We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
The Forum now has a brand new text editor, adding a bunch of handy features to use when creating posts. Read more in our how-to guide
Firefox wont load up
Comments
-
You could try going to the firefox forums but I can guarantee your still infected. AAlso, malwarebytes has NOTHING to do with firefox (And is clearly affected)
If you decide to stay here ~
Open notepad and copy/paste the text in RED below
File::
d:\documents and settings\All Users.WINDOWS\Application Data\Screentime\Life in the Wild\saver2.dll
d:\documents and settings\All Users.WINDOWS\Application Data\Screentime\Life in the Wild\saver1.dll
d:\windows\system32\Life in the Wild.scr
d:\windows\Internet Logs\xDB1DE.tmp
d:\windows\Internet Logs\xDB1E0.tmp
d:\windows\Internet Logs\xDB1DD.tmp
d:\windows\Internet Logs\xDB1DC.tmp
d:\windows\Internet Logs\xDB1DB.tmp
d:\windows\Internet Logs\xDB1DA.tmp
d:\windows\Internet Logs\xDB1D9.tmp
d:\windows\Internet Logs\xDB1D8.tmp
d:\windows\Internet Logs\xDB1D7.tmp
d:\windows\Internet Logs\xDB1D6.tmp
d:\windows\Internet Logs\xDB1D5.tmp
d:\windows\Internet Logs\xDB1D4.tmp
d:\windows\Internet Logs\xDB1D3.tmp
d:\windows\Internet Logs\xDB1D2.tmp
d:\windows\Internet Logs\xDB1D1.tmp
d:\windows\Internet Logs\xDB1D0.tmp
d:\windows\Internet Logs\xDB1CE.tmp
d:\windows\Internet Logs\xDB1CF.tmp
d:\windows\Internet Logs\xDB1CD.tmp
d:\windows\Internet Logs\xDB1CC.tmp
d:\windows\Internet Logs\xDB1CB.tmp
d:\windows\Internet Logs\xDB1CA.tmp
d:\windows\Internet Logs\xDB1C9.tmp
d:\windows\Internet Logs\xDB1C8.tmp
d:\windows\Internet Logs\xDB1C7.tmp
d:\windows\Internet Logs\xDB1C6.tmp
d:\windows\Internet Logs\xDB1C5.tmp
d:\windows\Internet Logs\xDB1C3.tmp
d:\windows\Internet Logs\xDB1C2.tmp
d:\windows\Internet Logs\xDB1C4.tmp
d:\windows\Internet Logs\xDB1C1.tmp
d:\windows\Internet Logs\xDB1BF.tmp
d:\windows\Internet Logs\xDB1BE.tmp
d:\windows\Internet Logs\xDB1C0.tmp
d:\windows\Internet Logs\xDB1BD.tmp
d:\windows\Internet Logs\xDB1BC.tmp
d:\windows\Internet Logs\xDB1BB.tmp
d:\windows\Internet Logs\xDB1BA.tmp
d:\windows\Internet Logs\xDB1B9.tmp
d:\windows\Internet Logs\xDB1B7.tmp
d:\windows\Internet Logs\xDB1B8.tmp
d:\windows\Internet Logs\xDB1B6.tmp
d:\windows\Internet Logs\xDB1B4.tmp
d:\windows\Internet Logs\xDB1B5.tmp
d:\windows\Internet Logs\xDB1B3.tmp
d:\windows\Internet Logs\xDB1B2.tmp
d:\windows\Internet Logs\xDB1B1.tmp
d:\windows\Internet Logs\xDB1B0.tmp
d:\windows\Internet Logs\xDB1AF.tmp
d:\windows\Internet Logs\xDB1AE.tmp
d:\windows\Internet Logs\xDB1AC.tmp
d:\windows\Internet Logs\xDB1AD.tmp
d:\windows\Internet Logs\xDB1AA.tmp
d:\windows\Internet Logs\xDB1AB.tmp
d:\windows\Internet Logs\xDB1A9.tmp
d:\windows\Internet Logs\xDB1A8.tmp
d:\windows\Internet Logs\xDB1A6.tmp
d:\windows\Internet Logs\xDB1A5.tmp
d:\windows\Internet Logs\xDB1A4.tmp
d:\windows\Internet Logs\xDB1A3.tmp
d:\windows\Internet Logs\xDB1A2.tmp
d:\windows\Internet Logs\xDB1A1.tmp
d:\windows\Internet Logs\xDB1A0.tmp
d:\windows\Internet Logs\xDB19E.tmp
d:\windows\Internet Logs\xDB19F.tmp
d:\windows\Internet Logs\xDB19C.tmp
d:\windows\Internet Logs\xDB19D.tmp
d:\windows\Internet Logs\xDB19B.tmp
d:\windows\Internet Logs\xDB19A.tmp
d:\windows\Internet Logs\xDB198.tmp
d:\windows\Internet Logs\xDB199.tmp
d:\windows\Internet Logs\xDB197.tmp
d:\windows\Internet Logs\xDB196.tmp
d:\windows\Internet Logs\xDB195.tmp
d:\windows\Internet Logs\xDB194.tmp
d:\windows\Internet Logs\xDB193.tmp
d:\windows\Internet Logs\xDB192.tmp
d:\windows\Internet Logs\xDB191.tmp
d:\windows\Internet Logs\xDB190.tmp
d:\windows\Internet Logs\xDB18E.tmp
d:\windows\Internet Logs\xDB18F.tmp
Save this as "CFScript" (FULL file will be 'CFScript.txt')
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply
Combofix should never take more that 30 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.:idea:0 -
You also MUST kill this file (delete/destroy it)~
d:\docume~1\HOME~1.HOM\LOCAL S~1\Temp\gAGP440p.sys:idea:0 -
ComboFix 09-12-22.06 - Home 24/12/2009 9:47.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.767.487 [GMT 0:00]
Running from: d:\documents and settings\Home.HOME-IEYSP5UBYS\My Documents\qwerty.exe
Command switches used :: d:\documents and settings\Home.HOME-IEYSP5UBYS\My Documents\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
"d:\documents and settings\All Users.WINDOWS\Application Data\Screentime\Life in the Wild\saver1.dll"
"d:\documents and settings\All Users.WINDOWS\Application Data\Screentime\Life in the Wild\saver2.dll"
"d:\windows\Internet Logs\xDB18E.tmp"
"d:\windows\Internet Logs\xDB18F.tmp"
"d:\windows\Internet Logs\xDB190.tmp"
"d:\windows\Internet Logs\xDB191.tmp"
"d:\windows\Internet Logs\xDB192.tmp"
"d:\windows\Internet Logs\xDB193.tmp"
"d:\windows\Internet Logs\xDB194.tmp"
"d:\windows\Internet Logs\xDB195.tmp"
"d:\windows\Internet Logs\xDB196.tmp"
"d:\windows\Internet Logs\xDB197.tmp"
"d:\windows\Internet Logs\xDB198.tmp"
"d:\windows\Internet Logs\xDB199.tmp"
"d:\windows\Internet Logs\xDB19A.tmp"
"d:\windows\Internet Logs\xDB19B.tmp"
"d:\windows\Internet Logs\xDB19C.tmp"
"d:\windows\Internet Logs\xDB19D.tmp"
"d:\windows\Internet Logs\xDB19E.tmp"
"d:\windows\Internet Logs\xDB19F.tmp"
"d:\windows\Internet Logs\xDB1A0.tmp"
"d:\windows\Internet Logs\xDB1A1.tmp"
"d:\windows\Internet Logs\xDB1A2.tmp"
"d:\windows\Internet Logs\xDB1A3.tmp"
"d:\windows\Internet Logs\xDB1A4.tmp"
"d:\windows\Internet Logs\xDB1A5.tmp"
"d:\windows\Internet Logs\xDB1A6.tmp"
"d:\windows\Internet Logs\xDB1A8.tmp"
"d:\windows\Internet Logs\xDB1A9.tmp"
"d:\windows\Internet Logs\xDB1AA.tmp"
"d:\windows\Internet Logs\xDB1AB.tmp"
"d:\windows\Internet Logs\xDB1AC.tmp"
"d:\windows\Internet Logs\xDB1AD.tmp"
"d:\windows\Internet Logs\xDB1AE.tmp"
"d:\windows\Internet Logs\xDB1AF.tmp"
"d:\windows\Internet Logs\xDB1B0.tmp"
"d:\windows\Internet Logs\xDB1B1.tmp"
"d:\windows\Internet Logs\xDB1B2.tmp"
"d:\windows\Internet Logs\xDB1B3.tmp"
"d:\windows\Internet Logs\xDB1B4.tmp"
"d:\windows\Internet Logs\xDB1B5.tmp"
"d:\windows\Internet Logs\xDB1B6.tmp"
"d:\windows\Internet Logs\xDB1B7.tmp"
"d:\windows\Internet Logs\xDB1B8.tmp"
"d:\windows\Internet Logs\xDB1B9.tmp"
"d:\windows\Internet Logs\xDB1BA.tmp"
"d:\windows\Internet Logs\xDB1BB.tmp"
"d:\windows\Internet Logs\xDB1BC.tmp"
"d:\windows\Internet Logs\xDB1BD.tmp"
"d:\windows\Internet Logs\xDB1BE.tmp"
"d:\windows\Internet Logs\xDB1BF.tmp"
"d:\windows\Internet Logs\xDB1C0.tmp"
"d:\windows\Internet Logs\xDB1C1.tmp"
"d:\windows\Internet Logs\xDB1C2.tmp"
"d:\windows\Internet Logs\xDB1C3.tmp"
"d:\windows\Internet Logs\xDB1C4.tmp"
"d:\windows\Internet Logs\xDB1C5.tmp"
"d:\windows\Internet Logs\xDB1C6.tmp"
"d:\windows\Internet Logs\xDB1C7.tmp"
"d:\windows\Internet Logs\xDB1C8.tmp"
"d:\windows\Internet Logs\xDB1C9.tmp"
"d:\windows\Internet Logs\xDB1CA.tmp"
"d:\windows\Internet Logs\xDB1CB.tmp"
"d:\windows\Internet Logs\xDB1CC.tmp"
"d:\windows\Internet Logs\xDB1CD.tmp"
"d:\windows\Internet Logs\xDB1CE.tmp"
"d:\windows\Internet Logs\xDB1CF.tmp"
"d:\windows\Internet Logs\xDB1D0.tmp"
"d:\windows\Internet Logs\xDB1D1.tmp"
"d:\windows\Internet Logs\xDB1D2.tmp"
"d:\windows\Internet Logs\xDB1D3.tmp"
"d:\windows\Internet Logs\xDB1D4.tmp"
"d:\windows\Internet Logs\xDB1D5.tmp"
"d:\windows\Internet Logs\xDB1D6.tmp"
"d:\windows\Internet Logs\xDB1D7.tmp"
"d:\windows\Internet Logs\xDB1D8.tmp"
"d:\windows\Internet Logs\xDB1D9.tmp"
"d:\windows\Internet Logs\xDB1DA.tmp"
"d:\windows\Internet Logs\xDB1DB.tmp"
"d:\windows\Internet Logs\xDB1DC.tmp"
"d:\windows\Internet Logs\xDB1DD.tmp"
"d:\windows\Internet Logs\xDB1DE.tmp"
"d:\windows\Internet Logs\xDB1E0.tmp"
"d:\windows\system32\Life in the Wild.scr"to be updated:;)0 -
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
d:\documents and settings\All Users.WINDOWS\Application Data\Screentime\Life in the Wild\saver1.dll
d:\documents and settings\All Users.WINDOWS\Application Data\Screentime\Life in the Wild\saver2.dll
d:\windows\Internet Logs\xDB18E.tmp
d:\windows\Internet Logs\xDB18F.tmp
d:\windows\Internet Logs\xDB190.tmp
d:\windows\Internet Logs\xDB191.tmp
d:\windows\Internet Logs\xDB192.tmp
d:\windows\Internet Logs\xDB193.tmp
d:\windows\Internet Logs\xDB194.tmp
d:\windows\Internet Logs\xDB195.tmp
d:\windows\Internet Logs\xDB196.tmp
d:\windows\Internet Logs\xDB197.tmp
d:\windows\Internet Logs\xDB198.tmp
d:\windows\Internet Logs\xDB199.tmp
d:\windows\Internet Logs\xDB19A.tmp
d:\windows\Internet Logs\xDB19B.tmp
d:\windows\Internet Logs\xDB19C.tmp
d:\windows\Internet Logs\xDB19D.tmp
d:\windows\Internet Logs\xDB19E.tmp
d:\windows\Internet Logs\xDB19F.tmp
d:\windows\Internet Logs\xDB1A0.tmp
d:\windows\Internet Logs\xDB1A1.tmp
d:\windows\Internet Logs\xDB1A2.tmp
d:\windows\Internet Logs\xDB1A3.tmp
d:\windows\Internet Logs\xDB1A4.tmp
d:\windows\Internet Logs\xDB1A5.tmp
d:\windows\Internet Logs\xDB1A6.tmp
d:\windows\Internet Logs\xDB1A8.tmp
d:\windows\Internet Logs\xDB1A9.tmp
d:\windows\Internet Logs\xDB1AA.tmp
d:\windows\Internet Logs\xDB1AB.tmp
d:\windows\Internet Logs\xDB1AC.tmp
d:\windows\Internet Logs\xDB1AD.tmp
d:\windows\Internet Logs\xDB1AE.tmp
d:\windows\Internet Logs\xDB1AF.tmp
d:\windows\Internet Logs\xDB1B0.tmp
d:\windows\Internet Logs\xDB1B1.tmp
d:\windows\Internet Logs\xDB1B2.tmp
d:\windows\Internet Logs\xDB1B3.tmp
d:\windows\Internet Logs\xDB1B4.tmp
d:\windows\Internet Logs\xDB1B5.tmp
d:\windows\Internet Logs\xDB1B6.tmp
d:\windows\Internet Logs\xDB1B7.tmp
d:\windows\Internet Logs\xDB1B8.tmp
d:\windows\Internet Logs\xDB1B9.tmp
d:\windows\Internet Logs\xDB1BA.tmp
d:\windows\Internet Logs\xDB1BB.tmp
d:\windows\Internet Logs\xDB1BC.tmp
d:\windows\Internet Logs\xDB1BD.tmp
d:\windows\Internet Logs\xDB1BE.tmp
d:\windows\Internet Logs\xDB1BF.tmp
d:\windows\Internet Logs\xDB1C0.tmp
d:\windows\Internet Logs\xDB1C1.tmp
d:\windows\Internet Logs\xDB1C2.tmp
d:\windows\Internet Logs\xDB1C3.tmp
d:\windows\Internet Logs\xDB1C4.tmp
d:\windows\Internet Logs\xDB1C5.tmp
d:\windows\Internet Logs\xDB1C6.tmp
d:\windows\Internet Logs\xDB1C7.tmp
d:\windows\Internet Logs\xDB1C8.tmp
d:\windows\Internet Logs\xDB1C9.tmp
d:\windows\Internet Logs\xDB1CA.tmp
d:\windows\Internet Logs\xDB1CB.tmp
d:\windows\Internet Logs\xDB1CC.tmp
d:\windows\Internet Logs\xDB1CD.tmp
d:\windows\Internet Logs\xDB1CE.tmp
d:\windows\Internet Logs\xDB1CF.tmp
d:\windows\Internet Logs\xDB1D0.tmp
d:\windows\Internet Logs\xDB1D1.tmp
d:\windows\Internet Logs\xDB1D2.tmp
d:\windows\Internet Logs\xDB1D3.tmp
d:\windows\Internet Logs\xDB1D4.tmp
d:\windows\Internet Logs\xDB1D5.tmp
d:\windows\Internet Logs\xDB1D6.tmp
d:\windows\Internet Logs\xDB1D7.tmp
d:\windows\Internet Logs\xDB1D8.tmp
d:\windows\Internet Logs\xDB1D9.tmp
d:\windows\Internet Logs\xDB1DA.tmp
d:\windows\Internet Logs\xDB1DB.tmp
d:\windows\Internet Logs\xDB1DC.tmp
d:\windows\Internet Logs\xDB1DD.tmp
d:\windows\Internet Logs\xDB1DE.tmp
d:\windows\Internet Logs\xDB1E0.tmp
d:\windows\system32\Life in the Wild.scrto be updated:;)0 -
((((((((((((((((((((((((( Files Created from 2009-11-24 to 2009-12-24 )))))))))))))))))))))))))))))))
.
2009-12-22 16:14 . 2009-11-25 11:19 56816 ----a-w- d:\windows\system32\drivers\avgntflt.sys
2009-12-22 16:14 . 2009-03-30 09:33 96104 ----a-w- d:\windows\system32\drivers\avipbb.sys
2009-12-22 16:14 . 2009-02-13 11:29 22360 ----a-w- d:\windows\system32\drivers\avgntmgr.sys
2009-12-22 16:14 . 2009-02-13 11:17 45416 ----a-w- d:\windows\system32\drivers\avgntdd.sys
2009-12-22 16:14 . 2009-12-22 16:14
d
w- d:\program files\Avira
2009-12-22 16:14 . 2009-12-22 16:14
d
w- d:\documents and settings\All Users.WINDOWS\Application Data\Avira
2009-12-22 11:54 . 2009-12-22 11:54 388096 ----a-r- d:\documents and settings\Home.HOME-IEYSP5UBYS\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2009-12-22 11:54 . 2009-12-22 11:54
d
w- d:\program files\TrendMicro
2009-12-22 10:25 . 2009-12-22 10:25
d
w- d:\documents and settings\Home.HOME-IEYSP5UBYS\Application Data\Malwarebytes
2009-12-22 10:25 . 2009-12-03 16:14 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys
2009-12-22 10:25 . 2009-12-22 10:25
d
w- d:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-12-22 10:25 . 2009-12-22 10:25
d
w- d:\program files\Malwarebytes' Anti-Malware
2009-12-22 10:25 . 2009-12-03 16:13 19160 ----a-w- d:\windows\system32\drivers\mbam.sys
2009-12-17 15:55 . 2009-12-17 15:55
d
w- d:\documents and settings\Home.HOME-IEYSP5UBYS\Local Settings\Application Data\Screentime
2009-12-14 10:16 . 2009-12-14 10:16
d
w- d:\documents and settings\All Users.WINDOWS\Application Data\Screentime
2009-12-02 13:30 . 2009-12-02 13:30
d
w- d:\program files\Common Files\xing shared
2009-12-02 13:28 . 2009-12-02 13:28
d
w- d:\program files\Real
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-23 17:01 . 2009-12-24 08:55 1856000 ----a-w- d:\windows\Internet Logs\xDB1DF.tmp
2009-12-23 17:01 . 2009-12-24 08:55 954880 ----a-w- d:\windows\Internet Logs\xDB1E1.tmp
2009-12-23 11:44 . 2008-07-12 15:26
d
w- d:\documents and settings\All Users.WINDOWS\Application Data\Google Updater
2009-12-22 12:16 . 2009-05-08 06:59
d
w- d:\documents and settings\All Users.WINDOWS\Application Data\avg8
2009-12-06 08:55 . 2008-08-15 06:20
d
w- d:\documents and settings\All Users.WINDOWS\Application Data\NOS
2009-12-02 13:31 . 2008-07-13 08:40
d
w- d:\program files\Common Files\Real
2009-12-02 13:28 . 2008-07-12 10:09 499712 ----a-w- d:\windows\system32\msvcp71.dll
2009-12-02 13:28 . 2008-07-12 10:09 348160 ----a-w- d:\windows\system32\msvcr71.dll
2009-11-22 19:30 . 2009-11-22 16:35 2432 ----a-w- d:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-11-22 19:12 . 2009-11-09 07:52
d
w- d:\program files\Coupon Printer
2009-11-22 19:09 . 2008-07-12 10:15
d
w- d:\documents and settings\Home.HOME-IEYSP5UBYS\Application Data\Motive
2009-11-22 19:08 . 2009-03-14 11:50
d
w- d:\documents and settings\Home.HOME-IEYSP5UBYS\Application Data\SlipStream
2009-11-22 19:00 . 2008-07-12 09:40 29880 -c--a-w- d:\documents and settings\Home.HOME-IEYSP5UBYS\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-22 18:55 . 2009-11-22 17:03
d
w- d:\program files\KWorld Multimedia
2009-11-22 17:10 . 2009-11-22 17:10
d
w- d:\documents and settings\Home.HOME-IEYSP5UBYS\Application Data\KWorld Multimedia
2009-11-22 16:35 . 2009-11-22 16:35
d
w- d:\program files\MSBuild
2009-11-22 16:30 . 2009-11-22 16:30
d
w- d:\program files\Reference Assemblies
2009-11-22 15:47 . 2009-11-22 15:54 16384 ----a-w- d:\windows\Internet Logs\xDB1A7.tmp
2009-11-19 18:14 . 2009-11-19 18:14
d
w- d:\documents and settings\LocalService.NT AUTHORITY\Application Data\Trusteer
2009-11-09 20:43 . 2009-03-24 07:36
d
w- d:\program files\Windows Live
2009-11-09 07:52 . 2009-11-09 07:52 31 ---ha-w- d:\windows\UKCpInfo.sys
2009-11-05 19:17 . 2009-11-06 07:36 136704 ----a-w- d:\windows\Internet Logs\xDB18D.tmp
2009-11-05 19:17 . 2009-11-06 07:36 1707008 ----a-w- d:\windows\Internet Logs\xDB18C.tmp
2009-11-05 17:01 . 2009-11-05 17:58 1707008 ----a-w- d:\windows\Internet Logs\xDB18A.tmp
2009-11-05 17:01 . 2009-11-05 17:59 486400 ----a-w- d:\windows\Internet Logs\xDB18B.tmp
2009-11-04 18:19 . 2009-11-05 07:45 1677312 ----a-w- d:\windows\Internet Logs\xDB189.tmp
2009-11-04 18:19 . 2009-11-05 07:45 1707008 ----a-w- d:\windows\Internet Logs\xDB188.tmp
2009-11-02 19:18 . 2009-11-02 19:27 769536 ----a-w- d:\windows\Internet Logs\xDB187.tmp
2009-11-02 19:18 . 2009-11-02 19:26 1713664 ----a-w- d:\windows\Internet Logs\xDB186.tmp
2009-11-01 17:49 . 2009-11-02 07:29 1689088 ----a-w- d:\windows\Internet Logs\xDB184.tmp
2009-11-01 17:49 . 2009-11-02 07:29 99328 ----a-w- d:\windows\Internet Logs\xDB185.tmp
2009-11-01 16:08 . 2009-11-01 16:45 143360 ----a-w- d:\windows\Internet Logs\xDB183.tmp
2009-11-01 16:08 . 2009-11-01 16:45 1687040 ----a-w- d:\windows\Internet Logs\xDB182.tmp
2009-11-01 14:49 . 2009-11-01 14:51 337920 ----a-w- d:\windows\Internet Logs\xDB180.tmp
2009-11-01 14:49 . 2009-11-01 14:51 1690624 ----a-w- d:\windows\Internet Logs\xDB17F.tmp
2009-11-01 11:28 . 2009-11-01 11:35 1687040 ----a-w- d:\windows\Internet Logs\xDB17E.tmp
2009-11-01 11:28 . 2009-11-01 11:35 226816 ----a-w- d:\windows\Internet Logs\xDB181.tmp
2009-11-01 08:01 . 2009-03-24 07:43
d
w- d:\program files\Microsoft Silverlight
2009-10-31 17:34 . 2009-11-01 08:02 1717248 ----a-w- d:\windows\Internet Logs\xDB17C.tmp
2009-10-31 17:34 . 2009-11-01 08:03 1333248 ----a-w- d:\windows\Internet Logs\xDB17D.tmp
2009-10-30 17:54 . 2009-10-31 07:40 1683456 ----a-w- d:\windows\Internet Logs\xDB179.tmp
2009-10-30 17:54 . 2009-10-31 07:40 16896 ----a-w- d:\windows\Internet Logs\xDB17A.tmp
2009-10-30 14:26 . 2009-10-30 17:08 1686528 ----a-w- d:\windows\Internet Logs\xDB177.tmp
2009-10-30 14:25 . 2009-10-30 17:08 2735616 ----a-w- d:\windows\Internet Logs\xDB178.tmp
2009-10-29 17:02 . 2009-10-30 08:13 1690112 ----a-w- d:\windows\Internet Logs\xDB175.tmp
2009-10-29 17:02 . 2009-10-30 08:13 1967104 ----a-w- d:\windows\Internet Logs\xDB176.tmp
2009-10-28 17:42 . 2009-10-31 09:34 1683456 ----a-w- d:\windows\Internet Logs\xDB17B.tmp
2009-10-27 20:09 . 2009-10-28 08:25 1680384 ----a-w- d:\windows\Internet Logs\xDB174.tmp
2009-10-26 19:55 . 2009-10-27 07:46 1680384 ----a-w- d:\windows\Internet Logs\xDB172.tmp
2009-10-26 19:55 . 2009-10-27 07:46 693760 ----a-w- d:\windows\Internet Logs\xDB173.tmp
2009-10-25 20:01 . 2009-10-26 07:47 430592 ----a-w- d:\windows\Internet Logs\xDB171.tmp
2009-10-25 20:01 . 2009-10-26 07:47 1680896 ----a-w- d:\windows\Internet Logs\xDB170.tmp
2009-10-24 19:10 . 2009-10-25 07:24 1680384 ----a-w- d:\windows\Internet Logs\xDB16E.tmp
2009-10-24 19:10 . 2009-10-25 07:24 740352 ----a-w- d:\windows\Internet Logs\xDB16F.tmp
2009-10-23 17:36 . 2009-10-24 08:01 617472 ----a-w- d:\windows\Internet Logs\xDB16D.tmp
2009-10-23 17:36 . 2009-10-24 08:01 1680896 ----a-w- d:\windows\Internet Logs\xDB16C.tmp
2009-10-21 17:56 . 2009-10-22 06:27 1692160 ----a-w- d:\windows\Internet Logs\xDB16A.tmp
2009-10-21 17:56 . 2009-10-22 06:28 363008 ----a-w- d:\windows\Internet Logs\xDB16B.tmp
2009-10-21 14:54 . 2009-10-21 14:57 1683968 ----a-w- d:\windows\Internet Logs\xDB168.tmp
2009-10-21 14:54 . 2009-10-21 14:57 759808 ----a-w- d:\windows\Internet Logs\xDB169.tmp
2009-10-19 16:07 . 2009-10-20 06:35 211968 ----a-w- d:\windows\Internet Logs\xDB167.tmp
2009-10-19 16:07 . 2009-10-20 06:35 1661952 ----a-w- d:\windows\Internet Logs\xDB166.tmp
2009-10-18 16:20 . 2009-10-19 06:52 1661952 ----a-w- d:\windows\Internet Logs\xDB164.tmp
2009-10-18 16:20 . 2009-10-19 06:52 462848 ----a-w- d:\windows\Internet Logs\xDB165.tmp
2009-10-17 16:52 . 2009-10-18 07:18 417280 ----a-w- d:\windows\Internet Logs\xDB163.tmp
2009-10-17 15:29 . 2009-10-18 07:18 1661952 ----a-w- d:\windows\Internet Logs\xDB162.tmp
2009-10-16 16:34 . 2009-10-17 07:45 532480 ----a-w- d:\windows\Internet Logs\xDB161.tmp
2009-10-16 16:19 . 2009-10-17 07:45 1660416 ----a-w- d:\windows\Internet Logs\xDB160.tmp
2009-10-15 16:35 . 2009-10-16 06:23 38400 ----a-w- d:\windows\Internet Logs\xDB15F.tmp
2009-10-15 16:35 . 2009-10-16 06:23 1660416 ----a-w- d:\windows\Internet Logs\xDB15E.tmp
2009-10-15 16:11 . 2009-10-15 16:15 1660416 ----a-w- d:\windows\Internet Logs\xDB15C.tmp
2009-10-15 16:11 . 2009-10-15 16:15 1201664 ----a-w- d:\windows\Internet Logs\xDB15D.tmp
2009-10-13 17:48 . 2009-10-14 06:43 244736 ----a-w- d:\windows\Internet Logs\xDB15B.tmp
2009-10-13 17:48 . 2009-10-14 06:43 1660416 ----a-w- d:\windows\Internet Logs\xDB15A.tmp
2009-10-12 15:58 . 2009-10-13 06:49 1660416 ----a-w- d:\windows\Internet Logs\xDB158.tmp
2009-10-12 15:58 . 2009-10-13 06:49 279552 ----a-w- d:\windows\Internet Logs\xDB159.tmp
2009-10-12 12:38 . 2009-10-12 12:42 130560 ----a-w- d:\windows\Internet Logs\xDB157.tmp
2009-10-12 12:38 . 2009-10-12 12:42 1660928 ----a-w- d:\windows\Internet Logs\xDB156.tmp
2009-10-11 13:59 . 2009-10-12 06:33 1660928 ----a-w- d:\windows\Internet Logs\xDB154.tmp
2009-10-11 13:59 . 2009-10-12 06:33 447488 ----a-w- d:\windows\Internet Logs\xDB155.tmp
2009-10-10 15:52 . 2009-10-11 07:12 584192 ----a-w- d:\windows\Internet Logs\xDB153.tmp
2009-10-10 15:19 . 2009-10-11 07:11 1662976 ----a-w- d:\windows\Internet Logs\xDB152.tmp
2009-10-09 17:40 . 2009-10-10 07:08 1661952 ----a-w- d:\windows\Internet Logs\xDB150.tmp
2009-10-09 17:40 . 2009-10-10 07:09 554496 ----a-w- d:\windows\Internet Logs\xDB151.tmp
2009-10-08 16:38 . 2009-10-09 06:39 280064 -c--a-w- d:\windows\Internet Logs\xDB14F.tmp
2009-10-08 16:38 . 2009-10-09 06:39 1660416 -c--a-w- d:\windows\Internet Logs\xDB14E.tmp
2009-10-07 16:23 . 2009-10-08 06:55 184832 -c--a-w- d:\windows\Internet Logs\xDB14D.tmp
2009-10-07 16:23 . 2009-10-08 06:55 1660416 -c--a-w- d:\windows\Internet Logs\xDB14C.tmp
2009-10-06 17:15 . 2009-10-07 06:50 417792 -c--a-w- d:\windows\Internet Logs\xDB14B.tmp
2009-10-06 17:15 . 2009-10-07 06:50 1659392 -c--a-w- d:\windows\Internet Logs\xDB14A.tmp
2009-10-05 16:19 . 2009-10-06 08:00 568320 -c--a-w- d:\windows\Internet Logs\xDB149.tmp
2009-10-05 16:19 . 2009-10-06 08:00 1657856 -c--a-w- d:\windows\Internet Logs\xDB148.tmp
2009-10-04 13:12 . 2009-10-05 06:29 1657856 -c--a-w- d:\windows\Internet Logs\xDB146.tmp
2009-10-04 13:12 . 2009-10-05 06:29 730112 -c--a-w- d:\windows\Internet Logs\xDB147.tmp
2009-10-03 15:20 . 2009-10-04 06:51 1657856 -c--a-w- d:\windows\Internet Logs\xDB144.tmp
2009-10-03 15:20 . 2009-10-04 06:51 543232 -c--a-w- d:\windows\Internet Logs\xDB145.tmp
2009-10-02 16:25 . 2009-10-03 07:25 1657856 -c--a-w- d:\windows\Internet Logs\xDB142.tmp
2009-10-02 16:25 . 2009-10-03 07:25 528896 -c--a-w- d:\windows\Internet Logs\xDB143.tmp
2009-10-01 18:34 . 2009-10-02 06:50 1657856 -c--a-w- d:\windows\Internet Logs\xDB140.tmp
2009-10-01 18:34 . 2009-10-02 06:50 1493504 -c--a-w- d:\windows\Internet Logs\xDB141.tmp
2002-04-03 14:01 . 2008-07-12 09:59 286720 ----a-w- d:\program files\internet explorer\plugins\PanoViewer.dll
1999-04-30 15:00 . 2008-07-12 09:59 98304 ----a-w- d:\program files\internet explorer\plugins\UPjpeg.dll
.to be updated:;)0 -
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="d:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-12 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2004-10-29 4620288]
"emMON"="emMON.exe" [2006-05-30 61440]
"TkBellExe"="d:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-12-02 198160]
"avgnt"="d:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="d:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKLM\~\startupfolder\D:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^BT Broadband Desktop Help.lnk]
path=d:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\BT Broadband Desktop Help.lnk
backup=d:\windows\pss\BT Broadband Desktop Help.lnkCommon Startup
[HKLM\~\startupfolder\D:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=d:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=d:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\D:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Ulead Photo Express 4.0 SE Calendar Checker .lnk]
path=d:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Ulead Photo Express 4.0 SE Calendar Checker .lnk
backup=d:\windows\pss\Ulead Photo Express 4.0 SE Calendar Checker .lnkCommon Startup
[HKLM\~\startupfolder\D:^Documents and Settings^Home.HOME-IEYSP5UBYS^Start Menu^Programs^Startup^MySurvey Messenger.lnk]
path=d:\documents and settings\Home.HOME-IEYSP5UBYS\Start Menu\Programs\Startup\MySurvey Messenger.lnk
backup=d:\windows\pss\MySurvey Messenger.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\btbb_McciTrayApp]
2008-09-11 06:55 1517056 -c--a-w- d:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\btbb_wcm_McciTrayApp]
2008-08-28 19:33 1516032 -c--a-w- d:\program files\BT Broadband Desktop Help\btbb_wcm\McciTrayApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\emMON]
2006-05-30 21:24 61440 ----a-w- d:\windows\emMON.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-07-13 13:03 292128 ----a-w- d:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]
2003-08-19 10:43 57344 -c--a-w- d:\program files\Lexmark X1100 Series\lxbkbmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2004-10-29 15:50 4620288 ----a-w- d:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2004-10-29 15:50 86016 ----a-w- d:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2004-10-29 15:50 921600 ----a-w- d:\windows\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 16:18 413696 ----a-w- d:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-10 03:27 144784 -c--a-w- d:\program files\Java\jre1.6.0_07\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-07-12 15:26 68856 ----a-w- d:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TiVme Agent]
2009-07-24 13:57 115712 ----a-w- d:\program files\KWorld Multimedia\TiVme\ScheduleAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-12-02 13:28 198160 ----a-w- d:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zone Labs Client]
2003-11-15 16:20 689248 ----a-w- d:\progra~1\ZONELA~1\ZONEAL~1\zlclient.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Huawei technologies\\Huawei UMTS Data Card\\3 USB Modem.exe"=
R1 RapportKELL;RapportKELL;d:\program files\Trusteer\Rapport\bin\RapportKELL.sys [06/10/2009 13:42 58984]
R1 RapportPG;RapportPG;d:\program files\Trusteer\Rapport\bin\RapportPG.sys [06/10/2009 13:42 334440]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\program files\Avira\AntiVir Desktop\sched.exe [22/12/2009 16:14 108289]
R2 RapportMgmtService;Rapport Management Service;d:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [06/10/2009 13:42 972008]
S2 CSHelper;CopySafe Helper Service;d:\windows\system32\CSHelper.exe [05/03/2009 14:08 266240]
S2 G11AV;Trust 715 LCD [EMAIL="POWERC@M"]POWERC@M[/EMAIL] ZOOM - PC Camera;d:\windows\system32\drivers\G11AV.SYS [12/07/2008 09:54 514885]
S2 gupdate1c98f6136f341e2;Google Update Service (gupdate1c98f6136f341e2);d:\program files\Google\Update\GoogleUpdate.exe [15/02/2009 11:33 133104]
S3 gAGP440p;gAGP440p;\??\d:\docume~1\HOME~1.HOM\LOCALS~1\Temp\gAGP440p.sys --> d:\docume~1\HOME~1.HOM\LOCALS~1\Temp\gAGP440p.sys [?]
S3 iadusb;BT Voyager 205 ADSL Router;d:\windows\system32\drivers\glauiad.sys [13/10/2008 16:15 30371]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Supplementary Scan
.
uStart Page = hxxp://www.google.co.uk/
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: {20A2CB06-E271-43FB-9692-53E308C50E85} = 217.171.135.1 217.171.132.1
DPF: Microsoft XML Parser for Java - [URL]file://d:\windows\Java\classes\xmldso.cab[/URL]
FF - ProfilePath - d:\documents and settings\Home.HOME-IEYSP5UBYS\Application Data\Mozilla\Firefox\Profiles\ipi9wd7o.christine's\
FF - component: d:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: d:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: d:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: d:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: d:\program files\Virtools\3D Life Player\npvirtools.dll
.
- - - - ORPHANS REMOVED - - - -
AddRemove-Life in the Wild - d:\windows\system32\Life in the Wild.scr
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-24 09:56
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-12-24 09:59:04
ComboFix-quarantined-files.txt 2009-12-24 09:59
ComboFix2.txt 2009-12-23 13:07
Pre-Run: 29,329,207,296 bytes free
Post-Run: 29,318,737,920 bytes free
- - End Of File - - 752E609E3A797B23E2D426C21DDCB9D5to be updated:;)0 -
wokkies, I need you to find this file ~
d:\docume~1\HOME~1.HOM\LOCALS~1\Temp\gAGP440p.sy
Its simply undoing everything im removing
You need to turn on 'show hidden files and folders'
then download SPYBOT
Download SPYBOT (Make sure you click 'DOWNLOAD LATEST VERSION' ~ make sure TEA TIMER is UNTICKED on installation)
http://www.filehippo.com/download_spybot_search_destroy/
UPDATE and IMMUNISE (Make sure it reads ZERO unprotected) and SCAN
Download GLARY UTILITIES
http://www.glaryutilities.com/download/gusetup_slim.exe
Run the ONE CLICK scan
Tyen goto MODULES / PRIVACY AND SECURITY and open FILE SHREDDER
Using the file shredder KILL gAGP440p.sy:idea:0 -
downloaded spybot and went to install and it keeps saying cannot connect to server even though its connectedto be updated:;)0
-
Skip that and run glary:idea:0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 353.5K Banking & Borrowing
- 254.2K Reduce Debt & Boost Income
- 455K Spending & Discounts
- 246.6K Work, Benefits & Business
- 602.9K Mortgages, Homes & Bills
- 178.1K Life & Family
- 260.6K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards