Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

trojan.fakealert, trojan.fraudpack, hijack.taskmanager & more


  • Please log in to reply

#1
filly77

filly77

    Member

  • Member
  • PipPip
  • 21 posts
hello and i appreciate any and all help. this site has helped me in the past so Im back :)

first this is a very old laptop. but its all I have and cant afford a new one anytime soon. its a gateway nx860x. running windows xp. We stopped using this when we realized there was a trojan on it. that was 2+ yrs ago. I have used my cell phone for internet ever since. But now I need a computer to do something my cell wont.

As for symptoms, I havent noticed any as I just turned the laptop on tonight for the first time in a LONG time so if there were symptoms I dont remember. And according to my wife, the original trojan came from her browsing Yahoo Answers and a pop up appeared. (?)

I downloaded malwarebytes tonight and updated. ran the scan, it told me I have 10 threats, which are:

PUM.Hijack.taskmanager
Trojan.fraudpack
Trojan.FakeAlert
Trojan.FakeAlert (yes theres 2 of them)
PUM.Bad.Proxy
Rogue.AntivirusSuite
Trojan.FakeAlert.PeGen
Rogue.AntivirusSuite (also doubles of this one)
PUM.Hijack.taskmanager (doubles again)
Trojan.Fraudpack (doubles)

As far as I can tell they are QT'd but I dont feel like I can trust that. I didnt click delete as it seems some are in registery keys and my luck I will mess this computer up worse if I did that.

Here is the OTL txt log,

OTL logfile created on: 2014-02-17 03:04:38 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd

510.04 Mb Total Physical Memory | 130.33 Mb Available Physical Memory | 25.55% Memory free
1.21 Gb Paging File | 0.73 Gb Available in Paging File | 60.26% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 50.02 Gb Total Space | 33.63 Gb Free Space | 67.22% Space Free | Partition Type: NTFS
Drive D: | 5.85 Gb Total Space | 4.35 Gb Free Space | 74.44% Space Free | Partition Type: FAT32

Computer Name: NOTEBOOK | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014-02-17 03:04:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.exe
PRC - [2014-02-12 19:36:25 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013-04-04 14:50:32 | 000,887,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2009-10-07 00:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2008-11-09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008-04-13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005-12-05 15:37:40 | 000,667,718 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2005-11-28 14:37:52 | 000,397,381 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2004-11-05 10:47:00 | 000,098,394 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe


========== Modules (No Company Name) ==========

MOD - [2014-02-12 19:36:40 | 003,578,992 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2005-11-28 14:59:16 | 000,876,544 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\Libeay32.dll
MOD - [2005-11-28 14:59:16 | 000,208,965 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2005-11-28 14:59:16 | 000,053,322 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
MOD - [2005-11-03 14:37:58 | 000,970,862 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\acAuth.dll


========== Services (SafeList) ==========

SRV - [2014-02-12 19:36:33 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2009-10-07 00:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008-11-09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2006-03-07 22:04:43 | 000,196,608 | ---- | M] (New Boundary Technologies, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\TEMP\IXP000.TMP\SASKUTIL.sys -- (SASKUTIL)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\TEMP\IXP000.TMP\SASENUM.SYS -- (SASENUM)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\TEMP\IXP000.TMP\SASDIFSV.SYS -- (SASDIFSV)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2014-02-17 02:32:55 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009-10-07 00:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009-04-30 21:55:58 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI)
DRV - [2005-12-05 03:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51)
DRV - [2005-11-28 15:09:26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005-11-09 15:51:38 | 000,854,404 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2005-09-21 03:30:56 | 000,162,432 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005-09-09 05:15:32 | 001,032,472 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2002-10-01 13:43:32 | 000,119,798 | ---- | M] (SP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\spca561.sys -- (CA561)
DRV - [2001-08-17 15:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {FD4D8A31-0F57-4B60-824D-2B5A69EE36B8}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{080FBDF6-B230-4e4d-A4E7-7C7A56D7BABC}: "URL" = http://searchservice...Web&orig=IMC-IE
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{FD4D8A31-0F57-4B60-824D-2B5A69EE36B8}: "URL" = http://www.google.co...&rlz=1I7GWYB_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://en-us.start.m...en-US:official"
FF - prefs.js..extensions.enabledAddons: %7B0545b830-f0aa-4d7e-8820-50a4629a56fe%7D:22.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.3
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe41}:1.0.9
FF - prefs.js..extensions.enabledItems: [email protected]:3.6.6
FF - prefs.js..extensions.enabledItems: {5c876f30-10ce-11dd-bd0b-0800200c9a66}:3.6.6
FF - prefs.js..extensions.enabledItems: {6e00410e-1176-11dc-8314-0800200c9a66}:1.3


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@ksolo.com/AVX: C:\Program Files\kSolo\npAVX.dll (kSolo, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Documents and Settings\Administrator\Application Data\nprhapengine.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009-02-01 06:25:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014-02-17 02:40:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014-02-17 02:40:28 | 000,000,000 | ---D | M]

[2008-10-11 02:47:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2014-02-17 02:42:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i9m3hb4d.default\extensions
[2014-02-17 02:42:51 | 000,000,000 | ---D | M] ("ColorfulTabs") -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i9m3hb4d.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2009-11-16 23:44:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i9m3hb4d.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe41}
[2007-09-23 00:12:46 | 000,000,000 | ---D | M] (Metal Lion - iCe) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i9m3hb4d.default\extensions\{1AFC82C3-0154-4b09-878B-D68500EFBE76}
[2010-09-02 19:48:02 | 000,000,000 | ---D | M] (Aero Fox Silver XL) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i9m3hb4d.default\extensions\{5c876f30-10ce-11dd-bd0b-0800200c9a66}
[2010-04-29 15:19:48 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i9m3hb4d.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009-01-30 12:36:40 | 000,000,000 | ---D | M] (SKY) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i9m3hb4d.default\extensions\{6e00410e-1176-11dc-8314-0800200c9a66}
[2010-09-02 19:48:17 | 000,000,000 | ---D | M] (Virtus Search Opt-in) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i9m3hb4d.default\extensions\[email protected]
[2010-09-02 19:48:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i9m3hb4d.default\extensions\[email protected]\__MACOSX
[2010-09-02 19:48:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i9m3hb4d.default\extensions\[email protected]\chrome
[2010-09-02 19:48:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i9m3hb4d.default\extensions\[email protected]\defaults
[2010-09-02 19:48:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i9m3hb4d.default\extensions\{5c876f30-10ce-11dd-bd0b-0800200c9a66}\chrome\mac\mozapps\extensions
[2010-09-02 19:48:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i9m3hb4d.default\extensions\{5c876f30-10ce-11dd-bd0b-0800200c9a66}\chrome\win\mozapps\extensions
[2014-02-17 02:42:50 | 000,940,775 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i9m3hb4d.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2007-09-23 00:12:44 | 000,916,256 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i9m3hb4d.default\extensions\{1AFC82C3-0154-4b09-878B-D68500EFBE76}\chrome\tmp.xpi
[2010-06-25 22:08:40 | 000,001,182 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i9m3hb4d.default\extensions\{5c876f30-10ce-11dd-bd0b-0800200c9a66}\chrome\mac\mozapps\xpinstall\xpinstallConfirm.css
[2010-06-25 22:08:40 | 000,001,937 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i9m3hb4d.default\extensions\{5c876f30-10ce-11dd-bd0b-0800200c9a66}\chrome\mac\mozapps\xpinstall\xpinstallItemGeneric.png
[2010-04-01 07:10:00 | 000,001,502 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i9m3hb4d.default\extensions\{5c876f30-10ce-11dd-bd0b-0800200c9a66}\chrome\win\mozapps\xpinstall\xpinstallConfirm.css
[2010-04-01 06:51:04 | 000,001,362 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i9m3hb4d.default\extensions\{5c876f30-10ce-11dd-bd0b-0800200c9a66}\chrome\win\mozapps\xpinstall\xpinstallItemGeneric.png
[2008-12-12 13:23:54 | 000,002,158 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i9m3hb4d.default\searchplugins\MySpace.xml
[2014-02-17 02:40:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014-02-17 02:40:47 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2008-10-28 13:37:36 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [avbhhfRgwD.exe] C:\Documents and Settings\All Users\Application Data\avbhhfRgwD.exe File not found
O4 - HKLM..\RunOnce: [Install Toolbar] C:\Program Files\DriverUpdate\avgtoolbar.exe (AVG Secure Search)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 227
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\npjpi160_04.dll (Sun Microsystems, Inc.)
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} http://messenger.zon...nt.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} http://download.ewid...oOnlineScan.cab (ewidoOnlineScan Control)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...01/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zon...nt.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} http://messenger.zon...nt.cab55762.cab (MessengerStatsClient Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zon...ro.cab55579.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A6891230-E884-46DE-AFFB-E6B0380AE9F5}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 () -
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005-01-09 20:13:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008-05-09 12:56:16 | 000,622,120 | ---- | M] (Sysinternals - www.sysinternals.com) - C:\autoruns.exe -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014-02-17 02:54:14 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014-02-17 02:49:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2014-02-17 02:49:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\SlimWare Utilities Inc
[2014-02-17 02:48:50 | 000,000,000 | ---D | C] -- C:\Program Files\DriverUpdate
[2014-02-17 02:48:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Downloaded Installers
[2014-02-17 02:47:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2014-02-17 02:40:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2014-02-17 02:40:48 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2014-02-17 02:32:55 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2014-02-17 01:19:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014-02-17 01:19:53 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2014-02-17 01:19:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014-02-17 02:41:05 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2014-02-17 02:40:49 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2014-02-17 02:35:54 | 000,382,670 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014-02-17 02:35:54 | 000,054,202 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014-02-17 02:32:55 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2014-02-17 02:32:01 | 000,043,758 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2014-02-17 02:31:59 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014-02-17 02:31:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014-02-17 02:31:46 | 534,892,544 | -HS- | M] () -- C:\hiberfil.sys
[2014-02-17 02:27:02 | 000,180,172 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\malware.JPG
[2014-02-17 01:19:55 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014-02-17 01:11:31 | 000,054,784 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014-02-17 02:40:49 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2014-02-17 02:27:01 | 000,180,172 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\malware.JPG
[2014-02-17 01:19:55 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2011-09-19 23:21:13 | 000,000,224 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjk
[2011-09-19 23:21:13 | 000,000,168 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjkr
[2011-09-19 23:21:02 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk
[2009-07-25 13:57:50 | 000,005,767 | ---- | C] () -- C:\Documents and Settings\Administrator\r
[2007-08-09 14:42:43 | 000,002,492 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\wklnhst.dat
[2006-03-29 18:30:17 | 000,054,784 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006-03-14 13:38:10 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2005-01-09 20:08:17 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008-04-13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009-02-09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008-04-13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2006-06-20 22:34:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\acccore
[2008-08-05 23:39:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Ancient Quest of Saqqarah__shockwave
[2008-06-27 20:59:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BloodTies
[2010-09-10 00:28:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Boolat Games
[2008-06-15 21:09:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Flood Light Games
[2008-07-31 02:00:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ForgottenRiddles
[2010-09-03 19:45:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GamesCafe
[2010-08-04 12:56:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GetRightToGo
[2008-02-28 02:57:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Grisoft
[2009-07-25 17:54:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\IronCode
[2010-09-16 21:30:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\iWin
[2008-10-20 20:50:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\JewelMatch2
[2011-07-10 03:48:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech
[2008-07-31 01:33:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PlayFirst
[2006-03-07 22:01:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
[2007-08-09 14:42:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Template
[2008-08-12 12:56:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\7Wonders2
[2008-08-21 22:11:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EscapeTheMuseum
[2008-06-15 21:09:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flood Light Games
[2008-07-12 16:48:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreshGames
[2008-07-28 17:53:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2007-08-10 01:33:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2008-10-08 17:16:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HiWired
[2008-08-18 11:41:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intenium
[2007-01-21 02:54:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2008-07-31 01:33:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2008-07-18 00:29:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTop Games
[2011-09-08 03:06:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8F84BF39
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D9046031
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4EE11243
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:21192FCF
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F7EDD606
@Alternate Data Stream - 196 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F70FE0AF
@Alternate Data Stream - 186 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9FC5F43A
@Alternate Data Stream - 180 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1792752F
@Alternate Data Stream - 178 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D857D30
@Alternate Data Stream - 177 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A71E8A6B
@Alternate Data Stream - 177 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B60C375
@Alternate Data Stream - 173 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:435657D8
@Alternate Data Stream - 172 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D165B72F
@Alternate Data Stream - 170 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:29B5B25D
@Alternate Data Stream - 169 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9A953997
@Alternate Data Stream - 165 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:89D63297
@Alternate Data Stream - 165 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5814AB4F
@Alternate Data Stream - 163 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E1EA0D54
@Alternate Data Stream - 163 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8A0F20CD
@Alternate Data Stream - 159 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3DAC3B29
@Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:406FFFA1
@Alternate Data Stream - 155 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:405AC508
@Alternate Data Stream - 154 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:89BB6137
@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4DF1E156
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F4C58FEF
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5BCD54B0
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:766442E5
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:85F3AC32
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D9D9BC11
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6FEDE7BB
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:97BC2CAF
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6A3B105A
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5BCAA2E9
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:18F64313
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2D277F53

< End of report >


I thank you for your help, I truly do. I called a few computer repair places and they all want 100+ to remove trojans. And with money being such a problem, I cant afford it.

thanks for your time,
Filly
  • 0

Advertisements


#2
filly77

filly77

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
From what I just read. It said I can delete the quarantined folder. These trojans are so old maybe malwarebytes can fully remove them? And I'm not sure why I have 10 of them and where they came from. I only remember having like 2?

I dunno what to do. I just hope we can make this computer safe to use. As for a fear of bank accounts and such I don't have anything that works anymore lol I closed my bank account a long time ago so if my checking account or bank card info is on here, nothing bad can happen..Correct?
  • 0

#3
filly77

filly77

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Bump
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP