Jump to content

lorraine112

Members
 View Profile  See their activity

  • Posts

    8

  • Joined

  • Last visited

About lorraine112

  • Birthday 08/01/1960

Tech Info

  • Experience
    some_experience
  • System: windows_xp_home

lorraine112's Achievements

Newbie

Newbie (1/14)

0

Reputation

  1. lorraine112
    Hi Chiaz Thankyou for your help msn and yahoo messanger are now working. i will wait for any further instructions, thankyou
  2. lorraine112
    Hi chiraz This is the latest log...thanks ComboFix 09-11-07.02 - User 09/11/2009 19:34.2.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.447.222 [GMT 0:00] Running from: f:\documents and settings\User\Desktop\ComboFix.exe Command switches used :: f:\documents and settings\User\Desktop\CFScript.txt.txt AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . f:\documents and settings\All Users\Application Data\Kiwee Toolbar f:\program files\Kiwee Toolbar f:\program files\Kiwee Toolbar\2.9.201\AGTBCore.dll f:\program files\Kiwee Toolbar\2.9.201\AolIMToolbar.dll f:\program files\Kiwee Toolbar\2.9.201\firefox\chrome.manifest f:\program files\Kiwee Toolbar\2.9.201\firefox\chrome\kiweetoolbar.jar f:\program files\Kiwee Toolbar\2.9.201\firefox\components\AGCore.js f:\program files\Kiwee Toolbar\2.9.201\firefox\components\AGCore.xpt f:\program files\Kiwee Toolbar\2.9.201\firefox\components\KiweeSearchHistory.js f:\program files\Kiwee Toolbar\2.9.201\firefox\components\SearchProtection.js f:\program files\Kiwee Toolbar\2.9.201\firefox\components\SearchProtection.xpt f:\program files\Kiwee Toolbar\2.9.201\firefox\defaults\preferences\defaults.js f:\program files\Kiwee Toolbar\2.9.201\firefox\firefox.xpi f:\program files\Kiwee Toolbar\2.9.201\firefox\install.rdf f:\program files\Kiwee Toolbar\2.9.201\firefox\META-INF\manifest.mf f:\program files\Kiwee Toolbar\2.9.201\firefox\META-INF\zigbert.rsa f:\program files\Kiwee Toolbar\2.9.201\firefox\META-INF\zigbert.sf f:\program files\Kiwee Toolbar\2.9.201\FlashCOM.dll f:\program files\Kiwee Toolbar\2.9.201\KiweeCommonCtrls.dll f:\program files\Kiwee Toolbar\2.9.201\KiweeContentHost.dll f:\program files\Kiwee Toolbar\2.9.201\KiweeIEToolbar.dll f:\program files\Kiwee Toolbar\2.9.201\KiweeIMToolbar.dll f:\program files\Kiwee Toolbar\2.9.201\KiweeTBCore.dll f:\program files\Kiwee Toolbar\2.9.201\KiweeTBCore.tlb f:\program files\Kiwee Toolbar\2.9.201\kiweetoolbar.zip f:\program files\Kiwee Toolbar\2.9.201\kwtbaim.exe f:\program files\Kiwee Toolbar\2.9.201\mfc80u.dll f:\program files\Kiwee Toolbar\2.9.201\Microsoft.VC80.CRT.manifest f:\program files\Kiwee Toolbar\2.9.201\Microsoft.VC80.MFC.manifest f:\program files\Kiwee Toolbar\2.9.201\msimg32.dll f:\program files\Kiwee Toolbar\2.9.201\MsnIMToolbar.dll f:\program files\Kiwee Toolbar\2.9.201\msvcp80.dll f:\program files\Kiwee Toolbar\2.9.201\msvcr80.dll f:\program files\Kiwee Toolbar\2.9.201\RemoteLib.dll f:\program files\Kiwee Toolbar\2.9.201\Riched20.dll . ((((((((((((((((((((((((( Files Created from 2009-10-09 to 2009-11-09 ))))))))))))))))))))))))))))))) . 2009-11-06 09:16 . 2009-10-21 08:04 2064152 ----a-w- f:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll 2009-11-04 21:10 . 2009-11-04 23:39 -------- d-----w- f:\windows\BDOSCAN8 2009-11-04 19:45 . 2009-11-04 19:45 152576 ----a-w- f:\documents and settings\User\Application Data\Sun\Java\jre1.6.0_17\lzma.dll 2009-11-04 19:00 . 2009-09-10 14:54 38224 ----a-w- f:\windows\system32\drivers\mbamswissarmy.sys 2009-11-04 19:00 . 2009-09-10 14:53 19160 ----a-w- f:\windows\system32\drivers\mbam.sys 2009-11-04 19:00 . 2009-11-04 19:01 -------- d-----w- f:\program files\Malwarebytes' Anti-Malware 2009-11-03 20:01 . 2009-11-03 20:01 -------- d-----w- f:\program files\VS Revo Group 2009-11-03 19:53 . 2009-11-03 19:53 -------- d-----w- f:\documents and settings\All Users\Application Data\ParetoLogic Anti-Virus PLUS 2009-11-03 19:53 . 2009-11-03 19:53 -------- d-----w- f:\program files\Common Files\ParetoLogic 2009-11-03 19:53 . 2009-11-03 19:53 -------- d-----w- f:\program files\ParetoLogic 2009-11-03 19:53 . 2009-11-03 19:53 -------- d-----w- f:\documents and settings\All Users\Application Data\ParetoLogic 2009-11-03 19:51 . 2009-11-03 19:51 -------- d-----w- f:\documents and settings\User\Local Settings\Application Data\Downloaded Installations 2009-11-02 22:05 . 2009-11-02 22:05 117760 ----a-w- f:\documents and settings\User\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2009-11-02 22:03 . 2009-11-02 22:03 -------- d-----w- f:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2009-11-02 22:01 . 2009-11-02 22:01 -------- d-----w- f:\documents and settings\User\Application Data\SUPERAntiSpyware.com 2009-11-02 21:10 . 2009-11-02 21:10 -------- d-----w- f:\program files\Common Files\Wise Installation Wizard 2009-11-02 19:20 . 2009-11-02 19:20 -------- d-----w- f:\windows\system32\wbem\Repository 2009-11-02 18:59 . 2009-11-02 19:59 -------- d-----w- f:\program files\Unlocker 2009-11-02 18:30 . 2009-11-02 18:35 99142 ----a-w- F:\MGlogs.zip 2009-11-02 18:30 . 2009-11-02 19:18 -------- d-----w- F:\MGtools 2009-11-02 10:23 . 2009-11-02 19:18 -------- d-----w- f:\program files\Malwarebytes' Anti-Malware(2) 2009-11-02 10:01 . 2009-11-02 19:18 -------- d-----w- f:\documents and settings\User\Application Data\SUPERAntiSpyware(2).com 2009-11-02 00:10 . 2009-11-02 09:22 29216 --sha-w- f:\windows\system32\drivers\fidbox2.dat 2009-11-02 00:10 . 2009-11-02 09:22 1818912 --sha-w- f:\windows\system32\drivers\fidbox.dat 2009-11-01 23:07 . 2009-11-02 22:01 -------- d-----w- f:\program files\SUPERAntiSpyware 2009-11-01 21:55 . 2009-11-01 21:55 -------- d-----w- f:\documents and settings\User\Application Data\Malwarebytes 2009-11-01 21:55 . 2009-11-01 21:55 -------- d-----w- f:\documents and settings\All Users\Application Data\Malwarebytes 2009-10-23 18:26 . 2009-10-23 18:26 -------- d-----w- f:\program files\iPod 2009-10-23 18:25 . 2009-10-23 18:27 -------- d-----w- f:\program files\iTunes 2009-10-23 18:25 . 2009-10-23 18:27 -------- d-----w- f:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2009-10-23 18:19 . 2009-10-23 18:20 -------- d-----w- f:\program files\QuickTime 2009-10-23 18:10 . 2009-10-23 18:10 79144 ----a-w- f:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.1.8\SetupAdmin.exe 2009-10-17 07:38 . 2009-10-17 07:37 2025752 ----a-w- f:\documents and settings\All Users\Application Data\avg8\update\backup\avgtray.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-09 18:28 . 2009-06-24 19:20 -------- d-----w- f:\documents and settings\All Users\Application Data\WildTangent 2009-11-09 10:46 . 2009-04-05 00:58 -------- d-----w- f:\documents and settings\User\Application Data\Spotify 2009-11-04 19:57 . 2009-01-19 19:22 -------- d-----w- f:\program files\Java 2009-11-03 21:52 . 2009-05-21 20:22 -------- d-----w- f:\documents and settings\User\Application Data\Skype 2009-11-03 21:40 . 2009-02-08 12:52 -------- d-----w- f:\documents and settings\User\Application Data\skypePM 2009-11-02 09:22 . 2009-11-02 00:10 3788 --sha-w- f:\windows\system32\drivers\fidbox2.idx 2009-11-02 09:22 . 2009-11-02 00:10 25436 --sha-w- f:\windows\system32\drivers\fidbox.idx 2009-11-02 08:43 . 2009-09-16 19:40 -------- d-----w- f:\program files\Gamenext 2009-10-23 18:26 . 2009-06-12 19:58 -------- d-----w- f:\program files\Common Files\Apple 2009-10-11 04:17 . 2009-06-07 09:15 411368 ----a-w- f:\windows\system32\deploytk.dll 2009-10-06 20:57 . 2009-01-28 19:51 -------- d-----w- f:\program files\Windows Live 2009-10-06 20:40 . 2009-10-06 20:39 -------- d-----w- f:\documents and settings\User\Application Data\agi 2009-10-06 20:39 . 2009-06-12 22:04 -------- d-----w- f:\documents and settings\All Users\Application Data\agi 2009-10-06 20:39 . 2009-04-23 21:29 339968 ----a-w- f:\windows\system32\pythoncom25.dll 2009-10-06 20:39 . 2009-04-23 21:29 2117632 ----a-w- f:\windows\system32\python25.dll 2009-10-06 20:39 . 2009-04-23 21:29 114688 ----a-w- f:\windows\system32\pywintypes25.dll 2009-10-06 20:39 . 2009-10-06 20:39 -------- d-----w- f:\program files\AGI 2009-09-28 22:57 . 2009-09-28 22:57 -------- d-----w- f:\documents and settings\User\Application Data\Serif 2009-09-28 22:54 . 2009-09-28 22:54 -------- d-----w- f:\program files\Serif 2009-09-25 06:30 . 2009-01-21 17:55 1 ----a-w- f:\documents and settings\User\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2009-09-24 11:28 . 2009-09-24 11:28 -------- d-----w- f:\documents and settings\User\Application Data\Windows Live Writer 2009-09-17 16:09 . 2009-01-22 19:43 -------- d---a-w- f:\documents and settings\All Users\Application Data\TEMP 2009-09-16 21:17 . 2009-03-08 20:17 -------- d-----w- f:\documents and settings\User\Application Data\PlayFirst 2009-09-16 21:17 . 2009-03-08 20:17 -------- d-----w- f:\documents and settings\All Users\Application Data\PlayFirst 2009-09-16 21:16 . 2009-03-06 20:20 -------- d-----w- f:\program files\Oberon Media 2009-09-16 19:41 . 2009-09-16 19:41 -------- d-----w- f:\documents and settings\All Users\Application Data\GamesBar 2009-09-11 14:18 . 2006-02-28 12:00 136192 ----a-w- f:\windows\system32\msv1_0.dll 2009-09-04 21:03 . 2006-02-28 12:00 58880 ----a-w- f:\windows\system32\msasn1.dll 2009-08-29 08:08 . 2006-02-28 12:00 916480 ------w- f:\windows\system32\wininet.dll 2009-08-26 08:26 . 2009-01-21 19:06 11952 ----a-w- f:\windows\system32\avgrsstx.dll 2009-08-26 08:26 . 2009-01-21 19:06 27784 ----a-w- f:\windows\system32\drivers\avgmfx86.sys 2009-08-26 08:26 . 2009-01-21 19:06 335240 ----a-w- f:\windows\system32\drivers\avgldx86.sys 2009-08-26 08:00 . 2006-02-28 12:00 247326 ----a-w- f:\windows\system32\strmdll.dll . ((((((((((((((((((((((((((((( SnapShot@2009-11-08_12.44.56 ))))))))))))))))))))))))))))))))))))))))) . + 2009-11-09 19:49 . 2009-11-09 19:49 16384 f:\windows\temp\Perflib_Perfdata_cc8.dat + 2009-11-09 19:48 . 2009-11-09 19:48 16384 f:\windows\temp\Perflib_Perfdata_728.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "f:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2009-09-02 10:58 1107200 ----a-w- f:\program files\AVG\AVG8\Toolbar\IEToolbar.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Messenger (Yahoo!)"="f:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-26 4351216] "msnmsgr"="f:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "SUPERAntiSpyware"="f:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-10-12 2000112] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG8_TRAY"="f:\progra~1\AVG\AVG8\avgtray.exe" [2009-11-02 2028312] "AVFX Engine"="f:\program files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-06-09 24576] "snp2std"="f:\windows\vsnp2std.exe" [2005-08-13 348160] "Creative Software Update"="f:\program files\Creative\Shared Files\Software Update\AutoUpdate.exe" [bU] "Adobe Reader Speed Launcher"="f:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "TkBellExe"="f:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-22 185896] "QuickTime Task"="f:\program files\QuickTime\QTTask.exe" [2009-09-05 417792] "iTunesHelper"="f:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440] "UnlockerAssistant"="f:\program files\Unlocker\UnlockerAssistant.exe" [2009-10-26 15872] "ParetoLogic Anti-Virus PLUS"="f:\program files\ParetoLogic\Anti-Virus PLUS\Pareto_AV.lnk" [2009-11-09 2355] "Malwarebytes Anti-Malware (reboot)"="f:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "SunJavaUpdateSched"="f:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280] "VTTimer"="VTTimer.exe" - f:\windows\system32\VTTimer.exe [2005-03-08 53248] "VTTrayp"="VTtrayp.exe" - f:\windows\system32\VTTrayp.exe [2005-03-11 147456] "SoundMan"="SOUNDMAN.EXE" - f:\windows\SOUNDMAN.EXE [2005-09-22 90112] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="f:\windows\system32\CTFMON.EXE" [2008-04-14 15360] f:\documents and settings\User\Start Menu\Programs\Startup\ OpenOffice.org 3.0.lnk - f:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "f:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 15:21 548352 ----a-w- f:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-08-26 08:26 11952 ----a-w- f:\windows\system32\avgrsstx.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "f:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "f:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "f:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "f:\\Program Files\\SightSpeed\\SightSpeed.exe"= "f:\\WINDOWS\\system32\\dxdiag.exe"= "f:\\Program Files\\Messenger\\msmsgs.exe"= "f:\\Program Files\\Spotify\\spotify.exe"= "f:\\WINDOWS\\system32\\dpvsetup.exe"= "f:\\Program Files\\Bonjour\\mDNSResponder.exe"= "f:\\Program Files\\LimeWire\\LimeWire.exe"= "f:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"= "f:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "f:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "f:\\Program Files\\iTunes\\iTunes.exe"= "f:\\Program Files\\Skype\\Phone\\Skype.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;f:\windows\system32\drivers\avgldx86.sys [21/01/2009 19:06 335240] R1 AvgTdiX;AVG Free8 Network Redirector;f:\windows\system32\drivers\avgtdix.sys [21/01/2009 19:06 108552] R1 SASDIFSV;SASDIFSV;f:\program files\SUPERAntiSpyware\sasdifsv.sys [12/10/2009 21:24 9968] R1 SASKUTIL;SASKUTIL;f:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/10/2009 21:24 74480] R2 avg8emc;AVG Free8 E-mail Scanner;f:\progra~1\AVG\AVG8\avgemc.exe [21/01/2009 19:06 908056] R2 avg8wd;AVG Free8 WatchDog;f:\progra~1\AVG\AVG8\avgwdsvc.exe [21/01/2009 19:06 297752] R2 fssfltr;FssFltr;f:\windows\system32\drivers\fssfltr_tdi.sys [20/02/2009 10:49 54752] R2 ZeppelinService;plasservice;f:\program files\Common Files\ParetoLogic\PLAS\plasservice.exe [18/02/2009 14:40 587216] R3 SASENUM;SASENUM;f:\program files\SUPERAntiSpyware\SASENUM.SYS [12/10/2009 21:24 7408] S3 fsssvc;Windows Live Family Safety Service;f:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 21:48 704864] --- Other Services/Drivers In Memory --- *Deregistered* - mbr . Contents of the 'Scheduled Tasks' folder 2009-11-06 f:\windows\Tasks\AppleSoftwareUpdate.job - f:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2009-11-09 f:\windows\Tasks\ParetoLogic Registration.job - f:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2008-02-22 12:25] 2009-11-09 f:\windows\Tasks\User_Feed_Synchronization-{641EEE1C-5145-4864-B1AD-6DDBA7CC4D33}.job - f:\windows\system32\msfeedssync.exe [2007-08-13 03:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.co.uk/ mStart Page = hxxp://www.yahoo.com/ mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*Yahoo! SearchBar Home Page uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*Yahoo! DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab DPF: {2AD0C02D-3A2E-4192-BD8A-19C89BD0DFF1} - http://file:///F:/Documents%20and%20Settings/All%20Users/Application%20Data/Skype/Plugins/Plugins/263AF18BA8E6473194D1E386FDADB7DE/4USclub.cab . - - - - ORPHANS REMOVED - - - - Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) HKLM-Run-KiweeHook - f:\program files\Kiwee Toolbar\2.9.201\kwtbaim.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2009-11-09 19:48 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(520) f:\program files\SUPERAntiSpyware\SASWINLO.dll f:\windows\system32\WININET.dll - - - - - - - > 'explorer.exe'(2720) f:\windows\system32\WININET.dll f:\program files\Unlocker\UnlockerHook.dll f:\windows\system32\ieframe.dll f:\windows\system32\webcheck.dll f:\windows\system32\WPDShServiceObj.dll f:\windows\system32\PortableDeviceTypes.dll f:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . f:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe f:\program files\Bonjour\mDNSResponder.exe f:\program files\Java\jre6\bin\jqs.exe f:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe f:\progra~1\AVG\AVG8\avgrsx.exe f:\progra~1\AVG\AVG8\avgnsx.exe f:\program files\AVG\AVG8\avgcsrvx.exe f:\windows\system32\wscntfy.exe f:\program files\ParetoLogic\Anti-Virus PLUS\Pareto_AV.exe f:\program files\OpenOffice.org 3\program\soffice.exe f:\program files\OpenOffice.org 3\program\soffice.bin f:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2009-11-09 19:57 - machine was rebooted ComboFix-quarantined-files.txt 2009-11-09 19:57 ComboFix2.txt 2009-11-08 12:49 ComboFix3.txt 2009-11-02 18:01 Pre-Run: 62,053,519,360 bytes free Post-Run: 62,050,816,000 bytes free - - End Of File - - C0C0879FEE20C19AD68F3A5A497CD249
  3. lorraine112
    Hi sorry but i posted the wrong log this is the latest thanks Malwarebytes' Anti-Malware 1.41 Database version: 3123 Windows 5.1.2600 Service Pack 3 08/11/2009 11:58:19 mbam-log-2009-11-08 (11-58-19).txt Scan type: Quick Scan Objects scanned: 102811 Time elapsed: 14 minute(s), 34 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected
  4. lorraine112
    Hi again this is the second log....thanks ComboFix 09-11-07.02 - User 08/11/2009 12:31.1.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.447.114 [GMT 0:00] Running from: f:\documents and settings\User\Desktop\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ((((((((((((((((((((((((( Files Created from 2009-10-08 to 2009-11-08 ))))))))))))))))))))))))))))))) . 2009-11-06 09:16 . 2009-10-21 08:04 2064152 ----a-w- f:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll 2009-11-04 21:10 . 2009-11-04 23:39 -------- d-----w- f:\windows\BDOSCAN8 2009-11-04 19:45 . 2009-11-04 19:45 152576 ----a-w- f:\documents and settings\User\Application Data\Sun\Java\jre1.6.0_17\lzma.dll 2009-11-04 19:00 . 2009-09-10 14:54 38224 ----a-w- f:\windows\system32\drivers\mbamswissarmy.sys 2009-11-04 19:00 . 2009-09-10 14:53 19160 ----a-w- f:\windows\system32\drivers\mbam.sys 2009-11-04 19:00 . 2009-11-04 19:01 -------- d-----w- f:\program files\Malwarebytes' Anti-Malware 2009-11-03 20:01 . 2009-11-03 20:01 -------- d-----w- f:\program files\VS Revo Group 2009-11-03 19:53 . 2009-11-03 19:53 -------- d-----w- f:\documents and settings\All Users\Application Data\ParetoLogic Anti-Virus PLUS 2009-11-03 19:53 . 2009-11-03 19:53 -------- d-----w- f:\program files\Common Files\ParetoLogic 2009-11-03 19:53 . 2009-11-03 19:53 -------- d-----w- f:\program files\ParetoLogic 2009-11-03 19:53 . 2009-11-03 19:53 -------- d-----w- f:\documents and settings\All Users\Application Data\ParetoLogic 2009-11-03 19:51 . 2009-11-03 19:51 -------- d-----w- f:\documents and settings\User\Local Settings\Application Data\Downloaded Installations 2009-11-02 22:05 . 2009-11-02 22:05 117760 ----a-w- f:\documents and settings\User\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2009-11-02 22:03 . 2009-11-02 22:03 -------- d-----w- f:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2009-11-02 22:01 . 2009-11-02 22:01 -------- d-----w- f:\documents and settings\User\Application Data\SUPERAntiSpyware.com 2009-11-02 21:10 . 2009-11-02 21:10 -------- d-----w- f:\program files\Common Files\Wise Installation Wizard 2009-11-02 19:20 . 2009-11-02 19:20 -------- d-----w- f:\windows\system32\wbem\Repository 2009-11-02 19:19 . 2009-11-02 19:19 -------- d-----w- f:\documents and settings\User\Application Data\WildTangent 2009-11-02 19:19 . 2009-11-02 19:19 -------- d-----w- f:\program files\WildGames 2009-11-02 18:59 . 2009-11-02 19:59 -------- d-----w- f:\program files\Unlocker 2009-11-02 18:30 . 2009-11-02 18:35 99142 ----a-w- F:\MGlogs.zip 2009-11-02 18:30 . 2009-11-02 19:18 -------- d-----w- F:\MGtools 2009-11-02 10:23 . 2009-11-02 19:18 -------- d-----w- f:\program files\Malwarebytes' Anti-Malware(2) 2009-11-02 10:01 . 2009-11-02 19:18 -------- d-----w- f:\documents and settings\User\Application Data\SUPERAntiSpyware(2).com 2009-11-02 00:10 . 2009-11-02 09:22 29216 --sha-w- f:\windows\system32\drivers\fidbox2.dat 2009-11-02 00:10 . 2009-11-02 09:22 1818912 --sha-w- f:\windows\system32\drivers\fidbox.dat 2009-11-01 23:07 . 2009-11-02 22:01 -------- d-----w- f:\program files\SUPERAntiSpyware 2009-11-01 21:55 . 2009-11-01 21:55 -------- d-----w- f:\documents and settings\User\Application Data\Malwarebytes 2009-11-01 21:55 . 2009-11-01 21:55 -------- d-----w- f:\documents and settings\All Users\Application Data\Malwarebytes 2009-10-23 18:26 . 2009-10-23 18:26 -------- d-----w- f:\program files\iPod 2009-10-23 18:25 . 2009-10-23 18:27 -------- d-----w- f:\program files\iTunes 2009-10-23 18:25 . 2009-10-23 18:27 -------- d-----w- f:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2009-10-23 18:19 . 2009-10-23 18:20 -------- d-----w- f:\program files\QuickTime 2009-10-23 18:10 . 2009-10-23 18:10 79144 ----a-w- f:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.1.8\SetupAdmin.exe 2009-10-17 07:38 . 2009-10-17 07:37 2025752 ----a-w- f:\documents and settings\All Users\Application Data\avg8\update\backup\avgtray.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-08 08:02 . 2009-04-05 00:58 -------- d-----w- f:\documents and settings\User\Application Data\Spotify 2009-11-04 19:57 . 2009-01-19 19:22 -------- d-----w- f:\program files\Java 2009-11-04 19:13 . 2009-09-16 19:40 -------- d-----w- f:\program files\GamesBar 2009-11-03 21:52 . 2009-05-21 20:22 -------- d-----w- f:\documents and settings\User\Application Data\Skype 2009-11-03 21:40 . 2009-02-08 12:52 -------- d-----w- f:\documents and settings\User\Application Data\skypePM 2009-11-03 20:10 . 2009-10-06 20:40 -------- d-----w- f:\documents and settings\All Users\Application Data\Kiwee Toolbar 2009-11-02 09:22 . 2009-11-02 00:10 3788 --sha-w- f:\windows\system32\drivers\fidbox2.idx 2009-11-02 09:22 . 2009-11-02 00:10 25436 --sha-w- f:\windows\system32\drivers\fidbox.idx 2009-11-02 09:01 . 2009-06-24 19:20 -------- d-----w- f:\documents and settings\All Users\Application Data\WildTangent 2009-11-02 08:43 . 2009-09-16 19:40 -------- d-----w- f:\program files\Gamenext 2009-10-23 18:26 . 2009-06-12 19:58 -------- d-----w- f:\program files\Common Files\Apple 2009-10-11 04:17 . 2009-06-07 09:15 411368 ----a-w- f:\windows\system32\deploytk.dll 2009-10-06 20:57 . 2009-01-28 19:51 -------- d-----w- f:\program files\Windows Live 2009-10-06 20:40 . 2009-10-06 20:39 -------- d-----w- f:\documents and settings\User\Application Data\agi 2009-10-06 20:40 . 2009-10-06 20:40 -------- d-----w- f:\program files\Kiwee Toolbar 2009-10-06 20:39 . 2009-06-12 22:04 -------- d-----w- f:\documents and settings\All Users\Application Data\agi 2009-10-06 20:39 . 2009-04-23 21:29 339968 ----a-w- f:\windows\system32\pythoncom25.dll 2009-10-06 20:39 . 2009-04-23 21:29 2117632 ----a-w- f:\windows\system32\python25.dll 2009-10-06 20:39 . 2009-04-23 21:29 114688 ----a-w- f:\windows\system32\pywintypes25.dll 2009-10-06 20:39 . 2009-10-06 20:39 -------- d-----w- f:\program files\AGI 2009-10-03 23:20 . 2009-10-03 23:20 1614400 ----a-w- f:\documents and settings\All Users\Application Data\WildTangent\Game Console - WildGames\Downloads\en\Installers\SetupGamesClient.exe 2009-09-28 22:57 . 2009-09-28 22:57 -------- d-----w- f:\documents and settings\User\Application Data\Serif 2009-09-28 22:54 . 2009-09-28 22:54 -------- d-----w- f:\program files\Serif 2009-09-25 06:30 . 2009-01-21 17:55 1 ----a-w- f:\documents and settings\User\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2009-09-24 11:28 . 2009-09-24 11:28 -------- d-----w- f:\documents and settings\User\Application Data\Windows Live Writer 2009-09-17 16:09 . 2009-01-22 19:43 -------- d---a-w- f:\documents and settings\All Users\Application Data\TEMP 2009-09-16 21:17 . 2009-03-08 20:17 -------- d-----w- f:\documents and settings\User\Application Data\PlayFirst 2009-09-16 21:17 . 2009-03-08 20:17 -------- d-----w- f:\documents and settings\All Users\Application Data\PlayFirst 2009-09-16 21:16 . 2009-03-06 20:20 -------- d-----w- f:\program files\Oberon Media 2009-09-16 19:41 . 2009-09-16 19:41 -------- d-----w- f:\documents and settings\All Users\Application Data\GamesBar 2009-09-11 14:18 . 2006-02-28 12:00 136192 ----a-w- f:\windows\system32\msv1_0.dll 2009-09-09 17:03 . 2009-02-20 10:50 -------- d-----w- f:\program files\Microsoft Silverlight 2009-09-04 21:03 . 2006-02-28 12:00 58880 ----a-w- f:\windows\system32\msasn1.dll 2009-08-29 08:08 . 2006-02-28 12:00 916480 ----a-w- f:\windows\system32\wininet.dll 2009-08-26 08:26 . 2009-01-21 19:06 11952 ----a-w- f:\windows\system32\avgrsstx.dll 2009-08-26 08:26 . 2009-01-21 19:06 27784 ----a-w- f:\windows\system32\drivers\avgmfx86.sys 2009-08-26 08:26 . 2009-01-21 19:06 335240 ----a-w- f:\windows\system32\drivers\avgldx86.sys 2009-08-26 08:00 . 2006-02-28 12:00 247326 ----a-w- f:\windows\system32\strmdll.dll 2009-08-11 18:51 . 2009-01-21 17:51 17864 ----a-w- f:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "f:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}] 2009-10-06 20:40 277648 ----a-w- f:\program files\Kiwee Toolbar\2.9.201\KiweeIEToolbar.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2009-09-02 10:58 1107200 ----a-w- f:\program files\AVG\AVG8\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "f:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200] "{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}"= "f:\program files\Kiwee Toolbar\2.9.201\KiweeIEToolbar.dll" [2009-10-06 277648] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CLASSES_ROOT\clsid\{6638a9de-0745-4292-8a2e-ae530e7b9b3f}] [HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar.1] [HKEY_CLASSES_ROOT\TypeLib\{259EEB17-79AA-44DF-8410-8E55F82A902A}] [HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Messenger (Yahoo!)"="f:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-26 4351216] "msnmsgr"="f:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "SUPERAntiSpyware"="f:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-10-12 2000112] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG8_TRAY"="f:\progra~1\AVG\AVG8\avgtray.exe" [2009-11-02 2028312] "AVFX Engine"="f:\program files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-06-09 24576] "snp2std"="f:\windows\vsnp2std.exe" [2005-08-13 348160] "Creative Software Update"="f:\program files\Creative\Shared Files\Software Update\AutoUpdate.exe" [bU] "Adobe Reader Speed Launcher"="f:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "TkBellExe"="f:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-22 185896] "KiweeHook"="f:\program files\Kiwee Toolbar\2.9.201\kwtbaim.exe" [2009-10-06 56456] "QuickTime Task"="f:\program files\QuickTime\QTTask.exe" [2009-09-05 417792] "iTunesHelper"="f:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440] "UnlockerAssistant"="f:\program files\Unlocker\UnlockerAssistant.exe" [2009-10-26 15872] "ParetoLogic Anti-Virus PLUS"="f:\program files\ParetoLogic\Anti-Virus PLUS\Pareto_AV.lnk" [2009-11-08 2355] "Malwarebytes Anti-Malware (reboot)"="f:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "SunJavaUpdateSched"="f:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280] "VTTimer"="VTTimer.exe" - f:\windows\system32\VTTimer.exe [2005-03-08 53248] "VTTrayp"="VTtrayp.exe" - f:\windows\system32\VTTrayp.exe [2005-03-11 147456] "SoundMan"="SOUNDMAN.EXE" - f:\windows\SOUNDMAN.EXE [2005-09-22 90112] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="f:\windows\system32\CTFMON.EXE" [2008-04-14 15360] f:\documents and settings\User\Start Menu\Programs\Startup\ OpenOffice.org 3.0.lnk - f:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "f:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 15:21 548352 ----a-w- f:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-08-26 08:26 11952 ----a-w- f:\windows\system32\avgrsstx.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "f:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "f:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "f:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "f:\\Program Files\\SightSpeed\\SightSpeed.exe"= "f:\\WINDOWS\\system32\\dxdiag.exe"= "f:\\Program Files\\Messenger\\msmsgs.exe"= "f:\\Program Files\\Spotify\\spotify.exe"= "f:\\WINDOWS\\system32\\dpvsetup.exe"= "f:\\Program Files\\Bonjour\\mDNSResponder.exe"= "f:\\Program Files\\LimeWire\\LimeWire.exe"= "f:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"= "f:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "f:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "f:\\Program Files\\iTunes\\iTunes.exe"= "f:\\Program Files\\Skype\\Phone\\Skype.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;f:\windows\system32\drivers\avgldx86.sys [21/01/2009 19:06 335240] R1 AvgTdiX;AVG Free8 Network Redirector;f:\windows\system32\drivers\avgtdix.sys [21/01/2009 19:06 108552] R1 SASDIFSV;SASDIFSV;f:\program files\SUPERAntiSpyware\sasdifsv.sys [12/10/2009 21:24 9968] R1 SASKUTIL;SASKUTIL;f:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/10/2009 21:24 74480] R2 avg8emc;AVG Free8 E-mail Scanner;f:\progra~1\AVG\AVG8\avgemc.exe [21/01/2009 19:06 908056] R2 avg8wd;AVG Free8 WatchDog;f:\progra~1\AVG\AVG8\avgwdsvc.exe [21/01/2009 19:06 297752] R2 fssfltr;FssFltr;f:\windows\system32\drivers\fssfltr_tdi.sys [20/02/2009 10:49 54752] R2 ZeppelinService;plasservice;f:\program files\Common Files\ParetoLogic\PLAS\plasservice.exe [18/02/2009 14:40 587216] R3 SASENUM;SASENUM;f:\program files\SUPERAntiSpyware\SASENUM.SYS [12/10/2009 21:24 7408] S3 fsssvc;Windows Live Family Safety Service;f:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 21:48 704864] --- Other Services/Drivers In Memory --- *NewlyCreated* - MBR *NewlyCreated* - PROCEXP113 *Deregistered* - mbr *Deregistered* - PROCEXP113 . Contents of the 'Scheduled Tasks' folder 2009-11-06 f:\windows\Tasks\AppleSoftwareUpdate.job - f:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2009-11-07 f:\windows\Tasks\ParetoLogic Registration.job - f:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2008-02-22 12:25] 2009-11-08 f:\windows\Tasks\User_Feed_Synchronization-{641EEE1C-5145-4864-B1AD-6DDBA7CC4D33}.job - f:\windows\system32\msfeedssync.exe [2007-08-13 03:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.co.uk/ mStart Page = hxxp://www.yahoo.com/ mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*Yahoo! SearchBar Home Page uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*Yahoo! DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab DPF: {2AD0C02D-3A2E-4192-BD8A-19C89BD0DFF1} - http://file:///F:/Documents%20and%20Settings/All%20Users/Application%20Data/Skype/Plugins/Plugins/263AF18BA8E6473194D1E386FDADB7DE/4USclub.cab . - - - - ORPHANS REMOVED - - - - URLSearchHooks-{0BC6E3FA-78EF-4886-842C-5A1258C4455A} - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2009-11-08 12:44 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(516) f:\program files\SUPERAntiSpyware\SASWINLO.dll f:\windows\system32\WININET.dll . Completion time: 2009-11-08 12:49 ComboFix-quarantined-files.txt 2009-11-08 12:49 ComboFix2.txt 2009-11-02 18:01 Pre-Run: 61,899,411,456 bytes free Post-Run: 61,985,157,120 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] f:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect - - End Of File - - 5849850D07F62457A5A6E8261412FC9C
  5. lorraine112
    Hi Chiaz thanks for trying to help this is the first log cheers Malwarebytes' Anti-Malware 1.41 Database version: 3081 Windows 5.1.2600 Service Pack 3 01/11/2009 22:31:29 mbam-log-2009-11-01 (22-31-29).txt Scan type: Quick Scan Objects scanned: 111674 Time elapsed: 18 minute(s), 59 second(s) Memory Processes Infected: 0 Memory Modules Infected: 1 Registry Keys Infected: 40 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: F:\Program Files\GamesBar\oberontb.dll (Adware.Gamesbar) -> Delete on reboot. Registry Keys Infected: HKEY_CLASSES_ROOT\oberontb.band (Adware.Gamesbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{ad76633e-e50d-4844-9e7f-4dfbc7c18467} (Adware.Gamesbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{daa37aad-f156-4c2c-ac48-3c22ef92ae2f} (Adware.Gamesbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{cb0d163c-e9f4-4236-9496-0597e24b23a5} (Adware.Gamesbar) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cb0d163c-e9f4-4236-9496-0597e24b23a5} (Adware.Gamesbar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cb0d163c-e9f4-4236-9496-0597e24b23a5} (Adware.Gamesbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\oberontb.band.1 (Adware.Gamesbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4a7c84e2-e95c-43c6-8dd3-03abcd0eb60e} (Adware.SmartShopper) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bebf} (Adware.SmartShopper) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bec0} (Adware.SmartShopper) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Smart-Shopper (Adware.SmartShopper) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: F:\Program Files\GamesBar\oberontb.dll (Adware.Gamesbar) -> Delete on reboot.
  6. lorraine112
    Hello Everytime i try to get on msn/yahoo the pyagcore null message comes up. I am running xp service pack 3. i had kiwee toolbar but used revo installer to remove it.The problem started when a friend used my pc to access his email....he thought his account may of been hacked! i used atf....superanti spyware malwarbyte but could not use eset...so used another online scanner. but still have pyagore. I also have avg and have run a scan with this too. thankyou
  7. lorraine112
    Hello i have completed all the above...but cant run eset...but tried another online scan...and still i am i have the null notice. please help!
  8. lorraine112
    Hello all users i am lorraine hi...oh and i am dyslexic...so i will probilly need a bit of help on this site!...i am an oldie newbie.....my first pc was a spretrum!! yes a very long time ago anyhow sending you all good wishes
×
×
  • Create New...