We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Problems with my computer
Options
Comments
-
-
Running from: c:\users\Chris\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2009-05-25 to 2009-4-25 )))))))))))))))))))))))))))))))
.
2009-04-23 20:46 . 2009-04-25 14:31
d
w c:\program files\Trend Micro
2009-04-23 19:45 . 2009-04-23 19:45
d
w c:\users\Chris\AppData\Roaming\Malwarebytes
2009-04-23 19:45 . 2009-04-06 14:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-23 19:45 . 2009-04-06 14:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-23 19:45 . 2009-04-25 14:31
d
w c:\users\All Users\Malwarebytes
2009-04-23 19:45 . 2009-04-25 14:31
d
w c:\programdata\Malwarebytes
2009-04-23 19:45 . 2009-04-23 19:45
d
w c:\program files\Malwarebytes' Anti-Malware
2009-04-22 11:11 . 2009-04-22 11:11 680 ----a-w c:\users\Clare\AppData\Local\d3d9caps.dat
2009-04-21 18:47 . 2009-04-21 18:47
d
w c:\users\Chris\AppData\Roaming\vlc
2009-04-21 12:46 . 2008-06-20 01:14 97800 ----a-w c:\windows\system32\infocardapi.dll
2009-04-21 12:46 . 2008-06-20 01:14 105016 ----a-w c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-04-21 12:46 . 2008-06-20 01:14 43544 ----a-w c:\windows\system32\PresentationHostProxy.dll
2009-04-21 12:46 . 2008-06-20 01:14 37384 ----a-w c:\windows\system32\infocardcpl.cpl
2009-04-21 12:46 . 2008-06-20 01:14 11264 ----a-w c:\windows\system32\icardres.dll
2009-04-21 12:46 . 2008-06-20 01:14 622080 ----a-w c:\windows\system32\icardagt.exe
2009-04-21 12:46 . 2008-06-20 01:14 781344 ----a-w c:\windows\system32\PresentationNative_v0300.dll
2009-04-21 12:46 . 2008-06-20 01:14 326160 ----a-w c:\windows\system32\PresentationHost.exe
2009-04-21 12:31 . 2008-07-27 18:03 96760 ----a-w c:\windows\system32\dfshim.dll
2009-04-21 12:31 . 2008-07-27 18:03 282112 ----a-w c:\windows\system32\mscoree.dll
2009-04-21 12:31 . 2008-07-27 18:03 41984 ----a-w c:\windows\system32\netfxperf.dll
2009-04-21 12:31 . 2008-07-27 18:03 158720 ----a-w c:\windows\system32\mscorier.dll
2009-04-21 12:30 . 2008-07-27 18:03 83968 ----a-w c:\windows\system32\mscories.dll
2009-04-21 11:35 . 2009-04-23 19:55 680 ----a-w c:\users\Chris\AppData\Local\d3d9caps.dat
2009-04-15 04:56 . 2009-03-17 03:38 13824 ----a-w c:\windows\system32\apilogen.dll
2009-04-15 04:56 . 2009-03-17 03:38 24064 ----a-w c:\windows\system32\amxread.dll
2009-04-15 04:56 . 2009-02-13 08:49 72704 ----a-w c:\windows\system32\secur32.dll
2009-04-10 12:12 . 2009-03-19 15:32 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-04-10 12:12 . 2008-04-17 11:12 107368 ----a-w c:\windows\system32\GEARAspi.dll
2009-04-10 12:12 . 2009-04-10 12:12
d
w c:\program files\iPod
2009-04-10 12:11 . 2009-04-10 12:12
d
w c:\users\All Users\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-10 12:11 . 2009-04-10 12:12
d
w c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-08 19:24 . 2009-04-08 19:24 24 ----a-w c:\windows\cdplayer.ini
2009-04-08 19:22 . 2009-04-08 19:22
d
w c:\program files\Common Files\xing shared
2009-04-08 19:21 . 2009-04-08 19:22
d
w c:\program files\Common Files\Real
2009-04-08 19:21 . 2009-04-08 19:21
d
w c:\program files\Real
2009-04-04 11:10 . 2009-04-04 11:10
d
w c:\users\Janna\AppData\Roaming\Yahoo!
2009-03-27 07:16 . 2009-03-27 07:16
d
w c:\users\Clare\AppData\Roaming\Yahoo!
2009-03-26 17:25 . 2009-03-26 17:25
d
w c:\users\Chris\AppData\Roaming\Yahoo!
2009-03-26 17:25 . 2009-03-26 17:25
d
w c:\users\All Users\Yahoo! Companion
2009-03-26 17:25 . 2009-03-26 17:25
d
w c:\programdata\Yahoo! Companion
2009-03-26 17:21 . 2009-03-26 17:26
d--h--w c:\windows\msdownld.tmp
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-25 14:31 . 2008-02-27 13:20
d
w c:\program files\iTunes
2009-04-22 17:00 . 2008-06-21 15:44
d
w c:\program files\Norton Security Scan
2009-04-22 14:32 . 2009-02-10 16:03 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-04-22 14:32 . 2008-05-26 14:10 325640 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-04-22 14:32 . 2008-05-26 14:10 10520 ----a-w c:\windows\System32\avgrsstx.dll
2009-04-22 14:29 . 2008-05-26 14:09
d
w c:\programdata\avg8
2009-04-15 10:24 . 2006-11-02 11:18
d
w c:\program files\Windows Mail
2009-04-15 06:56 . 2007-09-01 17:27
d
w c:\programdata\Microsoft Help
2009-04-10 12:12 . 2008-02-06 15:29
d
w c:\program files\Common Files\Apple
2009-03-26 17:24 . 2008-02-04 19:34
d
w c:\program files\Yahoo!
2009-03-24 22:20 . 2007-09-01 17:31
d
w c:\program files\Java
2009-03-23 20:36 . 2008-05-20 16:21 826 ----a-w c:\users\georgina\AppData\Roaming\wklnhst.dat
2009-03-17 03:38 . 2009-04-15 04:56 40960 ----a-w c:\windows\AppPatch\apihex86.dll
2009-03-12 11:46 . 2009-03-12 11:45
d
w c:\programdata\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-12 11:42 . 2008-02-10 17:14
d
w c:\program files\QuickTime
2009-03-12 11:38 . 2006-11-02 10:25 86016 ----a-w c:\windows\Inf\infstor.dat
2009-03-12 11:38 . 2006-11-02 10:25 51200 ----a-w c:\windows\Inf\infpub.dat
2009-03-12 11:38 . 2006-11-02 10:25 143360 ----a-w c:\windows\Inf\infstrng.dat
2009-03-09 05:19 . 2008-12-03 10:32 410984 ----a-w c:\windows\System32\deploytk.dll
2009-03-08 11:34 . 2009-03-26 17:22 914944 ----a-w c:\windows\System32\wininet.dll
2009-03-08 11:34 . 2009-03-26 17:22 43008 ----a-w c:\windows\System32\licmgr10.dll
2009-03-08 11:33 . 2009-03-26 17:22 18944 ----a-w c:\windows\System32\corpol.dll
2009-03-08 11:33 . 2009-03-26 17:22 109056 ----a-w c:\windows\System32\iesysprep.dll
2009-03-08 11:33 . 2009-03-26 17:22 109568 ----a-w c:\windows\System32\PDMSetup.exe
2009-03-08 11:33 . 2009-03-26 17:22 132608 ----a-w c:\windows\System32\ieUnatt.exe
2009-03-08 11:33 . 2009-03-26 17:22 107520 ----a-w c:\windows\System32\RegisterIEPKEYs.exe
2009-03-08 11:33 . 2009-03-26 17:22 107008 ----a-w c:\windows\System32\SetIEInstalledDate.exe
2009-03-08 11:33 . 2009-03-26 17:22 103936 ----a-w c:\windows\System32\SetDepNx.exe
2009-03-08 11:33 . 2009-03-26 17:22 420352 ----a-w c:\windows\System32\vbscript.dll
2009-03-08 11:32 . 2009-03-26 17:22 72704 ----a-w c:\windows\System32\admparse.dll
2009-03-08 11:32 . 2009-03-26 17:22 71680 ----a-w c:\windows\System32\iesetup.dll
2009-03-08 11:32 . 2009-03-26 17:22 66560 ----a-w c:\windows\System32\wextract.exe
2009-03-08 11:32 . 2009-03-26 17:22 169472 ----a-w c:\windows\System32\iexpress.exe
2009-03-08 11:31 . 2009-03-26 17:22 34816 ----a-w c:\windows\System32\imgutil.dll
2009-03-08 11:31 . 2009-03-26 17:22 48128 ----a-w c:\windows\System32\mshtmler.dll
2009-03-08 11:31 . 2009-03-26 17:22 45568 ----a-w c:\windows\System32\mshta.exe
2009-03-08 11:22 . 2009-03-26 17:22 156160 ----a-w c:\windows\System32\msls31.dll
2009-03-03 04:46 . 2009-04-15 04:57 3599328 ----a-w c:\windows\System32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-15 04:57 3547632 ----a-w c:\windows\System32\ntoskrnl.exe
2009-03-03 04:39 . 2009-04-15 04:57 183296 ----a-w c:\windows\System32\sdohlp.dll
2009-03-03 04:39 . 2009-04-15 04:57 551424 ----a-w c:\windows\System32\rpcss.dll
2009-03-03 04:39 . 2009-04-15 04:57 26112 ----a-w c:\windows\System32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-15 04:57 98304 ----a-w c:\windows\System32\iasrecst.dll
2009-03-03 04:37 . 2009-04-15 04:57 54784 ----a-w c:\windows\System32\iasads.dll
2009-03-03 04:37 . 2009-04-15 04:57 44032 ----a-w c:\windows\System32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-15 04:57 666624 ----a-w c:\windows\System32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-15 04:57 17408 ----a-w c:\windows\System32\iashost.exe
2009-02-26 22:00 . 2009-02-21 17:14
d
w c:\program files\Microsoft Silverlight
2009-02-14 14:52 . 2009-02-14 14:29 0 ----a-w C:\Log.txt
2009-02-13 22:18 . 2008-04-24 19:02 724 ----a-w c:\users\Chris\AppData\Roaming\wklnhst.dat
2009-02-13 08:49 . 2009-04-15 04:57 1255936 ----a-w c:\windows\System32\lsasrv.dll
2009-02-09 03:10 . 2009-03-11 06:17 2033152 ----a-w c:\windows\System32\win32k.sys
2009-02-08 12:23 . 2008-03-06 09:16 1030 ----a-w c:\users\Clare\AppData\Roaming\wklnhst.dat
2009-02-06 19:03 . 2009-02-06 19:03 307576 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 18:52 . 2009-02-06 18:52 49504 ----a-w c:\windows\System32\sirenacm.dll
2008-10-05 15:55 . 2008-10-05 15:55 0 ----a-w c:\users\Janna\AppData\Roaming\wklnhst.dat
2008-05-26 17:51 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
2008-02-12 08:17 . 2008-02-12 08:17 70104 ----a-w c:\users\Clare\AppData\Local\GDIPFONTCACHEV1.DAT
2008-02-11 09:17 . 2008-02-11 09:17 70104 ----a-w c:\users\Janna\AppData\Local\GDIPFONTCACHEV1.DAT
2008-02-02 14:26 . 2008-02-02 14:26 70104 ----a-w c:\users\georgina\AppData\Local\GDIPFONTCACHEV1.DAT
2007-12-16 18:01 . 2007-12-16 18:01 70104 ----a-w c:\users\Chris\AppData\Local\GDIPFONTCACHEV1.DAT
2008-12-09 20:2008-12-09 20:06 05:59 . c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.0 -
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Tesco Insert Detect"="c:\program files\Tesco\Picture Suite\InsDetect.exe" [2003-02-17 262144]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-16 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-12-09 29744]
"BigFix"="c:\program files\Bigfix\bigfix.exe" [2006-11-16 2348584]
"HostManager"="c:\program files\Common Files\AOL\1197983138\ee\AOLSoftware.exe" [2008-06-24 41824]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-22 1932568]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-20 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-20 92704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-08 185896]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-04-23 4435968]
"CHotkey"="zHotkey.exe" - c:\windows\zHotkey.exe [2006-11-07 547840]
"ShowWnd"="ShowWnd.exe" - c:\windows\ShowWnd.exe [2005-01-27 36864]
"ModPS2"="ModPS2Key.exe" - c:\windows\ModPS2Key.exe [2006-11-07 53248]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-04-13 1822720]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-07-04 40072]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
c:\users\Clare\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-5-28 147456]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
c:\users\Janna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
c:\users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
AOL Desktop.lnk - c:\program files\Common Files\AOL\Launch\aollaunch.exe [2008-6-24 41824]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BigFix.lnk - c:\program files\BigFix\bigfix.exe [2007-9-1 2348584]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL avgrsstx.dll c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F1995048-EAAE-4FBC-844C-D3EA6F2130D1}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{DC54BFD0-22B2-4CE8-B7A3-E5D186CCE734}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{53C1B841-F39B-4AD9-B742-6C38C4425C29}"= UDP:c:\program files\AOL\RC\regClient.exe:AOL
"{1D88401B-A117-49BC-8264-5B6D2AE93C07}"= TCP:c:\program files\AOL\RC\regClient.exe:AOL
"{B4E207AE-88B2-4AD0-88A6-ECEC88DABA88}"= UDP:c:\program files\Common Files\AOL\ACS\AOLDial.exe:AOL Connectivity Service Dialler
"{5AF18817-E78C-4ACC-B9E7-746F255EAA01}"= TCP:c:\program files\Common Files\AOL\ACS\AOLDial.exe:AOL Connectivity Service Dialler
"{F5B1ECC6-052A-4A25-A373-0124097ED718}"= UDP:c:\program files\Common Files\AOL\ACS\AOLacsd.exe:AOL Connectivity Services
"{42FB1036-C763-4507-ABC3-54A547D819D0}"= TCP:c:\program files\Common Files\AOL\ACS\AOLacsd.exe:AOL Connectivity Services
"{E1F57218-BAE6-4B9B-9E41-04B83CAB81E3}"= UDP:c:\program files\AOL 9.0 VR\waol.exe:AOL
"{9E6C8811-16F1-4326-B499-925F555E0249}"= TCP:c:\program files\AOL 9.0 VR\waol.exe:AOL
"{E132C459-C762-487C-B79C-250CFFAEFCA1}"= UDP:c:\program files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{2C832AD3-0675-4409-B279-D2DEB32CD2B6}"= TCP:c:\program files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{A6F459D2-0D63-458C-A013-9BF456AB39BA}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{2A0A072F-6714-46FA-80E4-3E4361EAB861}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{7652C908-A2A4-4F59-8E1A-07A90BB94B36}"= UDP:c:\program files\Common Files\AOL\System Information\sinf.exe:AOL System Information
"{AFEB71C4-BF28-4925-9F9E-72BC0974E2BB}"= TCP:c:\program files\Common Files\AOL\System Information\sinf.exe:AOL System Information
"{FD2C8771-F9BA-4C66-B13F-4FFCE712F798}"= UDP:c:\program files\Common Files\AOL\1197983138\ee\aolsoftware.exe:AOL Shared Components
"{59ED7263-1356-4C6B-B8EF-AF774B79E9A0}"= TCP:c:\program files\Common Files\AOL\1197983138\ee\aolsoftware.exe:AOL Shared Components
"{51166C9B-5803-4A80-ABD8-CAF68351111F}"= UDP:c:\program files\Common Files\AOL\1197983138\ee\AOLDesktop.exe:AOL Desktop
"{594543CC-FA5E-4C21-B061-3C5846F822C8}"= TCP:c:\program files\Common Files\AOL\1197983138\ee\AOLDesktop.exe:AOL Desktop
"{F4F34B59-DF79-46E2-A977-3FFD80E993CB}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{B5752FC7-D2AB-4BF8-8B9A-17016D9607DB}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{259B413D-A8B7-4394-BB45-5634A83A0088}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{9516CCF7-42D9-428A-9FF2-542CA14A8FDF}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{C5E44C26-1CC3-4DA7-8522-FCA15CB54667}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{BB510D99-2E0D-446D-BC8E-E0F15D2948DC}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{916E18DD-B793-4151-9800-6C91863D10BA}"= UDP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{CE2173EF-3056-4796-A87A-E6EFDFD7FD8C}"= TCP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{84F8C396-3DDF-4084-89C0-EE0F893E2783}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{C5FEB042-2D2A-4EC5-A276-FE539D68CCC3}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"TCP Query User{B1A4CA0D-D00D-411B-AA1C-5E214DBBB4A7}c:\\users\\chris\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\7th4dpcv\\utorrent[1].exe"= UDP:c:\users\chris\appdata\local\microsoft\windows\temporary internet files\content.ie5\7th4dpcv\utorrent[1].exe:utorrent[1].exe
"UDP Query User{142638D3-E81F-4164-BDC4-03115D06F949}c:\\users\\chris\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\7th4dpcv\\utorrent[1].exe"= TCP:c:\users\chris\appdata\local\microsoft\windows\temporary internet files\content.ie5\7th4dpcv\utorrent[1].exe:utorrent[1].exe
"{DD6236CE-E2D9-48EA-9F98-0A2C0D9045C2}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{2BE701FB-F648-46E4-A5A3-414A577BE588}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{9BAD01A0-A30E-4568-B22D-2068F055233B}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{81C2A9FA-A0FB-4301-8A7D-54C1253673B9}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{97983CF3-0ED0-40F1-B14D-CA46A2F53E93}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{71676436-C8AC-4572-A66E-A236AE86B374}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
R3 fssfltr;fssfltr;c:\windows\system32\DRIVERS\fssfltr.sys [2009-02-06 55280]
R3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
R3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-12-09 29744]
R3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-04-22 325640]
S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-04-22 108552]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-04-22 908056]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-22 298264]
S2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder
2009-04-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1370036104-811610254-1484745332-1003.job
- c:\users\Clare\AppData\Local\Google\Update\GoogleUpdate.exe [2009-02-11 09:02]
2009-04-22 c:\windows\Tasks\Norton Security Scan.job
- c:\program files\Norton Security Scan\Nss.exe [2008-01-09 03:08]
2009-04-25 c:\windows\Tasks\User_Feed_Synchronization-{64BBF93D-2222-46DE-B919-EA8BFBFD6EFB}.job
- c:\windows\system32\msfeedssync.exe [2009-03-26 11:31]
2009-04-25 c:\windows\Tasks\User_Feed_Synchronization-{BBFFB24D-0D1A-47DA-BD32-B0082C4E4345}.job
- c:\windows\system32\msfeedssync.exe [2009-03-26 11:31]
2009-04-25 c:\windows\Tasks\User_Feed_Synchronization-{F248A71E-67A9-4B53-B6F2-9ECAEC6BF257}.job
- c:\windows\system32\msfeedssync.exe [2009-03-26 11:31]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-GSISETUP - e:\drivers\VOYAGE~2\setup.exe
HKLM-Run-NSWatchDog - c:\windows\NSWATC~1.EXE
.
Supplementary Scan
.
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_GB&Sys=DTP&M=E4252
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar Search - c:\programdata\AOL\ieToolbar\resources\en-US\local\search.html
IE: &Search
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\5slfsi5y.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tb50ffaoldesktopie7&query=
FF - prefs.js: browser.search.selectedEngine - AOL Search
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\5slfsi5y.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}\components\WinampPlayer.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-25 16:44
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000000
.
Completion time: 2009-04-25 16:46
ComboFix-quarantined-files.txt 2009-04-25 15:46
Pre-Run: 96,447,594,496 bytes free
Post-Run: 98,190,102,528 bytes free
277 --- E O F --- 2009-04-25 05:430 -
No idea what the smile face with wings is about sorry.0
-
Open notepad and copy/paste the text in RED below
File::
c:\users\Clare\AppData\Local\d3d9caps.dat
c:\users\Chris\AppData\Local\d3d9caps.dat
c:\windows\System32\ieUnatt.exe
c:\windows\System32\RegisterIEPKEYs.exe
c:\windows\System32\SetIEInstalledDate.exe
c:\windows\System32\SetDepNx.exe
c:\windows\System32\iesysprep.dll
c:\windows\System32\PDMSetup.exe
c:\users\Chris\AppData\Roaming\wklnhst.dat
c:\users\Clare\AppData\Roaming\wklnhst.dat
c:\users\Janna\AppData\Roaming\wklnhst.dat
c:\windows\WLXPGSS.SCR
Save this as "CFScript"
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply
Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
then run a KASPERSKY ONLINE SCAN (click to scan 'MY COMPUTER')
http://www.kaspersky.co.uk/virusscanner
Please post the complete log it creates:idea:0 -
ComboFix 09-04-25.A1 - Chris 25/04/2009 18:05.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.894.172 [GMT 1:00]
Running from: c:\users\Chris\Desktop\ComboFix.exe
Command switches used :: c:\users\Chris\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
* Created a new restore point
FILE ::
c:\users\Chris\AppData\Local\d3d9caps.dat
c:\users\Chris\AppData\Roaming\wklnhst.dat
c:\users\Clare\AppData\Local\d3d9caps.dat
c:\users\Clare\AppData\Roaming\wklnhst.dat
c:\users\Janna\AppData\Roaming\wklnhst.dat
c:\windows\System32\iesysprep.dll
c:\windows\System32\ieUnatt.exe
c:\windows\System32\PDMSetup.exe
c:\windows\System32\RegisterIEPKEYs.exe
c:\windows\System32\SetDepNx.exe
c:\windows\System32\SetIEInstalledDate.exe
c:\windows\WLXPGSS.SCR
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Chris\AppData\Local\d3d9caps.dat
c:\users\Chris\AppData\Roaming\wklnhst.dat
c:\users\Clare\AppData\Local\d3d9caps.dat
c:\users\Clare\AppData\Roaming\wklnhst.dat
c:\users\Janna\AppData\Roaming\wklnhst.dat
c:\windows\System32\iesysprep.dll
c:\windows\System32\ieUnatt.exe
c:\windows\System32\PDMSetup.exe
c:\windows\System32\RegisterIEPKEYs.exe
c:\windows\System32\SetDepNx.exe
c:\windows\System32\SetIEInstalledDate.exe
c:\windows\WLXPGSS.SCR
.
((((((((((((((((((((((((( Files Created from 2009-05-25 to 2009-4-25 )))))))))))))))))))))))))))))))
.
2009-04-23 20:46 . 2009-04-25 14:31
d
w c:\program files\Trend Micro
2009-04-23 19:45 . 2009-04-23 19:45
d
w c:\users\Chris\AppData\Roaming\Malwarebytes
2009-04-23 19:45 . 2009-04-06 14:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-23 19:45 . 2009-04-06 14:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-23 19:45 . 2009-04-25 14:31
d
w c:\users\All Users\Malwarebytes
2009-04-23 19:45 . 2009-04-25 14:31
d
w c:\programdata\Malwarebytes
2009-04-23 19:45 . 2009-04-23 19:45
d
w c:\program files\Malwarebytes' Anti-Malware
2009-04-21 18:47 . 2009-04-21 18:47
d
w c:\users\Chris\AppData\Roaming\vlc
2009-04-21 12:46 . 2008-06-20 01:14 97800 ----a-w c:\windows\system32\infocardapi.dll
2009-04-21 12:46 . 2008-06-20 01:14 105016 ----a-w c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-04-21 12:46 . 2008-06-20 01:14 43544 ----a-w c:\windows\system32\PresentationHostProxy.dll
2009-04-21 12:46 . 2008-06-20 01:14 37384 ----a-w c:\windows\system32\infocardcpl.cpl
2009-04-21 12:46 . 2008-06-20 01:14 11264 ----a-w c:\windows\system32\icardres.dll
2009-04-21 12:46 . 2008-06-20 01:14 622080 ----a-w c:\windows\system32\icardagt.exe
2009-04-21 12:46 . 2008-06-20 01:14 781344 ----a-w c:\windows\system32\PresentationNative_v0300.dll
2009-04-21 12:46 . 2008-06-20 01:14 326160 ----a-w c:\windows\system32\PresentationHost.exe
2009-04-21 12:31 . 2008-07-27 18:03 96760 ----a-w c:\windows\system32\dfshim.dll
2009-04-21 12:31 . 2008-07-27 18:03 282112 ----a-w c:\windows\system32\mscoree.dll
2009-04-21 12:31 . 2008-07-27 18:03 41984 ----a-w c:\windows\system32\netfxperf.dll
2009-04-21 12:31 . 2008-07-27 18:03 158720 ----a-w c:\windows\system32\mscorier.dll
2009-04-21 12:30 . 2008-07-27 18:03 83968 ----a-w c:\windows\system32\mscories.dll
2009-04-15 04:56 . 2009-03-17 03:38 13824 ----a-w c:\windows\system32\apilogen.dll
2009-04-15 04:56 . 2009-03-17 03:38 24064 ----a-w c:\windows\system32\amxread.dll
2009-04-15 04:56 . 2009-02-13 08:49 72704 ----a-w c:\windows\system32\secur32.dll
2009-04-10 12:12 . 2009-03-19 15:32 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-04-10 12:12 . 2008-04-17 11:12 107368 ----a-w c:\windows\system32\GEARAspi.dll
2009-04-10 12:12 . 2009-04-10 12:12
d
w c:\program files\iPod
2009-04-10 12:11 . 2009-04-10 12:12
d
w c:\users\All Users\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-10 12:11 . 2009-04-10 12:12
d
w c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-08 19:24 . 2009-04-08 19:24 24 ----a-w c:\windows\cdplayer.ini
2009-04-08 19:22 . 2009-04-08 19:22
d
w c:\program files\Common Files\xing shared
2009-04-08 19:21 . 2009-04-08 19:22
d
w c:\program files\Common Files\Real
2009-04-08 19:21 . 2009-04-08 19:21
d
w c:\program files\Real
2009-04-04 11:10 . 2009-04-04 11:10
d
w c:\users\Janna\AppData\Roaming\Yahoo!
2009-03-27 07:16 . 2009-03-27 07:16
d
w c:\users\Clare\AppData\Roaming\Yahoo!
2009-03-26 17:25 . 2009-03-26 17:25
d
w c:\users\Chris\AppData\Roaming\Yahoo!
2009-03-26 17:25 . 2009-03-26 17:25
d
w c:\users\All Users\Yahoo! Companion
2009-03-26 17:25 . 2009-03-26 17:25
d
w c:\programdata\Yahoo! Companion
2009-03-26 17:21 . 2009-03-26 17:26
d--h--w c:\windows\msdownld.tmp
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-25 14:31 . 2008-02-27 13:20
d
w c:\program files\iTunes
2009-04-22 17:00 . 2008-06-21 15:44
d
w c:\program files\Norton Security Scan
2009-04-22 14:32 . 2009-02-10 16:03 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-04-22 14:32 . 2008-05-26 14:10 325640 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-04-22 14:32 . 2008-05-26 14:10 10520 ----a-w c:\windows\System32\avgrsstx.dll
2009-04-22 14:29 . 2008-05-26 14:09
d
w c:\programdata\avg8
2009-04-15 10:24 . 2006-11-02 11:18
d
w c:\program files\Windows Mail
2009-04-15 06:56 . 2007-09-01 17:27
d
w c:\programdata\Microsoft Help
2009-04-10 12:12 . 2008-02-06 15:29
d
w c:\program files\Common Files\Apple
2009-03-26 17:24 . 2008-02-04 19:34
d
w c:\program files\Yahoo!
2009-03-24 22:20 . 2007-09-01 17:31
d
w c:\program files\Java
2009-03-23 20:36 . 2008-05-20 16:21 826 ----a-w c:\users\georgina\AppData\Roaming\wklnhst.dat
2009-03-17 03:38 . 2009-04-15 04:56 40960 ----a-w c:\windows\AppPatch\apihex86.dll
2009-03-12 11:46 . 2009-03-12 11:45
d
w c:\programdata\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-12 11:42 . 2008-02-10 17:14
d
w c:\program files\QuickTime
2009-03-12 11:38 . 2006-11-02 10:25 86016 ----a-w c:\windows\Inf\infstor.dat
2009-03-12 11:38 . 2006-11-02 10:25 51200 ----a-w c:\windows\Inf\infpub.dat
2009-03-12 11:38 . 2006-11-02 10:25 143360 ----a-w c:\windows\Inf\infstrng.dat
2009-03-09 05:19 . 2008-12-03 10:32 410984 ----a-w c:\windows\System32\deploytk.dll
2009-03-08 11:34 . 2009-03-26 17:22 914944 ----a-w c:\windows\System32\wininet.dll
2009-03-08 11:34 . 2009-03-26 17:22 43008 ----a-w c:\windows\System32\licmgr10.dll
2009-03-08 11:33 . 2009-03-26 17:22 18944 ----a-w c:\windows\System32\corpol.dll
2009-03-08 11:33 . 2009-03-26 17:22 420352 ----a-w c:\windows\System32\vbscript.dll
2009-03-08 11:32 . 2009-03-26 17:22 72704 ----a-w c:\windows\System32\admparse.dll
2009-03-08 11:32 . 2009-03-26 17:22 71680 ----a-w c:\windows\System32\iesetup.dll
2009-03-08 11:32 . 2009-03-26 17:22 66560 ----a-w c:\windows\System32\wextract.exe
2009-03-08 11:32 . 2009-03-26 17:22 169472 ----a-w c:\windows\System32\iexpress.exe
2009-03-08 11:31 . 2009-03-26 17:22 34816 ----a-w c:\windows\System32\imgutil.dll
2009-03-08 11:31 . 2009-03-26 17:22 48128 ----a-w c:\windows\System32\mshtmler.dll
2009-03-08 11:31 . 2009-03-26 17:22 45568 ----a-w c:\windows\System32\mshta.exe
2009-03-08 11:22 . 2009-03-26 17:22 156160 ----a-w c:\windows\System32\msls31.dll
2009-03-03 04:46 . 2009-04-15 04:57 3599328 ----a-w c:\windows\System32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-15 04:57 3547632 ----a-w c:\windows\System32\ntoskrnl.exe
2009-03-03 04:39 . 2009-04-15 04:57 183296 ----a-w c:\windows\System32\sdohlp.dll
2009-03-03 04:39 . 2009-04-15 04:57 551424 ----a-w c:\windows\System32\rpcss.dll
2009-03-03 04:39 . 2009-04-15 04:57 26112 ----a-w c:\windows\System32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-15 04:57 98304 ----a-w c:\windows\System32\iasrecst.dll
2009-03-03 04:37 . 2009-04-15 04:57 54784 ----a-w c:\windows\System32\iasads.dll
2009-03-03 04:37 . 2009-04-15 04:57 44032 ----a-w c:\windows\System32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-15 04:57 666624 ----a-w c:\windows\System32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-15 04:57 17408 ----a-w c:\windows\System32\iashost.exe
2009-02-26 22:00 . 2009-02-21 17:14
d
w c:\program files\Microsoft Silverlight
2009-02-14 14:52 . 2009-02-14 14:29 0 ----a-w C:\Log.txt
2009-02-13 08:49 . 2009-04-15 04:57 1255936 ----a-w c:\windows\System32\lsasrv.dll
2009-02-09 03:10 . 2009-03-11 06:17 2033152 ----a-w c:\windows\System32\win32k.sys
2009-02-06 18:52 . 2009-02-06 18:52 49504 ----a-w c:\windows\System32\sirenacm.dll
2008-05-26 17:51 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
2008-02-12 08:17 . 2008-02-12 08:17 70104 ----a-w c:\users\Clare\AppData\Local\GDIPFONTCACHEV1.DAT
2008-02-11 09:17 . 2008-02-11 09:17 70104 ----a-w c:\users\Janna\AppData\Local\GDIPFONTCACHEV1.DAT
2008-02-02 14:26 . 2008-02-02 14:26 70104 ----a-w c:\users\georgina\AppData\Local\GDIPFONTCACHEV1.DAT
2007-12-16 18:01 . 2007-12-16 18:01 70104 ----a-w c:\users\Chris\AppData\Local\GDIPFONTCACHEV1.DAT
2008-12-09 20:2008-12-09 20:06 05:59 . c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-04-25_15.44.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-11-02 12:47 . 2009-04-25 15:44 262144 c:\windows\ServiceProfiles\LocalService\ntuser.dat
- 2006-11-02 12:47 . 2009-04-25 15:44 262144 c:\windows\ServiceProfiles\LocalService\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Tesco Insert Detect"="c:\program files\Tesco\Picture Suite\InsDetect.exe" [2003-02-17 262144]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-16 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-12-09 29744]
"BigFix"="c:\program files\Bigfix\bigfix.exe" [2006-11-16 2348584]
"HostManager"="c:\program files\Common Files\AOL\1197983138\ee\AOLSoftware.exe" [2008-06-24 41824]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-22 1932568]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-20 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-20 92704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-08 185896]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-04-23 4435968]
"CHotkey"="zHotkey.exe" - c:\windows\zHotkey.exe [2006-11-07 547840]
"ShowWnd"="ShowWnd.exe" - c:\windows\ShowWnd.exe [2005-01-27 36864]
"ModPS2"="ModPS2Key.exe" - c:\windows\ModPS2Key.exe [2006-11-07 53248]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-04-13 1822720]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-07-04 40072]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
c:\users\Clare\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-5-28 147456]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
c:\users\Janna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
c:\users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
AOL Desktop.lnk - c:\program files\Common Files\AOL\Launch\aollaunch.exe [2008-6-24 41824]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BigFix.lnk - c:\program files\BigFix\bigfix.exe [2007-9-1 2348584]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL avgrsstx.dll c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F1995048-EAAE-4FBC-844C-D3EA6F2130D1}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{DC54BFD0-22B2-4CE8-B7A3-E5D186CCE734}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{53C1B841-F39B-4AD9-B742-6C38C4425C29}"= UDP:c:\program files\AOL\RC\regClient.exe:AOL
"{1D88401B-A117-49BC-8264-5B6D2AE93C07}"= TCP:c:\program files\AOL\RC\regClient.exe:AOL
"{B4E207AE-88B2-4AD0-88A6-ECEC88DABA88}"= UDP:c:\program files\Common Files\AOL\ACS\AOLDial.exe:AOL Connectivity Service Dialler
"{5AF18817-E78C-4ACC-B9E7-746F255EAA01}"= TCP:c:\program files\Common Files\AOL\ACS\AOLDial.exe:AOL Connectivity Service Dialler
"{F5B1ECC6-052A-4A25-A373-0124097ED718}"= UDP:c:\program files\Common Files\AOL\ACS\AOLacsd.exe:AOL Connectivity Services
"{42FB1036-C763-4507-ABC3-54A547D819D0}"= TCP:c:\program files\Common Files\AOL\ACS\AOLacsd.exe:AOL Connectivity Services
"{E1F57218-BAE6-4B9B-9E41-04B83CAB81E3}"= UDP:c:\program files\AOL 9.0 VR\waol.exe:AOL
"{9E6C8811-16F1-4326-B499-925F555E0249}"= TCP:c:\program files\AOL 9.0 VR\waol.exe:AOL
"{E132C459-C762-487C-B79C-250CFFAEFCA1}"= UDP:c:\program files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{2C832AD3-0675-4409-B279-D2DEB32CD2B6}"= TCP:c:\program files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{A6F459D2-0D63-458C-A013-9BF456AB39BA}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{2A0A072F-6714-46FA-80E4-3E4361EAB861}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{7652C908-A2A4-4F59-8E1A-07A90BB94B36}"= UDP:c:\program files\Common Files\AOL\System Information\sinf.exe:AOL System Information
"{AFEB71C4-BF28-4925-9F9E-72BC0974E2BB}"= TCP:c:\program files\Common Files\AOL\System Information\sinf.exe:AOL System Information
"{FD2C8771-F9BA-4C66-B13F-4FFCE712F798}"= UDP:c:\program files\Common Files\AOL\1197983138\ee\aolsoftware.exe:AOL Shared Components
"{59ED7263-1356-4C6B-B8EF-AF774B79E9A0}"= TCP:c:\program files\Common Files\AOL\1197983138\ee\aolsoftware.exe:AOL Shared Components
"{51166C9B-5803-4A80-ABD8-CAF68351111F}"= UDP:c:\program files\Common Files\AOL\1197983138\ee\AOLDesktop.exe:AOL Desktop
"{594543CC-FA5E-4C21-B061-3C5846F822C8}"= TCP:c:\program files\Common Files\AOL\1197983138\ee\AOLDesktop.exe:AOL Desktop
"{F4F34B59-DF79-46E2-A977-3FFD80E993CB}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{B5752FC7-D2AB-4BF8-8B9A-17016D9607DB}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{259B413D-A8B7-4394-BB45-5634A83A0088}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{9516CCF7-42D9-428A-9FF2-542CA14A8FDF}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{C5E44C26-1CC3-4DA7-8522-FCA15CB54667}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{BB510D99-2E0D-446D-BC8E-E0F15D2948DC}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{916E18DD-B793-4151-9800-6C91863D10BA}"= UDP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{CE2173EF-3056-4796-A87A-E6EFDFD7FD8C}"= TCP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{84F8C396-3DDF-4084-89C0-EE0F893E2783}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{C5FEB042-2D2A-4EC5-A276-FE539D68CCC3}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"TCP Query User{B1A4CA0D-D00D-411B-AA1C-5E214DBBB4A7}c:\\users\\chris\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\7th4dpcv\\utorrent[1].exe"= UDP:c:\users\chris\appdata\local\microsoft\windows\temporary internet files\content.ie5\7th4dpcv\utorrent[1].exe:utorrent[1].exe
"UDP Query User{142638D3-E81F-4164-BDC4-03115D06F949}c:\\users\\chris\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\7th4dpcv\\utorrent[1].exe"= TCP:c:\users\chris\appdata\local\microsoft\windows\temporary internet files\content.ie5\7th4dpcv\utorrent[1].exe:utorrent[1].exe
"{DD6236CE-E2D9-48EA-9F98-0A2C0D9045C2}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{2BE701FB-F648-46E4-A5A3-414A577BE588}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{9BAD01A0-A30E-4568-B22D-2068F055233B}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{81C2A9FA-A0FB-4301-8A7D-54C1253673B9}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{97983CF3-0ED0-40F1-B14D-CA46A2F53E93}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{71676436-C8AC-4572-A66E-A236AE86B374}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
R3 fssfltr;fssfltr;c:\windows\system32\DRIVERS\fssfltr.sys [2009-02-06 55280]
R3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
R3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-12-09 29744]
R3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-04-22 325640]
S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-04-22 108552]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-04-22 908056]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-22 298264]
S2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder
2009-04-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1370036104-811610254-1484745332-1003.job
- c:\users\Clare\AppData\Local\Google\Update\GoogleUpdate.exe [2009-02-11 09:02]
2009-04-22 c:\windows\Tasks\Norton Security Scan.job
- c:\program files\Norton Security Scan\Nss.exe [2008-01-09 03:08]
2009-04-25 c:\windows\Tasks\User_Feed_Synchronization-{64BBF93D-2222-46DE-B919-EA8BFBFD6EFB}.job
- c:\windows\system32\msfeedssync.exe [2009-03-26 11:31]
2009-04-25 c:\windows\Tasks\User_Feed_Synchronization-{BBFFB24D-0D1A-47DA-BD32-B0082C4E4345}.job
- c:\windows\system32\msfeedssync.exe [2009-03-26 11:31]
2009-04-25 c:\windows\Tasks\User_Feed_Synchronization-{F248A71E-67A9-4B53-B6F2-9ECAEC6BF257}.job
- c:\windows\system32\msfeedssync.exe [2009-03-26 11:31]
.
.
Supplementary Scan
.
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_GB&Sys=DTP&M=E4252
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar Search - c:\programdata\AOL\ieToolbar\resources\en-US\local\search.html
IE: &Search
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\5slfsi5y.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tb50ffaoldesktopie7&query=
FF - prefs.js: browser.search.selectedEngine - AOL Search
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\5slfsi5y.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}\components\WinampPlayer.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-25 18:08
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000000
.
Completion time: 2009-04-25 18:10
ComboFix-quarantined-files.txt 2009-04-25 17:10
ComboFix2.txt 2009-04-25 15:46
Pre-Run: 98,419,159,040 bytes free
Post-Run: 98,394,472,448 bytes free
293 --- E O F --- 2009-04-25 05:430 -
The process took only 5 min to do.0
-
Run the FULL Kaspersky scan I posted now:idea:0
-
How do i enable Java and JavaScript in my web browser? it say i need to do that before it will scan my computer.0
-
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 350.8K Banking & Borrowing
- 253.1K Reduce Debt & Boost Income
- 453.5K Spending & Discounts
- 243.8K Work, Benefits & Business
- 598.7K Mortgages, Homes & Bills
- 176.8K Life & Family
- 257.1K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards