-winfxlist_31bf3856ad364e35_6.0.6002.18005_none_42c 84c70ed2ae01f\WINFXL~1.XML
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wpf-winfxtargets_31bf3856ad364e35_6.0.6000.16708_none_ c7595a2aa4b56e63\MICROS~1.TAR
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wpf-winfxtargets_31bf3856ad364e35_6.0.6000.20864_none_ c79e1645be075077\MICROS~1.TAR
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wpf-winfxtargets_31bf3856ad364e35_6.0.6001.18096_none_ c8dc470aa226caf8\MICROS~1.TAR
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wpf-winfxtargets_31bf3856ad364e35_6.0.6001.22208_none_ c9c9359bbaf99f1e\MICROS~1.TAR
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wpf-winfxtargets_31bf3856ad364e35_6.0.6002.18005_none_ cb230da69f0502c1\MICROS~1.TAR
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wpf-winfxlist_31bf3856ad364e35_6.0.6000.16708_none_3ef e98f4f2db4bc1\WINFXL~1.XML
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wpf-winfxlist_31bf3856ad364e35_6.0.6000.20864_none_3f4 355100c2d2dd5\WINFXL~1.XML
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wpf-system.speech_31bf3856ad364e35_6.0.6000.16708_none _7fdeb5cb1f6006f4\SYSTEM~1.DLL
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wpf-system.speech_31bf3856ad364e35_6.0.6000.20864_none _802371e638b1e908\SYSTEM~1.DLL
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wpf-system.speech_31bf3856ad364e35_6.0.6001.18096_none _8161a2ab1cd16389\SYSTEM~1.DLL
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wpf-system.speech_31bf3856ad364e35_6.0.6001.22208_none _824e913c35a437af\SYSTEM~1.DLL
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wpf-system.speech_31bf3856ad364e35_6.0.6002.18005_none _83a8694719af9b52\SYSTEM~1.DLL
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_h_31bf3856ad364e35_6.0.6000.167 08_none_4180b46a5c473b6d\_SMSVC~1.H
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_h_31bf3856ad364e35_6.0.6000.208 64_none_41c5708575991d81\_SMSVC~1.H
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_h_31bf3856ad364e35_6.0.6001.180 96_none_4303a14a59b89802\_SMSVC~1.H
Status: Locked to the Windows API!
Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_h_31bf3856ad364e35_6.0.6001.222 08_none_43f08fdb728b6c28\_SMSVC~1.H
Status: Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!
Stealth Objects
-------------------
Object: Hidden Module [Name: UACbxvipqxmsr.dll]
Process: svchost.exe (PID: 728) Address: 0x10000000 Size: 167936
Object: Hidden Module [Name: UAChcqrfdioej.dll]
Process: svchost.exe (PID: 728) Address: 0x00620000 Size: 65536
Object: Hidden Module [Name: UACbxvipqxmsr.dll]
Process: Explorer.EXE (PID: 1708) Address: 0x10000000 Size: 167936
Object: Hidden Module [Name: UACbxvipqxmsr.dll]
Process: Iexplore.exe (PID: 3152) Address: 0x10000000 Size: 167936
Hidden Services
-------------------
Service Name: UACd.sys
Image Path: C:\Windows\system32\drivers\UACwtoeovavoi.sys
==EOF==


DDS (Ver_09-09-29.01) - NTFSx86 NETWORK
Run by Nikki at 14:31:00.12 on Tue 09/29/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2037.1435 [GMT -7:00]
SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\Iexplore.exe
F:\FixPC\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.aol.com/
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6080408
uSearch Bar = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60426
mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6080408
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_04\bin\ssv.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\s wg.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstan ce.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNo tifier.exe"
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [DellAutomatedPCTuneUp] "c:\program files\dellautomatedpctuneup\PTAgnt.exe" /startup
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\sta rtup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\sta rtup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &AIM Toolbar Search - c:\programdata\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_04\bin\ssv.dll
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: grisoft.com\www
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL,avgrsstx. dll
============= SERVICES / DRIVERS ===============
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-4 108552]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-4 335240]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2008-11-24 73728]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-7-1 297752]
S2 datunidrellAutomatedPCTuneUp UniDriver;c:\windows\system32\drivers\datunidr.sys [2007-8-23 5376]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2008-5-28 1153368]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\viewpoint\common\viewpointservice.exe" --> c:\program files\viewpoint\common\ViewpointService.exe [?]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-4-8 29744]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-4-8 111616]
=============== Created Last 30 ================
2009-09-29 04:49 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-29 04:49 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-29 04:49 <DIR> --d----- c:\programdata\Malwarebytes
2009-09-29 04:49 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-29 04:49 <DIR> --d----- c:\progra~2\Malwarebytes
2009-09-28 21:22 118,784 a------- c:\windows\system32\MSSTDFMT.DLL
2009-09-28 21:22 <DIR> --d----- c:\program files\SpywareBlaster
2009-09-28 21:11 <DIR> --d----- c:\users\nikki\appdata\roaming\WinPatrol
2009-09-28 18:18 7,396 a------- c:\windows\system32\drivers\pctcore.cat
2009-09-28 18:13 <DIR> --d----- c:\program files\Spyware Terminator
2009-09-28 17:15 <DIR> --d----- c:\users\nikki\Office Genuine Advantage
2009-09-28 15:52 146,997,238 a------- c:\windows\MEMORY.DMP
2009-09-24 16:40 <DIR> --d----- c:\programdata\Office Genuine Advantage
2009-09-23 20:06 <DIR> --d----- c:\program files\common files\Uninstall
2009-09-23 20:06 <DIR> --d----- c:\program files\AlphaAV
2009-09-10 23:19 <DIR> --d----- c:\program files\iPhone Configuration Utility
2009-09-10 23:13 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-09-10 23:13 26,600 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-09-10 23:12 <DIR> --d----- c:\program files\iPod
2009-09-10 23:12 <DIR> --d----- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-10 23:12 <DIR> --d----- c:\program files\iTunes
2009-09-10 23:12 <DIR> --d----- c:\progra~2\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-08 21:28 897,608 a------- c:\windows\system32\drivers\tcpip.sys
2009-09-08 21:28 104,960 a------- c:\windows\system32\netiohlp.dll
2009-09-08 21:28 27,136 a------- c:\windows\system32\NETSTAT.EXE
2009-09-08 21:28 19,968 a------- c:\windows\system32\ARP.EXE
2009-09-08 21:28 10,240 a------- c:\windows\system32\finger.exe
2009-09-08 21:28 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2009-09-08 21:28 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2009-09-08 21:28 17,920 a------- c:\windows\system32\ROUTE.EXE
2009-09-08 21:28 17,920 a------- c:\windows\system32\netevent.dll
2009-09-08 21:28 11,264 a------- c:\windows\system32\MRINFO.EXE
2009-09-08 21:27 2,501,921 a------- c:\windows\system32\wlan.tmf
2009-09-08 21:27 302,592 a------- c:\windows\system32\wlansec.dll
2009-09-08 21:27 293,376 a------- c:\windows\system32\wlanmsm.dll
2009-09-08 21:27 127,488 a------- c:\windows\system32\L2SecHC.dll
2009-09-08 21:27 513,024 a------- c:\windows\system32\wlansvc.dll
2009-09-08 21:27 2,868,224 a------- c:\windows\system32\mf.dll
2009-09-05 01:54 94,208 a------- c:\windows\system32\QuickTimeVR.qtx
2009-09-05 01:54 69,632 a------- c:\windows\system32\QuickTime.qts
2009-09-02 17:16 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-09-02 17:16 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
==================== Find3M ====================
2009-09-10 23:07 143,360 a------- c:\windows\inf\infstrng.dat
2009-09-10 23:07 86,016 a------- c:\windows\inf\infstor.dat
2009-09-10 23:07 51,200 a------- c:\windows\inf\infpub.dat
2009-08-28 05:39 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-28 05:38 2,153,984 a------- c:\windows\apppatch\AcGenral.dll
2009-08-28 05:38 541,696 a------- c:\windows\apppatch\AcLayers.dll
2009-08-28 05:38 459,776 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-17 10:02 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-08-17 10:02 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-08-03 15:07 403,816 a------- c:\windows\system32\OGACheckControl.dll
2009-08-03 15:07 322,928 a------- c:\windows\system32\OGAAddin.dll
2009-08-03 15:07 230,768 a------- c:\windows\system32\OGAEXEC.exe
2009-07-18 09:06 827,904 a------- c:\windows\system32\wininet.dll
2009-07-18 09:01 78,336 a------- c:\windows\system32\ieencode.dll
2009-07-18 02:46 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-07-17 07:35 71,680 a------- c:\windows\system32\atl.dll
2009-07-14 06:00 313,344 a------- c:\windows\system32\wmpdxm.dll
2009-07-14 05:59 4,096 a------- c:\windows\system32\dxmasf.dll
2009-07-14 05:58 7,680 a------- c:\windows\system32\spwmp.dll
2009-07-14 03:59 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-04-21 11:16 428 a------- c:\users\nikki\appdata\roaming\wklnhst.dat
2009-03-19 14:32 56 a---h--- c:\programdata\ezsidmv.dat
2009-03-19 14:32 56 a---h--- c:\progra~2\ezsidmv.dat
2008-06-14 12:13 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-20 19:43 174 a--sh--- c:\program files\desktop.ini
2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
============= FINISH: 14:31:34.87 ===============


Results of screen317's Security Check version 0.99.0
Windows Vista Service Pack 1
Out of date service pack!!
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
AVG Free 8.5
WMIC entry does not exist for antivirus; attempting automatic update.
``````````````````````````````
Anti-malware/Other Utilities Check:
SpywareBlaster 4.2
Spybot - Search & Destroy
Java(TM) 6 Update 4
Out of date Java installed!
Adobe Flash Player 10
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Out of date Adobe Reader installed!
``````````````````````````````
Process Check:
objlist.exe by Laurent
``````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)
`````````End of Log```````````


I hope I did this correctly.

What's the next step?

Thank you!
plata66 is offline   Reply With Quote
Old 09-29-2009   #2
Tech Support Team
 
Crush's Avatar
 
Join Date: Sep 2008
Location: Caldwell, New Jersey
Posts: 10,660
PC Experience: Always Learning New Things
Default Re: Trojan horse fakealert.mn - HELP!
Plata,

I don't think this is going to turn out to be a Malware problem but, let's just be sure. I do see some vulnerabilities we can clean up if we can get access to Normal Mode eventually.

How have you been getting these logs posted? From another computer? If you have access to another computer:


Please download Malwarebytes' Anti-Malware from one of these places:

https://www.cleverbridge.com/342/coo...%3ddl-10804572

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, navigate to the Update tab and click Check For Updates. It will then download the latest updates for you
* Now navigate back to the Scan tab
* Select "Perform Full Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply along with a fresh HijackThis log.

Please Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
__________________
Crush aka Chris
[Prework][Afterwork][PCHF Rules][BSOD's][SFC][Screenshots][PC Specs][Donate]
I am in fact, quite cool. My graphing calculator confirms this
Crush is offline   Reply With Quote
Old 09-30-2009   #3
Bronze Member
 
plata66's Avatar
 
Join Date: Sep 2009
Location: California
Posts: 4
PC Experience: PC Illiterate
Default Re: Trojan horse fakealert.mn - HELP!
Yes, i was using my flash drive to copy between laptops. I ran malwarebyte in safe mode and my laptop started in normal mode. Here is the log:

Malwarebytes' Anti-Malware 1.41
Database version: 2873
Windows 6.0.6001 Service Pack 1 (Safe Mode)
9/29/2009 5:22:05 PM
mbam-log-2009-09-29 (17-22-05).txt
Scan type: Full Scan (C:\|)
Objects scanned: 216187
Time elapsed: 36 minute(s), 16 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 2
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
\\?\globalroot\systemroot\System32\UACdwdlxicbgx.d ll (Rootkit.TDSS) -> Delete on reboot.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\UACd.sys (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\Environment\avapp (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Environment\avuninst (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\AlphaAV (Rogue.AlphaAV) -> Quarantined and deleted successfully.
Files Infected:
\\?\globalroot\systemroot\System32\UACdwdlxicbgx.d ll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\Nikki\AppData\Local\Temp\drv10194744.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Windows\system32\uacinit.dll (Trojan.Agent) -> Delete on reboot.


Next action?

Thank you for your help!
plata66 is offline   Reply With Quote
Old 09-30-2009   #4
Tech Support Team
 
Crush's Avatar
 
Join Date: Sep 2008
Location: Caldwell, New Jersey
Posts: 10,660
PC Experience: Always Learning New Things
Default Re: Trojan horse fakealert.mn - HELP!
Great. We're making progress. We need to weed out the remaining junk left over by the TDSS Rootkit.



Next, lets download ComboFix.exe. This will give me a better view to the files running, those that are hidden, and also those in the registry..Please download from one of these webpages .

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
Combofix -> Anti-malware Tools -> Downloads


* IMPORTANT !!! Save ComboFix.exe to your Desktop


Disable your AntiVirus and AntiSpyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with our tools.

Double-click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Recovery Console can be installed from your disc if you have Vista if you wish.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:





Click on Yes to continue scanning for malware.

When finished, it shall produce a log for you. Please include the ComboFix.txt in your reply.
__________________
Crush aka Chris
[Prework][Afterwork][PCHF Rules][BSOD's][SFC][Screenshots][PC Specs][Donate]
I am in fact, quite cool. My graphing calculator confirms this
Crush is offline   Reply With Quote
Old 09-30-2009   #5
Bronze Member
 
plata66's Avatar
 
Join Date: Sep 2009
Location: California
Posts: 4
PC Experience: PC Illiterate
Default Re: Trojan horse fakealert.mn - HELP!
Here's the combofix results:

ComboFix 09-09-29.01 - Nikki 09/29/2009 21:43.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2037.905 [GMT -7:00]
Running from: c:\users\Nikki\Music\2 Unlimited\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-1968060777-2200822849-3441078687-500
c:\$recycle.bin\S-1-5-21-2773397201-2855733099-4214572315-500
c:\programdata\Microsoft\Network\Downloader\qmgr0. dat
c:\programdata\Microsoft\Network\Downloader\qmgr1. dat
c:\windows\Installer\9c6d.msp
c:\windows\system32\oem7.inf
----- BITS: Possible infected sites -----
hxxp://i0006.photobucket.com
.
((((((((((((((((((((((((( Files Created from 2009-08-28 to 2009-09-30 )))))))))))))))))))))))))))))))
.
2009-09-30 04:50 . 2009-09-30 04:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-30 01:37 . 2009-09-30 01:37 -------- d-----w- c:\program files\CCleaner
2009-09-29 22:52 . 2009-09-29 22:52 -------- d-----w- c:\users\Nikki\AppData\Roaming\Malwarebytes
2009-09-29 22:50 . 2009-09-29 22:52 -------- d-----w- c:\program files\Ayuda
2009-09-29 11:49 . 2009-09-10 21:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-29 11:49 . 2009-09-29 23:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-29 11:49 . 2009-09-29 11:49 -------- d-----w- c:\programdata\Malwarebytes
2009-09-29 11:49 . 2009-09-10 21:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-29 04:22 . 2005-08-26 02:18 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2009-09-29 04:22 . 2009-09-30 03:22 -------- d-----w- c:\program files\SpywareBlaster
2009-09-29 04:11 . 2009-09-29 04:11 -------- d-----w- c:\users\Nikki\AppData\Roaming\WinPatrol
2009-09-29 04:11 . 2006-09-18 21:43 10 ----a-w- c:\users\Nikki\AppData\Roaming\WinPatrol\Config.sy s
2009-09-29 04:11 . 2006-09-18 21:43 24 ----a-w- c:\users\Nikki\AppData\Roaming\WinPatrol\Autoexec. bat
2009-09-29 01:13 . 2009-09-29 03:53 -------- d-----w- c:\program files\Spyware Terminator
2009-09-29 00:15 . 2009-09-29 00:15 -------- d-----w- c:\users\Nikki\Office Genuine Advantage
2009-09-28 22:40 . 2009-09-30 00:07 680 ----a-w- c:\users\Nikki\AppData\Local\d3d9caps.dat
2009-09-24 23:40 . 2009-09-24 23:40 -------- d-----w- c:\programdata\Office Genuine Advantage
2009-09-24 03:06 . 2009-09-24 03:06 -------- d-----w- c:\program files\Common Files\Uninstall
2009-09-11 06:19 . 2009-09-11 06:19 -------- d-----w- c:\program files\iPhone Configuration Utility
2009-09-11 06:13 . 2009-05-18 21:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-09-11 06:13 . 2008-04-17 20:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-09-11 06:12 . 2009-09-11 06:12 -------- d-----w- c:\program files\iPod
2009-09-11 06:12 . 2009-09-11 06:13 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-11 06:12 . 2009-09-11 06:13 -------- d-----w- c:\program files\iTunes
2009-09-11 06:10 . 2009-09-11 06:10 -------- d-----w- c:\program files\QuickTime
2009-09-09 04:28 . 2009-08-14 17:07 897608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-09-09 04:28 . 2009-08-14 16:29 104960 ----a-w- c:\windows\system32\netiohlp.dll
2009-09-09 04:28 . 2009-08-14 14:16 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-09-09 04:28 . 2009-08-14 14:16 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-09-09 04:28 . 2009-08-14 14:16 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-09-09 04:28 . 2009-08-14 14:16 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-09-09 04:28 . 2009-08-14 14:16 10240 ----a-w- c:\windows\system32\finger.exe
2009-09-09 04:28 . 2009-08-14 16:29 17920 ----a-w- c:\windows\system32\netevent.dll
2009-09-09 04:28 . 2009-08-14 14:16 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-09-09 04:28 . 2009-08-14 14:16 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-09-09 04:27 . 2009-07-11 19:32 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-09-09 04:27 . 2009-07-11 19:32 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-09-09 04:27 . 2009-07-11 19:29 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-09-09 04:27 . 2009-07-11 19:32 513024 ----a-w- c:\windows\system32\wlansvc.dll
2009-09-09 04:27 . 2009-06-10 12:11 2868224 ----a-w- c:\windows\system32\mf.dll
2009-09-03 00:16 . 2009-08-28 12:39 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-09-03 00:16 . 2009-08-28 10:15 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-09-30 04:34 . 2008-05-28 15:41 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-30 04:34 . 2008-05-28 15:41 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-09-30 04:25 . 2009-03-19 21:20 -------- d-----w- c:\users\Nikki\AppData\Roaming\Skype
2009-09-30 00:27 . 2009-03-19 21:32 -------- d-----w- c:\users\Nikki\AppData\Roaming\skypePM
2009-09-29 04:00 . 2008-05-26 19:19 101016 ----a-w- c:\users\Nikki\AppData\Local\GDIPFONTCACHEV1.DAT
2009-09-29 03:00 . 2008-06-29 23:37 -------- d-----w- c:\programdata\Microsoft Help
2009-09-29 02:56 . 2006-11-02 12:37 -------- d-----w- c:\program files\MSBuild
2009-09-29 02:24 . 2008-06-02 18:25 -------- d-----w- c:\programdata\Viewpoint
2009-09-29 01:18 . 2009-09-29 01:18 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-09-28 21:05 . 2008-09-01 04:42 -------- d-----w- c:\programdata\Avg8
2009-09-18 15:50 . 2008-05-27 05:00 -------- d-----w- c:\users\Nikki\AppData\Roaming\LimeWire
2009-09-11 23:58 . 2008-09-01 20:35 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-11 23:57 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-11 19:47 . 2008-05-27 04:50 -------- d-----w- c:\users\Nikki\AppData\Roaming\Apple Computer
2009-09-11 06:18 . 2008-11-24 23:44 -------- d-----w- c:\program files\Safari
2009-09-11 06:12 . 2008-05-27 04:47 -------- d-----w- c:\program files\Common Files\Apple
2009-08-17 17:02 . 2009-02-04 23:34 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-17 17:02 . 2009-02-04 23:34 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-17 17:02 . 2009-02-04 23:34 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-03 22:07 . 2009-08-03 22:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 22:07 . 2009-08-03 22:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 22:07 . 2009-08-03 22:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
2009-07-18 16:06 . 2009-07-29 04:12 827904 ----a-w- c:\windows\system32\wininet.dll
2009-07-18 16:01 . 2009-07-29 04:12 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-18 09:46 . 2009-07-29 04:12 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 14:35 . 2009-08-12 19:05 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-14 13:00 . 2009-08-12 19:04 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-14 12:59 . 2009-08-12 19:04 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-14 12:58 . 2009-08-12 19:04 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-07-14 10:59 . 2009-08-12 19:04 8147456 ----a-w- c:\windows\system32\wmploc.DLL
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 16:55 1090816 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2008-04-08 68856]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"DellAutomatedPCTuneUp"="c:\program files\DellAutomatedPCTuneUp\PTAgnt.exe" [2007-10-11 465136]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-04-16 24264488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-01-18 17920]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-10-25 167936]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-06 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-06 166424]
"Persistence"="c:\windows\system32\igfxpers.ex e" [2008-03-06 133656]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-12 3444736]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-07 29744]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-02-14 16384]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-11-01 189736]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-13 405504]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-17 2007832]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\ayuda.exe" [2009-09-10 1312080]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-9-7 1180952]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleD esktopNetwork3.dll c:\windows\System32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager]
BootExecute REG_MULTI_SZ
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\DomainProfile]
"DisabledInterfaces"=
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{D1805227-F3AC-4B52-988E-2269A4D58B03}"= c:\program files\Dell\MediaDirect\MediaDirect.exeell MediaDirect
"{504B1FA2-144F-4FF2-A1C1-8F91B2F7906F}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{9A072013-F38F-4A6E-92DF-8B2E67D90696}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine. exe:Cyberlink Media Server Browser Engine
"{08F70B55-4004-443C-929F-E7B1D8B2573D}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe: CyberLink Media Server
"{0B6DC9B5-7D0C-4B4D-AC23-721F8DBA6801}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{7635A47F-CFFB-4EC1-B987-A22000F02E71}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{A6C55814-D748-4193-A7AB-3629089EC19C}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{CDC6FD5D-5695-4DFA-AC7C-764202755F0F}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{07B52AE1-6D88-41CE-81B8-318916C406A3}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{23D88198-3470-4D5F-BF23-107A8C4EAC6B}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{55B4B38B-BB05-4F78-8644-014B77EDA932}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{2296F356-74D6-4F13-A854-BC239311FBB9}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{CFA45FC4-9AF8-4114-96A0-94E0564B3DEE}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{92258B9C-77C8-4249-A54A-46E6617F39C5}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{3DBEE040-8452-439B-AFED-847338C2464F}"= UDP:c:\program files\AVG\AVG8\avgui.exe:AVG Free User Interface
"{51517779-2C71-415E-BA45-1E031A533B97}"= TCP:c:\program files\AVG\AVG8\avgui.exe:AVG Free User Interface
"{B8FCF8B2-94F1-4E8E-83A8-D19AB10D40B5}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{D95316C0-7B63-464F-BC08-81BB74EA57AA}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{D289D046-175C-473C-955C-C10A5EFA5DD5}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{C0CF870D-619E-4E51-B562-1C5B28F79C5C}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"{2CF56DF6-B664-4D5F-B851-9C526F9ABEE3}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{80EB4BA9-497D-44D4-A5A6-45A4BFDD83E0}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{A02CB37A-5555-4710-9158-A898F77D8F3B}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{11B4E097-F5B5-4A64-BBEC-E3ED86A56EAE}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{82F906C3-D011-4669-8235-73C7A532E11A}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{F01B8CFD-6E97-4555-B7BC-47C612AE56BB}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{949AE142-34E5-4068-9FD5-B11DDB006BFD}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"TCP Query User{C2BDF5B3-6D74-40D3-A757-522E091C7C5C}c:\\program files\\v cast music with rhapsody\\rhapsody.exe"= UDP:c:\program files\v cast music with rhapsody\rhapsody.exe:RealNetworks Rhapsody
"UDP Query User{E527BD06-1566-4E23-A853-9F0D738F3CBD}c:\\program files\\v cast music with rhapsody\\rhapsody.exe"= TCP:c:\program files\v cast music with rhapsody\rhapsody.exe:RealNetworks Rhapsody
"{6EE0C515-1F68-4015-9946-E9FE8345752D}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{C364462C-0424-47C3-BFDA-458A578B03E5}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{C02BEEA1-7F03-4450-A34B-3D25FB72AA84}c:\\program files\\spyware terminator\\spywareterminatorupdate.exe"= UDP:c:\program files\spyware terminator\spywareterminatorupdate.exe:Crawler Spyware Terminator
"UDP Query User{697F6504-78B3-4803-829F-22B9FDA07B19}c:\\program files\\spyware terminator\\spywareterminatorupdate.exe"= TCP:c:\program files\spyware terminator\spywareterminatorupdate.exe:Crawler Spyware Terminator
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\PublicProfile]
"DisabledInterfaces"=
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile]
"DisabledInterfaces"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [2/4/2009 4:34 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [2/4/2009 4:34 PM 108552]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\AEstSrv.exe [11/24/2008 8:20 PM 73728]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/1/2009 9:18 AM 297752]
R2 datunidrellAutomatedPCTuneUp UniDriver;c:\windows\System32\drivers\datunidr.sys [8/23/2007 6:29 PM 5376]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\System32\drivers\IntcHdmi.sys [4/8/2008 6:04 AM 111616]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" --> c:\program files\Viewpoint\Common\ViewpointService.exe [?]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [4/8/2008 3:26 AM 29744]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - SAMSS
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/
uInternet Settings,ProxyOverride = *.local
IE: &AIM Toolbar Search - c:\programdata\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: grisoft.com\www
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Aim6 - (no file)

************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-09-29 21:51
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Cl ***\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Cl ***\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Cl ***\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Cl ***\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Cl ***\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-09-30 21:53
ComboFix-quarantined-files.txt 2009-09-30 04:53
Pre-Run: 33,395,408,896 bytes free
Post-Run: 33,163,075,584 bytes free
265 --- E O F --- 2009-09-29 04:30

How's it coming along?

Thank you!
plata66 is offline   Reply With Quote
Old 09-30-2009   #6
Tech Support Team
 
Crush's Avatar
 
Join Date: Sep 2008
Location: Caldwell, New Jersey
Posts: 10,660
PC Experience: Always Learning New Things
Default Re: Trojan horse fakealert.mn - HELP!
How are things running now? Functionality improved?
__________________
Crush aka Chris
[Prework][Afterwork][PCHF Rules][BSOD's][SFC][Screenshots][PC Specs][Donate]
I am in fact, quite cool. My graphing calculator confirms this
Crush is offline   Reply With Quote
Old 09-30-2009   #7
Bronze Member
 
plata66's Avatar
 
Join Date: Sep 2009
Location: California
Posts: 4
PC Experience: PC Illiterate
Default Re: Trojan horse fakealert.mn - HELP!
Everything seems to be back to normal. Haven't really done too much as I wasn't sure if I needed to install or run other programs before I got the clearance from you.

If this concludes everything, thank you so very much. You're a life saver.

Thank you! Thank you! Thank you!
Plata66
plata66 is offline   Reply With Quote

Reply
Page 1 of 2 1 2

Bookmarks

Tags
fakealertmn, horse, Pending:, trojan
Similar discussions...
Thread Thread Starter Forum Replies Last Post
Pending: trojan.fakealert and red dot w/ white x amp8112 [Pending] HJT Logs 11 04-15-2009 02:45 AM
Solved: Trojan.FakeAlert dpschiek62a [Fixed] Hijackthis! Logs 2 10-30-2008 07:27 PM
Solved: Trojan horse FCBJ [Fixed] Hijackthis! Logs 24 06-05-2008 10:50 PM
Solved: Trojan Horse Bazbat [Fixed] Hijackthis! Logs 10 05-14-2008 11:21 AM
<News> Trojan Horse? Researchers Warn of Trojan Hearse Newsie IT News 0 03-22-2006 05:31 AM

« Win32 Error & Slow internet | Prework programs all crashing... »
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are On


Site Map - Top

All times are GMT. The time now is 05:43 AM.
Powered by vBulletin
Copyright ©2000 - 2010, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.3.2