We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Acer laptop with virus and spyware
Comments
-
Did you drag and drop the log as shown as its not worked properly?:idea:0
-
Rik, I did run the suggested ComboFix script you provided - it took out the wininet.dll file, so I restored that from my own (clean) system before running ComboFix again to get that log I posted.
browntoa - I uninstalled MessengerPlus and its sponsor, although I think tools like ComboFix killed some of its files, which is a good thing, right?0 -
yes, the sponsor program will pop up advertsEx forum ambassador
Long term forum member0 -
Rik - I'll run ComboFix one more time to see what it does, and I'll post the log when I'm done.0
-
Okay, 1st of 3 ComboFix log files - this one is before I noticed that the Windows Firewall was disabled:
ComboFix 09-07-26.03 - {owner} 28/07/2009 19:37.7.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.494.199 [GMT 1:00]
Running from: d:\recovery tools\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-28 )))))))))))))))))))))))))))))))
.
2009-07-27 19:32 . 2009-07-27 19:32 7424000 ----a-r- c:\documents and settings\{owner}\Application Data\Microsoft\Installer\{E6B87DC4-2B3D-4483-ADFF-E483BF718991}\soffice.exe
2009-07-27 19:30 . 2009-07-27 19:30
d
w- c:\program files\JRE
2009-07-27 19:30 . 2009-07-27 19:30
d
w- c:\program files\OpenOffice.org 3
2009-07-27 14:06 . 2009-05-13 05:15 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-27 14:06 . 2009-05-13 05:15 915456 ----a-w- c:\windows\system32\dllcache\wininet.dll
2009-07-27 14:02 . 2009-07-27 14:02
d-sh--w- C:\FOUND.000
2009-07-27 08:40 . 2008-10-16 13:06 208744 ----a-w- c:\windows\system32\muweb.dll
2009-07-27 08:40 . 2008-10-16 13:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-07-26 08:54 . 2009-07-26 08:54
d-sh--w- c:\program files\Common Files\WindowsLiveInstaller
2009-07-26 08:53 . 2009-07-26 08:53
d
w- c:\program files\Windows Live
2009-07-26 08:53 . 2009-07-26 08:53
d
w- c:\documents and settings\All Users\Application Data\WLInstaller
2009-07-26 08:49 . 2009-07-26 08:49
d-sh--w- c:\documents and settings\{owner}\PrivacIE
2009-07-25 17:15 . 2009-07-25 17:15
d-sh--w- c:\documents and settings\{owner}\IECompatCache
2009-07-25 16:52 . 2009-07-25 16:52
d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-07-25 16:51 . 2009-07-25 16:51
d-sh--w- c:\documents and settings\{owner}\IETldCache
2009-07-25 16:43 . 2009-07-25 16:43
d
w- c:\windows\ie8updates
2009-07-25 16:37 . 2009-07-25 16:37
d--h--w- c:\windows\ie8
2009-07-25 16:32 . 2009-07-01 07:08 101376
w- c:\windows\system32\dllcache\iecompat.dll
2009-07-25 16:32 . 2009-04-30 21:22 12800
w- c:\windows\system32\dllcache\xpshims.dll
2009-07-25 16:32 . 2009-04-30 21:22 246272
w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-25 10:23 . 2009-07-25 10:23
d
w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2009-07-20 17:47 . 2009-07-20 17:47
d
w- C:\HiJackThis
2009-07-20 14:24 . 2009-06-14 15:07 1004800 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-07-20 11:54 . 2009-07-20 11:54
d
w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-07-20 11:54 . 2009-07-20 11:54
d
w- c:\documents and settings\LocalService\Application Data\AVGTOOLBAR
2009-07-20 11:45 . 2009-07-20 11:45 3775176 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-18 10:35 . 2009-07-18 10:35
d--h--w- C:\$AVG8.VAULT$
2009-07-17 21:24 . 2009-07-17 21:24
d
w- c:\documents and settings\{owner}\Application Data\AVGTOOLBAR
2009-07-17 19:29 . 2009-07-28 15:34 85712 ----a-w- c:\documents and settings\{owner}\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-17 17:08 . 2009-07-17 17:08
d
w- c:\documents and settings\{owner}\Application Data\Malwarebytes
2009-07-17 17:08 . 2009-07-13 12:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-17 17:08 . 2009-07-17 17:08
d
w- c:\program files\Malwarebytes' Anti-Malware
2009-07-17 17:08 . 2009-07-17 17:08
d
w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-17 17:08 . 2009-07-13 12:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-17 17:08 . 2009-07-17 17:08
d
w- c:\program files\CCleaner
2009-07-17 17:06 . 2009-07-17 17:06
d
w- c:\program files\Spybot - Search & Destroy
2009-07-17 17:06 . 2009-07-17 17:06
d
w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-17 16:16 . 2009-07-17 16:16
d
w- c:\documents and settings\{owner}\Local Settings\Application Data\PCHealth
2009-07-17 16:16 . 2009-07-17 16:16
d
w- c:\program files\Windows Defender
2009-07-13 14:25 . 2009-07-13 14:25
d
w- c:\documents and settings\All Users\Application Data\19043604
2009-07-12 17:38 . 2009-07-12 17:38
d
w- c:\documents and settings\NetworkService\Application Data\Yahoo!
2009-07-12 17:38 . 2009-07-12 17:38
d
w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-07-12 13:19 . 2009-07-12 13:19
d--h--w- c:\windows\PIF
2009-07-06 09:26 . 2009-07-06 09:26
d
w- c:\documents and settings\All Users\Application Data\System Security.bumwipes
2009-07-02 07:18 . 2009-07-02 07:18
d
w- c:\documents and settings\{owner}\Application Data\AVG8
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-28 17:34 . 2004-08-30 12:57 12 ----a-w- c:\windows\bthservsdp.dat
2009-07-27 19:26 . 2009-02-01 12:41 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-20 11:54 . 2009-02-01 18:28 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-20 11:54 . 2009-02-01 18:28 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-20 11:54 . 2009-02-01 18:28 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-07-20 11:53 . 2009-02-01 18:28 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-06-17 14:05 . 2009-06-17 14:05
d
w- c:\windows\system32\config\systemprofile\Application Data\Yahoo!
2006-06-05 07:13 . 2006-06-05 07:13 49465 ----a-w- c:\program files\moviepass Terms.html
.
Sigcheck
[-] 2008-06-20 10:45 360320 1CC09561E21A48A7F649A40F18235860 c:\windows\system32\drivers\tcpip.sys
[-] 2008-06-20 10:45 360320 1CC09561E21A48A7F649A40F18235860 c:\windows\system32\dllcache\tcpip.sys
[-] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\tcpip.sys
[7] 2004-08-04 04:00 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB893066$\tcpip.sys
[7] 2005-05-25 11:07 359936 63FDFEA54EB53DE2D863EE454937CE1E c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[7] 2006-01-13 16:07 360448 5562CC0A47B2AEF06D3417B733F3C195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[7] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[7] 2007-10-30 15:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[7] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2005-05-25 11:04 359808 88763A98A4C26C409741B4AA162720C9 c:\windows\$NtUninstallKB913446$\tcpip.sys
[7] 2006-01-13 01:28 359808 583E063FDC888CA30D05C2724B0D7EF4 c:\windows\$NtUninstallKB917953$\tcpip.sys
[7] 2006-04-20 11:51 359808 1DBF125862891817F374F407626967F4 c:\windows\$NtUninstallKB941644$\tcpip.sys
[7] 2007-10-30 16:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\$NtUninstallKB951748$\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-07-26_18.36.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-28 17:36 . 2009-07-28 17:36 16384 c:\windows\Temp\Perflib_Perfdata_250.dat
+ 2009-04-23 23:36 . 2009-04-23 23:36 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll
+ 2009-04-23 23:36 . 2009-04-23 23:36 568832 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcp90.dll
+ 2009-04-23 23:36 . 2009-04-23 23:36 224768 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcm90.dll
- 2009-02-01 12:41 . 2009-02-01 12:41 148888 c:\windows\system32\javaws.exe
+ 2009-07-27 19:26 . 2009-07-27 19:26 148888 c:\windows\system32\javaws.exe
- 2009-02-01 12:41 . 2009-02-01 12:41 144792 c:\windows\system32\javaw.exe
+ 2009-07-27 19:26 . 2009-07-27 19:26 144792 c:\windows\system32\javaw.exe
- 2009-02-01 12:41 . 2009-02-01 12:41 144792 c:\windows\system32\java.exe
+ 2009-07-27 19:26 . 2009-07-27 19:26 144792 c:\windows\system32\java.exe
+ 2004-08-30 12:31 . 2009-07-28 15:31 313176 c:\windows\system32\FNTCACHE.DAT
+ 2009-07-27 19:32 . 2009-07-27 19:32 9811968 c:\windows\Installer\11f2117.msi
+ 2009-07-27 19:26 . 2009-07-27 19:26 1633792 c:\windows\Installer\11f1436.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-14 15:07 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-04 39408]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"epm-dm"="c:\acer\epm\epm-dm.exe" [2004-07-14 151552]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-20 98304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-20 532480]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"SetDefPrt"="c:\program files\Brother\Brmfl04a\BrStDvPt.exe" [2004-05-25 49152]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-21 40960]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2004-11-23 26112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-11-23 98304]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 57393]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-09 50688]
"LManager"="c:\program files\Launch Manager\QtZgAcer.EXE" [2004-07-30 319488]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 40960]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-02-11 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-02-11 118784]
"HostManager"="c:\program files\Common Files\AOL\1156238581\ee\AOLSoftware.exe" [2006-11-17 50736]
"ePowerManagement"="c:\acer\ePM\ePM.exe" [2004-09-01 2876416]
"DSLSTATEXE"="c:\program files\BT Voyager 105 ADSL Modem\dslstat.exe" [2003-06-28 1658965]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 851968]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-20 1948440]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2007-12-07 71008]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"%FP%Friendly fts.exe"="c:\program files\VoyagerTest\fts.exe" [2003-05-06 72192]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-27 148888]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Status Monitor.lnk - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [2005-8-4 819200]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
AOL Broadband Check-Up.lnk - c:\program files\AOL\Broadband CheckUp\bin\matcli.exe [2005-2-24 217088]
AOL 9.0 Tray Icon.lnk - c:\program files\AOL 9.0e\aoltray.exe [2006-4-7 156784]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-20 11:54 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geBstuRi]
[BU]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MSIServer"=3 (0x3)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\Messenger\\MSMSGS.EXE"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"=
"c:\\Program Files\\AOL 9.0a\\waol.exe"=
"c:\\Program Files\\AOL 9.0c\\waol.exe"=
"c:\\WINDOWS\\System32\\fxsclnt.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AOL 9.0d\\waol.exe"=
"c:\\WINDOWS\\System32\\ftp.exe"=
"c:\\Program Files\\AOL 9.0e\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\1156238581\\EE\\aolsoftware.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [01/02/2009 19:28 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [01/02/2009 19:28 108552]
R1 SMBHC;Microsoft SM Bus Host Controller Driver;c:\windows\system32\drivers\smbhc.sys [30/08/2004 13:34 6784]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [20/07/2009 12:53 906520]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [20/07/2009 12:53 298776]
R2 DK3DRV;DK3 Windows NT Driver;c:\windows\system32\drivers\dk3drv.sys [23/11/2006 09:57 13872]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
R3 SMBBATT;Microsoft Smart Battery Driver;c:\windows\system32\drivers\smbbatt.sys [30/08/2004 13:34 16128]
S0 Winjn37;Winjn37;c:\windows\system32\Drivers\Winjn37.sys --> c:\windows\system32\Drivers\Winjn37.sys [?]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-07-28 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
2005-05-31 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8107272060.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 23:52]
.
.
Supplementary Scan
.
uStart Page = hxxp://login.live.com/login.srf?id=2
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
Trusted Zone: adobe.com\get
Trusted Zone: elmhurstenergy.co.uk\www
Trusted Zone: hotmail.co.uk\www
Trusted Zone: live.com\login
Trusted Zone: live.com\mail
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
**************************************************************************
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-28 19:42
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
DLLs Loaded Under Running Processes
- - - - - - - > 'explorer.exe'(1960)
c:\windows\system32\WININET.dll
c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2009-07-28 19:44
ComboFix-quarantined-files.txt 2009-07-28 18:44
ComboFix.txt 2009-07-26 18:42
ComboFix2.txt 2009-07-27 16:28
ComboFix3.txt 2009-07-27 13:48
ComboFix4.txt 2009-07-27 13:36
Pre-Run: 13,968,195,584 bytes free
Post-Run: 13,928,726,528 bytes free
Current=4 Default=4 Failed=2 LastKnownGood=5 Sets=1,2,3,4,5
238 --- E O F --- 2009-07-27 09:14
Now, I can't see anything bad in there, perhaps my learned associates can see differently?0 -
Okay, 2nd of 3 ComboFix log files - this one is after I turned the Windows Firewall back on:
{owner} 09-07-26.03 - {owner} 28/07/2009 19:51.8.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.494.177 [GMT 1:00]
Running from: d:\recovery tools\{owner}.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-28 )))))))))))))))))))))))))))))))
.
2009-07-27 19:32 . 2009-07-27 19:32 7424000 ----a-r- c:\documents and settings\john singh\Application Data\Microsoft\Installer\{E6B87DC4-2B3D-4483-ADFF-E483BF718991}\soffice.exe
2009-07-27 19:30 . 2009-07-27 19:30
d
w- c:\program files\JRE
2009-07-27 19:30 . 2009-07-27 19:30
d
w- c:\program files\OpenOffice.org 3
2009-07-27 14:06 . 2009-05-13 05:15 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-27 14:06 . 2009-05-13 05:15 915456 ----a-w- c:\windows\system32\dllcache\wininet.dll
2009-07-27 14:02 . 2009-07-27 14:02
d-sh--w- C:\FOUND.000
2009-07-27 08:40 . 2008-10-16 13:06 208744 ----a-w- c:\windows\system32\muweb.dll
2009-07-27 08:40 . 2008-10-16 13:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-07-26 08:54 . 2009-07-26 08:54
d-sh--w- c:\program files\Common Files\WindowsLiveInstaller
2009-07-26 08:53 . 2009-07-26 08:53
d
w- c:\program files\Windows Live
2009-07-26 08:53 . 2009-07-26 08:53
d
w- c:\documents and settings\All Users\Application Data\WLInstaller
2009-07-26 08:49 . 2009-07-26 08:49
d-sh--w- c:\documents and settings\john singh\PrivacIE
2009-07-25 17:15 . 2009-07-25 17:15
d-sh--w- c:\documents and settings\john singh\IECompatCache
2009-07-25 16:52 . 2009-07-25 16:52
d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-07-25 16:51 . 2009-07-25 16:51
d-sh--w- c:\documents and settings\john singh\IETldCache
2009-07-25 16:43 . 2009-07-25 16:43
d
w- c:\windows\ie8updates
2009-07-25 16:37 . 2009-07-25 16:37
d--h--w- c:\windows\ie8
2009-07-25 16:32 . 2009-07-01 07:08 101376
w- c:\windows\system32\dllcache\iecompat.dll
2009-07-25 16:32 . 2009-04-30 21:22 12800
w- c:\windows\system32\dllcache\xpshims.dll
2009-07-25 16:32 . 2009-04-30 21:22 246272
w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-25 10:23 . 2009-07-25 10:23
d
w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2009-07-20 17:47 . 2009-07-20 17:47
d
w- C:\HiJackThis
2009-07-20 14:24 . 2009-06-14 15:07 1004800 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-07-20 11:54 . 2009-07-20 11:54
d
w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-07-20 11:54 . 2009-07-20 11:54
d
w- c:\documents and settings\LocalService\Application Data\AVGTOOLBAR
2009-07-20 11:45 . 2009-07-20 11:45 3775176 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-18 10:35 . 2009-07-18 10:35
d--h--w- C:\$AVG8.VAULT$
2009-07-17 21:24 . 2009-07-17 21:24
d
w- c:\documents and settings\john singh\Application Data\AVGTOOLBAR
2009-07-17 19:29 . 2009-07-28 15:34 85712 ----a-w- c:\documents and settings\john singh\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-17 17:08 . 2009-07-17 17:08
d
w- c:\documents and settings\john singh\Application Data\Malwarebytes
2009-07-17 17:08 . 2009-07-13 12:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-17 17:08 . 2009-07-17 17:08
d
w- c:\program files\Malwarebytes' Anti-Malware
2009-07-17 17:08 . 2009-07-17 17:08
d
w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-17 17:08 . 2009-07-13 12:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-17 17:08 . 2009-07-17 17:08
d
w- c:\program files\CCleaner
2009-07-17 17:06 . 2009-07-17 17:06
d
w- c:\program files\Spybot - Search & Destroy
2009-07-17 17:06 . 2009-07-17 17:06
d
w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-17 16:16 . 2009-07-17 16:16
d
w- c:\documents and settings\john singh\Local Settings\Application Data\PCHealth
2009-07-17 16:16 . 2009-07-17 16:16
d
w- c:\program files\Windows Defender
2009-07-13 14:25 . 2009-07-13 14:25
d
w- c:\documents and settings\All Users\Application Data\19043604
2009-07-12 17:38 . 2009-07-12 17:38
d
w- c:\documents and settings\NetworkService\Application Data\Yahoo!
2009-07-12 17:38 . 2009-07-12 17:38
d
w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-07-12 13:19 . 2009-07-12 13:19
d--h--w- c:\windows\PIF
2009-07-06 09:26 . 2009-07-06 09:26
d
w- c:\documents and settings\All Users\Application Data\System Security.bumwipes
2009-07-02 07:18 . 2009-07-02 07:18
d
w- c:\documents and settings\john singh\Application Data\AVG8
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-28 17:34 . 2004-08-30 12:57 12 ----a-w- c:\windows\bthservsdp.dat
2009-07-27 19:26 . 2009-02-01 12:41 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-20 11:54 . 2009-02-01 18:28 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-20 11:54 . 2009-02-01 18:28 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-20 11:54 . 2009-02-01 18:28 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-07-20 11:53 . 2009-02-01 18:28 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-06-17 14:05 . 2009-06-17 14:05
d
w- c:\windows\system32\config\systemprofile\Application Data\Yahoo!
2006-06-05 07:13 . 2006-06-05 07:13 49465 ----a-w- c:\program files\moviepass Terms.html
.
Sigcheck
[-] 2008-06-20 10:45 360320 1CC09561E21A48A7F649A40F18235860 c:\windows\system32\drivers\tcpip.sys
[-] 2008-06-20 10:45 360320 1CC09561E21A48A7F649A40F18235860 c:\windows\system32\dllcache\tcpip.sys
[-] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\tcpip.sys
[7] 2004-08-04 04:00 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB893066$\tcpip.sys
[7] 2005-05-25 11:07 359936 63FDFEA54EB53DE2D863EE454937CE1E c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[7] 2006-01-13 16:07 360448 5562CC0A47B2AEF06D3417B733F3C195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[7] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[7] 2007-10-30 15:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[7] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2005-05-25 11:04 359808 88763A98A4C26C409741B4AA162720C9 c:\windows\$NtUninstallKB913446$\tcpip.sys
[7] 2006-01-13 01:28 359808 583E063FDC888CA30D05C2724B0D7EF4 c:\windows\$NtUninstallKB917953$\tcpip.sys
[7] 2006-04-20 11:51 359808 1DBF125862891817F374F407626967F4 c:\windows\$NtUninstallKB941644$\tcpip.sys
[7] 2007-10-30 16:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\$NtUninstallKB951748$\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-07-26_18.36.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-28 17:36 . 2009-07-28 17:36 16384 c:\windows\Temp\Perflib_Perfdata_250.dat
+ 2009-04-23 23:36 . 2009-04-23 23:36 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll
+ 2009-04-23 23:36 . 2009-04-23 23:36 568832 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcp90.dll
+ 2009-04-23 23:36 . 2009-04-23 23:36 224768 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcm90.dll
- 2009-02-01 12:41 . 2009-02-01 12:41 148888 c:\windows\system32\javaws.exe
+ 2009-07-27 19:26 . 2009-07-27 19:26 148888 c:\windows\system32\javaws.exe
- 2009-02-01 12:41 . 2009-02-01 12:41 144792 c:\windows\system32\javaw.exe
+ 2009-07-27 19:26 . 2009-07-27 19:26 144792 c:\windows\system32\javaw.exe
- 2009-02-01 12:41 . 2009-02-01 12:41 144792 c:\windows\system32\java.exe
+ 2009-07-27 19:26 . 2009-07-27 19:26 144792 c:\windows\system32\java.exe
+ 2004-08-30 12:31 . 2009-07-28 15:31 313176 c:\windows\system32\FNTCACHE.DAT
+ 2009-07-27 19:32 . 2009-07-27 19:32 9811968 c:\windows\Installer\11f2117.msi
+ 2009-07-27 19:26 . 2009-07-27 19:26 1633792 c:\windows\Installer\11f1436.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-14 15:07 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-04 39408]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"epm-dm"="c:\acer\epm\epm-dm.exe" [2004-07-14 151552]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-20 98304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-20 532480]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"SetDefPrt"="c:\program files\Brother\Brmfl04a\BrStDvPt.exe" [2004-05-25 49152]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-21 40960]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2004-11-23 26112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-11-23 98304]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 57393]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-09 50688]
"LManager"="c:\program files\Launch Manager\QtZgAcer.EXE" [2004-07-30 319488]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 40960]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-02-11 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-02-11 118784]
"HostManager"="c:\program files\Common Files\AOL\1156238581\ee\AOLSoftware.exe" [2006-11-17 50736]
"ePowerManagement"="c:\acer\ePM\ePM.exe" [2004-09-01 2876416]
"DSLSTATEXE"="c:\program files\BT Voyager 105 ADSL Modem\dslstat.exe" [2003-06-28 1658965]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 851968]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-20 1948440]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2007-12-07 71008]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"%FP%Friendly fts.exe"="c:\program files\VoyagerTest\fts.exe" [2003-05-06 72192]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-27 148888]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Status Monitor.lnk - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [2005-8-4 819200]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
AOL Broadband Check-Up.lnk - c:\program files\AOL\Broadband CheckUp\bin\matcli.exe [2005-2-24 217088]
AOL 9.0 Tray Icon.lnk - c:\program files\AOL 9.0e\aoltray.exe [2006-4-7 156784]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-20 11:54 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MSIServer"=3 (0x3)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\Messenger\\MSMSGS.EXE"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"=
"c:\\Program Files\\AOL 9.0a\\waol.exe"=
"c:\\Program Files\\AOL 9.0c\\waol.exe"=
"c:\\WINDOWS\\System32\\fxsclnt.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AOL 9.0d\\waol.exe"=
"c:\\WINDOWS\\System32\\ftp.exe"=
"c:\\Program Files\\AOL 9.0e\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\1156238581\\EE\\aolsoftware.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [01/02/2009 19:28 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [01/02/2009 19:28 108552]
R1 SMBHC;Microsoft SM Bus Host Controller Driver;c:\windows\system32\drivers\smbhc.sys [30/08/2004 13:34 6784]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [20/07/2009 12:53 906520]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [20/07/2009 12:53 298776]
R2 DK3DRV;DK3 Windows NT Driver;c:\windows\system32\drivers\dk3drv.sys [23/11/2006 09:57 13872]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
R3 SMBBATT;Microsoft Smart Battery Driver;c:\windows\system32\drivers\smbbatt.sys [30/08/2004 13:34 16128]
S0 Winjn37;Winjn37;c:\windows\system32\Drivers\Winjn37.sys --> c:\windows\system32\Drivers\Winjn37.sys [?]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-07-28 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
2005-05-31 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8107272060.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 23:52]
.
.
Supplementary Scan
.
uStart Page = hxxp://login.live.com/login.srf?id=2
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
Trusted Zone: adobe.com\get
Trusted Zone: elmhurstenergy.co.uk\www
Trusted Zone: hotmail.co.uk\www
Trusted Zone: live.com\login
Trusted Zone: live.com\mail
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
**************************************************************************
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-28 19:57
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
DLLs Loaded Under Running Processes
- - - - - - - > 'explorer.exe'(3396)
c:\windows\system32\WININET.dll
c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2009-07-28 19:59
{owner}-quarantined-files.txt 2009-07-28 18:59
{owner}.txt 2009-07-26 18:42
{owner}2.txt 2009-07-28 18:44
{owner}3.txt 2009-07-27 16:28
{owner}4.txt 2009-07-27 13:48
{owner}5.txt 2009-07-28 18:51
Pre-Run: 13,948,436,480 bytes free
Post-Run: 13,924,466,688 bytes free
Current=4 Default=4 Failed=2 LastKnownGood=5 Sets=1,2,3,4,5
235 --- E O F --- 2009-07-27 09:14
Now, I still can't see anything bad in there either.0 -
Okay, last of 3 ComboFix log files - this one is after I turned the AOL Antispyware tool off (which ComboFix doesn't seem to detect running, so I turned it off to be on the extra safe side):
{owner} 09-07-26.03 - {owner} 28/07/2009 20:02.9.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.494.165 [GMT 1:00]
Running from: d:\recovery tools\{owner}.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-28 )))))))))))))))))))))))))))))))
.
2009-07-27 19:32 . 2009-07-27 19:32 7424000 ----a-r- c:\documents and settings\{owner}\Application Data\Microsoft\Installer\{E6B87DC4-2B3D-4483-ADFF-E483BF718991}\soffice.exe
2009-07-27 19:30 . 2009-07-27 19:30
d
w- c:\program files\JRE
2009-07-27 19:30 . 2009-07-27 19:30
d
w- c:\program files\OpenOffice.org 3
2009-07-27 14:06 . 2009-05-13 05:15 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-27 14:06 . 2009-05-13 05:15 915456 ----a-w- c:\windows\system32\dllcache\wininet.dll
2009-07-27 14:02 . 2009-07-27 14:02
d-sh--w- C:\FOUND.000
2009-07-27 08:40 . 2008-10-16 13:06 208744 ----a-w- c:\windows\system32\muweb.dll
2009-07-27 08:40 . 2008-10-16 13:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-07-26 08:54 . 2009-07-26 08:54
d-sh--w- c:\program files\Common Files\WindowsLiveInstaller
2009-07-26 08:53 . 2009-07-26 08:53
d
w- c:\program files\Windows Live
2009-07-26 08:53 . 2009-07-26 08:53
d
w- c:\documents and settings\All Users\Application Data\WLInstaller
2009-07-26 08:49 . 2009-07-26 08:49
d-sh--w- c:\documents and settings\{owner}\PrivacIE
2009-07-25 17:15 . 2009-07-25 17:15
d-sh--w- c:\documents and settings\{owner}\IECompatCache
2009-07-25 16:52 . 2009-07-25 16:52
d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-07-25 16:51 . 2009-07-25 16:51
d-sh--w- c:\documents and settings\{owner}\IETldCache
2009-07-25 16:43 . 2009-07-25 16:43
d
w- c:\windows\ie8updates
2009-07-25 16:37 . 2009-07-25 16:37
d--h--w- c:\windows\ie8
2009-07-25 16:32 . 2009-07-01 07:08 101376
w- c:\windows\system32\dllcache\iecompat.dll
2009-07-25 16:32 . 2009-04-30 21:22 12800
w- c:\windows\system32\dllcache\xpshims.dll
2009-07-25 16:32 . 2009-04-30 21:22 246272
w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-25 10:23 . 2009-07-25 10:23
d
w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2009-07-20 17:47 . 2009-07-20 17:47
d
w- C:\HiJackThis
2009-07-20 14:24 . 2009-06-14 15:07 1004800 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-07-20 11:54 . 2009-07-20 11:54
d
w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-07-20 11:54 . 2009-07-20 11:54
d
w- c:\documents and settings\LocalService\Application Data\AVGTOOLBAR
2009-07-20 11:45 . 2009-07-20 11:45 3775176 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-18 10:35 . 2009-07-18 10:35
d--h--w- C:\$AVG8.VAULT$
2009-07-17 21:24 . 2009-07-17 21:24
d
w- c:\documents and settings\{owner}\Application Data\AVGTOOLBAR
2009-07-17 19:29 . 2009-07-28 15:34 85712 ----a-w- c:\documents and settings\{owner}\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-17 17:08 . 2009-07-17 17:08
d
w- c:\documents and settings\{owner}\Application Data\Malwarebytes
2009-07-17 17:08 . 2009-07-13 12:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-17 17:08 . 2009-07-17 17:08
d
w- c:\program files\Malwarebytes' Anti-Malware
2009-07-17 17:08 . 2009-07-17 17:08
d
w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-17 17:08 . 2009-07-13 12:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-17 17:08 . 2009-07-17 17:08
d
w- c:\program files\CCleaner
2009-07-17 17:06 . 2009-07-17 17:06
d
w- c:\program files\Spybot - Search & Destroy
2009-07-17 17:06 . 2009-07-17 17:06
d
w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-17 16:16 . 2009-07-17 16:16
d
w- c:\documents and settings\{owner}\Local Settings\Application Data\PCHealth
2009-07-17 16:16 . 2009-07-17 16:16
d
w- c:\program files\Windows Defender
2009-07-13 14:25 . 2009-07-13 14:25
d
w- c:\documents and settings\All Users\Application Data\19043604
2009-07-12 17:38 . 2009-07-12 17:38
d
w- c:\documents and settings\NetworkService\Application Data\Yahoo!
2009-07-12 17:38 . 2009-07-12 17:38
d
w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-07-12 13:19 . 2009-07-12 13:19
d--h--w- c:\windows\PIF
2009-07-06 09:26 . 2009-07-06 09:26
d
w- c:\documents and settings\All Users\Application Data\System Security.bumwipes
2009-07-02 07:18 . 2009-07-02 07:18
d
w- c:\documents and settings\{owner}\Application Data\AVG8
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-28 17:34 . 2004-08-30 12:57 12 ----a-w- c:\windows\bthservsdp.dat
2009-07-27 19:26 . 2009-02-01 12:41 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-20 11:54 . 2009-02-01 18:28 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-20 11:54 . 2009-02-01 18:28 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-20 11:54 . 2009-02-01 18:28 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-07-20 11:53 . 2009-02-01 18:28 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-06-17 14:05 . 2009-06-17 14:05
d
w- c:\windows\system32\config\systemprofile\Application Data\Yahoo!
2006-06-05 07:13 . 2006-06-05 07:13 49465 ----a-w- c:\program files\moviepass Terms.html
.
Sigcheck
[-] 2008-06-20 10:45 360320 1CC09561E21A48A7F649A40F18235860 c:\windows\system32\drivers\tcpip.sys
[-] 2008-06-20 10:45 360320 1CC09561E21A48A7F649A40F18235860 c:\windows\system32\dllcache\tcpip.sys
[-] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\tcpip.sys
[7] 2004-08-04 04:00 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB893066$\tcpip.sys
[7] 2005-05-25 11:07 359936 63FDFEA54EB53DE2D863EE454937CE1E c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[7] 2006-01-13 16:07 360448 5562CC0A47B2AEF06D3417B733F3C195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[7] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[7] 2007-10-30 15:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[7] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2005-05-25 11:04 359808 88763A98A4C26C409741B4AA162720C9 c:\windows\$NtUninstallKB913446$\tcpip.sys
[7] 2006-01-13 01:28 359808 583E063FDC888CA30D05C2724B0D7EF4 c:\windows\$NtUninstallKB917953$\tcpip.sys
[7] 2006-04-20 11:51 359808 1DBF125862891817F374F407626967F4 c:\windows\$NtUninstallKB941644$\tcpip.sys
[7] 2007-10-30 16:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\$NtUninstallKB951748$\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-07-26_18.36.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-28 17:36 . 2009-07-28 17:36 16384 c:\windows\Temp\Perflib_Perfdata_250.dat
+ 2009-04-23 23:36 . 2009-04-23 23:36 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll
+ 2009-04-23 23:36 . 2009-04-23 23:36 568832 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcp90.dll
+ 2009-04-23 23:36 . 2009-04-23 23:36 224768 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcm90.dll
- 2009-02-01 12:41 . 2009-02-01 12:41 148888 c:\windows\system32\javaws.exe
+ 2009-07-27 19:26 . 2009-07-27 19:26 148888 c:\windows\system32\javaws.exe
- 2009-02-01 12:41 . 2009-02-01 12:41 144792 c:\windows\system32\javaw.exe
+ 2009-07-27 19:26 . 2009-07-27 19:26 144792 c:\windows\system32\javaw.exe
- 2009-02-01 12:41 . 2009-02-01 12:41 144792 c:\windows\system32\java.exe
+ 2009-07-27 19:26 . 2009-07-27 19:26 144792 c:\windows\system32\java.exe
+ 2004-08-30 12:31 . 2009-07-28 15:31 313176 c:\windows\system32\FNTCACHE.DAT
+ 2009-07-27 19:32 . 2009-07-27 19:32 9811968 c:\windows\Installer\11f2117.msi
+ 2009-07-27 19:26 . 2009-07-27 19:26 1633792 c:\windows\Installer\11f1436.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-14 15:07 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-04 39408]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"epm-dm"="c:\acer\epm\epm-dm.exe" [2004-07-14 151552]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-20 98304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-20 532480]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"SetDefPrt"="c:\program files\Brother\Brmfl04a\BrStDvPt.exe" [2004-05-25 49152]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-21 40960]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2004-11-23 26112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-11-23 98304]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 57393]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-09 50688]
"LManager"="c:\program files\Launch Manager\QtZgAcer.EXE" [2004-07-30 319488]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 40960]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-02-11 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-02-11 118784]
"HostManager"="c:\program files\Common Files\AOL\1156238581\ee\AOLSoftware.exe" [2006-11-17 50736]
"ePowerManagement"="c:\acer\ePM\ePM.exe" [2004-09-01 2876416]
"DSLSTATEXE"="c:\program files\BT Voyager 105 ADSL Modem\dslstat.exe" [2003-06-28 1658965]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 851968]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-20 1948440]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2007-12-07 71008]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"%FP%Friendly fts.exe"="c:\program files\VoyagerTest\fts.exe" [2003-05-06 72192]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-27 148888]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Status Monitor.lnk - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [2005-8-4 819200]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
AOL Broadband Check-Up.lnk - c:\program files\AOL\Broadband CheckUp\bin\matcli.exe [2005-2-24 217088]
AOL 9.0 Tray Icon.lnk - c:\program files\AOL 9.0e\aoltray.exe [2006-4-7 156784]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-20 11:54 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MSIServer"=3 (0x3)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\Messenger\\MSMSGS.EXE"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"=
"c:\\Program Files\\AOL 9.0a\\waol.exe"=
"c:\\Program Files\\AOL 9.0c\\waol.exe"=
"c:\\WINDOWS\\System32\\fxsclnt.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AOL 9.0d\\waol.exe"=
"c:\\WINDOWS\\System32\\ftp.exe"=
"c:\\Program Files\\AOL 9.0e\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\1156238581\\EE\\aolsoftware.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [01/02/2009 19:28 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [01/02/2009 19:28 108552]
R1 SMBHC;Microsoft SM Bus Host Controller Driver;c:\windows\system32\drivers\smbhc.sys [30/08/2004 13:34 6784]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [20/07/2009 12:53 906520]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [20/07/2009 12:53 298776]
R2 DK3DRV;DK3 Windows NT Driver;c:\windows\system32\drivers\dk3drv.sys [23/11/2006 09:57 13872]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
R3 SMBBATT;Microsoft Smart Battery Driver;c:\windows\system32\drivers\smbbatt.sys [30/08/2004 13:34 16128]
S0 Winjn37;Winjn37;c:\windows\system32\Drivers\Winjn37.sys --> c:\windows\system32\Drivers\Winjn37.sys [?]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-07-28 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
2005-05-31 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8107272060.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 23:52]
.
.
Supplementary Scan
.
uStart Page = hxxp://login.live.com/login.srf?id=2
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
Trusted Zone: adobe.com\get
Trusted Zone: elmhurstenergy.co.uk\www
Trusted Zone: hotmail.co.uk\www
Trusted Zone: live.com\login
Trusted Zone: live.com\mail
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
**************************************************************************
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-28 20:08
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
DLLs Loaded Under Running Processes
- - - - - - - > 'explorer.exe'(3264)
c:\windows\system32\WININET.dll
c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2009-07-28 20:10
{owner}-quarantined-files.txt 2009-07-28 19:10
{owner}.txt 2009-07-26 18:42
{owner}2.txt 2009-07-28 18:59
{owner}3.txt 2009-07-28 18:44
{owner}4.txt 2009-07-27 16:28
{owner}5.txt 2009-07-28 19:01
Pre-Run: 13,944,848,384 bytes free
Post-Run: 13,920,894,976 bytes free
Current=4 Default=4 Failed=2 LastKnownGood=5 Sets=1,2,3,4,5
235 --- E O F --- 2009-07-27 09:14
The PC seems to be running fine now, no bad stuff happening - AVG is picking up tracking cookies and dealing with them automatically.0 -
looks clean to me , let Rik have a final word though
Ex forum ambassador
Long term forum member0 -
Dont worry about windows firewall or aols garbage software running
Open notepad and copy/paste the text in RED below
File::
c:\windows\Installer\11f2117.msi
c:\windows\Installer\11f1436.msi
Save this as "CFScript"
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply
Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.:idea:0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.2K Banking & Borrowing
- 253.6K Reduce Debt & Boost Income
- 454.3K Spending & Discounts
- 245.2K Work, Benefits & Business
- 600.9K Mortgages, Homes & Bills
- 177.5K Life & Family
- 259K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards