We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Can I delete this folder ?
Options
Comments
-
Quick Scan = totally fine
Whole Scan = one found so far = GTDownDE_87.ocx .. c: \ i386 ..Adware.Gdown
(still scanning whole computer, not finished yet)0 -
Whole Scan = one found = GTDownDE_87.ocx .. c: \ i386 ..Adware.Gdown
Cure, rename, move or delete ?
What steps should I take in the future to keep my laptop virus free as much as possible ? Should I run Malwarebyte's weekly ?0 -
try CURE first
If it wont cure then MOVE (quarantine) it
Id update and run full scans with malwarebytes for the next couple of months to be sure your clean
Once your happy its clean id run a scan with your main av once a month and same with malwarebytes
Its impossible to say how youve gotten infected, but you need to realise that simply visiting an infected webpage could have done it
To combat this I use FIREFOX with the NOSCRIPT plugin:idea:0 -
Am running Malwarebytes followed by Hijack this again
Symptoms -
1 = wireless connection not found to our network thingy, having to refresh network list several times and/or reboot laptop for it to connect up
2 = getting page not found errors on things like MSE and facebook and having to refresh like 3 times for it to work
Malware got one object infected found so far. Back in hour or so with scan results0 -
Malwarebytes' Anti-Malware 1.45
https://www.malwarebytes.org
Database version: 4031
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
24/04/2010 17:18:06
mbam-log-2010-04-24 (17-18-06).txt
Scan type: Full scan (C:\|)
Objects scanned: 169484
Time elapsed: 56 minute(s), 29 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Documents and Settings\My Name\DoctorWeb\Quarantine\GTDownDE_87.ocx (Adware.Gdown) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-3348407203-1399344000-1975481221-1006\Dc1.tmp\License\iexplore.exe (Worm.Autorun.B) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-3348407203-1399344000-1975481221-1006\Dc2.tmp\License\iexplore.exe (Worm.Autorun.B) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-3348407203-1399344000-1975481221-1006\Dc3.tmp\License\iexplore.exe (Worm.Autorun.B) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP548\A0128174.ocx (Adware.Gdown) -> Quarantined and deleted successfully.0 -
*Ignore this duplication of Alienrik's above.*My very sincere apologies for those hoping to request off-board assistance but I am now so inundated with requests that in order to do justice to those "already in the system" I am no longer accepting PM's and am unlikely to do so for the foreseeable future (August 2016).
For those seeking more detailed advice and guidance regarding small claims cases arising from private parking issues I recommend that you visit the Private Parking forum on PePiPoo.com0 -
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:31:10, on 24/04/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office2000\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 9366 bytes0 -
Better download a fresh copy of combofix and run it:idea:0
-
ComboFix 10-04-21.01 - My Name 24/04/2010 19:35:13.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1358 [GMT 1:00]
Running from: c:\documents and settings\My Name\Desktop\ComboFix.exe
AV: AVG Internet Security 3-pack *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
((((((((((((((((((((((((( Files Created from 2010-03-24 to 2010-04-24 )))))))))))))))))))))))))))))))
.
2010-04-24 16:30 . 2010-04-24 16:30 388096 ----a-r- c:\documents and settings\My Name\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-04-24 16:30 . 2010-04-24 16:30
d
w- c:\program files\Trend Micro
2010-04-20 08:53 . 2010-04-20 08:53 242696 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-04-20 08:52 . 2010-04-20 08:52 1689952 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-04-08 23:40 . 2010-04-08 23:40
d
w- c:\documents and settings\All Users\Application Data\PopCap Games
2010-04-08 23:40 . 2010-04-08 23:55 24 ----a-w- c:\windows\popcinfot.dat
2010-04-08 23:40 . 2010-04-08 23:40
d
w- c:\program files\PopCap Games
2010-04-08 23:40 . 2010-04-08 23:40 0 ----a-w- c:\windows\popcreg.dat
2010-04-04 07:32 . 2010-04-04 07:32 4255072 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-03-30 22:28 . 2010-03-30 22:28
d
w- c:\documents and settings\My Name\DoctorWeb
2010-03-30 20:19 . 2010-03-30 20:19
d
w- c:\program files\CCleaner
2010-03-29 23:27 . 2010-03-29 23:27
d
w- c:\program files\TrendMicro
2010-03-29 21:40 . 2010-03-29 21:40 5918720 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-03-29 21:39 . 2010-03-29 21:39
d
w- c:\documents and settings\My Name\Application Data\Malwarebytes
2010-03-29 21:38 . 2010-03-29 14:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 21:38 . 2010-03-29 21:40
d
w- c:\program files\Malwarebytes' Anti-Malware
2010-03-29 21:38 . 2010-03-29 21:38
d
w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-29 21:38 . 2010-03-29 14:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-24 15:47 . 2009-11-09 21:50 0 ----a-w- c:\documents and settings\My Name\Local Settings\Application Data\prvlcl.dat
2010-04-20 08:53 . 2008-09-03 23:17 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-18 00:21 . 2008-08-15 15:25
d
w- c:\documents and settings\My Name\Application Data\SiteClasses
2010-04-18 00:21 . 2008-08-15 15:25
d
w- c:\documents and settings\My Name\Application Data\Sites
2010-04-15 07:02 . 2008-05-27 18:08
d
w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-02 17:27 . 2008-09-21 17:28
d
w- c:\documents and settings\My Name\Application Data\TransRender
2010-03-17 14:38 . 2008-08-15 15:22
d
w- c:\documents and settings\My Name\Application Data\vmntoolbar
2010-03-09 11:09 . 2004-08-10 12:51 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-05 09:45 . 2008-09-03 23:17 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-05 09:45 . 2008-09-03 23:17 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-05 09:44 . 2009-11-03 02:45 25096 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2010-03-05 09:44 . 2008-09-03 23:17 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-05 09:44 . 2008-09-03 23:17 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-02-26 05:43 . 2004-08-10 12:51 667136 ----a-w- c:\windows\system32\wininet.dll
2010-02-26 05:43 . 2004-08-10 12:51 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-02-24 13:11 . 2006-01-24 03:35 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-17 08:10 . 2004-08-10 12:51 2189952
w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-03 22:59 2066816
w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 10:03 . 2010-02-25 07:54 293376
w- c:\windows\system32\browserchoice.exe
2010-02-12 04:33 . 2004-08-10 12:50 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-10 12:51 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-01-28 10:10 . 2010-01-28 10:10 503808 -c--a-w- c:\documents and settings\My Name\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7f41877e-n\msvcp71.dll
2010-01-28 10:10 . 2010-01-28 10:10 499712 -c--a-w- c:\documents and settings\My Name\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7f41877e-n\jmc.dll
2010-01-28 10:10 . 2010-01-28 10:10 348160 -c--a-w- c:\documents and settings\My Name\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7f41877e-n\msvcr71.dll
2010-01-28 10:10 . 2010-01-28 10:10 61440 -c--a-w- c:\documents and settings\My Name\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-28a709c8-n\decora-sse.dll
2010-01-28 10:10 . 2010-01-28 10:10 12800 -c--a-w- c:\documents and settings\My Name\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-28a709c8-n\decora-d3d.dll
2009-12-23 15:40 . 2009-12-23 15:40 151392 ----a-w- c:\program files\mozilla firefox\components\FFConnectorLauncher.dll
2009-12-23 15:40 . 2009-12-23 15:40 296800 ----a-w- c:\program files\mozilla firefox\components\FFSource.dll
2008-09-29 10:41 . 2008-07-05 17:13 9394 -csha-w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( SnapShot@2010-03-30_01.33.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-07 01:19 . 2007-11-07 01:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-29 05:07 . 2008-07-29 05:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 05:07 . 2008-07-29 05:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2010-04-24 16:21 . 2010-04-24 16:21 16384 c:\windows\Temp\Perflib_Perfdata_180.dat
+ 2008-09-22 10:03 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll
- 2008-09-22 10:03 . 2008-07-08 13:02 17272 c:\windows\system32\spmsg.dll
- 2004-08-10 12:51 . 2009-12-22 05:20 81920 c:\windows\system32\dllcache\ieencode.dll
+ 2004-08-10 12:51 . 2010-02-26 05:43 81920 c:\windows\system32\dllcache\ieencode.dll
+ 2010-01-13 14:01 . 2010-01-13 14:01 86016 c:\windows\system32\dllcache\cabview.dll
+ 2004-08-10 12:50 . 2010-01-13 14:01 86016 c:\windows\system32\cabview.dll
- 2008-05-27 18:17 . 2010-03-11 01:25 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-05-27 18:17 . 2010-04-15 07:02 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-05-27 18:17 . 2010-03-11 01:25 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-05-27 18:17 . 2010-04-15 07:02 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-05-27 18:17 . 2010-04-15 07:02 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-05-27 18:17 . 2010-03-11 01:25 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-10-25 08:18 . 2008-10-25 08:18 72568 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ONFILTER.DLL
+ 2008-10-25 08:18 . 2008-10-25 08:18 98696 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ONENOTEM.EXE
+ 2008-07-29 07:05 . 2008-07-29 07:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 02:54 . 2008-07-29 02:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2004-08-10 12:51 . 2009-12-24 06:59 177664 c:\windows\system32\wintrust.dll
- 2004-08-10 12:51 . 2009-12-22 05:21 627712 c:\windows\system32\urlmon.dll
+ 2004-08-10 12:51 . 2010-02-26 05:43 627712 c:\windows\system32\urlmon.dll
+ 2004-08-10 12:51 . 2010-02-26 05:43 251904 c:\windows\system32\iepeers.dll
- 2004-08-10 12:51 . 2008-04-14 00:11 251904 c:\windows\system32\iepeers.dll
+ 2009-12-24 06:59 . 2009-12-24 06:59 177664 c:\windows\system32\dllcache\wintrust.dll
+ 2008-04-21 06:44 . 2010-02-26 05:43 667136 c:\windows\system32\dllcache\wininet.dll
- 2008-04-21 06:44 . 2009-12-22 05:21 667136 c:\windows\system32\dllcache\wininet.dll
+ 2008-05-09 10:53 . 2010-03-09 11:09 430080 c:\windows\system32\dllcache\vbscript.dll
- 2008-05-09 10:53 . 2008-05-09 10:53 430080 c:\windows\system32\dllcache\vbscript.dll
+ 2008-06-26 08:15 . 2010-02-26 05:43 627712 c:\windows\system32\dllcache\urlmon.dll
- 2008-06-26 08:15 . 2009-12-22 05:21 627712 c:\windows\system32\dllcache\urlmon.dll
+ 2008-06-20 11:08 . 2010-02-11 12:02 226880 c:\windows\system32\dllcache\tcpip6.sys
+ 2008-11-12 20:09 . 2010-02-24 13:11 455680 c:\windows\system32\dllcache\mrxsmb.sys
+ 2010-02-26 05:43 . 2010-02-26 05:43 251904 c:\windows\system32\dllcache\iepeers.dll
+ 2004-08-10 12:50 . 2010-02-12 04:33 100864 c:\windows\system32\dllcache\6to4svc.dll
+ 2010-04-08 23:40 . 2010-04-08 23:40 228352 c:\windows\Installer\f3ac14.msi
+ 2008-05-27 18:17 . 2010-04-15 07:02 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-05-27 18:17 . 2010-03-11 01:25 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-05-27 18:17 . 2010-03-11 01:25 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-05-27 18:17 . 2010-04-15 07:02 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-05-27 18:17 . 2010-04-15 07:02 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2008-05-27 18:17 . 2010-03-11 01:25 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-05-27 18:17 . 2010-04-15 07:02 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2008-05-27 18:17 . 2010-03-11 01:25 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2008-05-27 18:17 . 2010-03-11 01:25 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2008-05-27 18:17 . 2010-04-15 07:02 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2008-05-27 18:17 . 2010-03-11 01:25 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2008-05-27 18:17 . 2010-04-15 07:02 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2008-05-27 18:17 . 2010-03-11 01:25 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2008-05-27 18:17 . 2010-04-15 07:02 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2008-10-25 07:52 . 2008-10-25 07:52 664968 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ONBTTNOL.DLL
+ 2008-10-25 07:52 . 2008-10-25 07:52 604056 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ONBTTNIE.DLL
+ 2008-11-12 20:09 . 2010-02-24 13:11 455680 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2008-07-29 07:05 . 2008-07-29 07:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
- 2004-08-10 12:51 . 2009-12-22 05:21 1509888 c:\windows\system32\shdocvw.dll
+ 2004-08-10 12:51 . 2010-03-10 04:33 1509888 c:\windows\system32\shdocvw.dll
+ 2004-08-10 12:51 . 2010-02-26 05:43 3073024 c:\windows\system32\mshtml.dll
+ 2008-06-26 08:15 . 2010-03-10 04:33 1509888 c:\windows\system32\dllcache\shdocvw.dll
- 2008-06-26 08:15 . 2009-12-22 05:21 1509888 c:\windows\system32\dllcache\shdocvw.dll
+ 2008-10-15 07:03 . 2010-02-17 08:10 2189952 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2008-10-15 07:03 . 2010-02-16 13:25 2024448 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-10-15 07:03 . 2010-02-16 13:25 2066816 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-10-15 07:04 . 2010-02-16 14:08 2146304 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-04-21 06:44 . 2010-02-26 05:43 3073024 c:\windows\system32\dllcache\mshtml.dll
+ 2010-03-10 04:33 . 2010-03-10 04:33 1025024 c:\windows\system32\dllcache\browseui.dll
- 2004-08-10 12:50 . 2008-04-14 00:11 1025024 c:\windows\system32\browseui.dll
+ 2004-08-10 12:50 . 2010-03-10 04:33 1025024 c:\windows\system32\browseui.dll
+ 2010-04-24 16:30 . 2010-04-24 16:30 1094656 c:\windows\Installer\87c46.msi
+ 2010-02-21 00:03 . 2010-02-21 00:03 4472832 c:\windows\Installer\47e4c.msp
+ 2010-02-21 00:02 . 2010-02-21 00:02 4195840 c:\windows\Installer\47e30.msp
+ 2010-03-11 22:59 . 2010-03-11 22:59 5031424 c:\windows\Installer\47e1a.msp
+ 2008-05-27 18:17 . 2010-04-15 07:02 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-05-27 18:17 . 2010-03-11 01:25 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-05-27 18:17 . 2010-04-15 07:02 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2008-05-27 18:17 . 2010-03-11 01:25 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-03-06 04:00 . 2009-03-06 04:00 6596472 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ONMAIN.DLL
+ 2008-11-10 10:49 . 2008-11-10 10:49 1165680 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ONLIBS.DLL
+ 2008-11-24 22:16 . 2008-11-24 22:16 1020776 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ONENOTE.EXE
+ 2008-10-15 07:03 . 2010-02-17 08:10 2189952 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-10-15 07:03 . 2010-02-16 13:25 2024448 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-10-15 07:03 . 2010-02-16 13:25 2066816 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-10-15 07:04 . 2010-02-16 14:08 2146304 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2008-05-28 06:18 . 2010-04-06 17:52 31971272 c:\windows\system32\MRT.exe
+ 2010-03-22 15:03 . 2010-03-22 15:03 11732992 c:\windows\Installer\47e62.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-8287-79A187E26987}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 13:02 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"PrinTray"="c:\windows\System32\spool\DRIVERS\W32X86\3\printray.exe" [2002-09-18 36864]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"Dell QuickSet"="c:\program files\Dell\QuickSet\Quickset.exe" [2005-09-01 684032]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-1-24 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office2000\Office\OSA9.EXE [1999-2-17 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 16:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2005-09-01 17:24 684032 ----a-w- c:\program files\Dell\QuickSet\quickset.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X84-X85 Button Manager]
2002-09-04 09:36 53248 ----a-w- c:\progra~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X84-X85 Button Monitor]
2003-01-08 13:36 40960 ----a-w- c:\progra~1\LEXMAR~1\ACMonitor_X84-X85.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-09-06 14:09 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1677:UDP"= 1677:UDP:Windows Media Format SDK (firefox.exe)
"1676:UDP"= 1676:UDP:Windows Media Format SDK (firefox.exe)
R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [03/11/2009 03:45 25096]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [04/09/2008 00:17 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [04/09/2008 00:17 216200]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [04/09/2008 00:17 242896]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [22/12/2009 09:59 916760]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [05/03/2010 10:45 308064]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [22/12/2009 09:59 2325816]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [04/09/2008 00:17 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [03/11/2009 03:45 122376]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [03/11/2009 03:45 30216]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [03/11/2009 03:45 26120]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [04/09/2008 00:17 30104]
S3 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [05/03/2010 10:44 5888008]
.
Contents of the 'Scheduled Tasks' folder
2010-04-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.0 -
Supplementary Scan
.
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://www.euro.dell.com
uInternet Connection Wizard,ShellNext = hxxp://www.euro.dell.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\My Name\Application Data\Mozilla\Firefox\Profiles\zxidkn03.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk
FF - prefs.js: keyword.URL - hxxp://uk.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_uk&p=
FF - component: c:\documents and settings\My Name\Application Data\Mozilla\Firefox\Profiles\zxidkn03.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\My Name\Application Data\Mozilla\Firefox\Profiles\zxidkn03.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\components\FFConnectorLauncher.dll
FF - component: c:\program files\Mozilla Firefox\components\FFSource.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np32asw.dll
FF - HiddenExtension: XULRunner: {76AFD2AC-9555-4993-BF0B-7A75D4A4A08B} - c:\documents and settings\My Name\Local Settings\Application Data\{76AFD2AC-9555-4993-BF0B-7A75D4A4A08B}
FF - HiddenExtension: XULRunner: {7FEE735D-3311-4B1D-8DA2-75191C6ECABB} - c:\documents and settings\My Name\Local Settings\Application Data\{7FEE735D-3311-4B1D-8DA2-75191C6ECABB}
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-24 19:41
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
DLLs Loaded Under Running Processes
- - - - - - - > 'winlogon.exe'(1432)
c:\program files\Intel\Wireless\Bin\LgNotify.dll
- - - - - - - > 'explorer.exe'(608)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-04-24 19:43:03
ComboFix-quarantined-files.txt 2010-04-24 18:43
ComboFix2.txt 2010-03-30 10:26
ComboFix3.txt 2010-03-30 01:37
Pre-Run: 33,900,912,640 bytes free
Post-Run: 33,915,174,912 bytes free
- - End Of File - - 4D9E8B6245C4FC8F718CB13AB95365800
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 350.8K Banking & Borrowing
- 253.1K Reduce Debt & Boost Income
- 453.5K Spending & Discounts
- 243.8K Work, Benefits & Business
- 598.7K Mortgages, Homes & Bills
- 176.8K Life & Family
- 257.1K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards