Virus? Virus? Virus?

24

Comments

  • julie8314dave
    julie8314dave Posts: 183 Forumite
    Part of the Furniture 100 Posts Combo Breaker
    So sorry but i had other things i had to do,
    Malwarebytes' Anti-Malware 1.44
    Database version: 3576
    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.18865

    16/01/2010 16:52:38
    mbam-log-2010-01-16 (16-52-38).txt

    Scan type: Quick Scan
    Objects scanned: 96118
    Time elapsed: 7 minute(s), 17 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 31
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 10
    Files Infected: 18

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PersonalSec (Rogue.PersonalSecurity) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servises (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\PersonalSec (Rogue.PersonalSecurity) -> Quarantined and deleted successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\PersonalSec (Rogue.PersonalSecurity) -> Quarantined and deleted successfully.
    C:\Program Files\Common Files\PersonalSecUninstall (Rogue.PersonalSecurity) -> Quarantined and deleted successfully.

    Files Infected:
    C:\Windows\freddy79.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Windows\ld16.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\PersonalSec\Computer Scan.lnk (Rogue.PersonalSecurity) -> Quarantined and deleted successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\PersonalSec\Help.lnk (Rogue.PersonalSecurity) -> Quarantined and deleted successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\PersonalSec\Personal Security.lnk (Rogue.PersonalSecurity) -> Quarantined and deleted successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\PersonalSec\Registration.lnk (Rogue.PersonalSecurity) -> Quarantined and deleted successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\PersonalSec\Security Center.lnk (Rogue.PersonalSecurity) -> Quarantined and deleted successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\PersonalSec\Settings.lnk (Rogue.PersonalSecurity) -> Quarantined and deleted successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\PersonalSec\Update.lnk (Rogue.PersonalSecurity) -> Quarantined and deleted successfully.
    C:\Program Files\Common Files\PersonalSecUninstall\Uninstall.lnk (Rogue.PersonalSecurity) -> Quarantined and deleted successfully.
    C:\Users\PEGGY\Desktop\Personal Security.lnk (Rogue.PSecurity) -> Quarantined and deleted successfully.
    C:\Windows\bk20856.dat (KoobFace.Trace) -> Quarantined and deleted successfully.
    C:\Windows\010112010146114101.xxe (KoobFace.Trace) -> Quarantined and deleted successfully.
    C:\Windows\bk23567.dat (KoobFace.Trace) -> Quarantined and deleted successfully.
    C:\Windows\fdgg34353edfgdfdf (KoobFace.Trace) -> Quarantined and deleted successfully.
    C:\Users\PEGGY\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PersonalSec.lnk (Rogue.PersonalSecurity) -> Quarantined and deleted successfully.
    C:\Windows\rdr_1263493615.exe (Worm.Koobface) -> Quarantined and deleted successfully.
  • Browntoa
    Browntoa Posts: 49,592 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    looking at that log file you need to run this

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    and post the log file
    Ex forum ambassador

    Long term forum member
  • julie8314dave
    julie8314dave Posts: 183 Forumite
    Part of the Furniture 100 Posts Combo Breaker
    Anyone please.
  • Browntoa
    Browntoa Posts: 49,592 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    looks like we posted at the same time, the second scan is required as you had a vundo type infection and Rogue.PersonalSecurity
    Ex forum ambassador

    Long term forum member
  • julie8314dave
    julie8314dave Posts: 183 Forumite
    Part of the Furniture 100 Posts Combo Breaker
    Thankyou! tried to put this in , page comes up with 404 error: page not found.
  • Browntoa
    Browntoa Posts: 49,592 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    works for me ??
    Ex forum ambassador

    Long term forum member
  • Browntoa
    Browntoa Posts: 49,592 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    Using ComboFix
    If you need help with malware removal, then please create a topic at one of the forums listed later in the guide and ask for help. Please note that each forum has different policies, so please be sure to read any pinned topics and rules for the particular forum about how you should go about receiving help. If a ComboFix log has been requested by a helper then please create one by following the instructions below.
    The first thing you should do is print out this guide, as we will close all the open windows and programs, including your web browser, before starting the ComboFix program.
    Next you should download ComboFix from one of the following URLs:
      <LI itxtvisited="1">
    BleepingComputer.com
    [*]ForoSpyware.com
    To download ComboFix, simply left-click on one of the links above and you will see a prompt similar to the figure below.
    download.jpg
    Download ComboFix Prompt
    Click on the Save button, and when it asks you where to save it, make sure you save it directly to your Windows Desktop. An image showing this is below.
    download-save.jpg
    Downloading ComboFix to the Desktop
    When you have the Save as screen configured to save ComboFix.exe to the Desktop, click on the Save button. ComboFix will now start downloading to your computer. If you are on a dialup, this may take a few minutes. When ComboFix has finished downloading you will now see an icon on your desktop similar to the one below.
    cf-icon.jpg
    ComboFix Icon
    We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:
      <LI itxtvisited="1">Close all open Windows including this one.
    • Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found in this topic.
    Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.
    Once you double-click on the icon, you may see a screen similar to the one below.
    open-file-warning.jpg
    Windows Open File Security Warning
    Windows is issuing this prompt because ComboFix does not have a digital signature. This is perfectly normal and safe and you can click on the Run button to continue. If you are using Windows Vista, and receive UAC prompt asking if you would like to continue running the program, you should press the Continue button.
    You will now see the first ComboFix screen as shown below.
    cf-preparing.jpg
    ComboFix is Preparing to Run
    ComboFix is now preparing to run and when it has finished you will see a screen showing the authorized locations to download Combofix. This screen, press the OK button and you will now see the Disclaimer screen shown below.
    disclaimer.jpg
    ComboFix Disclaimer
    If you do not agree to the disclaimer, then click on the No button to exit the program. Otherwise, to continue you should press the Yes button to continue. If you decided to continue, then ComboFix will create a System Restore point so that if any problems occur while using the program you can restore back to your previous configuration. When ComboFix has finished creating the restore point, it will then backup your Windows Registry as shown in the image below.
    erunt.jpg
    ComboFix is backing up the Windows Registry
    Once the Windows Registry has finished being backed up, ComboFix will attempt to detect if you have the Windows Recovery Console installed. If you already have it installed, you can skip to this section and continue reading. Otherwise you will see the following message as shown below:
    recovery-console-prompt.jpg
    ComboFix Recovery Console
    At the above message box, please click on the Yes button in order for ComboFix to continue. Please follow the steps and instructions given by ComboFix in order to finish the installation of the Recovery Console. Once it has finished installing, you will be presented with the screen shown below.
    recovery-console-installed.jpg
    ComboFix Recovery Console Finished
    You should now press the Yes button to continue. If at any time during the Recovery Console installation you receive a message stating that it failed to install, please allow ComboFix to continue with the scan of your computer. When it is done, and a log has been created, you can then perform the manual install of the Recovery Console using the steps found in the Manually installing the Windows Recovery Console section.
    ComboFix will now disconnect your computer from the Internet, so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection.
    ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.
    autoscan.jpg
    ComboFix is scanning the computer for infections
    While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to their previous settings. You will also see the text in the ComboFix window being updated as it goes through the various stages of its scan. An example of this can be seen below.
    still-scanning-clockchanges.jpg
    Stages of the ComboFix AutoScan
    At the time of this writing there are a total of 50 stages as shown in the image below, so please be patient. The amount of stages will go up as time goes on, so if the amount of stages is different when you run it, please do not be concerned.
    still-scanning-showing-stag.jpg
    41st Stage of the ComboFix AutoScan
    When ComboFix has finished running, you will see a screen stating that it is preparing the log report as shown below.
    preparing-log-report.jpg
    ComboFix is preparing the log report
    This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt. This can be seen in the image below.
    almost-done.jpg
    ComboFix is almost done!
    When ComboFix has finished, it will automatically close the program and change your clock back to its original format. It will then display the log file automatically for you as shown below.
    cf-log.jpg
    ComboFix Log File
    You should now post this log as a reply to the topic where you were asked to run combofix. Your helper will now analyze this log and let you know what they would like you to do next. If you having problems connecting to the Internet after running Combofix, then please read the Manually restoring the Internet connection section.
    It is possible that ComboFix, even on its first run, may have fixed the problems you are having. We strongly suggest that you still post your log into the topic that you are receiving help as you most likely will have infections left over that your helper will need to analyze further.
    Ex forum ambassador

    Long term forum member
  • julie8314dave
    julie8314dave Posts: 183 Forumite
    Part of the Furniture 100 Posts Combo Breaker
    Thanks for your help, What do i do next please?

    ComboFix 10-01-16.02 - PEGGY 16/01/2010 20:28:22.1.2 - x86
    Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.2037.945 [GMT 0:00]
    Running from: c:\users\PEGGY\Desktop\ComboFix.exe
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    c:\$recycle.bin\S-1-5-21-2347180839-3205931739-3509662-500
    c:\$recycle.bin\S-1-5-21-744416009-449661601-3740033954-500
    c:\program files\alot
    c:\program files\alot\alotUninst.exe
    c:\program files\alot\bin\alot.dll
    c:\program files\alot\bin\ALOTSettings.exe
    c:\program files\alot\bin\BHO\alotBHO.dll
    c:\windows\system32\oem7.inf
    .
    ((((((((((((((((((((((((( Files Created from 2009-12-16 to 2010-01-16 )))))))))))))))))))))))))))))))
    .
    2010-01-16 20:36 . 2010-01-16 20:36
    d
    w- c:\users\Default\AppData\Local\temp
    2010-01-16 18:58 . 2009-12-30 22:18 732536 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20100116.001\Scxpx86.dll
    2010-01-16 18:58 . 2009-12-30 22:18 685432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20100116.001\IDSxpx86.dll
    2010-01-16 18:58 . 2009-12-30 22:18 396336 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20100116.001\IDSviA64.sys
    2010-01-16 18:58 . 2009-12-30 22:18 286768 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20100116.001\IDSvix86.sys
    2010-01-16 18:58 . 2009-12-30 22:18 268664 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20100116.001\SymIDSco.sys
    2010-01-16 18:58 . 2009-12-30 22:18 173432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20100116.001\SymIDSI.dll
    2010-01-16 18:58 . 2009-12-30 22:18 157120 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20100116.001\IDS9xx86.dll
    2010-01-16 18:34 . 2010-01-16 18:34
    d
    w- C:\$AVG
    2010-01-16 18:34 . 2010-01-16 18:34 12464 ----a-w- c:\windows\system32\avgrsstx.dll
    2010-01-16 18:34 . 2010-01-16 18:34 25608 ----a-w- c:\windows\system32\drivers\AVGIDSvx.sys
    2010-01-16 18:34 . 2010-01-16 18:34 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
    2010-01-16 18:34 . 2010-01-16 18:34 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2010-01-16 18:34 . 2010-01-16 18:34 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2010-01-16 18:34 . 2010-01-16 18:34 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2010-01-16 18:34 . 2010-01-16 18:34
    d
    w- c:\windows\system32\drivers\Avg
    2010-01-16 18:32 . 2010-01-16 18:32 24856 ----a-w- c:\windows\system32\drivers\avgfwd6x.sys
    2010-01-16 18:32 . 2010-01-16 18:32
    d
    w- c:\program files\AVG
    2010-01-16 18:31 . 2010-01-16 18:32
    d
    w- c:\programdata\avg9
    2010-01-16 17:12 . 2009-12-14 08:59 1647984 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100116.005\NAVEX32A.DLL
    2010-01-16 17:12 . 2009-12-14 08:59 1323568 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100116.005\NAVEX15.SYS
    2010-01-16 17:12 . 2009-12-14 08:59 84912 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100116.005\NAVENG.SYS
    2010-01-16 17:12 . 2009-12-14 08:59 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100116.005\EECTRL.SYS
    2010-01-16 17:12 . 2009-12-14 08:59 2747440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100116.005\CCERASER.DLL
    2010-01-16 17:12 . 2009-12-14 08:59 259440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100116.005\ECMSVR32.DLL
    2010-01-16 17:12 . 2009-12-14 08:59 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100116.005\NAVENG32.DLL
    2010-01-16 17:12 . 2009-12-14 08:59 102448 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100116.005\ERASER.SYS
    2010-01-16 16:27 . 2010-01-16 16:27 5115824 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    2010-01-16 16:27 . 2010-01-16 16:27
    d
    w- c:\users\PEGGY\AppData\Roaming\Malwarebytes
    2010-01-16 16:27 . 2010-01-07 16:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-01-16 16:27 . 2010-01-16 16:27
    d
    w- c:\programdata\Malwarebytes
    2010-01-16 16:27 . 2010-01-07 16:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-01-16 16:27 . 2010-01-16 16:28
    d
    w- c:\program files\Malwarebytes' Anti-Malware
    2010-01-16 16:22 . 2009-12-14 08:59 84912 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100115.050\NAVENG.SYS
    2010-01-16 16:22 . 2009-12-14 08:59 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100115.050\NAVENG32.DLL
    2010-01-16 16:22 . 2009-12-14 08:59 1647984 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100115.050\NAVEX32A.DLL
    2010-01-16 16:22 . 2009-12-14 08:59 1323568 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100115.050\NAVEX15.SYS
    2010-01-16 16:22 . 2009-12-14 08:59 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100115.050\EECTRL.SYS
    2010-01-16 16:22 . 2009-12-14 08:59 259440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100115.050\ECMSVR32.DLL
    2010-01-16 16:22 . 2009-12-14 08:59 102448 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100115.050\ERASER.SYS
    2010-01-16 16:22 . 2009-12-14 08:59 2747440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100115.050\CCERASER.DLL
    2010-01-16 16:21 . 2009-12-30 22:18 732536 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20100112.001\Scxpx86.dll
    2010-01-16 16:21 . 2009-12-30 22:18 685432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20100112.001\IDSxpx86.dll
    2010-01-16 16:21 . 2009-12-30 22:18 396336 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20100112.001\IDSviA64.sys
    2010-01-16 16:21 . 2009-12-30 22:18 286768 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20100112.001\IDSvix86.sys
    2010-01-16 16:21 . 2009-12-30 22:18 268664 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20100112.001\SymIDSco.sys
    2010-01-16 16:21 . 2009-12-30 22:18 173432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20100112.001\SymIDSI.dll
    2010-01-16 16:21 . 2009-12-30 22:18 157120 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20100112.001\IDS9xx86.dll
    2010-01-16 16:21 . 2009-12-30 22:18 157120 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\BinHub\IDS9xx86.dll
    2010-01-16 16:17 . 2010-01-16 16:17
    dc----w- c:\windows\system32\DRVSTORE
    2010-01-16 16:17 . 2008-04-17 13:12 15464 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2010-01-16 16:17 . 2008-04-17 13:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
    2010-01-16 16:17 . 2010-01-16 16:17
    d
    w- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2010-01-15 22:05 . 2009-12-30 22:18 732536 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\BinHub\scxpx86.dll
    2010-01-15 22:05 . 2009-12-30 22:18 685432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\BinHub\idsxpx86.dll
    2010-01-15 22:05 . 2009-12-30 22:18 396336 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\BinHub\IDSvia64.sys
    2010-01-15 22:05 . 2009-12-30 22:18 286768 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\BinHub\IDSvix86.sys
    2010-01-15 22:05 . 2009-12-30 22:18 268664 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\BinHub\symidsco.sys
    2010-01-15 22:05 . 2009-12-30 22:18 173432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\BinHub\SymIDSI.dll
    2010-01-15 22:01 . 2010-01-16 18:39
    d
    w- c:\program files\Norton 360
    2010-01-15 21:59 . 2010-01-16 16:20 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2010-01-15 21:55 . 2009-12-14 08:59 84912 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\naveng.sys
    2010-01-15 21:55 . 2009-12-14 08:59 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\eeCtrl.sys
    2010-01-15 21:55 . 2009-12-14 08:59 2747440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\cceraser.dll
    2010-01-15 21:55 . 2009-12-14 08:59 259440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\ecmsvr32.dll
    2010-01-15 21:55 . 2009-12-14 08:59 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\naveng32.dll
    2010-01-15 21:55 . 2009-12-14 08:59 1647984 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\navex32a.dll
    2010-01-15 21:55 . 2009-12-14 08:59 1323568 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\navex15.sys
    2010-01-15 21:55 . 2009-12-14 08:59 102448 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\ERASER.sys
    2010-01-15 21:39 . 2008-02-24 22:59 34648 ----a-w- c:\users\PEGGY\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\AppCore\AppCore\AppTrc32.dll
    2010-01-15 18:18 . 2008-02-20 01:06 579464 ----a-w- c:\users\PEGGY\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\003F0638.tmp\Support\SymNet\SymNet\SymNeti.dll
    2010-01-15 18:17 . 2010-01-15 22:26
    d
    w- c:\users\PEGGY\AppData\Roaming\Symantec
    2010-01-15 18:17 . 2008-04-02 18:07 649568 ----a-w- c:\users\PEGGY\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\003F0638.tmp\Support\PreScan\Produnst.dll
    2010-01-15 18:17 . 2008-03-19 12:21 207192 ----a-w- c:\users\PEGGY\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\003F0638.tmp\Support\PreScan\DefInst.dll
    2010-01-15 18:10 . 2010-01-15 18:16 78048408 ----a-w- c:\programdata\Symantec Temporary Files\N360S200.exe
    2010-01-15 18:10 . 2010-01-15 18:10
    d
    w- c:\programdata\Symantec Temporary Files
    2010-01-15 17:44 . 2010-01-15 17:45
    d
    w- c:\users\PEGGY\AppData\Local\Threat Expert
    2010-01-15 17:41 . 2010-01-15 17:41
    d
    w- c:\users\PEGGY\AppData\Roaming\PC Tools
    2010-01-15 17:41 . 2010-01-15 17:41
    d
    w- c:\programdata\PC Tools
    2010-01-13 12:56 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll
    2010-01-13 12:56 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll
    2010-01-10 18:01 . 2010-01-10 18:08
    d
    w- c:\program files\Inbox Toolbar
    2009-12-27 11:31 . 2009-12-27 11:31
    d
    w- c:\program files\Windows Portable Devices
    2009-12-27 11:21 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll
    2009-12-27 11:21 . 2009-10-01 01:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
    2009-12-27 11:21 . 2009-10-01 01:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
    2009-12-27 11:21 . 2009-10-01 01:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll
    2009-12-27 11:21 . 2009-10-01 01:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
    2009-12-27 11:21 . 2009-10-01 01:01 350208 ----a-w- c:\windows\system32\WPDSp.dll
    2009-12-27 11:21 . 2009-10-01 01:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
    2009-12-27 11:21 . 2009-10-01 01:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
    2009-12-27 11:21 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
    2009-12-27 11:21 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
    2009-12-27 11:21 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
    2009-12-20 17:53 . 2009-12-20 17:53
    d
    w- c:\programdata\Office Genuine Advantage
    2009-12-20 14:23 . 2009-12-20 14:23
    d
    w- c:\program files\Microsoft Sync Framework
    2009-12-20 14:22 . 2006-11-29 13:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
    2009-12-20 14:22 . 2009-12-20 14:22
    d
    w- c:\program files\Microsoft SQL Server Compact Edition
    2009-12-20 14:21 . 2009-12-20 14:21
    d
    w- c:\program files\Microsoft
    2009-12-20 14:21 . 2009-12-20 14:21
    d
    w- c:\program files\Windows Live SkyDrive
    2009-12-20 14:21 . 2009-12-20 14:23
    d
    w- c:\program files\Windows Live
    2009-12-20 14:21 . 2009-12-20 14:21
    d
    w- c:\windows\PCHEALTH
    2009-12-20 14:07 . 2009-12-20 14:07
    d
    w- c:\program files\Common Files\Windows Live
    2009-12-20 14:05 . 2009-12-20 14:05
    d
    w- c:\program files\Microsoft Silverlight
    2009-12-20 14:01 . 2009-12-20 14:01
    d
    w- c:\windows\system32\Dell
    2009-12-20 13:44 . 2009-12-20 13:46
    d
    w- c:\windows\system32\ca-ES
    2009-12-20 13:44 . 2009-12-20 13:45
    d
    w- c:\windows\system32\eu-ES
    2009-12-20 13:44 . 2009-12-20 13:45
    d
    w- c:\windows\system32\vi-VN
    2009-12-20 13:14 . 2009-12-20 13:14
    d
    w- c:\windows\system32\EventProviders
    2009-12-20 13:00 . 2009-03-08 11:33 18944 ----a-w- c:\windows\system32\corpol.dll
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-01-16 20:01 . 2010-01-15 17:41
    d
    w- c:\program files\Spyware Doctor
    2010-01-16 16:40 . 2009-02-16 20:58
    d
    w- c:\program files\Common Files\Symantec Shared
    2010-01-16 16:21 . 2009-02-16 20:58
    d
    w- c:\programdata\Symantec
    2010-01-16 16:20 . 2009-02-16 20:58
    d
    w- c:\program files\Symantec
    2010-01-16 16:20 . 2010-01-15 21:59 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
    2010-01-16 16:20 . 2010-01-15 21:59 10635 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
    2010-01-15 20:38 . 2006-11-02 11:18
    d
    w- c:\program files\Windows Mail
    2010-01-15 20:11 . 2009-02-16 20:54 8264 ----a-w- c:\users\PEGGY\AppData\Roaming\wklnhst.dat
    2010-01-15 17:44 . 2010-01-15 17:41
    d
    w- c:\program files\Common Files\PC Tools
    2010-01-08 13:50 . 2009-03-09 15:25 5972 ----a-w- c:\users\PEGGY\AppData\Local\d3d9caps.dat
    2009-12-27 11:31 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
    2009-12-27 11:31 . 2009-12-27 11:31 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
    2009-12-20 14:01 . 2009-01-02 21:42
    d
    w- c:\program files\Dell
    2009-12-20 13:46 . 2006-11-02 12:35
    d
    w- c:\program files\Windows Calendar
    2009-12-20 13:46 . 2006-11-02 12:35
    d
    w- c:\program files\Windows Sidebar
    2009-12-20 13:46 . 2006-11-02 12:35
    d
    w- c:\program files\Windows Collaboration
    2009-12-20 13:46 . 2006-11-02 12:35
    d
    w- c:\program files\Windows Photo Gallery
    2009-12-20 13:46 . 2006-11-02 12:35
    d
    w- c:\program files\Windows Defender
    2009-11-21 06:40 . 2009-12-20 13:01 916480 ----a-w- c:\windows\system32\wininet.dll
    2009-11-21 06:34 . 2009-12-20 13:01 71680 ----a-w- c:\windows\system32\iesetup.dll
    2009-11-21 06:34 . 2009-12-20 13:01 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2009-11-21 04:59 . 2009-12-20 13:01 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2009-11-10 10:28 . 2010-01-15 17:44 149456 ----a-w- c:\windows\SGDetectionTool.dll
    2009-11-10 10:28 . 2010-01-15 17:44 165840 ----a-w- c:\windows\PCTBDRes.dll
    2009-11-10 10:28 . 2010-01-15 17:44 1640400 ----a-w- c:\windows\PCTBDCore.dll
    2009-11-10 10:26 . 2010-01-15 17:44 767952 ----a-w- c:\windows\BDTSupport.dll
    2009-11-09 11:20 . 2010-01-15 17:42 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
    2009-11-03 21:43 . 2009-12-09 20:32 24064 ----a-w- c:\windows\system32\nshhttp.dll
    2009-11-03 21:42 . 2009-12-09 20:32 30720 ----a-w- c:\windows\system32\httpapi.dll
    2009-11-03 19:41 . 2009-12-09 20:32 411648 ----a-w- c:\windows\system32\drivers\http.sys
    2009-11-02 20:42 . 2009-10-07 20:26 195456
    w- c:\windows\system32\MpSigStub.exe
    2009-10-30 11:11 . 2010-01-15 17:42 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
    2009-10-30 11:09 . 2010-01-15 17:42 98600 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
    2009-10-29 09:17 . 2009-11-29 13:20 2048 ----a-w- c:\windows\system32\tzres.dll
    2009-10-28 01:36 . 2010-01-15 17:44 1152444 ----a-w- c:\windows\UDB.zip
    2009-01-03 06:07 . 2009-01-03 06:06 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Google Update"="c:\users\PEGGY\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-04-25 133104]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-02 39408]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-05-04 167936]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-06 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-06 166424]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-06 133656]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
    "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-10-27 3563520]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-12-08 30192]
    "PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
    "dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-10-04 206064]
    "SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-11-12 405504]
    "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
    "osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
    "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-01-16 2033432]
    c:\users\PEGGY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-1-2 50688]
    QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\System32\avgrsstx.dll c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=""
    "FirewallOverride"=""
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "VistaSp2"=hex(b):f1,14,6f,de,7b,81,ca,01
    R0 AVGIDSErHrvtx;AVG9IDSErHr;c:\windows\System32\drivers\AVGIDSvx.sys [16/01/2010 18:34 25608]
    R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [16/01/2010 18:34 161800]
    R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [15/01/2010 17:42 207792]
    R1 Avgfwfd;AVG network filter service;c:\windows\System32\drivers\avgfwd6x.sys [16/01/2010 18:32 24856]
    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [16/01/2010 18:34 333192]
    R1 AvgTdiX;AVG Network Redirector;c:\windows\System32\drivers\avgtdix.sys [16/01/2010 18:34 360584]
    R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20100116.001\IDSvix86.sys [16/01/2010 18:58 286768]
    R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\AEstSrv.exe [02/01/2009 22:27 73728]
    R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [16/01/2010 18:33 906520]
    R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [16/01/2010 18:33 285392]
    R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [16/01/2010 18:34 2304192]
    R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [15/01/2010 17:44 112592]
    R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [23/09/2008 21:09 155648]
    R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [18/02/2008 19:37 149352]
    R3 AVGIDSDrivervtx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSDriver.sys [16/01/2010 18:33 122376]
    R3 AVGIDSFiltervtx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSFilter.sys [16/01/2010 18:33 30216]
    R3 AVGIDSShimvtx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSShim.sys [16/01/2010 18:33 27800]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [16/01/2010 16:22 102448]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\System32\drivers\IntcHdmi.sys [03/01/2009 06:22 111616]
    R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [19/02/2009 12:31 41008]
    S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [16/01/2010 18:33 5832712]
    S3 COH_Mon;COH_Mon;c:\windows\System32\drivers\COH_Mon.sys [13/01/2008 02:32 23888]
    S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21/01/2008 02:33 21504]
    S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [02/01/2009 21:51 30192]
    S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [15/01/2010 17:41 359624]
    --- Other Services/Drivers In Memory ---
    *NewlyCreated* - COH_MON
    *NewlyCreated* - COMHOST
    *Deregistered* - PCTSDInjDriver32
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder
    2010-01-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-744416009-449661601-3740033954-1000Core.job
    - c:\users\PEGGY\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-25 16:40]
    2010-01-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-744416009-449661601-3740033954-1000UA.job
    - c:\users\PEGGY\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-25 16:40]
    2010-01-16 c:\windows\Tasks\User_Feed_Synchronization-{CA775FE8-D5B7-4086-9D6E-11CA4686A7A7}.job
    - c:\windows\system32\msfeedssync.exe [2009-12-20 04:59]
    .
    .
    Supplementary Scan
    .
    uStart Page = hxxp://www.inbox.com/homepage.aspx?tbid=80135
    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
    .
    - - - - ORPHANS REMOVED - - - -
    BHO-{6551001F-A07B-40B1-8F55-B44BF35A42A6} - c:\windows\System32\win32extension.dll
    AddRemove-alotToolbar - c:\program files\alot\alotUninst.exe

    **************************************************************************
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-01-16 20:36
    Windows 6.0.6002 Service Pack 2 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    **************************************************************************
    .
    LOCKED REGISTRY KEYS
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2010-01-16 20:39:49
    ComboFix-quarantined-files.txt 2010-01-16 20:39
    Pre-Run: 107,188,457,472 bytes free
    Post-Run: 107,581,341,696 bytes free
    - - End Of File - - 46B8A338712E1902EAAFDC95D11F9F73
  • Browntoa
    Browntoa Posts: 49,592 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    you seem to be running AVG and Nortons , I would remove AVG if your Norotns is still in subscription

    wait for ALienRik to take a look at the log
    Ex forum ambassador

    Long term forum member
  • julie8314dave
    julie8314dave Posts: 183 Forumite
    Part of the Furniture 100 Posts Combo Breaker
    Thank you very much your help is much appreciated.
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 350.1K Banking & Borrowing
  • 252.7K Reduce Debt & Boost Income
  • 453.1K Spending & Discounts
  • 243K Work, Benefits & Business
  • 597.4K Mortgages, Homes & Bills
  • 176.5K Life & Family
  • 256K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 37.6K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture