How JustAnswer Works:

  • Ask an Expert
    Experts are full of valuable knowledge and are ready to help with any question. Credentials confirmed by a Fortune 500 verification firm.
  • Get a Professional Answer
    Via email, text message, or notification as you wait on our site.
    Ask follow up questions if you need to.
  • 100% Satisfaction Guarantee
    Rate the answer you receive.

Ask Robert M. Your Own Question

Robert M.
Robert M., Consultant
Category: Computer
Satisfied Customers: 7441
Experience:  30 yrs. in NYC computer industry working with PC and networks, banks, brokerage, legal etc.
23372949
Type Your Computer Question Here...
Robert M. is online now
A new question is answered every 9 seconds

I apparently have Trojan.Agent/Gen-Injector[FMT] on my computer. I have tried to delete

Resolved Question:

I apparently have: Trojan.Agent/Gen-Injector[FMT] on my computer. I have tried to delete it to no avail using several malware , anti-virus programs etc. How do I get rid of this? Thanks.
Optional Information:
Computer OS: Windows Vista
Browser: Chrome

Already Tried:

BTW: The problem manifests itself by very rapidly typing random "3"s in my text. I've tried:
- Using different browsers (no luck) -- Super AntiSpyware (Discovered the infection as described.) Prompted me to reboot. When I did and ran SAS again, the infection was still there. --Hijak This (shows "no infections") --Hitman Pro 3.5 (no infections) --Malware Bytes (no infections) -- Avast Anti-virus (no infections) --Kaspersky (no threats detected) --SpyBot Search and Destroy (no infections) --AVG complete computer scan (no infections) --Spyware Blaster (no threats) --Spyware Guard (no infections)
The computer is getting worse by the minute. I may lose you before we can get resolution.
Submitted: 3 years ago.
Category: Computer
Expert:  IT Miro replied 3 years ago.

Hi and welcome to JustAnswer! My name is XXXXX XXXXX I will assist you solve your problem.



Could you tell me which anti-virus program(s) have you tried? You only mentioned few anti-spyware programs here.

Also, upon detecting that trojan, do you see where it is located, like C:\Program Files or similar location?
Expert:  Robert M. replied 3 years ago.

This program is supposed to work on that virus

http://www.geekstogo.com/forum/files/file/399-ots-oldtimers-system-scanner/

 

avast will also pick it up. It seems to be a difficult one to get rid of though.

Customer: replied 3 years ago.
Downloading the program now. If it reboots me, I'll be back shortly. Thanks.
Expert:  Robert M. replied 3 years ago.

You got it. lets hope it works.

 

BTW a lot of these malware scanners will work better if you run them in safe mode.

Customer: replied 3 years ago.
Ah, okay. Once it stops, if still necessary I'll try that before getting back to you. Thanks again!
Expert:  Robert M. replied 3 years ago.
you got it cross your fingers and let it run please let me know if it works thanks
Customer: replied 3 years ago.
OTS is locking up and not responding. The computer is getting worse by the minute. Will try safe mode now.
Expert:  Robert M. replied 3 years ago.

Try that and if you can get into it

try doing a system restore to before the problem started. Virus tend to lock that up so you cant use it but if you can use it to set the computer back to before the virus activated its a lot easier to remove it with a full system scan

 

combo fix will also work on somethings when other software wont because it doesnt need to be installed

It works better on xp than on vista which is why i didnt recomend it first but here is the link

http://www.bleepingcomputer.com/download/anti-virus/combofix

 

Customer: replied 3 years ago.
Ok. I'm trying, no luck so far. Be back in a minute.
Customer: replied 3 years ago.
The oldest restore point is 11 Aug. This all started about 01 Aug. Trying again to download OTS in safe mode.
Expert:  Robert M. replied 3 years ago.

are you still trying to download ? or to run it ?

 

If you cant download you can try downloading to another computer and copying it to a cd to install on the infected computer.

 

If you can see a strange procedure running in the task manager you can try killing with right click and end process tree. usually they are like a string of random numbers and letters. Even if it comes back sometimes you can kill it long enough to get something to run that will get rid of it. If you can get the file name and location you can try deleting it manually or use the kill file in hijack this to get rid of it

Customer: replied 3 years ago.
It ran in safe mode. Here is what popped up. I notice there are some Chinese characters in there toward the very bottom. I work in a classified military job. It is possible I've been cyber-attacked. Otherwise, I have no idea what any of this means or what to do next:

[code]
OTS logfile created on: 8/16/2011 4:31:17 PM - Run 4
OTS by OldTimer - Version 3.1.44.3 Folder = C:\Users\Baker\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 64.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 101.41 Gb Total Space | 35.50 Gb Free Space | 35.00% Space Free | Partition Type: NTFS
Drive D: | 10.38 Gb Total Space | 4.50 Gb Free Space | 43.39% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BAKER-PC
Current User Name: Baker
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days

[Processes - Safe List]
ots (1).exe -> C:\Users\Baker\Downloads\OTS (1).exe -> [2011/08/16 16:31:06 | 000,645,632 | ---- | M] (OldTimer Tools)
msmpeng.exe -> c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -> [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation)

[Modules - No Company Name]
ppgooglenaclpluginchrome.dll -> C:\Users\Baker\AppData\Local\Google\Chrome\Application\13.0.782.112\ppgooglenaclpluginchrome.dll -> [2011/08/05 22:21:25 | 000,400,440 | ---- | M] ()
pdf.dll -> C:\Users\Baker\AppData\Local\Google\Chrome\Application\13.0.782.112\pdf.dll -> [2011/08/05 22:21:24 | 004,118,072 | ---- | M] ()
avutil-50.dll -> C:\Users\Baker\AppData\Local\Google\Chrome\Application\13.0.782.112\avutil-50.dll -> [2011/08/05 22:19:58 | 000,104,520 | ---- | M] ()
avformat-52.dll -> C:\Users\Baker\AppData\Local\Google\Chrome\Application\13.0.782.112\avformat-52.dll -> [2011/08/05 22:19:56 | 000,203,848 | ---- | M] ()
avcodec-52.dll -> C:\Users\Baker\AppData\Local\Google\Chrome\Application\13.0.782.112\avcodec-52.dll -> [2011/08/05 22:19:55 | 001,846,344 | ---- | M] ()
gcswf32.dll -> C:\Users\Baker\AppData\Local\Google\Chrome\Application\13.0.782.112\gcswf32.dll -> [2011/08/05 20:29:30 | 006,338,720 | ---- | M] ()

[Win32 Services - Safe List]
(avast! Antivirus) avast! Antivirus [Auto | Stopped] -> C:\Program Files\AVAST Software\Avast\AvastSvc.exe -> [2011/07/04 07:43:51 | 000,042,184 | ---- | M] (AVAST Software)
(AVG Security Toolbar Service) AVG Security Toolbar Service [On_Demand | Stopped] -> C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -> [2011/05/30 11:33:54 | 001,025,352 | ---- | M] ()
(NisSrv) Microsoft Network Inspection [On_Demand | Stopped] -> c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -> [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation)
(MsMpSvc) Microsoft Antimalware Service [Auto | Running] -> c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -> [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation)
(AVGIDSAgent) AVGIDSAgent [Auto | Stopped] -> C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -> [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.)
(avgfws) AVG Firewall [Auto | Stopped] -> C:\Program Files\AVG\AVG10\avgfws.exe -> [2011/03/09 19:24:44 | 002,708,024 | ---- | M] (AVG Technologies CZ, s.r.o.)
(avgwd) AVG WatchDog [Auto | Stopped] -> C:\Program Files\AVG\AVG10\avgwdsvc.exe -> [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.)
(nosGetPlusHelper) getPlus(R) Helper 3004 [On_Demand | Stopped] -> C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -> [2010/08/13 09:13:32 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.)
(MatSvc) Microsoft Automated Troubleshooting Service [On_Demand | Stopped] -> C:\Program Files\Microsoft Fix it Center\Matsvc.exe -> [2010/04/10 17:05:58 | 000,266,544 | ---- | M] (Microsoft Corporation)
(SBSDWSCService) SBSD Security Center Service [Auto | Stopped] -> C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -> [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.)
(WinDefend) Windows Defender [Auto | Stopped] -> C:\Program Files\Windows Defender\MpSvc.dll -> [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation)
(IAANTMON) Intel(R) Matrix Storage Event Monitor [Auto | Stopped] -> C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -> [2007/10/03 19:45:02 | 000,358,936 | ---- | M] (Intel Corporation)
(accoca) ActivClient Middleware Service [Auto | Stopped] -> C:\Program Files\ActivIdentity\ActivClient\accoca.exe -> [2007/05/15 16:08:40 | 000,182,576 | ---- | M] (ActivIdentity)
(AgereModemAudio) Agere Modem Call Progress Audio [Auto | Stopped] -> C:\Windows\System32\agrsmsvc.exe -> [2006/10/05 16:10:12 | 000,009,216 | ---- | M] (Agere Systems)
(Crypkey License) Crypkey License [Auto | Stopped] -> C:\Windows\System32\Crypserv.exe -> [2005/12/07 17:18:28 | 000,073,728 | ---- | M] (CrypKey (Canada) Ltd.)

[Driver Services - Safe List]
(aswSnx) aswSnx [File_System | System | Stopped] -> C:\Windows\System32\drivers\aswSnx.sys -> [2011/07/04 07:36:43 | 000,441,176 | ---- | M] (AVAST Software)
(aswSP) aswSP [Kernel | System | Stopped] -> C:\Windows\System32\drivers\aswSP.sys -> [2011/07/04 07:36:32 | 000,309,848 | ---- | M] (AVAST Software)
(aswTdi) avast! Network Shield Support [Kernel | System | Stopped] -> C:\Windows\System32\drivers\aswTdi.sys -> [2011/07/04 07:35:23 | 000,043,608 | ---- | M] (AVAST Software)
(aswRdr) aswRdr [Kernel | System | Running] -> C:\Windows\System32\drivers\aswRdr.sys -> [2011/07/04 07:32:32 | 000,025,432 | ---- | M] (AVAST Software)
(aswMonFlt) aswMonFlt [File_System | Auto | Stopped] -> C:\Windows\System32\drivers\aswMonFlt.sys -> [2011/07/04 07:32:20 | 000,054,104 | ---- | M] (AVAST Software)
(aswFsBlk) aswFsBlk [File_System | Auto | Stopped] -> C:\Windows\System32\drivers\aswFsBlk.sys -> [2011/07/04 07:32:12 | 000,019,544 | ---- | M] (AVAST Software)
(NisDrv) Microsoft Network Inspection System [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\NisDrvWFP.sys -> [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation)
(MpNWMon) Microsoft Malware Protection Network Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\MpNWMon.sys -> [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation)
(AVGIDSDriver) AVGIDSDriver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\AVGIDSDriver.sys -> [2011/04/14 21:28:18 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. )
(Avgtdix) AVG TDI Driver [Kernel | System | Running] -> C:\Windows\System32\drivers\avgtdix.sys -> [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.)
(Avgrkx86) AVG Anti-Rootkit Driver [File_System | Boot | Running] -> C:\Windows\system32\DRIVERS\avgrkx86.sys -> [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.)
(Avgmfx86) AVG Mini-Filter Resident Anti-Virus Shield [File_System | System | Stopped] -> C:\Windows\System32\drivers\avgmfx86.sys -> [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.)
(AVGIDSEH) AVGIDSEH [Kernel | Boot | Running] -> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -> [2011/02/22 08:12:38 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. )
(AVGIDSShim) AVGIDSShim [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\AVGIDSShim.sys -> [2011/02/10 07:53:30 | 000,028,624 | ---- | M] (AVG Technologies CZ, s.r.o. )
(AVGIDSFilter) AVGIDSFilter [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\AVGIDSFilter.sys -> [2011/02/10 07:53:28 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. )
(Avgldx86) AVG AVI Loader Driver [Kernel | System | Stopped] -> C:\Windows\System32\drivers\avgldx86.sys -> [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.)
(Avgfwfd) AVG network filter service [Kernel | System | Running] -> C:\Windows\System32\drivers\avgfwd6x.sys -> [2010/07/12 04:34:02 | 000,054,112 | ---- | M] (AVG Technologies CZ, s.r.o.)
(SCR3XX2K) SCR3xx USB SmartCardReader [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\SCR3XX2K.sys -> [2010/01/06 23:19:00 | 000,057,856 | ---- | M] (SCM Microsystems Inc.)
(USBCCID) USB Smart Card reader [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\usbccid.sys -> [2009/04/11 00:38:59 | 000,030,208 | ---- | M] (Microsoft Corporation)
(STHDA) SigmaTel High Definition Audio CODEC [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\stwrt.sys -> [2007/07/27 12:50:22 | 000,329,728 | ---- | M] (IDT, Inc.)
(RTL8187B) Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\rtl8187B.sys -> [2007/06/08 17:42:44 | 000,253,952 | ---- | M] (Realtek Semiconductor Corporation )
(UVCFTR) UVCFTR [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\UVCFTR_S.SYS -> [2007/05/23 21:37:40 | 000,011,776 | ---- | M] (Chicony Electronics Co., Ltd.)
(RTL8169) Realtek 8169 NT Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\Rtlh86.sys -> [2007/01/16 02:28:20 | 000,070,144 | ---- | M] (Realtek Corporation)
(AgereSoftModem) Agere Systems Soft Modem [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\AGRSM.sys -> [2006/11/28 19:11:00 | 001,161,888 | ---- | M] (Agere Systems)
(NETw2v32) Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\NETw2v32.sys -> [2006/11/02 03:30:56 | 002,589,184 | ---- | M] (Intel® Corporation)
(bcm4sbxp) Broadcom 440x 10/100 Integrated Controller XP Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\bcm4sbxp.sys -> [2006/11/02 03:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation)
(NetworkX) NetworkX [Kernel | System | Stopped] -> C:\Windows\system32\ckldrv.sys -> [2004/07/29 20:35:52 | 000,031,654 | ---- | M] ()
(SCR33X USB Smart Card Reader) SCR33X USB Smart Card Reader [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\SCR33X2K.sys -> [2004/04/06 04:24:00 | 000,064,088 | ---- | M] (SCM Microsystems Inc.)
(SCR131C) SCRx31 Serial Smart Card Reader [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\SCR131C.sys -> [2002/11/07 04:04:00 | 000,181,875 | ---- | M] (SCM Microsystems Inc.)

[Registry - Safe List]
-> ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.gateway.com/g/startpage.html?Ch=Consumer&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-151S ->
-> ->
HKEY_CURRENT_USER\: Main\\"SearchDefaultBranded" -> 1 ->
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.google.com/ ->
HKEY_CURRENT_USER\: Main\\"StartPageCache" -> 2 ->
HKEY_CURRENT_USER\: URLSearchHooks\\"{A3BC75A2-1F87-4686-AA43-5347D756017C}" [HKLM] -> C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll [AVG Security Toolbar BHO] -> [2011/05/30 11:33:50 | 002,495,816 | ---- | M] ()
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 ->
HKEY_CURRENT_USER\: "ProxyOverride" -> *.local ->
-> C:\Users\Baker\AppData\Roaming\Mozilla\FireFox\Profiles\7vz2s7zr.default\prefs.js ->
browser.search.defaultenginename -> "AVG Secure Search" ->
browser.search.selectedEngine -> "AVG Secure Search" ->
browser.search.useDBForOrder -> true ->
browser.startup.homepage -> "http://www.google.com/" ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 ->
extensions.enabledItems -> {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 ->
extensions.enabledItems -> {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1390 ->
extensions.enabledItems -> avg@igeared:7.007.026.001 ->
extensions.enabledItems ->XXX@XXXXXX.XXX:6.0.1203 ->
keyword.URL -> "http://search.avg.com/route/?d=4c4af649&v=7.007.026.001&i=26&tp=ab&iy=&ychte=us&lng=en-US&q=" ->
keyword.defaultURL -> "chrome://browser-region/locale/region.properties" ->
network.proxy.no_proxies_on -> "*.local" ->
-> C:\Users\Baker\AppData\Roaming\Mozilla\FireFox\Profiles\7vz2s7zr.default\user.js ->
-> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions -> ->
HKLM\software\mozilla\Firefox\Extensions\\XXXXX@XXXXXX.XXX -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [C:\PROGRAM FILES\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3] -> [2010/08/25 09:55:17 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4} -> C:\PROGRAM FILES\AVG\AVG10\FIREFOX4\ [C:\PROGRAM FILES\AVG\AVG10\FIREFOX4\] -> [2011/08/09 09:10:34 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\avg@igeared -> C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared [C:\PROGRAM FILES\AVG\AVG10\TOOLBAR\FIREFOX\AVG@IGEARED] -> [2011/08/10 17:30:35 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\XXXXX@XXXXXX.XXX -> C:\Program Files\AVAST Software\Avast\WebRep\FF [C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF] -> [2011/08/15 22:33:53 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions -> ->
HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2011/06/24 19:59:59 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2011/06/24 19:59:59 | 000,000,000 | ---D | M]
->
-> C:\Users\Baker\AppData\Roaming\Mozilla\Extensions -> [2008/08/11 17:08:50 | 000,000,000 | ---D | M]
-> C:\Users\Baker\AppData\Roaming\Mozilla\Firefox\Profiles\7vz2s7zr.default\extensions -> [2011/08/15 23:05:33 | 000,000,000 | ---D | M]
Garmin Communicator -> C:\Users\Baker\AppData\Roaming\Mozilla\Firefox\Profiles\7vz2s7zr.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} -> [2011/04/11 17:13:13 | 000,000,000 | ---D | M]
No name found -> C:\Users\Baker\AppData\Roaming\Mozilla\Firefox\Profiles\7vz2s7zr.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} -> [2010/09/16 01:44:35 | 000,000,000 | ---D | M]
->
inbox-search.xml -> C:\Users\Baker\AppData\Roaming\Mozilla\FireFox\Profiles\7vz2s7zr.default\searchplugins\inbox-search.xml -> [2009/07/31 21:15:54 | 000,002,168 | ---- | M] ()
->
-> C:\Program Files\Mozilla Firefox\extensions -> [2011/07/03 13:28:33 | 000,000,000 | ---D | M]
Java Console -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} -> [2010/05/15 08:59:10 | 000,000,000 | ---D | M]
Java Console -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} -> [2010/08/02 12:19:39 | 000,000,000 | ---D | M]
Java Console -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} -> [2010/10/24 18:34:09 | 000,000,000 | ---D | M]
Java Console -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} -> [2011/02/08 20:15:36 | 000,000,000 | ---D | M]
Java Console -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} -> [2011/03/17 19:26:24 | 000,000,000 | ---D | M]
Java Console -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} -> [2011/07/07 14:10:55 | 000,000,000 | ---D | M]
avast! WebRep -> C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF -> [2011/08/15 22:33:53 | 000,000,000 | ---D | M]
AVG Safe Search -> C:\PROGRAM FILES\AVG\AVG10\FIREFOX4 -> [2011/08/09 09:10:34 | 000,000,000 | ---D | M]
"urn:mozilla:install-manifest" em:id="avg@igeared" em:name="AVG Security Toolbar" em:version="7.007.026.001" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" > -> C:\PROGRAM FILES\AVG\AVG10\TOOLBAR\FIREFOX\AVG@IGEARED -> [2011/08/10 17:30:35 | 000,000,000 | ---D | M]
->
IGeared_tavgp_xputils3.dll -> C:\PROGRAM FILES\AVG\AVG10\TOOLBAR\FIREFOX\AVG@IGEARED\components\IGeared_tavgp_xputils3.dll -> [2011/07/26 10:15:58 | 000,107,848 | ---- | M] (iGeared.com)
IGeared_tavgp_xputils35.dll -> C:\PROGRAM FILES\AVG\AVG10\TOOLBAR\FIREFOX\AVG@IGEARED\components\IGeared_tavgp_xputils35.dll -> [2011/07/26 10:16:00 | 000,107,848 | ---- | M] (iGeared.com)
IGeared_tavgp_xputils4.dll -> C:\PROGRAM FILES\AVG\AVG10\TOOLBAR\FIREFOX\AVG@IGEARED\components\IGeared_tavgp_xputils4.dll -> [2011/07/26 10:16:00 | 000,103,752 | ---- | M] (iGeared.com)
IGeared_tavgp_xputils5.dll -> C:\PROGRAM FILES\AVG\AVG10\TOOLBAR\FIREFOX\AVG@IGEARED\components\IGeared_tavgp_xputils5.dll -> [2011/07/26 10:16:02 | 000,103,752 | ---- | M] (iGeared.com)
IGeared_tavgp_xputils6.dll -> C:\PROGRAM FILES\AVG\AVG10\TOOLBAR\FIREFOX\AVG@IGEARED\components\IGeared_tavgp_xputils6.dll -> [2011/07/26 10:16:02 | 000,103,752 | ---- | M] (iGeared.com)
xpavgtbapi.dll -> C:\PROGRAM FILES\AVG\AVG10\TOOLBAR\FIREFOX\AVG@IGEARED\components\xpavgtbapi.dll -> [2011/07/26 10:16:04 | 000,091,464 | ---- | M] (iGeared.com)
xpavgtbapi4.dll -> C:\PROGRAM FILES\AVG\AVG10\TOOLBAR\FIREFOX\AVG@IGEARED\components\xpavgtbapi4.dll -> [2011/07/26 10:16:04 | 000,083,272 | ---- | M] (iGeared.com)
xpavgtbapi5.dll -> C:\PROGRAM FILES\AVG\AVG10\TOOLBAR\FIREFOX\AVG@IGEARED\components\xpavgtbapi5.dll -> [2011/07/26 10:16:04 | 000,083,272 | ---- | M] (iGeared.com)
xpavgtbapi6.dll -> C:\PROGRAM FILES\AVG\AVG10\TOOLBAR\FIREFOX\AVG@IGEARED\components\xpavgtbapi6.dll -> [2011/07/26 10:16:06 | 000,083,272 | ---- | M] (iGeared.com)
([2010/08/09 09:53:01 | 000,000,027 | ---- | M] - 1 lines) -> C:\Windows\System32\drivers\etc\hosts ->
Reset Hosts
127.0.0.1 localhost
-> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> C:\Program Files\AVG\AVG10\avgssie.dll [AVG Safe Search] -> [2011/08/05 13:20:30 | 002,274,144 | ---- | M] (AVG Technologies CZ, s.r.o.)
{4A368E80-174F-4872-96B5-0B27DDD11DB2} [HKLM] -> C:\Program Files\SpywareGuard\dlprotect.dll [SpywareGuardDLBLOCK.CBrowserHelper] -> [2003/08/02 23:24:01 | 000,192,512 | R--- | M] ()
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2009/01/26 15:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited)
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} [HKLM] -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [avast! WebRep] -> [2011/07/04 07:43:50 | 000,820,864 | ---- | M] (AVAST Software)
{A3BC75A2-1F87-4686-AA43-5347D756017C} [HKLM] -> C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll [AVG Security Toolbar BHO] -> [2011/05/30 11:33:50 | 002,495,816 | ---- | M] ()
-> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}" [HKLM] -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [avast! WebRep] -> [2011/07/04 07:43:50 | 000,820,864 | ---- | M] (AVAST Software)
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" [HKLM] -> C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll [AVG Security Toolbar] -> [2011/05/30 11:33:50 | 002,495,816 | ---- | M] ()
-> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" [HKLM] -> C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll [AVG Security Toolbar] -> [2011/05/30 11:33:50 | 002,495,816 | ---- | M] ()
-> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"avast" -> C:\Program Files\AVAST Software\Avast\avastUI.exe ["C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui] -> [2011/07/04 07:43:54 | 003,493,720 | ---- | M] (AVAST Software)
"AVG_TRAY" -> C:\Program Files\AVG\AVG10\avgtray.exe [C:\Program Files\AVG\AVG10\avgtray.exe] -> [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.)
"MSC" -> c:\Program Files\Microsoft Security Client\msseces.exe ["c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey] -> [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation)
-> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce ->
"Uninstall Adobe Download Manager" -> C:\Program Files\NOS\bin\getPlus_Helper_3004.dll ["C:\Windows\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper_3004.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp] -> [2010/08/13 09:13:32 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.)
-> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"SpybotSD TeaTimer" -> C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe] -> [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.)
-> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce ->
"FlashPlayerUpdate" -> C:\Windows\System32\Macromed\Flash\FlashUtil10t_Plugin.exe [C:\Windows\system32\Macromed\Flash\FlashUtil10t_Plugin.exe -update plugin] -> [2011/06/17 20:33:19 | 000,240,288 | ---- | M] (Adobe Systems, Inc.)
-> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer ->
-> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer ->
-> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDrives" -> [0] -> File not found
-> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
-> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDrives" -> [0] -> File not found
-> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
-> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search && Destroy Configuration] -> [2009/01/26 15:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited)
-> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
-> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
-> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
-> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
-> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5020 domain(s) found. ->
-> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
-> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{7530BFB8-7293-4D34-9923-61A11451AFC5} [HKLM] -> http://download.eset.com/special/eos/OnlineScanner.cab [OnlineScanner Control] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab [Reg Error: Key error.] ->
-> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
DhcpNameServer -> 65.32.5.111 65.32.5.112 ->
-> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{165433BC-E323-4C1E-BF0D-5C3EC53138B4}\\DhcpNameServer -> 65.32.5.111 65.32.5.112 (Realtek RTL8101 Family PCI-E Fast Ethernet NIC (NDIS 6.0)) ->
{8A9C0E03-75DC-4B92-A895-D2B028620E5B}\\DhcpNameServer -> 10.1.2.238 10.1.2.239 (Realtek RTL8101 Family PCI-E Fast Ethernet NIC (NDIS 6.0)) ->
-> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
ScCertProp -> -> File not found
-> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
"{81559C35-8464-49F7-BB0E-07A383BEF910}" [HKLM] -> C:\Program Files\SpywareGuard\spywareguard.dll [] -> [2003/08/02 23:20:57 | 000,126,976 | R--- | M] ()
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}" [HKLM] -> Reg Error: Key error. [] -> File not found
-> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
-> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
-> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
-> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found
-> ->
C:\autoexec.bat [REM Dummy file for NTVDM | ] -> C:\autoexec.bat [ NTFS ] -> [2006/09/18 17:43:36 | 000,000,024 | ---- | M] ()
-> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
-> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command ->
comfile [open] -> "%1" %* ->
exefile [open] -> "%1" %* ->
-> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\ ->
.com [@ = comfile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->


[Files/Folders - Created Within 30 Days]
ESET -> C:\Program Files\ESET -> [2011/08/16 12:57:01 | 000,000,000 | ---D | C]
aswFsBlk.sys -> C:\Windows\System32\drivers\aswFsBlk.sys -> [2011/08/15 22:34:32 | 000,019,544 | ---- | C] (AVAST Software)
avast! Free Antivirus -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus -> [2011/08/15 22:34:32 | 000,000,000 | ---D | C]
aswSP.sys -> C:\Windows\System32\drivers\aswSP.sys -> [2011/08/15 22:34:31 | 000,309,848 | ---- | C] (AVAST Software)
aswSnx.sys -> C:\Windows\System32\drivers\aswSnx.sys -> [2011/08/15 22:34:27 | 000,441,176 | ---- | C] (AVAST Software)
aswTdi.sys -> C:\Windows\System32\drivers\aswTdi.sys -> [2011/08/15 22:34:27 | 000,043,608 | ---- | C] (AVAST Software)
aswRdr.sys -> C:\Windows\System32\drivers\aswRdr.sys -> [2011/08/15 22:34:27 | 000,025,432 | ---- | C] (AVAST Software)
aswMonFlt.sys -> C:\Windows\System32\drivers\aswMonFlt.sys -> [2011/08/15 22:34:26 | 000,054,104 | ---- | C] (AVAST Software)
avastSS.scr -> C:\Windows\avastSS.scr -> [2011/08/15 22:33:46 | 000,040,112 | ---- | C] (AVAST Software)
aswBoot.exe -> C:\Windows\System32\aswBoot.exe -> [2011/08/15 22:33:44 | 000,199,304 | ---- | C] (AVAST Software)
AVAST Software -> C:\ProgramData\AVAST Software -> [2011/08/15 22:33:07 | 000,000,000 | ---D | C]
AVAST Software -> C:\Program Files\AVAST Software -> [2011/08/15 22:33:07 | 000,000,000 | ---D | C]
bootdelete.exe -> C:\Windows\System32\bootdelete.exe -> [2011/08/15 11:52:11 | 000,012,872 | ---- | C] (SurfRight B.V.)
Hitman Pro 3.5 -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hitman Pro 3.5 -> [2011/08/15 11:28:34 | 000,000,000 | ---D | C]
Hitman Pro 3.5 -> C:\Program Files\Hitman Pro 3.5 -> [2011/08/15 11:28:34 | 000,000,000 | ---D | C]
Hitman Pro -> C:\ProgramData\Hitman Pro -> [2011/08/15 11:27:29 | 000,000,000 | ---D | C]
winsrv.dll -> C:\Windows\System32\winsrv.dll -> [2011/08/10 21:59:20 | 000,375,808 | ---- | C] (Microsoft Corporation)
url.dll -> C:\Windows\System32\url.dll -> [2011/08/10 21:59:10 | 000,106,496 | ---- | C] (Microsoft Corporation)
mshtml.tlb -> C:\Windows\System32\mshtml.tlb -> [2011/08/10 21:59:09 | 001,383,424 | ---- | C] (Microsoft Corporation)
mstime.dll -> C:\Windows\System32\mstime.dll -> [2011/08/10 21:59:07 | 000,671,232 | ---- | C] (Microsoft Corporation)
msfeeds.dll -> C:\Windows\System32\msfeeds.dll -> [2011/08/10 21:59:07 | 000,471,040 | ---- | C] (Microsoft Corporation)
html.iec -> C:\Windows\System32\html.iec -> [2011/08/10 21:59:07 | 000,389,632 | ---- | C] (Microsoft Corporation)
iepeers.dll -> C:\Windows\System32\iepeers.dll -> [2011/08/10 21:59:06 | 000,193,024 | ---- | C] (Microsoft Corporation)
ieapfltr.dll -> C:\Windows\System32\ieapfltr.dll -> [2011/08/10 21:59:05 | 000,380,928 | ---- | C] (Microsoft Corporation)
ntkrnlpa.exe -> C:\Windows\System32\ntkrnlpa.exe -> [2011/08/10 21:58:43 | 003,602,832 | ---- | C] (Microsoft Corporation)
ntoskrnl.exe -> C:\Windows\System32\ntoskrnl.exe -> [2011/08/10 21:58:43 | 003,550,096 | ---- | C] (Microsoft Corporation)
HiJackThis -> C:\Users\Baker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis -> [2011/08/09 09:32:24 | 000,000,000 | ---D | C]
SpywareGuard -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareGuard -> [2011/08/09 09:24:24 | 000,000,000 | ---D | C]
SpywareGuard -> C:\Program Files\SpywareGuard -> [2011/08/09 09:24:22 | 000,000,000 | ---D | C]
SpywareBlaster -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster -> [2011/08/09 08:25:29 | 000,000,000 | ---D | C]
SpywareBlaster -> C:\Program Files\SpywareBlaster -> [2011/08/09 08:25:12 | 000,000,000 | ---D | C]
AVG PC Tuneup 2011 -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011 -> [2011/08/08 17:14:10 | 000,000,000 | ---D | C]
AVG -> C:\Users\Baker\AppData\Roaming\AVG -> [2011/08/08 16:47:12 | 000,000,000 | ---D | C]
TEMP -> C:\ProgramData\TEMP -> [2011/08/08 16:46:10 | 000,000,000 | ---D | C]
AVG Security Toolbar -> C:\Users\Baker\AppData\Local\AVG Security Toolbar -> [2011/07/26 19:20:20 | 000,000,000 | ---D | C]
AVG10 -> C:\Users\Baker\AppData\Roaming\AVG10 -> [2011/07/25 19:09:19 | 000,000,000 | ---D | C]
AVG Security Toolbar -> C:\ProgramData\AVG Security Toolbar -> [2011/07/25 18:41:10 | 000,000,000 | ---D | C]
AVG 2011 -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2011 -> [2011/07/25 18:39:59 | 000,000,000 | ---D | C]
AVG10 -> C:\ProgramData\AVG10 -> [2011/07/25 18:33:04 | 000,000,000 | ---D | C]
AVG -> C:\Windows\System32\drivers\AVG -> [2011/07/25 18:33:04 | 000,000,000 | ---D | C]
MFAData -> C:\ProgramData\MFAData -> [2011/07/24 23:42:53 | 000,000,000 | ---D | C]
Brother -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother -> [2011/07/23 09:10:09 | 000,000,000 | ---D | C]
BrDctF2S.dll -> C:\Windows\System32\BrDctF2S.dll -> [2011/07/23 08:50:53 | 000,012,288 | R--- | C] (Brother Industries Ltd.)
BrDctF2L.dll -> C:\Windows\System32\BrDctF2L.dll -> [2011/07/23 08:50:53 | 000,012,288 | R--- | C] (Brother Industries Ltd.)
BrDctF2.dll -> C:\Windows\System32\BrDctF2.dll -> [2011/07/23 08:50:52 | 000,094,208 | R--- | C] (Brother Industries Ltd.)
BroSNMP.dll -> C:\Windows\System32\BroSNMP.dll -> [2011/07/23 08:50:45 | 000,176,128 | ---- | C] (Brother Industries, Ltd.)
BrfxD05a.dll -> C:\Windows\System32\BrfxD05a.dll -> [2011/07/23 08:50:04 | 000,126,976 | ---- | C] (Brother Industries,LTD)
Bullzip -> C:\Program Files\Common Files\Bullzip -> [2011/07/18 13:45:40 | 000,000,000 | ---D | C]
downloads -> C:\downloads -> [2011/07/18 13:44:30 | 000,000,000 | ---D | C]
My Web Sites -> C:\My Web Sites -> [2011/07/18 13:20:52 | 000,000,000 | ---D | C]
2 C:\Users\Baker\Desktop\*.tmp files -> C:\Users\Baker\Desktop\*.tmp ->

[Files/Folders - Modified Within 30 Days]
FNTCACHE.DAT -> C:\Windows\System32\FNTCACHE.DAT -> [2011/08/16 16:24:39 | 000,299,960 | ---- | M] ()
bootstat.dat -> C:\Windows\bootstat.dat -> [2011/08/16 16:23:22 | 000,067,584 | --S- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [2011/08/16 16:13:58 | 000,003,296 | -H-- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [2011/08/16 16:13:58 | 000,003,296 | -H-- | M] ()
GoogleUpdateTaskUserS-1-5-21-1123368747-3892059659-6161073-1000UA.job -> C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1123368747-3892059659-6161073-1000UA.job -> [2011/08/16 16:13:00 | 000,000,908 | ---- | M] ()
GoogleUpdateTaskMachineUA.job -> C:\Windows\tasks\GoogleUpdateTaskMachineUA.job -> [2011/08/16 15:26:00 | 000,000,886 | ---- | M] ()
GoogleUpdateTaskMachineCore.job -> C:\Windows\tasks\GoogleUpdateTaskMachineCore.job -> [2011/08/16 14:26:09 | 000,000,882 | ---- | M] ()
incavi.avm -> C:\Windows\System32\drivers\AVG\incavi.avm -> [2011/08/16 12:24:13 | 128,246,709 | ---- | M] ()
GoogleUpdateTaskUserS-1-5-21-1123368747-3892059659-6161073-1000Core.job -> C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1123368747-3892059659-6161073-1000Core.job -> [2011/08/16 05:13:00 | 000,000,856 | ---- | M] ()
avast! Free Antivirus.lnk -> C:\Users\Public\Desktop\avast! Free Antivirus.lnk -> [2011/08/15 22:34:32 | 000,001,829 | ---- | M] ()
config.nt -> C:\Windows\System32\config.nt -> [2011/08/15 22:34:26 | 000,002,577 | ---- | M] ()
perfh009.dat -> C:\Windows\System32\perfh009.dat -> [2011/08/15 17:51:49 | 000,606,602 | ---- | M] ()
perfc009.dat -> C:\Windows\System32\perfc009.dat -> [2011/08/15 17:51:49 | 000,105,170 | ---- | M] ()
hitmanpro35.sys -> C:\Windows\System32\drivers\hitmanpro35.sys -> [2011/08/15 11:54:42 | 000,023,624 | ---- | M] ()
bootdelete.exe -> C:\Windows\System32\bootdelete.exe -> [2011/08/15 11:52:11 | 000,012,872 | ---- | M] (SurfRight B.V.)
Hitman Pro 3.5.lnk -> C:\Users\Public\Desktop\Hitman Pro 3.5.lnk -> [2011/08/15 11:28:38 | 000,001,785 | ---- | M] ()
apamenu.ini -> C:\Users\Baker\AppData\Local\apamenu.ini -> [2011/08/12 10:42:38 | 000,000,037 | ---- | M] ()
prvlcl.dat -> C:\Users\Baker\AppData\Local\prvlcl.dat -> [2011/08/12 07:47:58 | 000,000,000 | ---- | M] ()
iavifw.avm -> C:\Windows\System32\drivers\AVG\iavifw.avm -> [2011/08/11 16:23:12 | 000,659,715 | ---- | M] ()
iavichjg.avm -> C:\Windows\System32\drivers\AVG\iavichjg.avm -> [2011/08/11 04:23:55 | 000,369,855 | ---- | M] ()
SpywareGuard.lnk -> C:\Users\Baker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpywareGuard.lnk -> [2011/08/09 09:24:25 | 000,000,796 | ---- | M] ()
epplauncher.mif -> C:\Windows\epplauncher.mif -> [2011/08/09 03:02:15 | 000,001,945 | ---- | M] ()
Baker GTC SoU.pdf -> C:\Users\Baker\Documents\Baker GTC SoU.pdf -> [2011/08/08 21:59:50 | 000,137,745 | ---- | M] ()
AVG PC Tuneup 2011.lnk -> C:\Users\Baker\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk -> [2011/08/08 17:14:12 | 000,000,994 | ---- | M] ()
AVG PC Tuneup 2011.lnk -> C:\Users\Baker\Desktop\AVG PC Tuneup 2011.lnk -> [2011/08/08 17:14:12 | 000,000,970 | ---- | M] ()
iavichjw.avm -> C:\Windows\System32\drivers\AVG\iavichjw.avm -> [2011/07/25 18:35:23 | 000,113,461 | ---- | M] ()
BRWMARK.INI -> C:\Windows\BRWMARK.INI -> [2011/07/23 09:09:59 | 000,000,419 | ---- | M] ()
BRPP2KA.INI -> C:\Windows\BRPP2KA.INI -> [2011/07/23 09:09:59 | 000,000,027 | ---- | M] ()
Brpfx04a.ini -> C:\Windows\Brpfx04a.ini -> [2011/07/23 08:56:29 | 000,000,226 | ---- | M] ()
brpcfx.ini -> C:\Windows\brpcfx.ini -> [2011/07/23 08:56:29 | 000,000,094 | ---- | M] ()
Brfaxrx.ini -> C:\Windows\Brfaxrx.ini -> [2011/07/23 08:56:29 | 000,000,066 | ---- | M] ()
bridf07a.dat -> C:\Windows\System32\bridf07a.dat -> [2011/07/23 08:56:29 | 000,000,050 | ---- | M] ()
mshtml.tlb -> C:\Windows\System32\mshtml.tlb -> [2011/07/22 09:54:40 | 001,383,424 | ---- | M] (Microsoft Corporation)
2 C:\Users\Baker\Desktop\*.tmp files -> C:\Users\Baker\Desktop\*.tmp ->
16 C:\Users\Baker\AppData\Local\temp\*.tmp files -> C:\Users\Baker\AppData\Local\temp\*.tmp ->
16 C:\Users\Baker\AppData\Local\temp\*.tmp files -> C:\Users\Baker\AppData\Local\temp\*.tmp ->

[Files - No Company Name]
incavi.avm -> C:\Windows\System32\drivers\AVG\incavi.avm -> [2011/08/16 12:24:13 | 128,246,709 | ---- | C] ()
avast! Free Antivirus.lnk -> C:\Users\Public\Desktop\avast! Free Antivirus.lnk -> [2011/08/15 22:34:32 | 000,001,829 | ---- | C] ()
hitmanpro35.sys -> C:\Windows\System32\drivers\hitmanpro35.sys -> [2011/08/15 11:28:38 | 000,023,624 | ---- | C] ()
Hitman Pro 3.5.lnk -> C:\Users\Public\Desktop\Hitman Pro 3.5.lnk -> [2011/08/15 11:28:38 | 000,001,785 | ---- | C] ()
iavifw.avm -> C:\Windows\System32\drivers\AVG\iavifw.avm -> [2011/08/11 16:23:12 | 000,659,715 | ---- | C] ()
iavichjg.avm -> C:\Windows\System32\drivers\AVG\iavichjg.avm -> [2011/08/11 04:23:54 | 000,369,855 | ---- | C] ()
SpywareGuard.lnk -> C:\Users\Baker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpywareGuard.lnk -> [2011/08/09 09:24:25 | 000,000,796 | ---- | C] ()
Baker GTC SoU.pdf -> C:\Users\Baker\Documents\Baker GTC SoU.pdf -> [2011/08/08 21:59:50 | 000,137,745 | ---- | C] ()
AVG PC Tuneup 2011.lnk -> C:\Users\Baker\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk -> [2011/08/08 17:14:12 | 000,000,994 | ---- | C] ()
AVG PC Tuneup 2011.lnk -> C:\Users\Baker\Desktop\AVG PC Tuneup 2011.lnk -> [2011/08/08 17:14:12 | 000,000,970 | ---- | C] ()
iavichjw.avm -> C:\Windows\System32\drivers\AVG\iavichjw.avm -> [2011/07/25 18:35:23 | 000,113,461 | ---- | C] ()
CVRPAGE.BMP -> C:\Windows\CVRPAGE.BMP -> [2011/07/23 08:50:08 | 000,006,224 | ---- | C] ()
brdfxspd.dat -> C:\Windows\brdfxspd.dat -> [2011/07/23 08:50:05 | 000,000,000 | ---- | C] ()
hpqins15.dat -> C:\Windows\hpqins15.dat -> [2010/08/25 09:54:00 | 000,023,112 | ---- | C] ()
hpqins05.dat -> C:\Windows\hpqins05.dat -> [2010/08/25 09:41:31 | 000,077,376 | ---- | C] ()
hpwmdl22.dat.temp -> C:\Windows\hpwmdl22.dat.temp -> [2010/08/11 19:14:59 | 000,002,979 | ---- | C] ()
Brfaxrx.ini -> C:\Windows\Brfaxrx.ini -> [2010/08/08 10:04:47 | 000,000,066 | ---- | C] ()
prvlcl.dat -> C:\Users\Baker\AppData\Local\prvlcl.dat -> [2010/07/24 15:29:23 | 000,000,000 | ---- | C] ()
hpwins22.dat -> C:\Windows\hpwins22.dat -> [2010/07/20 20:15:52 | 000,188,724 | ---- | C] ()
HBCIKRNL.INI -> C:\Windows\HBCIKRNL.INI -> [2010/03/24 11:05:05 | 000,001,129 | ---- | C] ()
d3d9caps.dat -> C:\Users\Baker\AppData\Local\d3d9caps.dat -> [2010/01/20 21:10:59 | 000,001,356 | ---- | C] ()
gzip.exe -> C:\Windows\gzip.exe -> [2009/12/19 19:05:27 | 000,098,136 | ---- | C] ()
EhStorAuthn.dll -> C:\Windows\System32\EhStorAuthn.dll -> [2009/09/16 19:36:12 | 000,117,248 | ---- | C] ()
StructuredQuerySchema.bin -> C:\Windows\System32\StructuredQuerySchema.bin -> [2009/09/16 19:36:12 | 000,107,612 | ---- | C] ()
vx86036.dat -> C:\Windows\vx86036.dat -> [2009/08/18 13:24:50 | 000,000,004 | ---- | C] ()
Crypkey.ini -> C:\Windows\Crypkey.ini -> [2009/08/18 13:20:27 | 000,000,041 | ---- | C] ()
Ckldrv.sys -> C:\Windows\System32\Ckldrv.sys -> [2009/08/18 13:20:16 | 000,031,654 | ---- | C] ()
Setup_ck.exe -> C:\Windows\Setup_ck.exe -> [2009/08/18 13:20:16 | 000,027,648 | R--- | C] ()
Setup_ck.dll -> C:\Windows\Setup_ck.dll -> [2009/08/18 13:20:16 | 000,018,432 | ---- | C] ()
Ckrfresh.exe -> C:\Windows\Ckrfresh.exe -> [2009/08/18 13:20:16 | 000,011,776 | ---- | C] ()
OGACheckControl.dll -> C:\Windows\System32\OGACheckControl.dll -> [2009/08/03 15:07:42 | 000,403,816 | ---- | C] ()
OGAEXEC.exe -> C:\Windows\System32\OGAEXEC.exe -> [2009/08/03 15:07:42 | 000,230,768 | ---- | C] ()
wklnhst.dat -> C:\Users\Baker\AppData\Roaming\wklnhst.dat -> [2009/04/05 19:45:35 | 000,001,094 | ---- | C] ()
fidbox.dat -> C:\Windows\System32\drivers\fidbox.dat -> [2009/02/16 10:00:07 | 004,623,392 | -HS- | C] ()
fidbox2.dat -> C:\Windows\System32\drivers\fidbox2.dat -> [2009/02/16 10:00:07 | 000,843,808 | -HS- | C] ()
hpwmdl22.dat -> C:\Windows\hpwmdl22.dat -> [2008/10/25 05:40:22 | 000,002,979 | ---- | C] ()
StructuredQuerySchemaTrivial.bin -> C:\Windows\System32\StructuredQuerySchemaTrivial.bin -> [2008/10/05 03:00:51 | 000,018,904 | ---- | C] ()
apamenu.ini -> C:\Users\Baker\AppData\Local\apamenu.ini -> [2008/09/07 12:09:36 | 000,000,037 | ---- | C] ()
refpt.ini -> C:\Windows\refpt.ini -> [2008/09/07 12:02:32 | 000,000,118 | ---- | C] ()
PureEdgeAPI.ini -> C:\Windows\PureEdgeAPI.ini -> [2008/03/24 10:04:11 | 000,000,010 | ---- | C] ()
LuUninstall.LiveUpdate -> C:\ProgramData\LuUninstall.LiveUpdate -> [2008/03/22 19:23:28 | 000,746,796 | ---- | C] ()
BRWMARK.INI -> C:\Windows\BRWMARK.INI -> [2008/03/22 18:48:04 | 000,000,419 | ---- | C] ()
BRPP2KA.INI -> C:\Windows\BRPP2KA.INI -> [2008/03/22 18:48:04 | 000,000,027 | ---- | C] ()
Brpfx04a.ini -> C:\Windows\Brpfx04a.ini -> [2008/03/22 18:46:27 | 000,000,226 | ---- | C] ()
brpcfx.ini -> C:\Windows\brpcfx.ini -> [2008/03/22 18:46:27 | 000,000,094 | ---- | C] ()
bridf07a.dat -> C:\Windows\System32\bridf07a.dat -> [2008/03/22 18:46:27 | 000,000,050 | ---- | C] ()
BrMuSNMP.dll -> C:\Windows\System32\BrMuSNMP.dll -> [2008/03/22 18:42:09 | 000,106,496 | ---- | C] ()
maxlink.ini -> C:\Windows\maxlink.ini -> [2008/03/22 18:40:16 | 000,031,567 | ---- | C] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\Baker\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2008/03/19 17:43:21 | 000,028,672 | ---- | C] ()
igfxCoIn_v1409.dll -> C:\Windows\System32\igfxCoIn_v1409.dll -> [2008/01/02 16:57:36 | 000,147,456 | ---- | C] ()
igklg400.dll -> C:\Windows\System32\igklg400.dll -> [2008/01/02 16:47:22 | 001,953,696 | ---- | C] ()
igklg450.dll -> C:\Windows\System32\igklg450.dll -> [2008/01/02 16:47:22 | 001,533,360 | ---- | C] ()
igmedcompkrn.dll -> C:\Windows\System32\igmedcompkrn.dll -> [2008/01/02 16:47:22 | 000,104,636 | ---- | C] ()
igmedkrn.dll -> C:\Windows\System32\igmedkrn.dll -> [2007/12/21 18:22:04 | 000,910,464 | ---- | C] ()
igfxCoIn_v1283.dll -> C:\Windows\System32\igfxCoIn_v1283.dll -> [2007/12/21 18:22:04 | 000,204,800 | ---- | C] ()
rpcnetp.dll -> C:\Windows\System32\rpcnetp.dll -> [2007/12/21 17:40:46 | 000,017,408 | ---- | C] ()
rpcnetp.exe -> C:\Windows\System32\rpcnetp.exe -> [2007/12/21 17:38:03 | 000,017,408 | ---- | C] ()
bootstat.dat -> C:\Windows\bootstat.dat -> [2006/11/02 08:57:28 | 000,067,584 | --S- | C] ()
FNTCACHE.DAT -> C:\Windows\System32\FNTCACHE.DAT -> [2006/11/02 08:47:37 | 000,299,960 | ---- | C] ()
sysprepMCE.dll -> C:\Windows\System32\sysprepMCE.dll -> [2006/11/02 08:35:32 | 000,005,632 | ---- | C] ()
perfh009.dat -> C:\Windows\System32\perfh009.dat -> [2006/11/02 06:33:01 | 000,606,602 | ---- | C] ()
perfi009.dat -> C:\Windows\System32\perfi009.dat -> [2006/11/02 06:33:01 | 000,287,440 | ---- | C] ()
perfc009.dat -> C:\Windows\System32\perfc009.dat -> [2006/11/02 06:33:01 | 000,105,170 | ---- | C] ()
perfd009.dat -> C:\Windows\System32\perfd009.dat -> [2006/11/02 06:33:01 | 000,030,674 | ---- | C] ()
dssec.dat -> C:\Windows\System32\dssec.dat -> [2006/11/02 06:23:21 | 000,215,943 | ---- | C] ()
mib.bin -> C:\Windows\mib.bin -> [2006/11/02 04:58:30 | 000,043,131 | ---- | C] ()
NOISE.DAT -> C:\Windows\System32\NOISE.DAT -> [2006/11/02 04:19:00 | 000,000,741 | ---- | C] ()
pacerprf.ini -> C:\Windows\System32\pacerprf.ini -> [2006/11/02 03:40:29 | 000,013,750 | ---- | C] ()
mlang.dat -> C:\Windows\System32\mlang.dat -> [2006/11/02 03:25:31 | 000,673,088 | ---- | C] ()
HotlineClient.exe -> C:\Windows\System32\HotlineClient.exe -> [2006/06/11 20:01:15 | 000,352,256 | ---- | C] ()

[Files/Folders - Unicode - All]
C:\Windows\System32\?ô???ô?ô?ô?ô?ô?ô -> C:\Windows\System32\ô䘺睋ôôôôôô -> [2009/08/18 13:46:04 | 000,000,000 | ---D | C]
C:\Windows\System32\?ô???ô?ô?ô?ô?ô?ô -> C:\Windows\System32\ô䘺睋ôôôôôô -> [2009/08/18 13:46:04 | 000,000,000 | ---D | M]

[Alternate Data Streams]
@Alternate Data Stream - 196 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34
Customer: replied 3 years ago.
Combo Fix is running now.
Customer: replied 3 years ago.
Combo Fix locked up right before sending the log report. Shold I try it again or try running Avast in safe mode?
Expert:  Robert M. replied 3 years ago.

Try the combo fix in safe mode. By the time it gets to creating the report it should have told you if it found anything and fixed it hopefully

 

as for the ots

 

this is not as easy as i thought it would be. Those things all have to be looked up to see if they are legitimate.

 

I agree that those funny ones look funny but most of what i can see is legitmate half the entries are for other anti virus programs.

 

in the fixit section of the ots

type

:otl

C:\Windows\System32\?ô???ô?ô?ô?ô?ô?ô -> C:\Windows\System32\ô䘺睋ôôôôôô -> [2009/08/18 13:46:04 | 000,000,000 | ---D | C]
C:\Windows\System32\?ô???ô?ô?ô?ô?ô?ô -> C:\Windows\System32\ô䘺睋ôôôôôô -> [2009/08/18 13:46:04 | 000,000,000 | ---D | M]

 

basically paste the lines from the files secton

then click run fixit

 

i would also delete the alternate data streams

go to c:\programdata\temp

delete everything in there it is a temp folder nothing needed should be in there.

Customer: replied 3 years ago.
Okay. OTS disappeared. Trying to download it again now.
Expert:  Robert M. replied 3 years ago.

it disapeared huh ? lol

 

At some point it may be easier to just reload the operating system you realize.

Customer: replied 3 years ago.
Okay. OTS says "fixed". Program also data file deleted. Computer not yet in Tampa Bay. I did not know an operating system could be reloaded. Will I lose my stuff?
Expert:  Robert M. replied 3 years ago.

you might lose your stuff if you reload the operating system.

Actually you should have backed up all the data files that you need before this. The virus could destroy them at any time

 

try running the program that picked it up in the first place in safe mode. If we are lucky we deleted enough to at least let it kill what it found. If it still picks it up try to give me exactly where it says it found it.

Customer: replied 3 years ago.
Okay. I started that program while waiting for you. I'll let yo know when it is done. Also, I had saved all my files to an external hard drive. I assume the virus must be on it now too? Do I scan it with OTS or is that even possible with an external drive?
Customer: replied 3 years ago.
In fact, I have no files except program files on my computer now. All documents are on the external drive. If I hook it to my computer to run OTC will the computer be affected before I can scan the external drive?
Customer: replied 3 years ago.
Super AntiSpyware just detected the threat again (in safe mode). I'll have to wait for it to finish before I can see if it will offer a file-path.
Expert:  Robert M. replied 3 years ago.

ok who knows maybe it will actually fix it this time

 

Customer: replied 3 years ago.
So, if I just go buy a new computer and then do a complete restore on this one from the rescue disk, how will I get my files clean on the external drive to then put them on a new computer?
Expert:  Robert M. replied 3 years ago.

Well you wouldnt want to do a complete restore. You would just want to copy the actual data files. Those usually arent infected although its possible they can be its a lot more rare.

 

You would have a new clean operating system. You would reinstall your programs from original cd's so they would be clean as well.

 

Install 1 ( ONE ) good antivirus software. ( they tend to interfear with each other. ) and then copy only the data from your external hard drive. pictures documents etc

 

then before you open any of them do a full scan of the computer. That way it should be able to pick up the virus if it does happen to be in one of the documents before it can be activated and install things to keep it from being detected.

 

Excuse my military analogy but kind of like destroying a machine gun is a lot easier when its still in its box than it is when somebody is firing it at you.

Customer: replied 3 years ago.
Got it. That makes sense, though I'm not sure of the difference between a full restore and data files. Where do I get those files? SAS is still running. It mat be awhile before I can get back with you.

This is all very helpful, thanks. Painful, but helpful.
Expert:  Robert M. replied 3 years ago.

well it depends what you backed up and how you backed it up. A lot of backup programs backup the entire computer programs operating system and all. Mostly because it sounds really good because personally i dont think its a very good way to do it.

 

what i would do if i was you and i was going to go the new computer route

just grab a brand new flash drive or 2 they are pretty cheap

plug it in to the old computer and just copy those documents etc that you really really need

then plug it into the new computer and

copy them all into their own folder on the new computer where you know where to find them and it will be easy to scan them etc.

 

That avoids any problems with what might also be on the backup drive or the backup / restore software etc.

 

I find simpler is better in cases like this

Customer: replied 3 years ago.
Thanks. That is what I did with the external drive...just copied everything from "My Documents" Nothing else.

SAS just finished running here is the path. FYI Sitebuilder is Intuit's web site-building page. I have an account and it updates automatically.

C:\PROGRAM FILES\INTUIT\SITEBUILDER\SITEBUILDERLPX_UPDATER.EXE

Listed below is basic information about the detected application/process.

This application may not be safe to have on your system.

Summary : Trojan.Agent/Gen-Injector[Fmt].Process

Company : Unknown

Description : Trojan.Agent/Gen-Injector[Fmt].Process

Threat Level (1-10) : 5

Processes : *

CLSID List :
Expert:  Robert M. replied 3 years ago.

thats all there is ? actually that looks more like a false positive than a real threat to me.

 

The website builder can easily have some sort of interactive stuff in it that could trigger as a trojan

 

What else is it doing because honestly my first thought when i picked this up was that dropping the number 3 in at random is more likely to be a faulty keyboard than a virus

 

uninstall the intuit site builder and see if the trojan warning goes away

Expert:  Robert M. replied 3 years ago.

I can try to get an md5 value to test it but it looks to me like that is a legitimate file.

 

It accesses the internet and sends stuff from your computer to a website. To that particular spyware program it looks like a trojan. it is doing what a trogen does and it has a name very simillar to UPDATE.EXE which it thinks is a very bad trojan

 

Thats why nothing else is picking it up and the fix its using isnt fixing it.

Customer: replied 3 years ago.
Okay. I deleted it anyway. I think we have done about all that can be done. I'll trash the keyboard and buy a new one. In closing, I'm safe doing a full restore on this computer once my documents are saved? My goal for this computer will be to save emergency reference materials, no daily use.

Robert; you've been a blessing and you have more than earned this $58. I'll be saving Just Answer to my favorites!
Expert:  Robert M. replied 3 years ago.

If you mean doing a system recovery back to factory specs I think that would give you piece of mind.

 

after all the stuff being done by the antivirus programs even if you didnt have a virus and whatever other problems may have been around just because windows isnt perfect a system recovery would certainly get it safe to use and probably a lot smoother than it is now. Just back up everything that you definately dont want to lose as far as data goes. If thats all in my documents that would be just fine. back it up and do a straight copy to a different folder and make sure that you have a couple of copies just in case one is bad.

Robert M., Consultant
Category: Computer
Satisfied Customers: 7441
Experience: 30 yrs. in NYC computer industry working with PC and networks, banks, brokerage, legal etc.
Robert M. and 11 other Computer Specialists are ready to help you
Customer: replied 3 years ago.
I'll do it. Thanks again, Robert! Best wishes.

r/

Russell

JustAnswer in the News:

 
 
 
Ask-a-doc Web sites: If you've got a quick question, you can try to get an answer from sites that say they have various specialists on hand to give quick answers... Justanswer.com.
JustAnswer.com...has seen a spike since October in legal questions from readers about layoffs, unemployment and severance.
Web sites like justanswer.com/legal
...leave nothing to chance.
Traffic on JustAnswer rose 14 percent...and had nearly 400,000 page views in 30 days...inquiries related to stress, high blood pressure, drinking and heart pain jumped 33 percent.
Tory Johnson, GMA Workplace Contributor, discusses work-from-home jobs, such as JustAnswer in which verified Experts answer people’s questions.
I will tell you that...the things you have to go through to be an Expert are quite rigorous.
 
 
 

What Customers are Saying:

 
 
 
  • My Expert answered my question promptly and he resolved the issue totally. This is a great service. I am so glad I found it I will definitely use the service again if needed. One Happy Customer New York
< Last | Next >
  • My Expert answered my question promptly and he resolved the issue totally. This is a great service. I am so glad I found it I will definitely use the service again if needed. One Happy Customer New York
  • I am very happy with my very fast response. Eric is very knowledgeable in the subject area. Thank you! RP Austin, TX
  • Hi John, Thank you for your expertise and, more important, for your kindness because they make me, almost, look forward to my next computer problem. After the next problem comes, I'll be delighted to correspond again with you. I'm told that I excel at programing. But system administration has never been one of my talents. So it's great to have an expert to rely on when the computer decides to stump me. God bless, Bill Bill M. Schenectady, New York
  • The Expert answered my Mac question and was patient. He answered in a thorough and timely manner, keeping the response on a level that could understand. Thank you! Frank Canada
  • Wonderful service, prompt, efficient, and accurate. Couldn't have asked for more. I cannot thank you enough for your help. Mary C. Freshfield, Liverpool, UK
  • This expert is wonderful. They truly know what they are talking about, and they actually care about you. They really helped put my nerves at ease. Thank you so much!!!! Alex Los Angeles, CA
  • Thank you for all your help. It is nice to know that this service is here for people like myself, who need answers fast and are not sure who to consult. GP Hesperia, CA
 
 
 

Meet The Experts:

 
 
 
  • Andy

    Computer Consultant

    Satisfied Customers:

    5311
    11yr exp, Comp Engg, Internet expert, Web developer, SEO
< Last | Next >
  • http://ww2.justanswer.com/uploads/EN/Engineer1010/2012-6-9_132423_jaj12a.64x64.jpg Andy's Avatar

    Andy

    Computer Consultant

    Satisfied Customers:

    5311
    11yr exp, Comp Engg, Internet expert, Web developer, SEO
  • http://ww2.justanswer.com/uploads/BA/barrenrock/2011-10-19_215925_JamesJAFinal.64x64.jpg James's Avatar

    James

    Sr. Computer Support Expert

    Satisfied Customers:

    8376
    20 years of experience building, fixing and servicing PCs and operating systems.
  • http://ww2.justanswer.com/uploads/zeyank/2009-09-26_154244_P8110079.png Ryan H.'s Avatar

    Ryan H.

    Computer Support Specialist

    Satisfied Customers:

    1741
    A+ Certified Technician - 10 Years experience working with all types of computer systems.
  • http://ww2.justanswer.com/uploads/JA/jadedangel57/2011-11-8_193134_janenewsm.64x64.jpg Jane Lefler's Avatar

    Jane Lefler

    Sr Prog Analyst / Technician

    Satisfied Customers:

    0
    Computer Programmer / Technician/ Consultant 16+ years
  • http://ww2.justanswer.com/uploads/RO/robmpreston/2013-9-23_233814_mijiFZm.64x64.jpg RPI Solutions's Avatar

    RPI Solutions

    Support Specialist

    Satisfied Customers:

    3476
    5+ Years in IT, BS in Computer Science
  • http://ww2.justanswer.com/uploads/BA/barunrath/2012-7-5_201954_Profilepic2.64x64.jpg B. Rath's Avatar

    B. Rath

    Computer Support Specialist

    Satisfied Customers:

    8671
    Certified Computer/Networking Support Specialist.
  • http://ww2.justanswer.com/uploads/FS/fszcze/2012-6-18_181848_500test.64x64.jpg Frederick S.'s Avatar

    Frederick S.

    Computer Specialist

    Satisfied Customers:

    7240
    Computer technician and founder of a home PC repair company.
 
 
 

Related Computer Questions