We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Cozzas malware thread
Options
aliEnRIK
Posts: 17,741 Forumite
in Techie Stuff
FIX these using hijack (Tick them then click to FIX them) ~
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O4 - HKLM\..\Run: [SM_IAN] C:\Program Files\AdvancedCleaner Free\ian_monitor.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgemc.exe (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
use the AVG REMOVAL TOOL
http://www.avg.com/download-tools
use the NORTON REMOVAL TOOL
http://www.softpedia.com/get/Tweak/Uninstallers/Norton-Removal-Tool.shtml
Download SUPERANTISPYWARE (Click 'DOWNLOAD LATEST VERSION')
http://www.filehippo.com/download_superantispyware/
UPDATE and COMPLETE scan
Then open the CONSOLE and goto LOGS and post the WHOLE log it created. Then go back to the console and UNTICK it for STARTING WITH WINDOWS
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O4 - HKLM\..\Run: [SM_IAN] C:\Program Files\AdvancedCleaner Free\ian_monitor.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgemc.exe (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
use the AVG REMOVAL TOOL
http://www.avg.com/download-tools
use the NORTON REMOVAL TOOL
http://www.softpedia.com/get/Tweak/Uninstallers/Norton-Removal-Tool.shtml
Download SUPERANTISPYWARE (Click 'DOWNLOAD LATEST VERSION')
http://www.filehippo.com/download_superantispyware/
UPDATE and COMPLETE scan
Then open the CONSOLE and goto LOGS and post the WHOLE log it created. Then go back to the console and UNTICK it for STARTING WITH WINDOWS
:idea:
0
Comments
-
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 05/31/2009 at 03:45 PM
Application Version : 4.26.1004
Core Rules Database Version : 3917
Trace Rules Database Version: 1861
Scan type : Complete Scan
Total Scan Time : 01:03:47
Memory items scanned : 615
Memory threats detected : 0
Registry items scanned : 7934
Registry threats detected : 1
File items scanned : 28116
File threats detected : 52
Adware.MyWebSearch/FunWebProducts
HKU\S-1-5-21-3161691916-1903124050-4102699366-1000\SOFTWARE\FunWebProducts
Adware.Tracking Cookie
C:\Users\caz\AppData\Roaming\Microsoft\Windows\Cookies\caz@atdmt[2].txt
C:\Users\caz\AppData\Roaming\Microsoft\Windows\Cookies\caz@atdmt[3].txt
C:\Users\caz\AppData\Roaming\Microsoft\Windows\Cookies\caz@bs.serving-sys[2].txt
C:\Users\caz\AppData\Roaming\Microsoft\Windows\Cookies\caz@doubleclick[1].txt
C:\Users\caz\AppData\Roaming\Microsoft\Windows\Cookies\caz@serving-sys[1].txt
C:\Users\caz\AppData\Roaming\Microsoft\Windows\Cookies\Low\caz@advertising[1].txt
C:\Users\caz\AppData\Roaming\Microsoft\Windows\Cookies\Low\caz@advertising[2].txt
C:\Users\caz\AppData\Roaming\Microsoft\Windows\Cookies\Low\caz@advertising[4].txt
C:\Users\caz\AppData\Roaming\Microsoft\Windows\Cookies\Low\caz@adtech[2].txt
C:\Users\caz\AppData\Roaming\Microsoft\Windows\Cookies\Low\caz@www.googleadservices[1].txt
C:\Users\caz\AppData\Roaming\Microsoft\Windows\Cookies\Low\caz@adviva[3].txt
C:\Users\caz\AppData\Roaming\Microsoft\Windows\Cookies\Low\caz@ad.yieldmanager[2].txt
C:\Users\caz\AppData\Roaming\Microsoft\Windows\Cookies\Low\caz@adrevolver[2].txt
C:\Users\caz\AppData\Roaming\Microsoft\Windows\Cookies\Low\caz@2o7[1].txt
C:\Users\caz\AppData\Roaming\Microsoft\Windows\Cookies\Low\caz@ad.yieldmanager[1].txt
C:\Users\caz\AppData\Roaming\Microsoft\Windows\Cookies\Low\caz@adfarm1.adition[1].txt
C:\Users\caz\AppData\Roaming\Microsoft\Windows\Cookies\Low\caz@adtech[1].txt
C:\Users\caz\AppData\Roaming\Microsoft\Windows\Cookies\Low\caz@adviva[1].txt
C:\Users\caz\AppData\Roaming\Microsoft\Windows\Cookies\Low\caz@apmebf[1].txt
C:\Users\caz\AppData\Roaming\Microsoft\Windows\Cookies\Low\caz@atdmt[2].txt
C:\Users\caz\AppData\Roaming\Microsoft\Windows\Cookies\Low\caz@atdmt[3].txt
C:\Users\caz\AppData\Roaming\Microsoft\Windows\Cookies\Low\caz@bs.serving-sys[1].txt
C:\Users\caz\AppData\Roaming\Microsoft\Windows\Cookies\Low\caz@cgm.adbureau[2].txt
C:\Users\caz\AppData\Roaming\Microsoft\Windows\Cookies\Low\caz@cgm.adbureau[3].txt
C:\Users\caz\AppData\Roaming\Microsoft\Windows\Cookies\Low\caz@collective-media[1].txt
C:\Users\caz\AppData\Roaming\Microsoft\Windows\Cookies\Low\caz@collective-media[2].txt
C:\Users\caz\AppData\Roaming\Microsoft\Windows\Cookies\Low\caz@countrycodes[1].txt
C:\Users\caz\AppData\Roaming\Microsoft\Windows\Cookies\Low\caz@doubleclick[2].txt
C:\Users\caz\AppData\Roaming\Microsoft\Windows\Cookies\Low\caz@doubleclick[3].txt
C:\Users\caz\AppData\Roaming\Microsoft\Windows\Cookies\Low\caz@euroclick[1].txt
C:\Users\caz\AppData\Roaming\Microsoft\Windows\Cookies\Low\caz@fastclick[1].txt
C:\Users\caz\AppData\Roaming\Microsoft\Windows\Cookies\Low\caz@imrworldwide[2].txt
C:\Users\caz\AppData\Roaming\Microsoft\Windows\Cookies\Low\caz@media.adrevolver[2].txt
C:\Users\caz\AppData\Roaming\Microsoft\Windows\Cookies\Low\caz@media.adrevolver[3].txt
C:\Users\caz\AppData\Roaming\Microsoft\Windows\Cookies\Low\caz@media.mtvnservices[1].txt
C:\Users\caz\AppData\Roaming\Microsoft\Windows\Cookies\Low\caz@microsoftinternetexplorer.112.2o7[1].txt
C:\Users\caz\AppData\Roaming\Microsoft\Windows\Cookies\Low\caz@microsoftxbox.112.2o7[1].txt
C:\Users\caz\AppData\Roaming\Microsoft\Windows\Cookies\Low\caz@mywebsearch[2].txt
C:\Users\caz\AppData\Roaming\Microsoft\Windows\Cookies\Low\caz@overture[2].txt
C:\Users\caz\AppData\Roaming\Microsoft\Windows\Cookies\Low\caz@premiumtv.122.2o7[1].txt
C:\Users\caz\AppData\Roaming\Microsoft\Windows\Cookies\Low\caz@premiumtv.122.2o7[2].txt
C:\Users\caz\AppData\Roaming\Microsoft\Windows\Cookies\Low\caz@revsci[1].txt
C:\Users\caz\AppData\Roaming\Microsoft\Windows\Cookies\Low\caz@serving-sys[1].txt
C:\Users\caz\AppData\Roaming\Microsoft\Windows\Cookies\Low\caz@socialmedia[1].txt
C:\Users\caz\AppData\Roaming\Microsoft\Windows\Cookies\Low\caz@serving-sys[2].txt
C:\Users\caz\AppData\Roaming\Microsoft\Windows\Cookies\Low\caz@specificclick[1].txt
C:\Users\caz\AppData\Roaming\Microsoft\Windows\Cookies\Low\caz@specificclick[3].txt
C:\Users\caz\AppData\Roaming\Microsoft\Windows\Cookies\Low\caz@specificclick[4].txt
C:\Users\caz\AppData\Roaming\Microsoft\Windows\Cookies\Low\caz@viacom.adbureau[2].txt
C:\Users\caz\AppData\Roaming\Microsoft\Windows\Cookies\Low\caz@tradedoubler[2].txt
C:\Users\caz\AppData\Roaming\Microsoft\Windows\Cookies\Low\caz@tribalfusion[1].txt
C:\Users\caz\AppData\Roaming\Microsoft\Windows\Cookies\Low\caz@tribalfusion[3].txt0 -
sorry i took so long to reply back but here is my results0
-
Jeepers ~ id forgot all about this!
Please run COMBOFIX
Follow the simple instructions it gives
Post the COMPLETE log it creates here (Split into sections if need be)
If it comes up with a RENAMING error then RIGHT click the exe file and RENAME and call it QWERTY (Making the complete file name 'QWERTY.exe') Or SAVE as 'QWERTY' on download:idea:0 -
ComboFix 09-05-31.05 - carol 01/06/2009 14:20.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.447.103 [GMT 1:00]
Running from: c:\users\carol\Downloads\ComboFix.exe
AV: AVG *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG *enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Spyware *disabled* (Outdated) {48F2E28D-ED66-4646-9C11-B3055B0AF604}
SP: Spyware Doctor *disabled* (Updated) {1C3EDD79-273E-46ac-99F8-EFA9E7CBC301}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Files Created from 2009-05-01 to 2009-06-01 )))))))))))))))))))))))))))))))
.
2009-06-01 13:30 . 2009-06-01 13:30
d
w- c:\users\carol\AppData\Local\temp
2009-06-01 13:30 . 2009-06-01 13:30
d
w- c:\users\caz\AppData\Local\temp
2009-05-31 13:33 . 2009-05-31 14:54 117760 ----a-w- c:\users\carol\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-05-31 13:30 . 2009-05-31 13:30
d
w- c:\users\carol\AppData\Roaming\SUPERAntiSpyware.com
2009-05-31 12:59 . 2009-05-31 12:59
d
w- c:\program files\CCleaner
2009-05-30 21:30 . 2009-05-30 21:34
d
w- c:\windows\system32\ca-ES
2009-05-30 21:30 . 2009-05-30 21:34
d
w- c:\windows\system32\eu-ES
2009-05-30 21:30 . 2009-05-30 21:34
d
w- c:\windows\system32\vi-VN
2009-05-30 20:51 . 2009-05-30 20:51
d
w- c:\windows\system32\EventProviders
2009-05-30 20:46 . 2009-04-11 06:32 122344 ----a-w- c:\windows\system32\drivers\Storport.sys
2009-05-30 20:45 . 2009-04-11 06:28 98816 ----a-w- c:\windows\system32\mfps.dll
2009-05-30 18:10 . 2009-03-24 15:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-05-16 19:50 . 2009-05-16 19:50
d
w- c:\users\carol\AppData\Roaming\TVCatchup.F47A58FCBDA0B1DF5636B554101AB5C0E8252CDC.1
2009-05-16 19:48 . 2009-05-16 19:48
d
w- c:\program files\TVCatchup Desktop Player
2009-05-16 13:43 . 2009-05-16 13:43
d
w- c:\program files\Prolific
2009-05-12 12:41 . 2009-05-12 12:41
d
w- c:\users\carol\AppData\Roaming\IObit
2009-05-12 12:41 . 2009-05-12 12:41
d
w- c:\program files\IObit
2009-05-10 20:03 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-05-10 14:03 . 2009-03-03 13:53 17464 ----a-w- c:\users\carol\AppData\Roaming\Mozilla\Firefox\Profiles\gtcrm1hy.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}\chrome\content\getPlus_Adobe_reg.exe
2009-05-10 14:03 . 2009-03-03 13:53 109420 ----a-w- c:\users\carol\AppData\Roaming\Mozilla\Firefox\Profiles\gtcrm1hy.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}\plugins\np_gp.dll
2009-05-10 14:03 . 2009-03-03 13:53 12792 ----a-w- c:\users\carol\AppData\Roaming\Mozilla\Firefox\Profiles\gtcrm1hy.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}\chrome\content\getPlus_Adobe_reg_bootstrap.exe
2009-05-07 06:03 . 2009-05-07 06:03
d
w- c:\users\carol\AppData\Local\Mozilla
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-01 11:02 . 2007-11-06 21:25 12 ----a-w- c:\windows\bthservsdp.dat
2009-06-01 09:49 . 2007-12-31 18:36 336 ----a-w- c:\users\carol\AppData\Roaming\wklnhst.dat
2009-05-31 13:30 . 2008-01-29 19:45
d
w- c:\program files\SUPERAntiSpyware
2009-05-31 13:28 . 2008-01-29 19:43
d
w- c:\program files\Common Files\Wise Installation Wizard
2009-05-30 21:35 . 2006-11-02 12:35
d
w- c:\program files\Windows Calendar
2009-05-30 21:35 . 2006-11-02 11:18
d
w- c:\program files\Windows Mail
2009-05-30 21:35 . 2006-11-02 12:35
d
w- c:\program files\Windows Sidebar
2009-05-30 21:35 . 2006-11-02 12:35
d
w- c:\program files\Windows Collaboration
2009-05-30 21:35 . 2006-11-02 12:35
d
w- c:\program files\Windows Photo Gallery
2009-05-30 21:35 . 2006-11-02 12:35
d
w- c:\program files\Windows Defender
2009-05-30 21:30 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-05-29 19:06 . 2006-01-05 06:17
d
w- c:\program files\Common Files\Adobe
2009-05-29 18:57 . 2008-01-13 13:23
d
w- c:\users\carol\AppData\Roaming\Canon
2009-05-29 16:31 . 2007-11-06 08:28 71696 ----a-w- c:\users\carol\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-29 07:53 . 2006-01-05 06:29
d
w- c:\programdata\Microsoft Help
2009-05-29 07:49 . 2006-01-05 06:30
d
w- c:\program files\Microsoft Works
2009-05-21 06:11 . 2009-02-20 11:43
d
w- c:\program files\Steam
2009-05-20 19:55 . 2009-02-20 12:09
d---a-w- c:\programdata\Sports Interactive
2009-05-19 18:54 . 2009-02-20 11:44
d
w- c:\program files\Common Files\Steam
2009-05-16 19:48 . 2009-01-15 13:57
d
w- c:\program files\Common Files\Adobe AIR
2009-05-16 13:43 . 2006-01-05 06:23
d--h--w- c:\program files\InstallShield Installation Information
2009-05-11 10:40 . 2007-11-10 21:01
d
w- c:\program files\Java
2009-05-10 14:04 . 2008-07-05 15:54
d
w- c:\programdata\NOS
2009-05-10 14:04 . 2008-07-05 15:54
d
w- c:\program files\NOS
2009-04-11 06:33 . 2009-05-30 20:47 986600 ----a-w- c:\windows\system32\winload.exe
2009-04-11 06:33 . 2009-05-30 20:47 926184 ----a-w- c:\windows\system32\winresume.exe
2009-04-11 06:33 . 2009-05-30 20:46 292840 ----a-w- c:\windows\system32\drivers\volmgrx.sys
2009-04-11 06:33 . 2009-05-30 20:47 897000 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-04-11 06:33 . 2009-05-30 20:47 614376 ----a-w- c:\windows\system32\ci.dll
2009-04-11 06:28 . 2009-05-30 20:47 56320 ----a-w- c:\windows\system32\xmlfilter.dll
2009-04-11 06:27 . 2009-05-30 20:48 441344 ----a-w- c:\windows\system32\SearchIndexer.exe
2009-04-11 06:22 . 2009-05-30 20:45 7168 ----a-w- c:\windows\system32\f3ahvoas.dll
2009-04-11 06:21 . 2009-05-30 20:46 37376 ----a-w- c:\windows\system32\cdd.dll
2009-04-11 05:42 . 2009-05-30 20:45 93696 ----a-w- c:\windows\system32\drivers\bridge.sys
2009-04-11 05:03 . 2009-05-30 20:48 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2009-04-11 05:03 . 2009-05-30 20:48 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2009-04-11 04:57 . 2009-05-30 20:45 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-04-11 04:54 . 2009-05-30 20:45 2048 ----a-w- c:\windows\system32\mferror.dll
2009-04-11 04:51 . 2009-05-30 20:46 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2009-04-11 04:47 . 2009-05-30 20:46 273920 ----a-w- c:\windows\system32\drivers\afd.sys
2009-04-11 04:46 . 2009-05-30 20:45 69120 ----a-w- c:\windows\system32\drivers\rassstp.sys
2009-04-11 04:46 . 2009-05-30 20:46 121344 ----a-w- c:\windows\system32\drivers\ndiswan.sys
2009-04-11 04:46 . 2009-05-30 20:45 41472 ----a-w- c:\windows\system32\drivers\raspppoe.sys
2009-04-11 04:46 . 2009-05-30 20:45 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2009-04-11 04:46 . 2009-05-30 20:45 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2009-04-11 04:46 . 2009-05-30 20:46 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-04-11 04:45 . 2009-05-30 20:46 72192 ----a-w- c:\windows\system32\drivers\tdx.sys
2009-04-11 04:45 . 2009-05-30 20:46 72192 ----a-w- c:\windows\system32\drivers\pacer.sys
2009-04-11 04:45 . 2009-05-30 20:46 185856 ----a-w- c:\windows\system32\drivers\netbt.sys
2009-04-11 04:45 . 2009-05-30 20:46 401408 ----a-w- c:\windows\system32\drivers\http.sys
2009-04-11 04:45 . 2009-05-30 20:46 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys
2009-04-11 04:45 . 2009-05-30 20:46 66560 ----a-w- c:\windows\system32\drivers\smb.sys
2009-04-11 04:43 . 2009-05-30 20:45 148480 ----a-w- c:\windows\system32\drivers\nwifi.sys
2009-04-11 04:43 . 2009-05-30 20:47 196096 ----a-w- c:\windows\system32\drivers\usbhub.sys
2009-04-11 04:43 . 2009-05-30 20:48 148992 ----a-w- c:\windows\system32\drivers\rfcomm.sys
2009-04-11 04:43 . 2009-05-30 20:48 507904 ----a-w- c:\windows\system32\drivers\bthport.sys
2009-04-11 04:43 . 2009-05-30 20:46 22528 ----a-w- c:\windows\system32\drivers\bthenum.sys
2009-04-11 04:43 . 2009-05-30 20:46 41472 ----a-w- c:\windows\system32\drivers\bthmodem.sys
2009-04-11 04:43 . 2009-05-30 20:46 30720 ----a-w- c:\windows\system32\drivers\hidbth.sys
2009-04-11 04:43 . 2009-05-30 20:46 29696 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2009-04-11 04:42 . 2009-05-30 20:47 226304 ----a-w- c:\windows\system32\drivers\usbport.sys
2009-04-11 04:42 . 2009-05-30 20:46 25856 ----a-w- c:\windows\system32\drivers\USBCAMD2.sys
2009-04-11 04:42 . 2009-05-30 20:46 25856 ----a-w- c:\windows\system32\drivers\USBCAMD.sys
2009-04-11 04:42 . 2009-05-30 20:46 73216 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2009-04-11 04:42 . 2009-05-30 20:46 27648 ----a-w- c:\windows\system32\drivers\usbser.sys
2009-04-11 04:42 . 2009-05-30 20:46 39936 ----a-w- c:\windows\system32\drivers\usbehci.sys
2009-04-11 04:42 . 2009-05-30 20:45 19456 ----a-w- c:\windows\system32\drivers\usbohci.sys
2009-04-11 04:42 . 2009-05-30 20:46 167936 ----a-w- c:\windows\system32\drivers\portcls.sys
2009-04-11 04:42 . 2009-05-30 20:46 12800 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-04-11 04:42 . 2009-05-30 20:45 39424 ----a-w- c:\windows\system32\drivers\hidclass.sys
2009-04-11 04:42 . 2009-05-30 20:45 52992 ----a-w- c:\windows\system32\drivers\stream.sys
2009-04-11 04:42 . 2009-05-30 20:48 561152 ----a-w- c:\windows\system32\drivers\hdaudbus.sys
2009-04-11 04:39 . 2009-05-30 20:45 16384 ----a-w- c:\windows\system32\iscsilog.dll
2009-04-11 04:39 . 2009-05-30 20:45 67072 ----a-w- c:\windows\system32\drivers\cdrom.sys
2009-04-11 04:39 . 2009-05-30 20:45 19456 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2009-04-11 04:38 . 2009-05-30 20:46 149504 ----a-w- c:\windows\system32\drivers\ks.sys
2009-04-11 04:38 . 2009-05-30 20:46 17408 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2009-04-11 04:27 . 2009-05-30 20:45 2560 ----a-w- c:\windows\system32\msimsg.dll
2009-04-11 04:24 . 2009-05-30 20:47 2034688 ----a-w- c:\windows\system32\win32k.sys
2009-04-11 04:23 . 2009-05-30 20:47 626176 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-04-11 04:23 . 2009-05-30 20:45 76288 ----a-w- c:\windows\system32\drivers\dxg.sys
2009-04-11 04:23 . 2009-05-30 20:45 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-04-11 04:22 . 2009-05-30 20:46 33280 ----a-w- c:\windows\system32\drivers\watchdog.sys
2009-04-11 04:15 . 2009-05-30 20:47 288768 ----a-w- c:\windows\system32\drivers\srv.sys
2009-04-11 04:15 . 2009-05-30 20:47 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-04-11 04:15 . 2009-05-30 20:46 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-04-11 04:14 . 2009-05-30 20:47 114688 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2009-04-11 04:14 . 2009-05-30 20:47 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-04-11 04:14 . 2009-05-30 20:47 225280 ----a-w- c:\windows\system32\drivers\rdbss.sys
2009-04-11 04:14 . 2009-05-30 20:46 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2009-04-11 04:14 . 2009-05-30 20:46 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-04-11 04:14 . 2009-05-30 20:45 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2009-04-11 04:14 . 2009-05-30 20:46 35328 ----a-w- c:\windows\system32\drivers\npfs.sys
2009-04-11 04:13 . 2009-05-30 20:46 226816 ----a-w- c:\windows\system32\drivers\udfs.sys
2009-04-11 04:13 . 2009-05-30 20:46 136704 ----a-w- c:\windows\system32\drivers\exfat.sys
2009-04-11 04:13 . 2009-05-30 20:46 142848 ----a-w- c:\windows\system32\drivers\fastfat.sys
2009-04-11 04:12 . 2009-05-30 20:47 617984 ----a-w- c:\windows\system32\adtschema.dll
2009-04-11 02:52 . 2009-05-30 20:48 684032 ----a-w- c:\windows\system32\drivers\spsys.sys
2009-04-11 01:59 . 2009-05-30 20:47 107612 ----a-w- c:\windows\system32\StructuredQuerySchema.bin
2009-04-10 22:47 . 2007-11-25 18:45
d
w- c:\program files\0 -
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnhancedStorageShell]
@="{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}"
[HKEY_CLASSES_ROOT\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}]
2009-04-11 06:28 114176 ----a-w- c:\windows\System32\EhStorShell.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-07 464168]
"TalkTalk"="c:\program files\TalkTalk\bin\sprtcmd.exe" [2007-10-12 202016]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"BindDirectlyToPropertySetStorage"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(b):a4,7e,fe,f7,6f,e1,c9,01
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{4A1A43D8-5B7B-4E04-9879-5169B2752B04}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{CFA7F20B-A507-494C-ACC7-F65D6427395F}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{34C56E8E-03B2-4AB0-9AC2-7FE24D1FC540}"= UDP:c:\acer\Empowering Technology\eMode\PCM\PCMService.exe:CyberLink PowerCinema Resident Program
"{21A1F770-6454-4B9E-BD6F-E8E1378126FE}"= TCP:c:\acer\Empowering Technology\eMode\PCM\PCMService.exe:CyberLink PowerCinema Resident Program
"{4DE936C2-3BA3-4180-911B-DC99E7B3C01E}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{1EB6586A-F88C-4EAF-A246-ADD95941212F}"= UDP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{C4CD3701-D992-4F1D-8D48-1358A499EEC2}"= TCP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"TCP Query User{B6974B93-C202-48F4-BDA1-4148B9E99669}c:\\program files\\microsoft lifecam\\lifecam.exe"= UDP:c:\program files\microsoft lifecam\lifecam.exe:LifeCam.exe
"UDP Query User{CB9D9038-5186-46FE-98FD-83DED050A084}c:\\program files\\microsoft lifecam\\lifecam.exe"= TCP:c:\program files\microsoft lifecam\lifecam.exe:LifeCam.exe
"{14412C29-2A11-479D-B42D-20E03B626DE1}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{5451CB06-7488-4D20-A8C8-3D99F45125D5}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{AD37C34E-772F-47AA-A9E0-E19FC96B375D}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{B386040B-0A1B-46A2-859A-C2A139D49695}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"{1BF02A28-7986-4B2D-BC6A-3D3C3FB03184}"= UDP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{E7DD3E4C-9A7D-4F8D-9D76-C5BC11327D25}"= TCP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{D564CDD1-3350-4796-9029-E03738637331}"= UDP:c:\users\caz\Desktop\fm.exe:Football Manager 2008
"{0AFBEF69-67E1-4769-A502-2ADBB43F4F51}"= TCP:c:\users\caz\Desktop\fm.exe:Football Manager 2008
"{8CDA8A1B-F5EE-4096-AA40-828999A9AE87}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{C549BAF7-AB20-4858-875E-E31F6C86811D}"= TCP:c:\program files\DNA\btdna.exe:DNA
"{D97795D2-E4BF-4E83-A593-B99BD2701C04}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{EDC9B9ED-BEF1-4940-8662-175CB2959095}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{A35148A8-59FC-4F53-B23D-E379B5DA6076}"= UDP:c:\program files\TalkTalk\agent\bin\bcont.exe:bcont.exe
"{0EA84AEE-D6DA-4218-8CFE-C7EA189BE055}"= TCP:c:\program files\TalkTalk\agent\bin\bcont.exe:bcont.exe
"{41418182-CC9B-4D77-B8C1-EF81E4C35D87}"= UDP:c:\program files\Common Files\SupportSoft\bin\tgsrvc.exe:tgsrvc.exe
"{CE313819-1B1C-4705-BACE-7EC6FD8AF90D}"= TCP:c:\program files\Common Files\SupportSoft\bin\tgsrvc.exe:tgsrvc.exe
"{922299D1-D51F-4498-AA6D-F7E427A09B6C}"= UDP:c:\program files\TalkTalk\agent\bin\bcont_nm.exe:bcont_nm.exe
"{6F0BFD9B-B9E8-4BFB-85A1-C3E0D9FE895B}"= TCP:c:\program files\TalkTalk\agent\bin\bcont_nm.exe:bcont_nm.exe
"{1C7262D8-DB27-44A8-B50D-164A0AB958EE}"= UDP:c:\program files\TalkTalk\bin\sprtcmd.exe:sprtcmd.exe
"{87C11585-BD27-4D5D-9953-CFEF992F962F}"= TCP:c:\program files\TalkTalk\bin\sprtcmd.exe:sprtcmd.exe
"{E9A11829-5238-4CDE-8F3E-A689C613960C}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{02A7F7F5-0372-4A28-B800-BC05212B13FA}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{D1A344E9-E567-463F-9BC9-082BAB2DC42F}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{5A799349-9BD2-45E1-9A53-7B13B30211F4}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{5058425D-9A83-457B-806D-D54A8D9DB338}"= Disabled:UDP:c:\users\caz\Documents\fm.exe:Football Manager 2008
"{6F596163-3301-4DFD-8336-59998932A4B6}"= Disabled:TCP:c:\users\caz\Documents\fm.exe:Football Manager 2008
"{9B2C827C-B8D8-4C00-95B0-6BEDAE215E68}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{DBE96BE2-267B-43D0-8B3D-C440C2C29C18}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{DEF95E73-A47F-412B-9788-66A7446A937E}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{F8889F5D-70EE-4746-9252-CE873FEEE6EF}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{B7845444-DC95-4997-B4C2-2392DB5004D0}"= Disabled:UDP:c:\users\caz\Saved Games\fm.exe:Football Manager 2008
"{7E4B3008-DB41-48BD-B18F-C3C6B0DD6BF1}"= Disabled:TCP:c:\users\caz\Saved Games\fm.exe:Football Manager 2008
"{E49C5074-9EF4-4860-B05A-96C0B42BD40E}"= Disabled:UDP:c:\program files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{EDCC8B70-5016-4D5E-8F02-02815AE346BB}"= Disabled:TCP:c:\program files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{B6B943FF-6662-4BB8-B0CA-25D44B196004}"= UDP:c:\program files\BearShare Applications\BearShare\BearShare.exe:BearShare
"{5601803E-F3DE-49BB-BF51-CFDBAA69B679}"= TCP:c:\program files\BearShare Applications\BearShare\BearShare.exe:BearShare
"{B1261EC5-D8BB-442E-B39C-CF85A366B389}"= Disabled:UDP:c:\program files\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009
"{1CA577B0-1CEA-4B77-A9D8-83DC4FF3341E}"= Disabled:TCP:c:\program files\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009
"{542996FA-A019-4349-B015-E2E692A2F128}"= UDP:c:\program files\Steam\SteamApps\common\football manager 2009\fm.exe:Football Manager 2009
"{F2B296EB-B301-433D-BF39-BE9760A9B697}"= TCP:c:\program files\Steam\SteamApps\common\football manager 2009\fm.exe:Football Manager 2009
"{EF376306-DE0F-46BD-8DA6-F20E672B4BF8}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DoNotAllowExceptions"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= c:\acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
"c:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= c:\acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
"c:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= c:\acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [19/12/2008 23:05 97928]
S3 AvgWfpX;AVG Free8 Firewall Driver x86;c:\windows\System32\drivers\avgwfpx.sys [19/12/2008 23:05 69128]0 -
-- Other Services/Drivers In Memory ---
*Deregistered* - mrxsmb
*Deregistered* - mrxsmb10
*Deregistered* - mrxsmb20
*Deregistered* - Msfs
*Deregistered* - msisadrv
*Deregistered* - mssmbios
*Deregistered* - Mup
*Deregistered* - NativeWifiP
*Deregistered* - NDIS
*Deregistered* - Ndisuio
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - netbt
*Deregistered* - Npfs
*Deregistered* - nsiproxy
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - Parvdm
*Deregistered* - PEAUTH
*Deregistered* - PptpMiniport
*Deregistered* - PSched
*Deregistered* - PSDFilter
*Deregistered* - PSDNServ
*Deregistered* - psdvdisk
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasPppoe
*Deregistered* - RasSstp
*Deregistered* - rdbss
*Deregistered* - RDPCDD
*Deregistered* - RDPENCDD
*Deregistered* - rspndr
*Deregistered* - SASDIFSV
*Deregistered* - SASKUTIL
*Deregistered* - secdrv
*Deregistered* - Smb
*Deregistered* - spldr
*Deregistered* - srv
*Deregistered* - srv2
*Deregistered* - srvnet
*Deregistered* - swenum
*Deregistered* - Tcpip
*Deregistered* - tcpipreg
*Deregistered* - tdx
*Deregistered* - TermDD
*Deregistered* - tunmp
*Deregistered* - tunnel
*Deregistered* - uagp35
*Deregistered* - umbus
*Deregistered* - VgaSave
*Deregistered* - volmgr
*Deregistered* - volmgrx
*Deregistered* - volsnap
*Deregistered* - Wanarpv6
*Deregistered* - Wdf01000
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-06-01 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2009-05-12 20:22]
2009-06-01 c:\windows\Tasks\User_Feed_Synchronization-{0440B76D-0301-431F-BB4F-8E188FB0ABF8}.job
- c:\windows\system32\msfeedssync.exe [2009-03-19 11:31]
2009-06-01 c:\windows\Tasks\User_Feed_Synchronization-{27C535D7-7CB9-42AB-9357-00A6DABFA616}.job
- c:\windows\system32\msfeedssync.exe [2009-03-19 11:31]
.
- - - - ORPHANS REMOVED - - - -
SafeBoot-procexp90.Sys
.
Supplementary Scan
.
uStart Page = hxxp://www.aol.co.uk/talktalk
mStart Page = hxxp://en.uk.acer.yahoo.com
Trusted Zone: shopandscan.com\www
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
DPF: {0CFA086E-6336-4D95-B6AA-90F564E99631} - hxxp://www.shopandscan.com/TNSClicker.CAB
FF - ProfilePath - c:\users\carol\AppData\Roaming\Mozilla\Firefox\Profiles\gtcrm1hy.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.co.uk/talktalk
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-01 14:30
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
DLLs Loaded Under Running Processes
- - - - - - - > 'winlogon.exe'(668)
c:\windows\system32\avgrsstx.dll
- - - - - - - > 'lsass.exe'(712)
c:\windows\system32\avgrsstx.dll
- - - - - - - > 'Explorer.exe'(1308)
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\ShowErrMsg.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\BatchCrypto.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\keyManager.dll
.
Completion time: 2009-06-01 14:38
ComboFix-quarantined-files.txt 2009-06-01 13:37
Pre-Run: 45,817,958,400 bytes free
Post-Run: 45,520,666,624 bytes free
401 --- E O F --- 2009-05-30 22:09
This is all wot came up I have tryed about 7 times to get rid of that AVG i have downloaded the AVG tool remover But its still there bearshare i thought i got rid off ? How do i get them off my pc ?
I f you can have a look and this lot and let me know i would be gratfull ty
cozza0 -
I have downloaded malware bytes / advance system care /. cc cleaner / super antispyware remover and hijack this .0
-
I think youd better run a fresh HIJACK log
Am i right in thinking your using a very old version of AVG? (Spyware AND av?):idea:0 -
I am not using AVG or avira any more AVG i dont like and Avira i couldnt up date which i tryed doing 5 times uninstalling and reinstalling so in the end i gave up with it heres my log i just done
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:39:43, on 09/04/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\TalkTalk\bin\sprtcmd.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.co.uk/talktalk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.uk.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [Apanel] C:\ACERSW\config\NewSetApanel.cmd
O4 - HKLM\..\Run: [SM_IAN] C:\Program Files\AdvancedCleaner Free\ian_monitor.exe
O4 - HKLM\..\Run: [TalkTalk] "C:\Program Files\TalkTalk\bin\sprtcmd.exe" /P TalkTalk
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - Gopher Prefix:
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgemc.exe (file missing)
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: SupportSoft Sprocket Service (TalkTalk) (sprtsvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\TalkTalk\bin\sprtsvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe
O23 - Service: SupportSoft Repair Service (TalkTalk) (tgsrvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe
--
End of file - 10584 bytes0 -
First up. You NEED an anti virus running.
Thats an OLD log ~
Scan saved at 20:39:43, on 09/04/2009:idea:0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 350.8K Banking & Borrowing
- 253K Reduce Debt & Boost Income
- 453.4K Spending & Discounts
- 243.7K Work, Benefits & Business
- 598.5K Mortgages, Homes & Bills
- 176.8K Life & Family
- 257K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards