We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Is there anyway to find out has my laptop been hacked?????
Comments
-
COMBOFIX is asking me to tun off AVG before it runs but i dont know how to09 Wins= 5 Rugby balls, 3 Football. A cricket ball. 6 Books. A subway, A T.Shirt, 2 Durex Goody Bags, Beyonce tickets X 7 SETS A Magnum card. 2 glamour wins. Coffee, Jewellery. Moble Phone:ABe nice and hit Thanks0
-
Turn AVG resident shield off
http://www.avg.com/faq.keyw-disable%2Bavg.num-1209
If you cant manage it then run anyways:idea:0 -
Ok i Did that and tryed to run the combofix but it keeps coming u that you can not rename combofix as combofix1 but i didnt and dont know how to sort it.
This is head frying lol
Thank you somuch for all your help so far09 Wins= 5 Rugby balls, 3 Football. A cricket ball. 6 Books. A subway, A T.Shirt, 2 Durex Goody Bags, Beyonce tickets X 7 SETS A Magnum card. 2 glamour wins. Coffee, Jewellery. Moble Phone:ABe nice and hit Thanks0 -
try deleting the version of combofix you have downloaded, download again, choosing the "save" option, but remame it something else (like qwerty or something) as part of the save process....then run it........Gettin' There, Wherever There is......
I have a dodgy "i" key, so ignore spelling errors due to "i" issues, ...I blame Apple
0 -
ComboFix 09-04-12.02 - Anthony 2009-04-12 3:18.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.1015.257 [GMT -12:00]
Running from: c:\users\Anthony\Downloads\ComboFixjjjjj.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\x64
F:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2009-03-12 to 2009-04-12 )))))))))))))))))))))))))))))))
.
2009-04-12 14:53 . 2006-03-03 11:42 73728 ----a-w C:\pv.exe
2009-04-12 13:11 . 2009-04-12 13:11
d
w c:\program files\Trend Micro
2009-04-12 11:02 . 2009-04-12 11:02
d
w c:\users\All Users\SUPERAntiSpyware.com
2009-04-12 11:02 . 2009-04-12 11:02
d
w c:\programdata\SUPERAntiSpyware.com
2009-04-12 11:00 . 2009-04-12 11:01
d
w c:\program files\SUPERAntiSpyware
2009-04-12 11:00 . 2009-04-12 11:00
d
w c:\users\Anthony\AppData\Roaming\SUPERAntiSpyware.com
2009-04-11 22:54 . 2009-04-11 22:54
d
w c:\users\Anthony\AppData\Roaming\Malwarebytes
2009-04-11 22:52 . 2009-04-07 03:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-11 22:52 . 2009-04-07 03:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-11 22:52 . 2009-04-11 22:53
d
w c:\program files\Malwarebytes' Anti-Malware
2009-04-11 22:52 . 2009-04-11 22:52
d
w c:\users\All Users\Malwarebytes
2009-04-11 22:52 . 2009-04-11 22:52
d
w c:\programdata\Malwarebytes
2009-04-11 21:08 . 2009-04-12 13:53
d--h--w C:\$AVG8.VAULT$
2009-04-11 17:37 . 2009-04-11 17:37
d
w c:\users\Anthony\AppData\Roaming\Windows Live Writer
2009-04-11 14:30 . 2008-07-30 18:20 68616 ----a-w c:\windows\system32\XAPOFX1_1.dll
2009-04-11 14:29 . 2007-05-17 04:45 3497832 ----a-w c:\windows\system32\d3dx9_34.dll
2009-04-11 14:28 . 2005-05-27 03:34 2297552 ----a-w c:\windows\system32\d3dx9_26.dll
2009-04-11 14:23 . 2009-04-11 14:26
d--h--w c:\windows\msdownld.tmp
2009-04-11 14:23 . 2009-04-11 14:23
d
w c:\program files\Utherverse Digital Inc
2009-04-10 22:59 . 2009-04-10 22:59 10520 ----a-w c:\windows\system32\avgrsstx.dll
2009-04-10 22:58 . 2009-04-10 22:58 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-04-10 22:58 . 2009-04-10 22:58 325640 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-04-10 22:58 . 2009-04-11 20:18
d
w c:\windows\system32\drivers\Avg
2009-04-10 22:57 . 2009-04-10 22:57
d
w c:\program files\AVG
2009-04-10 22:57 . 2009-04-12 13:56
d
w c:\users\All Users\avg8
2009-04-10 22:57 . 2009-04-12 13:56
d
w c:\programdata\avg8
2009-04-10 21:00 . 2009-04-10 21:01
d
w c:\users\Anthony\AppData\Roaming\vlc
2009-04-10 20:50 . 2009-04-10 20:50
d
w c:\program files\VideoLAN
2009-04-10 20:27 . 2009-04-10 20:27
d
w c:\users\All Users\AVS4YOU
2009-04-10 20:27 . 2009-04-10 20:27
d
w c:\programdata\AVS4YOU
2009-04-10 20:19 . 2009-04-10 20:39
d
w c:\program files\Common Files\AVSMedia
2009-04-10 20:18 . 2009-01-29 08:49 974848 ----a-w c:\windows\system32\mfc70.dll
2009-04-10 20:18 . 2009-01-29 08:49 487424 ----a-w c:\windows\system32\msvcp70.dll
2009-04-10 20:18 . 2009-01-29 08:49 344064 ----a-w c:\windows\system32\msvcr70.dll
2009-04-10 20:18 . 2009-04-10 20:39
d
w c:\program files\AVS4YOU
2009-04-10 20:18 . 2009-01-29 08:49 1700352 ----a-w c:\windows\system32\GdiPlus.dll
2009-04-10 20:18 . 2009-01-29 08:49 24576 ----a-w c:\windows\system32\msxml3a.dll
2009-03-30 19:16 . 2009-03-30 19:17
d
w c:\users\Anthony\.freemind
2009-03-27 22:02 . 2009-03-27 22:12
d
w c:\users\Anthony\AppData\Roaming\SmartDraw
2009-03-26 14:34 . 2008-02-06 08:00 216064 ----a-w c:\windows\system32\CNMLM8R.DLL
2009-03-18 08:22 . 2009-03-18 08:22
d
w c:\program files\Orange
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-12 14:56 . 2008-12-11 22:39
d---a-w c:\programdata\TEMP
2009-04-12 10:59 . 2008-11-18 11:46
d
w c:\program files\Common Files\Wise Installation Wizard
2009-04-10 12:15 . 2008-11-24 20:49
d
w c:\program files\OpenOffice.org 3
2009-04-10 12:02 . 2007-11-05 07:26
d
w c:\program files\Microsoft.NET
2009-04-10 11:56 . 2007-11-05 07:31
d
w c:\program files\Microsoft Small Business
2009-04-10 11:50 . 2007-11-05 07:24
d
w c:\programdata\Microsoft Help
2009-04-10 11:28 . 2008-12-11 22:39
d
w c:\program files\Spyware Doctor
2009-04-09 18:15 . 2008-11-03 19:13
d
w c:\program files\CCleaner
2009-04-09 15:08 . 2007-11-05 07:29
d
w c:\program files\Microsoft SQL Server
2009-03-30 18:10 . 2008-11-03 19:13
d
w c:\program files\Yahoo!
2009-03-30 18:10 . 2009-01-04 02:11
d--h--w c:\programdata\yahoo!
2009-03-26 14:36 . 2006-11-02 10:25 51200 ----a-w c:\windows\Inf\infpub.dat
2009-03-26 14:36 . 2006-11-02 10:25 86016 ----a-w c:\windows\Inf\infstrng.dat
2009-03-26 14:35 . 2006-11-02 10:25 86016 ----a-w c:\windows\Inf\infstor.dat
2009-03-17 02:18 . 2009-04-11 14:31 69448 ----a-w c:\windows\System32\XAPOFX1_3.dll
2009-03-17 02:18 . 2009-04-11 14:31 517448 ----a-w c:\windows\System32\XAudio2_4.dll
2009-03-17 02:18 . 2009-04-11 14:31 235352 ----a-w c:\windows\System32\xactengine3_4.dll
2009-03-17 02:18 . 2009-04-11 14:31 22360 ----a-w c:\windows\System32\X3DAudio1_6.dll
2009-03-14 02:32 . 2006-11-02 11:18
d
w c:\program files\Windows Mail
2009-03-13 05:30 . 2008-11-24 00:47 410984 ----a-w c:\windows\System32\deploytk.dll
2009-03-13 05:29 . 2007-11-05 07:48
d
w c:\program files\Java
2009-03-10 03:27 . 2009-04-11 14:31 453456 ----a-w c:\windows\System32\d3dx10_41.dll
2009-03-10 03:27 . 2009-04-11 14:31 1846632 ----a-w c:\windows\System32\D3DCompiler_41.dll
2009-03-10 03:27 . 2009-04-11 14:31 4178264 ----a-w c:\windows\System32\D3DX9_41.dll
2009-03-07 04:12 . 2007-03-12 18:01 21256 ----a-w c:\windows\Help\OEM\scripts\HPScript.exe
2009-03-07 03:05 . 2008-12-11 22:35
d
w c:\programdata\Symantec
2009-03-05 23:29 . 2009-03-14 01:05 16648 ----a-w c:\windows\Help\OEM\scripts\HC_ProtectSmartPatch.exe
2009-02-26 22:39 . 2008-07-16 17:35
d
w c:\program files\Google
2009-02-21 10:49 . 2008-07-06 15:01
d
w c:\program files\Windows Live
2009-02-09 01:59 . 2009-03-11 22:54 2028032 ----a-w c:\windows\System32\win32k.sys
2009-02-07 07:03 . 2009-02-07 07:03 307576 ----a-w c:\windows\WLXPGSS.SCR
2009-02-07 06:52 . 2009-02-07 06:52 49504 ----a-w c:\windows\System32\sirenacm.dll
2009-01-31 05:24 . 2009-03-07 01:11 14600 ----a-w c:\windows\Help\OEM\scripts\HC_InstallHPHC.exe
2009-01-27 13:13 . 2009-01-27 13:13 56 ---ha-w c:\users\All Users\ezsidmv.dat
2009-01-27 13:13 . 2009-01-27 13:13 56 ---ha-w c:\programdata\ezsidmv.dat
2009-01-19 20:09 . 2009-01-19 20:09 339968 ----a-w c:\windows\System32\pythoncom25.dll
2009-01-19 20:09 . 2009-01-19 20:09 114688 ----a-w c:\windows\System32\pywintypes25.dll
2009-01-19 20:09 . 2009-01-19 20:09 2117632 ----a-w c:\windows\System32\python25.dll
2009-01-19 20:09 . 2007-11-05 07:37 348160 ----a-w c:\windows\System32\msvcr71.dll
2009-01-15 04:16 . 2009-02-12 08:54 826368 ----a-w c:\windows\System32\wininet.dll
2009-01-15 04:16 . 2009-02-12 08:54 56320 ----a-w c:\windows\System32\iesetup.dll
2009-01-15 04:16 . 2009-02-12 08:54 52736 ----a-w c:\windows\AppPatch\iebrshim.dll
2009-01-15 04:15 . 2009-02-12 08:54 26624 ----a-w c:\windows\System32\ieUnatt.exe
2008-12-10 17:04 . 2006-11-02 12:48 174 --sha-w c:\program files\desktop.ini
2008-12-11 22:2008-12-12 09:26 26:11 . c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-04-12 15:27 . 2006-11-02 12:45 262144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
2009-04-12 14:23 . 2009-04-12 14:23 2048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
2009-04-12 14:23 . 2009-04-12 14:23 2048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
2009-04-12 15:27 . 2006-11-02 12:45 262144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
2009-04-12 15:17 . 2008-06-30 18:30 16384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2009-04-12 15:17 . 2008-06-30 18:30 32768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2009-04-12 15:17 . 2008-06-30 18:30 16384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-03-23 1830128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-12 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-12 129560]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 827392]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-06-05 71176]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-11-06 177456]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"TalkTalk"="c:\program files\TalkTalk\bin\sprtcmd.exe" [2007-10-12 202016]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-12-11 30192]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-12-11 1168264]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-02-06 454000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-12 148888]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-10 1932568]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2008-06-30 192512]
ICON 225 USB Connect.lnk - c:\program files\Orange\ICON 225 USB Connect\ICON 225 USB Connect.exe [2008-05-28 843776]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 12:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~4\GOEC62~1.DLL avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a
2009-02-06 18:51 3885408 c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
--a
2008-07-07 23:13 1232896 c:\program files\Windows Sidebar\sidebar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a
2008-07-16 05:35 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
--a
2006-11-02 00:34 2159104 c:\windows\System32\oobefldr.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{7E4C04FB-5120-4ED8-98B5-97DE663644E0}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{CFE02001-FDBE-499C-A437-8EBA18E91CE6}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{28F99760-25DC-498E-B855-1F5EAD1BC914}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{9B8CCC61-D8D2-431E-9928-EF8EFC68EC5D}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{7ACBC034-963E-41E8-BBE0-41EBA6876CE4}"= UDP:c:\program files\TalkTalk\agent\bin\bcont.exe:bcont.exe
"{B4376371-2FC3-40E3-AFA1-6AFB7553123A}"= TCP:c:\program files\TalkTalk\agent\bin\bcont.exe:bcont.exe
"{F362AD79-22FE-4CFE-9913-39DC19E17BB9}"= UDP:c:\program files\Common Files\SupportSoft\bin\tgsrvc.exe:tgsrvc.exe
"{3142968A-EFA4-4549-9243-586AC7A29A35}"= TCP:c:\program files\Common Files\SupportSoft\bin\tgsrvc.exe:tgsrvc.exe
"{735B1736-CCAB-4F3F-AF54-AD0D091022D8}"= UDP:c:\program files\TalkTalk\agent\bin\bcont_nm.exe:bcont_nm.exe
"{3BA8037F-29B9-40C8-A8F6-012791B40CD4}"= TCP:c:\program files\TalkTalk\agent\bin\bcont_nm.exe:bcont_nm.exe
"{0D497D77-4AFA-4594-AAEC-D40E38650C08}"= UDP:c:\program files\TalkTalk\bin\sprtcmd.exe:sprtcmd.exe
"{F9C38A29-B126-4BBD-B355-0F09CFF5EF6D}"= TCP:c:\program files\TalkTalk\bin\sprtcmd.exe:sprtcmd.exe
"{9CB9A51B-1681-4AA2-982F-D6C67263E374}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{1BC21C6A-B8BB-455E-9893-AF330BDAC415}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{74FD6DDA-6906-4CF3-B60F-5D1B17BF38D9}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{32E6736B-7BDA-4B5E-AE89-E793127B2C55}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{336B56B8-5218-41D0-8D65-29A493842665}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{3DD11281-734C-48D4-A394-1D3B3EABC568}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"TCP Query User{E90CD0F5-9BB1-4921-8B60-7B29D0E365E5}c:\\program files\\utherverse digital inc\\utherverse 3d client\\utherverse.exe"= UDP:c:\program files\utherverse digital inc\utherverse 3d client\utherverse.exe:Utherverse
"UDP Query User{F79D48EB-0D69-4392-84BD-36B2A458D861}c:\\program files\\utherverse digital inc\\utherverse 3d client\\utherverse.exe"= TCP:c:\program files\utherverse digital inc\utherverse 3d client\utherverse.exe:Utherverse
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2006-11-01 167936]
R3 DCamUSBNovatek;SANYO Digital Camera; [x]
R3 GoogleDesktopManager-110408-113106;Google Desktop Manager 5.8.811.4345;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-12-11 30192]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-04-10 325640]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-04-10 108552]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-03-23 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-03-23 72944]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-04-10 908056]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-10 298264]
S2 fssfltr;fssfltr;c:\windows\system32\DRIVERS\fssfltr.sys [2008-12-08 55264]
S2 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S2 GtDetectSc;GtDetectSc;c:\program files\Orange\ICON 225 USB Connect\GtDetectSc.exe [2007-12-18 196704]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]
S2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
S2 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);c:\program files\TalkTalk\bin\sprtsvc.exe [2007-10-12 202016]
S2 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);c:\program files\Common Files\Supportsoft\bin\tgsrvc.exe [2007-08-02 148768]
S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\DRIVERS\Gt51Ip.sys [2007-11-13 106112]
S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\DRIVERS\gt72ubus.sys [2007-10-09 59264]
S3 GTPTSER;GT PT SER;c:\windows\system32\DRIVERS\gtptser.sys [2007-03-30 8064]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]
--- Other Services/Drivers In Memory ---
*Deregistered* - mchInjDrv
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6321ad63-8fbc-11dd-a8ca-001b38fd747b}]
\shell\AutoRun\command - G:\setup.exe AUTORUN=1
.
.
Supplementary Scan
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.hp.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-12 03:27
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-04-12 3:30
ComboFix-quarantined-files.txt 2009-04-12 15:30
Pre-Run: 73,768,280,064 bytes free
Post-Run: 73,545,768,960 bytes free
230 --- E O F --- 2009-04-09 15:1009 Wins= 5 Rugby balls, 3 Football. A cricket ball. 6 Books. A subway, A T.Shirt, 2 Durex Goody Bags, Beyonce tickets X 7 SETS A Magnum card. 2 glamour wins. Coffee, Jewellery. Moble Phone:ABe nice and hit Thanks0 -
Open notepad and copy/paste the text in RED below
File::
c:\users\All Users\ezsidmv.dat
c:\programdata\ezsidmv.dat
Save this as "CFScript"
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply
Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
then ~
Run the KASPERSKY ONLINE SCAN (click to scan 'MY COMPUTER')
http://www.kaspersky.co.uk/kos_trialpay_offer:idea:0 -
ComboFix 09-04-12.02 - Anthony 2009-04-12 4:06.2 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.1015.240 [GMT -12:00]
Running from: c:\users\Anthony\Downloads\ComboFixjjjjj.exe
Command switches used :: c:\users\Anthony\Desktop\CFScript - Shortcut.lnk
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2009-03-12 to 2009-04-12 )))))))))))))))))))))))))))))))
.
2009-04-12 14:53 . 2006-03-03 11:42 73728 ----a-w C:\pv.exe
2009-04-12 13:11 . 2009-04-12 13:11
d
w c:\program files\Trend Micro
2009-04-12 11:02 . 2009-04-12 11:02
d
w c:\users\All Users\SUPERAntiSpyware.com
2009-04-12 11:02 . 2009-04-12 11:02
d
w c:\programdata\SUPERAntiSpyware.com
2009-04-12 11:00 . 2009-04-12 11:01
d
w c:\program files\SUPERAntiSpyware
2009-04-12 11:00 . 2009-04-12 11:00
d
w c:\users\Anthony\AppData\Roaming\SUPERAntiSpyware.com
2009-04-11 22:54 . 2009-04-11 22:54
d
w c:\users\Anthony\AppData\Roaming\Malwarebytes
2009-04-11 22:52 . 2009-04-07 03:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-11 22:52 . 2009-04-07 03:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-11 22:52 . 2009-04-11 22:53
d
w c:\program files\Malwarebytes' Anti-Malware
2009-04-11 22:52 . 2009-04-11 22:52
d
w c:\users\All Users\Malwarebytes
2009-04-11 22:52 . 2009-04-11 22:52
d
w c:\programdata\Malwarebytes
2009-04-11 21:08 . 2009-04-12 13:53
d--h--w C:\$AVG8.VAULT$
2009-04-11 17:37 . 2009-04-11 17:37
d
w c:\users\Anthony\AppData\Roaming\Windows Live Writer
2009-04-11 14:30 . 2008-07-30 18:20 68616 ----a-w c:\windows\system32\XAPOFX1_1.dll
2009-04-11 14:29 . 2007-05-17 04:45 3497832 ----a-w c:\windows\system32\d3dx9_34.dll
2009-04-11 14:28 . 2005-05-27 03:34 2297552 ----a-w c:\windows\system32\d3dx9_26.dll
2009-04-11 14:23 . 2009-04-11 14:26
d--h--w c:\windows\msdownld.tmp
2009-04-11 14:23 . 2009-04-11 14:23
d
w c:\program files\Utherverse Digital Inc
2009-04-10 22:59 . 2009-04-10 22:59 10520 ----a-w c:\windows\system32\avgrsstx.dll
2009-04-10 22:58 . 2009-04-10 22:58 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-04-10 22:58 . 2009-04-10 22:58 325640 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-04-10 22:58 . 2009-04-11 20:18
d
w c:\windows\system32\drivers\Avg
2009-04-10 22:57 . 2009-04-10 22:57
d
w c:\program files\AVG
2009-04-10 22:57 . 2009-04-12 13:56
d
w c:\users\All Users\avg8
2009-04-10 22:57 . 2009-04-12 13:56
d
w c:\programdata\avg8
2009-04-10 21:00 . 2009-04-10 21:01
d
w c:\users\Anthony\AppData\Roaming\vlc
2009-04-10 20:50 . 2009-04-10 20:50
d
w c:\program files\VideoLAN
2009-04-10 20:27 . 2009-04-10 20:27
d
w c:\users\All Users\AVS4YOU
2009-04-10 20:27 . 2009-04-10 20:27
d
w c:\programdata\AVS4YOU
2009-04-10 20:19 . 2009-04-10 20:39
d
w c:\program files\Common Files\AVSMedia
2009-04-10 20:18 . 2009-01-29 08:49 974848 ----a-w c:\windows\system32\mfc70.dll
2009-04-10 20:18 . 2009-01-29 08:49 487424 ----a-w c:\windows\system32\msvcp70.dll
2009-04-10 20:18 . 2009-01-29 08:49 344064 ----a-w c:\windows\system32\msvcr70.dll
2009-04-10 20:18 . 2009-04-10 20:39
d
w c:\program files\AVS4YOU
2009-04-10 20:18 . 2009-01-29 08:49 1700352 ----a-w c:\windows\system32\GdiPlus.dll
2009-04-10 20:18 . 2009-01-29 08:49 24576 ----a-w c:\windows\system32\msxml3a.dll
2009-03-30 19:16 . 2009-03-30 19:17
d
w c:\users\Anthony\.freemind
2009-03-27 22:02 . 2009-03-27 22:12
d
w c:\users\Anthony\AppData\Roaming\SmartDraw
2009-03-26 14:34 . 2008-02-06 08:00 216064 ----a-w c:\windows\system32\CNMLM8R.DLL
2009-03-18 08:22 . 2009-03-18 08:22
d
w c:\program files\Orange
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-12 14:56 . 2008-12-11 22:39
d---a-w c:\programdata\TEMP
2009-04-12 10:59 . 2008-11-18 11:46
d
w c:\program files\Common Files\Wise Installation Wizard
2009-04-10 12:15 . 2008-11-24 20:49
d
w c:\program files\OpenOffice.org 3
2009-04-10 12:02 . 2007-11-05 07:26
d
w c:\program files\Microsoft.NET
2009-04-10 11:56 . 2007-11-05 07:31
d
w c:\program files\Microsoft Small Business
2009-04-10 11:50 . 2007-11-05 07:24
d
w c:\programdata\Microsoft Help
2009-04-10 11:28 . 2008-12-11 22:39
d
w c:\program files\Spyware Doctor
2009-04-09 18:15 . 2008-11-03 19:13
d
w c:\program files\CCleaner
2009-04-09 15:08 . 2007-11-05 07:29
d
w c:\program files\Microsoft SQL Server
2009-03-30 18:10 . 2008-11-03 19:13
d
w c:\program files\Yahoo!
2009-03-30 18:10 . 2009-01-04 02:11
d--h--w c:\programdata\yahoo!
2009-03-26 14:36 . 2006-11-02 10:25 51200 ----a-w c:\windows\Inf\infpub.dat
2009-03-26 14:36 . 2006-11-02 10:25 86016 ----a-w c:\windows\Inf\infstrng.dat
2009-03-26 14:35 . 2006-11-02 10:25 86016 ----a-w c:\windows\Inf\infstor.dat
2009-03-17 02:18 . 2009-04-11 14:31 69448 ----a-w c:\windows\System32\XAPOFX1_3.dll
2009-03-17 02:18 . 2009-04-11 14:31 517448 ----a-w c:\windows\System32\XAudio2_4.dll
2009-03-17 02:18 . 2009-04-11 14:31 235352 ----a-w c:\windows\System32\xactengine3_4.dll
2009-03-17 02:18 . 2009-04-11 14:31 22360 ----a-w c:\windows\System32\X3DAudio1_6.dll
2009-03-14 02:32 . 2006-11-02 11:18
d
w c:\program files\Windows Mail
2009-03-13 05:30 . 2008-11-24 00:47 410984 ----a-w c:\windows\System32\deploytk.dll
2009-03-13 05:29 . 2007-11-05 07:48
d
w c:\program files\Java
2009-03-10 03:27 . 2009-04-11 14:31 453456 ----a-w c:\windows\System32\d3dx10_41.dll
2009-03-10 03:27 . 2009-04-11 14:31 1846632 ----a-w c:\windows\System32\D3DCompiler_41.dll
2009-03-10 03:27 . 2009-04-11 14:31 4178264 ----a-w c:\windows\System32\D3DX9_41.dll
2009-03-07 04:12 . 2007-03-12 18:01 21256 ----a-w c:\windows\Help\OEM\scripts\HPScript.exe
2009-03-07 03:05 . 2008-12-11 22:35
d
w c:\programdata\Symantec
2009-03-05 23:29 . 2009-03-14 01:05 16648 ----a-w c:\windows\Help\OEM\scripts\HC_ProtectSmartPatch.exe
2009-02-26 22:39 . 2008-07-16 17:35
d
w c:\program files\Google
2009-02-21 10:49 . 2008-07-06 15:01
d
w c:\program files\Windows Live
2009-02-09 01:59 . 2009-03-11 22:54 2028032 ----a-w c:\windows\System32\win32k.sys
2009-02-07 07:03 . 2009-02-07 07:03 307576 ----a-w c:\windows\WLXPGSS.SCR
2009-02-07 06:52 . 2009-02-07 06:52 49504 ----a-w c:\windows\System32\sirenacm.dll
2009-01-31 05:24 . 2009-03-07 01:11 14600 ----a-w c:\windows\Help\OEM\scripts\HC_InstallHPHC.exe
2009-01-27 13:13 . 2009-01-27 13:13 56 ---ha-w c:\users\All Users\ezsidmv.dat
2009-01-27 13:13 . 2009-01-27 13:13 56 ---ha-w c:\programdata\ezsidmv.dat
2009-01-19 20:09 . 2009-01-19 20:09 339968 ----a-w c:\windows\System32\pythoncom25.dll
2009-01-19 20:09 . 2009-01-19 20:09 114688 ----a-w c:\windows\System32\pywintypes25.dll
2009-01-19 20:09 . 2009-01-19 20:09 2117632 ----a-w c:\windows\System32\python25.dll
2009-01-19 20:09 . 2007-11-05 07:37 348160 ----a-w c:\windows\System32\msvcr71.dll
2009-01-15 04:16 . 2009-02-12 08:54 826368 ----a-w c:\windows\System32\wininet.dll
2009-01-15 04:16 . 2009-02-12 08:54 56320 ----a-w c:\windows\System32\iesetup.dll
2009-01-15 04:16 . 2009-02-12 08:54 52736 ----a-w c:\windows\AppPatch\iebrshim.dll
2009-01-15 04:15 . 2009-02-12 08:54 26624 ----a-w c:\windows\System32\ieUnatt.exe
2008-12-10 17:04 . 2006-11-02 12:48 174 --sha-w c:\program files\desktop.ini
2008-12-11 22:2008-12-12 09:26 26:11 . c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-04-12 15:27 . 2006-11-02 12:45 262144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
2009-04-12 14:23 . 2009-04-12 14:23 2048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
2009-04-12 14:23 . 2009-04-12 14:23 2048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
2009-04-12 15:27 . 2006-11-02 12:45 262144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
2009-04-12 15:17 . 2008-06-30 18:30 16384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2009-04-12 15:17 . 2008-06-30 18:30 32768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2009-04-12 15:17 . 2008-06-30 18:30 16384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
((((((((((((((((((((((((((((( [EMAIL="SnapShot@2009-04-12"]SnapShot@2009-04-12[/EMAIL]_ 3.28.22.93 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-12 16:03 . 2006-11-02 09:45 31744 c:\windows\System32\swsc.exe
- 2009-04-12 14:53 . 2006-11-02 09:45 31744 c:\windows\System32\swsc.exe
+ 2006-11-02 12:45 . 2009-04-12 15:27 262144 c:\windows\ServiceProfiles\NetworkService\ntuser.dat
- 2006-11-02 12:45 . 2009-04-12 14:32 262144 c:\windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2006-11-02 12:45 . 2009-04-12 15:27 262144 c:\windows\ServiceProfiles\LocalService\ntuser.dat
- 2006-11-02 12:45 . 2009-04-12 14:32 262144 c:\windows\ServiceProfiles\LocalService\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-03-23 1830128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-12 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-12 129560]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 827392]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-06-05 71176]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-11-06 177456]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"TalkTalk"="c:\program files\TalkTalk\bin\sprtcmd.exe" [2007-10-12 202016]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-12-11 30192]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-12-11 1168264]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-02-06 454000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-12 148888]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-10 1932568]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2008-06-30 192512]
ICON 225 USB Connect.lnk - c:\program files\Orange\ICON 225 USB Connect\ICON 225 USB Connect.exe [2008-05-28 843776]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 12:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~4\GOEC62~1.DLL avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a
2009-02-06 18:51 3885408 c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
--a
2008-07-07 23:13 1232896 c:\program files\Windows Sidebar\sidebar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a
2008-07-16 05:35 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
--a
2006-11-02 00:34 2159104 c:\windows\System32\oobefldr.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{7E4C04FB-5120-4ED8-98B5-97DE663644E0}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{CFE02001-FDBE-499C-A437-8EBA18E91CE6}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{28F99760-25DC-498E-B855-1F5EAD1BC914}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{9B8CCC61-D8D2-431E-9928-EF8EFC68EC5D}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{7ACBC034-963E-41E8-BBE0-41EBA6876CE4}"= UDP:c:\program files\TalkTalk\agent\bin\bcont.exe:bcont.exe
"{B4376371-2FC3-40E3-AFA1-6AFB7553123A}"= TCP:c:\program files\TalkTalk\agent\bin\bcont.exe:bcont.exe
"{F362AD79-22FE-4CFE-9913-39DC19E17BB9}"= UDP:c:\program files\Common Files\SupportSoft\bin\tgsrvc.exe:tgsrvc.exe
"{3142968A-EFA4-4549-9243-586AC7A29A35}"= TCP:c:\program files\Common Files\SupportSoft\bin\tgsrvc.exe:tgsrvc.exe
"{735B1736-CCAB-4F3F-AF54-AD0D091022D8}"= UDP:c:\program files\TalkTalk\agent\bin\bcont_nm.exe:bcont_nm.exe
"{3BA8037F-29B9-40C8-A8F6-012791B40CD4}"= TCP:c:\program files\TalkTalk\agent\bin\bcont_nm.exe:bcont_nm.exe
"{0D497D77-4AFA-4594-AAEC-D40E38650C08}"= UDP:c:\program files\TalkTalk\bin\sprtcmd.exe:sprtcmd.exe
"{F9C38A29-B126-4BBD-B355-0F09CFF5EF6D}"= TCP:c:\program files\TalkTalk\bin\sprtcmd.exe:sprtcmd.exe
"{9CB9A51B-1681-4AA2-982F-D6C67263E374}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{1BC21C6A-B8BB-455E-9893-AF330BDAC415}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{74FD6DDA-6906-4CF3-B60F-5D1B17BF38D9}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{32E6736B-7BDA-4B5E-AE89-E793127B2C55}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{336B56B8-5218-41D0-8D65-29A493842665}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{3DD11281-734C-48D4-A394-1D3B3EABC568}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"TCP Query User{E90CD0F5-9BB1-4921-8B60-7B29D0E365E5}c:\\program files\\utherverse digital inc\\utherverse 3d client\\utherverse.exe"= UDP:c:\program files\utherverse digital inc\utherverse 3d client\utherverse.exe:Utherverse
"UDP Query User{F79D48EB-0D69-4392-84BD-36B2A458D861}c:\\program files\\utherverse digital inc\\utherverse 3d client\\utherverse.exe"= TCP:c:\program files\utherverse digital inc\utherverse 3d client\utherverse.exe:Utherverse
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2006-11-01 167936]
R3 DCamUSBNovatek;SANYO Digital Camera; [x]
R3 GoogleDesktopManager-110408-113106;Google Desktop Manager 5.8.811.4345;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-12-11 30192]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-04-10 325640]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-04-10 108552]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-03-23 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-03-23 72944]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-04-10 908056]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-10 298264]
S2 fssfltr;fssfltr;c:\windows\system32\DRIVERS\fssfltr.sys [2008-12-08 55264]
S2 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S2 GtDetectSc;GtDetectSc;c:\program files\Orange\ICON 225 USB Connect\GtDetectSc.exe [2007-12-18 196704]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]
S2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
S2 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);c:\program files\TalkTalk\bin\sprtsvc.exe [2007-10-12 202016]
S2 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);c:\program files\Common Files\Supportsoft\bin\tgsrvc.exe [2007-08-02 148768]
S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\DRIVERS\Gt51Ip.sys [2007-11-13 106112]
S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\DRIVERS\gt72ubus.sys [2007-10-09 59264]
S3 GTPTSER;GT PT SER;c:\windows\system32\DRIVERS\gtptser.sys [2007-03-30 8064]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]
--- Other Services/Drivers In Memory ---
*Deregistered* - mchInjDrv
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6321ad63-8fbc-11dd-a8ca-001b38fd747b}]
\shell\AutoRun\command - G:\setup.exe AUTORUN=1
.
.
Supplementary Scan
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.hp.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-12 04:12
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
DLLs Loaded Under Running Processes
- - - - - - - > 'Explorer.exe'(5136)
c:\windows\System32\gameux.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
.
Completion time: 2009-04-12 4:16
ComboFix-quarantined-files.txt 2009-04-12 16:16
ComboFix2.txt 2009-04-12 15:30
Pre-Run: 73,693,577,216 bytes free
Post-Run: 74,019,778,560 bytes free
241 --- E O F --- 2009-04-09 15:1009 Wins= 5 Rugby balls, 3 Football. A cricket ball. 6 Books. A subway, A T.Shirt, 2 Durex Goody Bags, Beyonce tickets X 7 SETS A Magnum card. 2 glamour wins. Coffee, Jewellery. Moble Phone:ABe nice and hit Thanks0 -
erm
The files werent deleted
Did you create a txt file called 'CFScript.txt' and drag THAT into combofix? (I think something went wrong somewhere):idea:0 -
Yea i did that il try again09 Wins= 5 Rugby balls, 3 Football. A cricket ball. 6 Books. A subway, A T.Shirt, 2 Durex Goody Bags, Beyonce tickets X 7 SETS A Magnum card. 2 glamour wins. Coffee, Jewellery. Moble Phone:ABe nice and hit Thanks0
-
Ive just realised
Youve posted the exact same log (12.00 GMT):idea:0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.5K Banking & Borrowing
- 253.7K Reduce Debt & Boost Income
- 454.5K Spending & Discounts
- 245.5K Work, Benefits & Business
- 601.5K Mortgages, Homes & Bills
- 177.6K Life & Family
- 259.5K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards