We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
The Forum now has a brand new text editor, adding a bunch of handy features to use when creating posts. Read more in our how-to guide
Hi Can someone please look at these logs?
Comments
-
Oh oh I did not refresh my pc and thought there was no answer as of yet from you, found it now so here is the log for the old pc.
Malwarebytes' Anti-Malware 1.44
Database version: 3691
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882
05/02/2010 01:17:33
mbam-log-2010-02-05 (01-17-33).txt
Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Objects scanned: 241012
Time elapsed: 1 hour(s), 25 minute(s), 19 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)0 -
Laptop log results
Malwarebytes' Anti-Malware 1.44
Database version: 3691
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18882
05/02/2010 01:36:21
mbam-log-2010-02-05 (01-36-21).txt
Scan type: Full Scan (C:\|D:\|E:\|F:\|)
Objects scanned: 261445
Time elapsed: 1 hour(s), 52 minute(s), 0 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)0 -
Download fresh copies of combofix for both computers and ill go through them properly (Delete the old ones first)
If theyre clean your good to go
:idea:0 -
thanks Rik will do tomorrow0
-
this is the laptop. I hope I did it ok.
ComboFix 10-02-05.02 - Dorothy 05/02/2010 23:26:45.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2938.1823 [GMT 0:00]
Running from: c:\users\Dorothy\Desktop\qwerty.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Files Created from 2010-01-05 to 2010-02-05 )))))))))))))))))))))))))))))))
.
2010-02-05 23:33 . 2010-02-05 23:33
d
w- c:\users\Public\AppData\Local\temp
2010-02-05 23:33 . 2010-02-05 23:33
d
w- c:\users\Default\AppData\Local\temp
2010-02-03 11:07 . 2010-02-03 11:07 388096 ----a-r- c:\users\Dorothy\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-02-03 11:07 . 2010-02-03 11:07
d
w- c:\program files\TrendMicro
2010-02-02 13:31 . 2010-02-02 13:31
d
w- c:\programdata\Office Genuine Advantage
2010-02-01 20:12 . 2010-02-01 20:12
d
w- c:\users\Dorothy\AppData\Roaming\Malwarebytes
2010-02-01 20:12 . 2010-01-07 16:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-01 20:12 . 2010-02-01 20:12
d
w- c:\program files\Malwarebytes' Anti-Malware
2010-02-01 20:12 . 2010-02-01 20:12
d
w- c:\programdata\Malwarebytes
2010-02-01 20:12 . 2010-01-07 16:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-31 14:32 . 2010-01-31 14:32 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbEA2.tmp.exe
2010-01-27 18:20 . 2010-01-18 11:59 1260800 ----a-w- c:\programdata\avg9\update\backup\avgfrw.exe
2010-01-27 18:20 . 2010-01-18 11:59 3777280 ----a-w- c:\programdata\avg9\update\backup\setup.exe
2010-01-17 23:58 . 2010-01-17 23:58
d
w- C:\Sony Corporation
2010-01-17 00:33 . 2010-01-17 09:05
d
w- c:\programdata\NOS
2010-01-15 19:36 . 2010-01-15 19:36
d
w- c:\programdata\HP Product Assistant
2010-01-15 19:33 . 2010-01-15 19:43 77353 ----a-w- c:\windows\hpqins05.dat
2010-01-15 19:15 . 2010-01-15 19:36
d
w- c:\users\Dorothy\AppData\Roaming\HpUpdate
2010-01-15 19:15 . 2010-01-15 19:15
d
w- c:\windows\Hewlett-Packard
2010-01-14 03:04 . 2010-01-14 03:10
d
w- C:\0649b617491ce171c6c59578c225e6
2010-01-13 16:01 . 2009-10-19 14:27 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 16:01 . 2009-10-19 14:24 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-13 16:00 . 2010-01-13 16:00
d
w- C:\94284cf1b5a826cadca0b20c89
2010-01-08 15:21 . 2009-08-05 22:48 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-04 22:23 . 2008-07-09 21:17
d
w- c:\program files\Google
2010-01-31 23:59 . 2009-09-15 23:47 1 ----a-w- c:\users\Dorothy\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-01-22 10:41 . 2009-11-14 23:03
d
w- c:\program files\Microsoft Silverlight
2010-01-19 15:28 . 2009-03-20 22:15
d
w- c:\program files\Picasa2
2010-01-15 19:43 . 2009-12-08 15:09
d
w- c:\programdata\HP
2010-01-15 19:42 . 2009-03-20 16:13 2032 ----a-w- c:\users\Dorothy\AppData\Local\d3d9caps.dat
2010-01-15 19:39 . 2009-03-20 16:13 112112 ----a-w- c:\users\Dorothy\AppData\Local\GDIPFONTCACHEV1.DAT
2010-01-15 19:33 . 2009-03-20 21:20
d
w- c:\users\Dorothy\AppData\Roaming\Skype
2010-01-15 19:32 . 2009-04-05 21:38
d
w- c:\users\Dorothy\AppData\Roaming\skypePM
2010-01-14 11:12 . 2009-10-03 01:22 181120
w- c:\windows\system32\MpSigStub.exe
2010-01-14 03:11 . 2009-03-20 22:07
d
w- c:\programdata\Microsoft Help
2010-01-14 03:10 . 2006-11-02 11:18
d
w- c:\program files\Windows Mail
2010-01-08 15:21 . 2009-03-24 00:58
d
w- c:\program files\Windows Live
2010-01-05 00:45 . 2010-01-05 00:44
d
w- c:\program files\iTunes
2010-01-05 00:44 . 2010-01-05 00:44
d
w- c:\program files\iPod
2010-01-05 00:44 . 2009-10-02 21:21
d
w- c:\program files\Common Files\Apple
2010-01-05 00:42 . 2010-01-05 00:41
d
w- c:\program files\QuickTime
2010-01-05 00:39 . 2010-01-05 00:39 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2010-01-02 06:38 . 2010-01-22 11:17 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 11:17 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-01-22 11:17 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-01-22 11:17 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-15 19:21 . 2009-12-08 15:25
d
w- c:\users\Dorothy\AppData\Roaming\HP
2009-12-14 19:15 . 2009-12-14 19:15 2146304 ----a-w- c:\windows\system32\GPhotos.scr
2009-12-09 09:32 . 2009-12-09 09:32
d
w- c:\programdata\WEBREG
2009-12-08 15:58 . 2009-12-08 15:10 158062 ----a-w- c:\windows\hpoins29.dat
2009-12-08 15:23 . 2009-12-08 15:23
d
w- c:\programdata\Hewlett-Packard
2009-12-08 15:15 . 2009-12-08 15:11
d
w- c:\program files\HP
2009-12-08 15:13 . 2009-12-08 15:13
d
w- c:\program files\Common Files\HP
2009-12-08 15:13 . 2009-12-08 15:13
d
w- c:\program files\Hewlett-Packard
2009-12-08 15:13 . 2009-12-08 15:13
d
w- c:\program files\Common Files\Hewlett-Packard
2009-12-08 08:25 . 2009-12-08 08:25
d
w- c:\users\Default\AppData\Roaming\Trusteer
2009-12-05 16:18 . 2009-12-05 16:18 784136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-02 13:15 . 2009-12-02 13:15 484976 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb23A8.tmp.exe
2009-11-19 02:17 . 2009-05-21 21:35 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-19 02:17 . 2009-05-21 21:35 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-19 02:17 . 2009-05-21 21:35 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-19 02:17 . 2009-05-21 21:35 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-11-19 01:00 . 2009-11-19 01:00 439816 ----a-w- c:\users\Dorothy\AppData\Roaming\Real\Update\setup3.09\setup.exe
2009-11-09 13:22 . 2009-12-10 08:57 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 13:20 . 2009-12-10 08:57 31232 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 11:04 . 2009-12-10 08:57 411136 ----a-w- c:\windows\system32\drivers\http.sys
.
((((((((((((((((((((((((((((( [EMAIL="SnapShot@2010-02-03_01.05.40"]SnapShot@2010-02-03_01.05.40[/EMAIL] )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2010-02-05 23:14 60746 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2010-02-05 23:14 81576 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-03-20 18:16 . 2010-02-05 23:14 11400 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3802674362-668520206-2469377335-1003_UserData.bin
+ 2009-03-20 16:12 . 2010-02-05 23:12 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-03-20 16:12 . 2010-02-03 00:25 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-03-20 16:12 . 2010-02-03 00:25 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-20 16:12 . 2010-02-05 23:12 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-20 16:12 . 2010-02-05 23:12 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-03-20 16:12 . 2010-02-03 00:25 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-04-13 10:00 . 2010-02-02 23:50 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-04-13 10:00 . 2010-02-05 23:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-12 22:45 . 2010-01-16 00:11 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-12 22:45 . 2010-02-05 23:31 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-12 22:45 . 2010-02-05 23:31 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
- 2009-12-12 22:45 . 2010-01-16 00:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
- 2009-12-12 22:45 . 2010-01-16 00:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
+ 2009-12-12 22:45 . 2010-02-05 23:31 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
- 2009-04-13 10:00 . 2010-02-02 23:50 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-04-13 10:00 . 2010-02-05 23:31 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-04-13 10:00 . 2010-02-05 23:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-04-13 10:00 . 2010-02-02 23:50 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-02-04 22:23 . 2010-02-04 22:23 25214 c:\windows\Installer\{2EAF7E61-068E-11DF-953C-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2010-02-04 22:23 . 2010-02-04 22:23 25214 c:\windows\Installer\{2EAF7E61-068E-11DF-953C-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2010-02-04 22:23 . 2010-02-04 22:23 25214 c:\windows\Installer\{2EAF7E61-068E-11DF-953C-005056806466}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2010-02-04 22:23 . 2010-02-04 22:23 25214 c:\windows\Installer\{2EAF7E61-068E-11DF-953C-005056806466}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2010-02-04 22:23 . 2010-02-04 22:23 25214 c:\windows\Installer\{2EAF7E61-068E-11DF-953C-005056806466}\googleearth.exe1_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2010-02-04 22:23 . 2010-02-04 22:23 25214 c:\windows\Installer\{2EAF7E61-068E-11DF-953C-005056806466}\googleearth.exe_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2010-02-04 22:23 . 2010-02-04 22:23 25214 c:\windows\Installer\{2EAF7E61-068E-11DF-953C-005056806466}\ARPPRODUCTICON.exe
- 2010-02-02 13:30 . 2010-02-02 23:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-02-05 23:12 . 2010-02-05 23:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-02-05 23:12 . 2010-02-05 23:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-02-02 13:30 . 2010-02-02 23:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-03-28 22:21 . 2010-02-04 21:38 251132 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2009-03-27 23:29 . 2010-02-04 16:34 258290 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-06-18 08:28 . 2010-02-05 09:58 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-06-18 08:28 . 2010-01-28 23:16 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-02-04 22:23 . 2010-02-04 22:23 1262080 c:\windows\Installer\28ee85.msi
+ 2009-05-20 02:02 . 2010-02-05 01:35 172134184 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 13:01 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-06-28 262144]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-26 39408]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-03-18 4363504]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-04 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-04 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-04 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-03 6295552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 835584]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-04-04 317280]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-11-12 30192]
"MarketingTools"="c:\program files\Sony\Marketing Tools\MarketingTools.exe" [2009-03-20 24576]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-06-22 68592]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-30 198160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
c:\users\Dorothy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-28 199184]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-07-07 19:28 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll c:\windows\System32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [21/05/2009 21:35 333192]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [21/05/2009 21:35 360584]
R1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [06/12/2009 15:09 58984]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [06/12/2009 15:09 337000]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [19/11/2009 02:16 285392]
R2 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [20/03/2009 22:39 299008]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [06/12/2009 15:09 972008]
R2 regi;regi;c:\windows\System32\drivers\regi.sys [18/04/2007 03:09 11032]
R2 RtkAudioService;Realtek Audio Service;c:\windows\RTKAUDIOSERVICE.EXE [09/07/2008 21:35 104992]
R2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [09/07/2008 23:21 411488]
R2 VCFw;VAIO Content Folder Watcher;c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [20/06/2008 15:56 415744]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\System32\drivers\SFEP.sys [09/07/2008 21:57 9344]
S2 gupdate1c9b8991840ba4;Google Update Service (gupdate1c9b8991840ba4);c:\program files\Google\Update\GoogleUpdate.exe [08/04/2009 22:25 133104]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [08/01/2010 15:21 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22:48 704864]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [20/03/2009 22:20 30192]
S3 SOHCImp;VAIO Media plus Content Importer;c:\program files\Sony\VAIO Media plus\SOHCImp.exe [20/03/2009 22:36 103712]
S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\Sony\VAIO Media plus\SOHDms.exe [20/03/2009 22:36 353568]
S3 SOHDs;VAIO Media plus Device Searcher;c:\program files\Sony\VAIO Media plus\SOHDs.exe [20/03/2009 22:36 62752]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [20/03/2009 22:32 337184]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [20/03/2009 22:32 83232]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
2010-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-08 22:25]
2010-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-08 22:25]
2010-02-05 c:\windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
- c:\windows\system32\msfeedssync.exe [2010-01-22 04:56]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://uk.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Lookup on Merriam Webster - [URL]file://c:\program[/URL] files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - [URL]file://c:\program[/URL] files\ieSpell\wikipedia.HTM
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - c:\program files\AskBarDis\bar\bin\askBar.dll
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-05 23:33
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
DLLs Loaded Under Running Processes
- - - - - - - > 'Explorer.exe'(19056)
c:\program files\Trusteer\Rapport\bin\rooksbas.dll
.
Completion time: 2010-02-05 23:37:04
ComboFix-quarantined-files.txt 2010-02-05 23:36
ComboFix2.txt 2010-02-03 01:10
Pre-Run: 127,432,442,880 bytes free
Post-Run: 127,401,022,464 bytes free
Current=1 Default=1 Failed=0 LastKnownGood=13 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,20
- - End Of File - - 91574B8AD4167327586BFA69C394FD0F0 -
LAPTOP ~
Open notepad and copy/paste the text in RED below
File::
c:\windows\system32\drivers\fssfltr.sys
c:\windows\hpoins29.dat
Save this as "CFScript" (FULL file will be 'CFScript.txt' EXACTLY as shown)
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply
Combofix should never take more that 30 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.:idea:0 -
hi rik here is the laptop
ComboFix 10-02-05.04 - Dorothy 06/02/2010 10:05:39.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2938.1830 [GMT 0:00]
Running from: c:\users\Dorothy\Desktop\qwerty.exe
Command switches used :: c:\users\Dorothy\Documents\cfscript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FILE ::
"c:\windows\hpoins29.dat"
"c:\windows\system32\drivers\fssfltr.sys"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\hpoins29.dat
c:\windows\system32\drivers\fssfltr.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
\Service_fssfltr
((((((((((((((((((((((((( Files Created from 2010-01-06 to 2010-02-06 )))))))))))))))))))))))))))))))
.
2010-02-06 10:13 . 2010-02-06 10:13
d
w- c:\users\Public\AppData\Local\temp
2010-02-06 10:13 . 2010-02-06 10:13
d
w- c:\users\Default\AppData\Local\temp
2010-02-03 11:07 . 2010-02-03 11:07
d
w- c:\program files\TrendMicro
2010-02-02 13:31 . 2010-02-02 13:31
d
w- c:\programdata\Office Genuine Advantage
2010-02-01 20:12 . 2010-02-01 20:12
d
w- c:\users\Dorothy\AppData\Roaming\Malwarebytes
2010-02-01 20:12 . 2010-01-07 16:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-01 20:12 . 2010-02-01 20:12
d
w- c:\program files\Malwarebytes' Anti-Malware
2010-02-01 20:12 . 2010-02-01 20:12
d
w- c:\programdata\Malwarebytes
2010-02-01 20:12 . 2010-01-07 16:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-17 23:58 . 2010-01-17 23:58
d
w- C:\Sony Corporation
2010-01-17 00:33 . 2010-01-17 09:05
d
w- c:\programdata\NOS
2010-01-15 19:36 . 2010-01-15 19:36
d
w- c:\programdata\HP Product Assistant
2010-01-15 19:33 . 2010-01-15 19:43 77353 ----a-w- c:\windows\hpqins05.dat
2010-01-15 19:15 . 2010-01-15 19:36
d
w- c:\users\Dorothy\AppData\Roaming\HpUpdate
2010-01-15 19:15 . 2010-01-15 19:15
d
w- c:\windows\Hewlett-Packard
2010-01-14 03:04 . 2010-01-14 03:10
d
w- C:\0649b617491ce171c6c59578c225e6
2010-01-13 16:01 . 2009-10-19 14:27 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 16:01 . 2009-10-19 14:24 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-13 16:00 . 2010-01-13 16:00
d
w- C:\94284cf1b5a826cadca0b20c89
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-04 22:23 . 2008-07-09 21:17
d
w- c:\program files\Google
2010-02-03 11:07 . 2010-02-03 11:07 388096 ----a-r- c:\users\Dorothy\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-01-31 23:59 . 2009-09-15 23:47 1 ----a-w- c:\users\Dorothy\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-01-31 14:32 . 2010-01-31 14:32 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbEA2.tmp.exe
2010-01-22 10:41 . 2009-11-14 23:03
d
w- c:\program files\Microsoft Silverlight
2010-01-19 15:28 . 2009-03-20 22:15
d
w- c:\program files\Picasa2
2010-01-18 11:59 . 2010-01-27 18:20 1260800 ----a-w- c:\programdata\avg9\update\backup\avgfrw.exe
2010-01-18 11:59 . 2010-01-27 18:20 3777280 ----a-w- c:\programdata\avg9\update\backup\setup.exe
2010-01-15 19:43 . 2009-12-08 15:09
d
w- c:\programdata\HP
2010-01-15 19:42 . 2009-03-20 16:13 2032 ----a-w- c:\users\Dorothy\AppData\Local\d3d9caps.dat
2010-01-15 19:39 . 2009-03-20 16:13 112112 ----a-w- c:\users\Dorothy\AppData\Local\GDIPFONTCACHEV1.DAT
2010-01-15 19:33 . 2009-03-20 21:20
d
w- c:\users\Dorothy\AppData\Roaming\Skype
2010-01-15 19:32 . 2009-04-05 21:38
d
w- c:\users\Dorothy\AppData\Roaming\skypePM
2010-01-14 11:12 . 2009-10-03 01:22 181120
w- c:\windows\system32\MpSigStub.exe
2010-01-14 03:11 . 2009-03-20 22:07
d
w- c:\programdata\Microsoft Help
2010-01-14 03:10 . 2006-11-02 11:18
d
w- c:\program files\Windows Mail
2010-01-08 15:21 . 2009-03-24 00:58
d
w- c:\program files\Windows Live
2010-01-05 00:45 . 2010-01-05 00:44
d
w- c:\program files\iTunes
2010-01-05 00:44 . 2010-01-05 00:44
d
w- c:\program files\iPod
2010-01-05 00:44 . 2009-10-02 21:21
d
w- c:\program files\Common Files\Apple
2010-01-05 00:42 . 2010-01-05 00:41
d
w- c:\program files\QuickTime
2010-01-05 00:39 . 2010-01-05 00:39 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2010-01-02 06:38 . 2010-01-22 11:17 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 11:17 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-01-22 11:17 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-01-22 11:17 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-15 19:21 . 2009-12-08 15:25
d
w- c:\users\Dorothy\AppData\Roaming\HP
2009-12-14 19:15 . 2009-12-14 19:15 2146304 ----a-w- c:\windows\system32\GPhotos.scr
2009-12-09 09:32 . 2009-12-09 09:32
d
w- c:\programdata\WEBREG
2009-12-08 15:23 . 2009-12-08 15:23
d
w- c:\programdata\Hewlett-Packard
2009-12-08 15:15 . 2009-12-08 15:11
d
w- c:\program files\HP
2009-12-08 15:13 . 2009-12-08 15:13
d
w- c:\program files\Common Files\HP
2009-12-08 15:13 . 2009-12-08 15:13
d
w- c:\program files\Hewlett-Packard
2009-12-08 15:13 . 2009-12-08 15:13
d
w- c:\program files\Common Files\Hewlett-Packard
2009-12-05 16:18 . 2009-12-05 16:18 784136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-02 13:15 . 2009-12-02 13:15 484976 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb23A8.tmp.exe
2009-11-19 02:17 . 2009-05-21 21:35 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-19 02:17 . 2009-05-21 21:35 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-19 02:17 . 2009-05-21 21:35 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-19 02:17 . 2009-05-21 21:35 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-11-19 01:00 . 2009-11-19 01:00 439816 ----a-w- c:\users\Dorothy\AppData\Roaming\Real\Update\setup3.09\setup.exe
2009-11-09 13:22 . 2009-12-10 08:57 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 13:20 . 2009-12-10 08:57 31232 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 11:04 . 2009-12-10 08:57 411136 ----a-w- c:\windows\system32\drivers\http.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 13:01 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-06-28 262144]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-26 39408]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-03-18 4363504]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-04 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-04 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-04 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-03 6295552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 835584]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-04-04 317280]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-11-12 30192]
"MarketingTools"="c:\program files\Sony\Marketing Tools\MarketingTools.exe" [2009-03-20 24576]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-06-22 68592]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-30 198160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
c:\users\Dorothy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-28 199184]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-07-07 19:28 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll c:\windows\System32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [21/05/2009 21:35 333192]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [21/05/2009 21:35 360584]
R1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [06/12/2009 15:09 58984]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [06/12/2009 15:09 337000]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [19/11/2009 02:16 285392]
R2 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [20/03/2009 22:39 299008]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [06/12/2009 15:09 972008]
R2 regi;regi;c:\windows\System32\drivers\regi.sys [18/04/2007 03:09 11032]
R2 RtkAudioService;Realtek Audio Service;c:\windows\RTKAUDIOSERVICE.EXE [09/07/2008 21:35 104992]
R2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [09/07/2008 23:21 411488]
R2 VCFw;VAIO Content Folder Watcher;c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [20/06/2008 15:56 415744]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\System32\drivers\SFEP.sys [09/07/2008 21:57 9344]
S2 gupdate1c9b8991840ba4;Google Update Service (gupdate1c9b8991840ba4);c:\program files\Google\Update\GoogleUpdate.exe [08/04/2009 22:25 133104]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22:48 704864]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [20/03/2009 22:20 30192]
S3 SOHCImp;VAIO Media plus Content Importer;c:\program files\Sony\VAIO Media plus\SOHCImp.exe [20/03/2009 22:36 103712]
S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\Sony\VAIO Media plus\SOHDms.exe [20/03/2009 22:36 353568]
S3 SOHDs;VAIO Media plus Device Searcher;c:\program files\Sony\VAIO Media plus\SOHDs.exe [20/03/2009 22:36 62752]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [20/03/2009 22:32 337184]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [20/03/2009 22:32 83232]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
2010-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-08 22:25]
2010-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-08 22:25]
2010-02-06 c:\windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
- c:\windows\system32\msfeedssync.exe [2010-01-22 04:56]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://uk.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Lookup on Merriam Webster - [URL]file://c:\program[/URL] files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - [URL]file://c:\program[/URL] files\ieSpell\wikipedia.HTM
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-06 10:17
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
DLLs Loaded Under Running Processes
- - - - - - - > 'Explorer.exe'(6624)
c:\program files\Trusteer\Rapport\bin\rooksbas.dll
.
Other Running Processes
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\DllHost.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Sony\VAIO Event Service\VESMgrSub.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Sony\VAIO Power Management\SPMgr.exe
c:\program files\Sony\VAIO Update 4\VAIOUpdt.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2010-02-06 10:23:25 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-06 10:23
ComboFix2.txt 2010-02-05 23:37
ComboFix3.txt 2010-02-03 01:10
Pre-Run: 127,232,835,584 bytes free
Post-Run: 126,982,747,136 bytes free
Current=1 Default=1 Failed=0 LastKnownGood=13 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,20
- - End Of File - - E431FCA9502B803E25691D9DA77EC1000 -
Here is the old pc scanned
ComboFix 10-02-05.04 - Ian 06/02/2010 10:40:59.2.1 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.895.312 [GMT 0:00]
Running from: c:\users\Ian\Desktop\qwerty.exe
.
((((((((((((((((((((((((( Files Created from 2010-01-06 to 2010-02-06 )))))))))))))))))))))))))))))))
.
2010-02-06 10:57 . 2010-02-06 10:57
d
w- c:\users\Public\AppData\Local\temp
2010-02-06 10:57 . 2010-02-06 10:57
d
w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2010-02-06 10:57 . 2010-02-06 10:57
d
w- c:\users\Default\AppData\Local\temp
2010-02-04 23:16 . 2009-11-25 11:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-02-04 23:16 . 2009-03-30 09:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-02-04 23:16 . 2010-02-04 23:16
d
w- c:\programdata\Avira
2010-02-04 23:16 . 2010-02-04 23:16
d
w- c:\program files\Avira
2010-02-03 19:22 . 2010-02-03 19:22 388096 ----a-r- c:\users\Ian\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-02-03 19:22 . 2010-02-03 19:22
d
w- c:\program files\TrendMicro
2010-02-01 11:53 . 2010-02-01 12:14 19518 ----a-w- c:\windows\hpqins13.dat
2010-01-19 15:27 . 2010-01-19 15:27
d
w- c:\programdata\Office Genuine Advantage
2010-01-14 16:22 . 2010-01-20 20:50
d
w- c:\programdata\McAfee Security Scan
2010-01-14 16:22 . 2010-01-14 16:22
d
w- c:\program files\McAfee Security Scan
2010-01-14 14:53 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-14 14:53 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-06 08:27 . 2009-02-15 21:07 720 ----a-w- c:\programdata\ArcSoft\kodak-printcreations-22-080812-oem\acforall.dll
2010-02-05 21:09 . 2009-03-30 14:15
d
w- c:\programdata\Google Updater
2010-02-05 21:04 . 2008-04-06 18:50
d
w- c:\program files\Yahoo!
2010-02-04 23:28 . 2008-05-23 22:31
d
w- c:\programdata\Skype
2010-02-04 23:06 . 2008-08-02 23:15
d
w- c:\programdata\avg8
2010-02-04 22:58 . 2009-02-19 00:16
d
w- c:\users\Ian\AppData\Roaming\DNA
2010-02-03 20:44 . 2009-11-25 00:14 157453 ----a-w- c:\windows\hpoins29.dat
2010-02-03 20:39 . 2008-04-06 19:47 2260 ----a-w- c:\users\Ian\AppData\Roaming\wklnhst.dat
2010-02-03 20:37 . 2009-09-24 20:47
d
w- c:\programdata\HP
2010-02-01 20:17 . 2008-05-31 00:39 5216 ----a-w- c:\users\Ian\AppData\Local\d3d9caps.dat
2010-02-01 20:11 . 2009-02-26 11:56
d
w- c:\program files\Malwarebytes' Anti-Malware
2010-02-01 12:47 . 2008-04-09 01:14
d
w- c:\program files\YahELite
2010-02-01 11:53 . 2010-02-01 11:53 262144 ----a-w- c:\programdata\ntuser.dat
2010-01-29 13:58 . 2009-03-06 18:57
d
w- c:\program files\Google
2010-01-21 10:26 . 2008-12-02 00:53
d
w- c:\program files\Microsoft Silverlight
2010-01-20 20:50 . 2009-11-25 00:32
d
w- c:\programdata\HP Product Assistant
2010-01-16 16:22 . 2008-08-06 00:09
d
w- c:\programdata\McAfee
2010-01-16 08:41 . 2008-08-08 20:16 0 ----a-w- c:\users\Ian\AppData\Local\prvlcl.dat
2010-01-16 00:01 . 2008-05-23 22:35
d
w- c:\users\Ian\AppData\Roaming\skypePM
2010-01-15 09:14 . 2006-11-02 11:18
d
w- c:\program files\Windows Mail
2010-01-14 17:51 . 2008-08-24 20:06
d
w- c:\programdata\NOS
2010-01-14 11:12 . 2009-11-05 12:29 181120
w- c:\windows\system32\MpSigStub.exe
2010-01-07 16:07 . 2009-02-26 11:56 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 16:07 . 2009-02-26 11:56 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-02 06:38 . 2010-01-21 22:30 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-21 22:30 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 06:32 . 2010-01-21 22:30 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 04:57 . 2010-01-21 22:30 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2007-10-23 18:22 . 2007-10-23 18:22 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-06 39408]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-26 4351216]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"filehippo.com"="c:\program files\filehippo.com\UpdateChecker.exe" [2008-10-02 147456]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Acer Tour Reminder"="" [BU]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-20 4493312]
"Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2007-05-31 326440]
"PCMMediaSharing"="c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2007-06-22 204908]
"SiSTray"="c:\program files\SiS VGA Utilities\SiSTray.exe" [2007-06-05 548864]
"Skytel"="Skytel.exe" [2007-06-15 1826816]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-10-10 203264]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-01-31 385024]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-07-03 122368]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-05 149280]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-11-06 185896]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-06 57344]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AutoUpdate Monitor.lnk - c:\program files\Sophos\AutoUpdate\ALMon.exe [2007-1-31 245760]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-9-14 535336]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-10-30 282624]
McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-28 199184]
TL-WN321G Wireless Utility.lnk - c:\program files\TP-LINK\TL-WN321G Wireless Utility\Installer\Win2k\TWCU.exe [2008-4-7 622592]
Wireless Configuration Utility.lnk - c:\program files\TRENDnet\TEW-424UB\WlanCU.exe [2007-4-29 434176]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):41,75,95,63,e7,3d,ca,01
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [14/09/2007 03:58 269448]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [04/02/2010 23:16 108289]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [24/07/2008 18:46 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\System32\drivers\LMIRfsDriver.sys [21/02/2009 16:30 47640]
R3 RTL8187B;TRENDnet TEW-424UB 54M USB Dongle;c:\windows\System32\drivers\RTL8187B.sys [19/07/2007 00:40 281088]
R3 SiS6350;SiS6350;c:\windows\System32\drivers\SISGRKMD.sys [14/09/2007 02:53 454520]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\System32\drivers\SiSGB6.sys [14/09/2007 02:53 46592]
S2 gupdate1c9b142ce89b221;Google Update Service (gupdate1c9b142ce89b221);c:\program files\Google\Update\GoogleUpdate.exe [30/03/2009 14:21 133104]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [28/05/2008 14:38 21504]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [11/11/2009 00:49 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22:48 704864]
S3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\System32\drivers\netr73.sys [26/02/2008 09:17 493568]
S3 WSVD;WSVD;c:\windows\System32\drivers\WSVD.sys [26/05/2008 07:53 80744]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
2010-02-06 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-06 14:15]
2010-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-30 14:21]
2010-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-30 14:21]
2010-02-06 c:\windows\Tasks\User_Feed_Synchronization-{0A025761-1C77-4FBE-9169-6C96DF54EBD5}.job
- c:\windows\system32\msfeedssync.exe [2010-01-21 04:56]
.
.
Supplementary Scan
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {72376E32-8AF2-473F-BE32-E5D0F39C865D} - hxxp://docs.cyberlink.com/acer/arcade/prog/UpdateAdvisorV2.cab
FF - ProfilePath - c:\users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\reu28967.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-06 10:57
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
DLLs Loaded Under Running Processes
- - - - - - - > 'Explorer.exe'(5576)
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\ShowErrMsg.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\BatchCrypto.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\keyManager.dll
.
Completion time: 2010-02-06 11:04:10
ComboFix-quarantined-files.txt 2010-02-06 11:04
ComboFix2.txt 2010-02-03 01:59
Pre-Run: 21,497,036,800 bytes free
Post-Run: 21,397,987,328 bytes free
- - End Of File - - 2533E6F64C1C8FF9250F8EEE0B62F3E20 -
old PC seems to have traces of AVG 8 , Avira , Mcafee AND Nortons , which one is it using ??
2010-02-04 23:16 . 2010-02-04 23:16
d
w- c:\programdata\Avira
2010-01-14 16:22 . 2010-01-14 16:22
d
w- c:\program files\McAfee Security Scan
2010-02-04 23:06 . 2008-08-02 23:15
d
w- c:\programdata\avg8
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] (Nortons)Ex forum ambassador
Long term forum member0 -
removal tools
DOWNLOAD LOCATIONS
for Norton Removal Tool 2010.0.5.18:
Softpedia Secure Download (US) [EXE]
DOWNLOAD LOCATIONS
for McAfee Consumer Product Removal Tool 3.0.128.8:Softpedia Mirror (US) [EXE]
AVG Remover(32bit)
(avgremover.exe)Ex forum ambassador
Long term forum member0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 354.4K Banking & Borrowing
- 254.4K Reduce Debt & Boost Income
- 455.4K Spending & Discounts
- 247.3K Work, Benefits & Business
- 604K Mortgages, Homes & Bills
- 178.4K Life & Family
- 261.5K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards