We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Vista defender - please help!
Comments
-
right im scanning using malwarebytes
:ABeing Thrifty Gifty again this year:A
0 -
yes stick with Mbam...will run combofix after depending what it finds
if combofix did run and complete its scan the combofix txt file will be on your desktop or at the root of your C:Ex forum ambassador
Long term forum member0 -
thanks so much browntoa. its still running! massive hard drive!
:ABeing Thrifty Gifty again this year:A
0 -
It came up with 15 threats. Do I want to remove them using malwarebytes?
:ABeing Thrifty Gifty again this year:A
0 -
Malwarebytes' Anti-Malware 1.45
https://www.malwarebytes.org
Database version: 4016
Windows 6.0.6000
Internet Explorer 7.0.6000Cate.17037
22/04/2010 00:25:51
mbam-log-2010-04-22 (00-25-51).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 517289
Time elapsed: 3 hour(s), 23 minute(s), 15 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 10
Memory Processes Infected:
C:\Users\Cate\AppData\Local\ave.exe (Rogue.MultipleAV) -> Unloaded process successfully.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\userinit (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Users\Cate\AppData\Local\Temp\count.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Cate\AppData\Local\Temp\nmxosrwcae.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Cate\AppData\Local\Temp\aewsomrnxc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Cate\Desktop\Adobe\keygen.exe (Malware.Tool) -> Quarantined and deleted successfully.
C:\Users\Cate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Antimalware Doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
C:\Users\Cate\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Users\Cate\Desktop\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Users\Cate\AppData\Roaming\Microsoft\Windows\Start Menu\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Users\Cate\Local Settings\Application Data\ave.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.
C:\Users\Cate\AppData\Local\ave.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.
:ABeing Thrifty Gifty again this year:A
0 -
I would now run combofixEx forum ambassador
Long term forum member0 -
Thanks!! I have rang AVG again and removed any threats. Will ring combofix now
:ABeing Thrifty Gifty again this year:A
0 -
ComboFix 10-04-21.01 - Cate 22/04/2010 10:47:17.1.4 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.44.1033.18.3317.1872 [GMT 1:00]
Running from: c:\users\Cate\Documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-1634532723-2461856881-3736818844-500
c:\$recycle.bin\S-1-5-21-1738422755-998661840-641317060-500
c:\$recycle.bin\S-1-5-21-2365545147-1999384947-2466353664-500
c:\users\Cate\AppData\Local\Microsoft\Windows\Temporary Internet Files\7J8Rdg.jpg
c:\users\Cate\AppData\Local\Microsoft\Windows\Temporary Internet Files\G2EWK08OV.jpg
c:\users\Cate\AppData\Local\Microsoft\Windows\Temporary Internet Files\N0o2G.jpg
c:\users\Cate\AppData\Local\Microsoft\Windows\Temporary Internet Files\QS5v51X.jpg
c:\users\Cate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor
c:\users\Cate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Antimalware Doctor.lnk
c:\users\Cate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Uninstall.lnk
c:\windows\eSellerateEngine.dll
c:\windows\Fonts\STATS.TTF
c:\windows\SW_Win3112X32.DLL
c:\windows\system32\ccrpTmr6.dll
c:\windows\system32\ni718yb.dll
c:\windows\system32\prsgrc.dll
.
((((((((((((((((((((((((( Files Created from 2010-03-22 to 2010-04-22 )))))))))))))))))))))))))))))))
.
2010-04-22 09:58 . 2010-04-22 09:58
d
w- c:\users\Default\AppData\Local\temp
2010-04-21 19:48 . 2010-04-21 19:48
d
w- c:\users\Cate\AppData\Roaming\Malwarebytes
2010-04-21 19:47 . 2010-03-29 23:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-21 19:47 . 2010-04-21 19:47
d
w- c:\program files\Malwarebytes' Anti-Malware
2010-04-21 19:47 . 2010-04-21 19:47
d
w- c:\programdata\Malwarebytes
2010-04-21 19:47 . 2010-03-29 23:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-19 20:38 . 2010-02-18 14:54 3502480 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-19 20:38 . 2010-02-18 14:54 3468168 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-19 20:11 . 2010-02-23 13:14 211968 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-19 20:11 . 2010-02-23 13:14 58368 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-19 20:11 . 2010-02-23 13:14 102400 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-19 20:05 . 2010-03-04 19:24 434176 ----a-w- c:\windows\system32\vbscript.dll
2010-04-19 20:05 . 2010-02-18 14:34 213896 ----a-w- c:\windows\system32\drivers\netio.sys
2010-04-19 20:05 . 2010-02-18 11:51 818688 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-19 20:05 . 2010-02-18 14:19 179712 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-19 20:05 . 2010-02-18 14:01 167424 ----a-w- c:\windows\system32\tcpipcfg.dll
2010-04-19 20:05 . 2010-02-18 13:56 416768 ----a-w- c:\windows\system32\IKEEXT.DLL
2010-04-19 20:05 . 2010-02-18 13:56 543232 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2010-04-19 20:05 . 2010-02-18 13:55 317440 ----a-w- c:\windows\system32\BFE.DLL
2010-04-19 20:05 . 2010-02-18 12:04 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-19 20:05 . 2010-02-18 11:51 22016 ----a-w- c:\windows\system32\netiougc.exe
2010-04-19 20:05 . 2010-02-18 11:50 85504 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2010-04-19 20:05 . 2010-02-18 12:04 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2010-04-13 17:39 . 2009-12-23 12:45 171520 ----a-w- c:\windows\system32\wintrust.dll
2010-04-13 17:39 . 2010-01-13 18:23 97792 ----a-w- c:\windows\system32\cabview.dll
2010-04-13 08:12 . 2010-02-12 10:49 293376 ----a-w- c:\windows\system32\browserchoice.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-22 10:00 . 2008-02-25 23:56
d
w- c:\programdata\Kontiki
2010-04-21 23:59 . 2009-02-02 21:25
d
w- c:\programdata\Google Updater
2010-04-21 21:06 . 2009-08-19 09:30
d
w- c:\users\Cate\AppData\Roaming\Spotify
2010-04-21 15:40 . 2008-09-19 18:26
d
w- c:\users\Cate\AppData\Roaming\EndNote
2010-04-20 07:14 . 2006-11-02 11:18
d
w- c:\program files\Windows Mail
2010-04-20 00:05 . 2008-02-26 10:41
d
w- c:\programdata\Microsoft Help
2010-04-07 07:35 . 2008-02-14 15:54
d
w- c:\program files\Google
2010-04-03 07:53 . 2008-02-26 08:55 5216 ----a-w- c:\users\Cate\AppData\Local\d3d9caps.dat
2010-03-24 23:10 . 2008-02-20 23:20 158864 ----a-w- c:\users\Cate\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-10 18:07 . 2008-09-22 21:43
d
w- c:\program files\Movie Maker 2.6
2010-03-09 16:54 . 2010-03-31 12:29 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-09 16:50 . 2010-03-31 12:29 56320 ----a-w- c:\windows\system32\iesetup.dll
2010-03-09 16:50 . 2010-03-31 12:29 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-09 16:50 . 2010-03-31 12:29 52736 ----a-w- c:\windows\AppPatch\iebrshim.dll
2010-03-09 16:48 . 2010-03-31 12:29 72704 ----a-w- c:\windows\system32\admparse.dll
2010-03-09 14:17 . 2010-03-31 12:29 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2010-03-09 12:43 . 2010-03-31 12:29 48128 ----a-w- c:\windows\system32\mshtmler.dll
2010-03-05 18:39 . 2010-03-04 20:04
d
w- c:\users\Cate\AppData\Roaming\6515CCEC46E3351DEEDDDCA8B543E433
2010-02-28 23:13 . 2009-06-12 01:20
d
w- c:\users\Cate\AppData\Roaming\SigmaPlot 11.0
2010-02-27 17:53 . 2009-05-08 17:23
d
w- c:\users\Cate\AppData\Roaming\FileZilla
2010-02-26 16:50 . 2010-02-26 16:50
d
w- c:\program files\XLS Converter
2010-02-26 16:14 . 2010-02-26 16:14
d
w- c:\program files\Softinterface, Inc
2010-02-25 11:12 . 2010-02-25 11:12
d
w- c:\program files\Tilia
2010-02-24 09:16 . 2009-10-11 15:24 181632
w- c:\windows\system32\MpSigStub.exe
2010-02-23 15:58 . 2008-02-14 15:47
d--h--w- c:\program files\InstallShield Installation Information
2010-02-23 15:58 . 2010-02-23 14:00
d
w- c:\program files\statistiXL
2010-02-23 15:46 . 2010-02-23 15:46
d
w- c:\program files\XLMiner3
2010-02-23 15:02 . 2010-02-23 15:02
d
w- c:\program files\EisenSoftware
2010-02-23 14:30 . 2009-02-23 23:22 148 ----a-w- c:\programdata\SafeNet Sentinel\Sentinel RMS Development Kit\System\prsgrc.dll
2010-02-23 11:57 . 2010-02-23 11:57
d
w- c:\program files\WinSTAT
2010-02-17 11:29 . 2010-02-17 11:29 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbC89F.tmp.exe
2010-01-25 12:58 . 2010-02-24 09:45 473088 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:58 . 2010-02-24 09:45 154624 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:58 . 2010-02-24 09:45 154112 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:58 . 2010-02-24 09:45 472576 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 12:56 . 2010-02-24 09:45 312320 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:36 . 2010-02-24 09:45 435712 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-25 08:36 . 2010-02-24 09:45 515584 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:36 . 2010-02-24 09:45 431104 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:35 . 2010-02-24 09:45 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-23 08:05 . 2010-02-24 09:45 2048 ----a-w- c:\windows\system32\tzres.dll
2009-12-02 00:00 . 2009-12-02 00:00 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-02-14 23:33 . 2008-02-14 23:25 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 13:01 1230080 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"kdx"="c:\program files\Kontiki\KHost.exe" [2007-04-23 1032640]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-02-24 1232896]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-14 68856]
"Google Update"="c:\users\Cate\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-09-02 133104]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-06-02 24264488]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-02-14 1006264]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-25 17920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-11 4452352]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [2008-02-14 77824]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-12-02 30192]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"4oD"="c:\program files\Kontiki\KHost.exe" [2007-04-23 1032640]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656]
"NSLauncher"="c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-09-07 3100672]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-03-19 2046816]
"five Media Manager Tray"="c:\program files\Entriq\MediaSphere\EntriqMediaTray.exe" [2008-05-21 368640]
"kdx"="c:\program files\Kontiki\KHost.exe" [2007-04-23 1032640]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"NokiaMusic FastStart"="c:\program files\Nokia\Nokia Music\NokiaMusic.exe" [2009-07-22 2331936]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-03-29 1086856]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe [2008-4-28 1750360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
R2 gupdate1c9857d1ef7b472;Google Update Service (gupdate1c9857d1ef7b472);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-02 133104]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-12-02 30192]
R4 msvsmon80;Visual Studio 2005 Remote De!!!!!!;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote De!!!!!!\x86\msvsmon.exe [2007-02-22 2808664]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-08-17 335240]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-08-17 297752]
S3 netr73;Belkin Wireless 54G USB Network Adapter Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2010-01-11 464384]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Contents of the 'Scheduled Tasks' folder
2010-04-21 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-02-14 09:31]
2010-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-02 21:27]
2010-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-02 21:27]
2010-04-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1634532723-2461856881-3736818844-1000Core.job
- c:\users\Cate\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-02 19:24]
2010-04-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1634532723-2461856881-3736818844-1000UA.job
- c:\users\Cate\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-02 19:24]
2010-03-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-21 11:22]
2010-04-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-21 11:22]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=1080214
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://bq.bp.2020.net/Core/Player/2020PlayerAX_Win32.cab
DPF: {DAF94F73-2AA6-44D8-A562-A28831820D34} - hxxp://www.pixum.co.uk/apps/EasyUploadX.cab
FF - ProfilePath - c:\users\Cate\AppData\Roaming\Mozilla\Firefox\Profiles\bgfb7aob.default\
FF - prefs.js: browser.search.selectedEngine - Google Desktop
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://www.winwithlivesearch.com/results.aspx?mkt=en-GB&FORM=MICUAQ&q=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\program files\Entriq\MediaSphere\3.8.2.9\npEntriqMediaMozillaPlugin.dll
FF - plugin: c:\program files\Entriq\MediaSphere\3.8.2.9\npEntriqVersionCheckMozillaPlugin.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\users\Cate\AppData\Local\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\users\Cate\AppData\Roaming\Mozilla\plugins\npicaN.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
HKCU-Run-dbf70700.exe - c:\users\Cate\AppData\Roaming\6515CCEC46E3351DEEDDDCA8B543E433\dbf70700.exe
HKLM-Run-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
HKLM-Run-F5D7050v3 - c:\program files\Belkin\F5D7050v3\Belkinwcui.exe
SafeBoot-MCODS
AddRemove-Convert XLS_is1 - c:\program files\Softinterface
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-22 10:59
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-04-22 11:02:18
ComboFix-quarantined-files.txt 2010-04-22 10:02
Pre-Run: 187,157,069,824 bytes free
Post-Run: 190,653,136,896 bytes free
- - End Of File - - 070A529DFD17E3DFA7F1844812D388DA
:ABeing Thrifty Gifty again this year:A
0 -
this is what combo came out with
:ABeing Thrifty Gifty again this year:A
0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.9K Banking & Borrowing
- 253.9K Reduce Debt & Boost Income
- 454.7K Spending & Discounts
- 246K Work, Benefits & Business
- 602.1K Mortgages, Homes & Bills
- 177.8K Life & Family
- 259.9K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards