We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Google redirect - help please!
Comments
-
Thanks Rik. Here's the latest log:
ComboFix 10-06-23.01 - home 23/06/2010 18:27:46.2.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.44.1033.18.2046.1161 [GMT 1:00]
Running from: c:\users\home\Downloads\QWERTY.exe
Command switches used :: c:\users\home\Documents\CFScript.txt
AV: BullGuard Antivirus *On-access scanning disabled* (Outdated) {7A9BB333-8EDF-4FDC-A2A5-1A30FA021913}
FW: BullGuard Firewall *enabled* {2AEF4CB6-61B5-4E60-AF22-D95E75B63FA1}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
FILE ::
"c:\users\home\AppData\Roaming\irprops2.dll"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\home\AppData\Roaming\irprops2.dll
.
((((((((((((((((((((((((( Files Created from 2010-05-23 to 2010-06-23 )))))))))))))))))))))))))))))))
.
2010-06-23 17:33 . 2010-06-23 17:33
d
w- c:\users\Public\AppData\Local\temp
2010-06-23 17:33 . 2010-06-23 17:33
d
w- c:\users\Default\AppData\Local\temp
2010-06-23 17:24 . 2010-06-23 17:24
d
w- C:\32788R22FWJFW
2010-06-16 20:49 . 2010-06-16 20:49
d
w- c:\program files\CCleaner
2010-06-15 19:39 . 2010-06-15 19:39
d
w- c:\users\home\AppData\Roaming\Malwarebytes
2010-06-15 19:39 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-15 19:39 . 2010-06-15 19:39
d
w- c:\program files\Malwarebytes' Anti-Malware
2010-06-15 19:39 . 2010-06-15 19:39
d
w- c:\programdata\Malwarebytes
2010-06-15 19:39 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-15 12:43 . 2010-04-12 16:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-14 22:48 . 2010-04-06 09:13 459600 ----a-w- c:\programdata\BullGuard\Update\Bin\libxml2.dll
2010-06-14 22:48 . 2010-06-15 12:14 348480 ----a-w- c:\programdata\BullGuard\Update\Download\APPDIR\BullGuardUpdate.exe
2010-06-14 22:48 . 2010-06-15 12:14 348480 ----a-w- c:\programdata\BullGuard\Update\Bin\BullGuardUpdate.exe
2010-06-14 22:48 . 2010-02-25 15:43 67920 ----a-w- c:\programdata\BullGuard\Update\Bin\zlib1.dll
2010-06-14 22:48 . 2010-02-25 15:43 983376 ----a-w- c:\programdata\BullGuard\Update\Bin\libeay32.dll
2010-06-14 22:48 . 2010-02-25 15:43 190800 ----a-w- c:\programdata\BullGuard\Update\Bin\libcurl.dll
2010-06-14 22:48 . 2010-02-25 15:43 55120 ----a-w- c:\programdata\BullGuard\Update\Bin\libbz2.dll
2010-06-14 22:44 . 2010-06-14 22:47
d
w- c:\users\home\AppData\Roaming\BullGuard
2010-06-14 22:38 . 2010-06-23 16:57
d
w- c:\programdata\BullGuard
2010-06-14 22:38 . 2010-06-14 22:38
d
w- c:\program files\BullGuard Ltd
2010-06-14 19:51 . 2010-06-22 19:26
d
w- c:\programdata\Spybot - Search & Destroy
2010-06-14 19:51 . 2010-06-14 19:51
d
w- c:\program files\Spybot - Search & Destroy
2010-06-10 18:35 . 2010-06-10 18:35
d
w- c:\program files\Common Files\Adobe Systems Shared
2010-06-09 17:09 . 2010-06-09 17:09
d
w- c:\users\home\AppData\Roaming\AdobeUM
2010-06-09 17:08 . 2010-06-09 17:08
d
w- c:\programdata\Adobe Systems
2010-06-05 08:22 . 2010-06-05 08:22 501872 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb37E4.tmp.exe
2010-05-31 00:10 . 2010-06-14 22:18
d
w- c:\users\home\AppData\Roaming\Bycea
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-23 16:55 . 2007-11-24 17:51
d
w- c:\program files\Lx_cats
2010-06-23 08:50 . 2009-06-03 22:36 1 ----a-w- c:\users\home\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-06-22 18:46 . 2008-02-24 22:22
d
w- c:\program files\Coupon Printer
2010-06-21 21:20 . 2008-02-12 12:13
d
w- c:\program files\Common Files\Adobe
2010-06-16 21:17 . 2007-08-16 13:35
d
w- c:\program files\Common Files\Symantec Shared
2010-06-16 21:13 . 2009-12-01 22:42
d
w- c:\programdata\Norton
2010-06-16 21:13 . 2007-08-16 13:36
d
w- c:\programdata\Symantec
2010-06-15 12:51 . 2007-12-13 20:52
d
w- c:\program files\Common Files\Java
2010-06-15 12:35 . 2007-11-03 16:11
d
w- c:\users\home\AppData\Roaming\Packard Bell
2010-06-14 23:45 . 2010-05-01 08:55
d
w- c:\users\home\AppData\Roaming\751AC99436829F9D9922F40CDB08F4B3
2010-06-14 23:00 . 2010-06-14 23:00 77824 ----a-w- c:\programdata\BullGuard\Update\Download\AVDEFS\bdupd.dll
2010-06-14 23:00 . 2010-06-14 23:00 246608 ----a-w- c:\programdata\BullGuard\Update\Download\APPDIR\Antiphishing\IE\BGToolBand.dll
2010-06-14 23:00 . 2010-06-14 23:00 75088 ----a-w- c:\programdata\BullGuard\Update\Download\APPDIR\Support\BgRaHook.dll
2010-06-14 22:36 . 2008-05-25 02:34
d
w- c:\users\home\AppData\Roaming\Xeat
2010-06-14 20:29 . 2006-11-02 12:37
d
w- c:\program files\Microsoft Games
2010-06-14 19:35 . 2008-04-10 09:04
d
w- c:\users\home\AppData\Roaming\InstallShield
2010-06-11 08:33 . 2007-11-03 16:11 89176 ----a-w- c:\users\home\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-21 13:14 . 2009-10-03 08:04 221568
w- c:\windows\system32\MpSigStub.exe
2010-05-20 21:29 . 2007-11-03 21:24
d
w- c:\users\home\AppData\Roaming\Skype
2010-05-20 16:35 . 2009-05-10 18:43
d
w- c:\users\home\AppData\Roaming\skypePM
2010-05-12 20:17 . 2010-05-12 20:17
d
w- c:\users\home\AppData\Roaming\GetRightToGo
2010-05-02 19:37 . 2008-05-06 08:53
d
w- c:\program files\McDonaldsDragons
2010-05-01 13:30 . 2009-08-15 13:34 680 ----a-w- c:\users\home\AppData\Local\d3d9caps.dat
2010-04-28 09:41 . 2010-04-28 09:41 55888 ----a-w- c:\windows\system32\drivers\BdSpy.sys
2010-04-23 10:19 . 2010-04-23 10:19 98128 ----a-w- c:\windows\system32\BgGamingMonitor.dll
2010-03-28 10:26 . 2010-03-06 10:27 439816 ----a-w- c:\users\home\AppData\Roaming\Real\Update\setup3.10\setup.exe
2010-03-26 09:33 . 2010-05-01 07:53 1496064 ----a-w- c:\users\home\AppData\Roaming\Mozilla\Firefox\Profiles\h90ark01.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-03-26 09:33 . 2010-05-01 07:53 43008 ----a-w- c:\users\home\AppData\Roaming\Mozilla\Firefox\Profiles\h90ark01.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-03-26 09:33 . 2010-05-01 07:53 339456 ----a-w- c:\users\home\AppData\Roaming\Mozilla\Firefox\Profiles\h90ark01.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-03-26 09:32 . 2010-05-01 07:53 346112 ----a-w- c:\users\home\AppData\Roaming\Mozilla\Firefox\Profiles\h90ark01.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-12-10 22:48 . 2009-12-10 22:48 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2007-08-16 22:01 . 2007-08-16 22:01 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((( [EMAIL="SnapShot@2010-06-23_10.49.51"]SnapShot@2010-06-23_10.49.51[/EMAIL] )))))))))))))))))))))))))))))))))))))))))
.
- 2010-06-23 09:18 . 2010-06-23 09:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-06-23 16:55 . 2010-06-23 16:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-06-23 16:55 . 2010-06-23 16:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-06-23 09:18 . 2010-06-23 09:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-10 1232896]
"SmpcSys"="c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe" [2007-05-03 1116728]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-26 39408]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" [2006-03-30 313472]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-08-16 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 4390912]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-04-12 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-12 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-12 81920]
"HostManager"="c:\program files\Common Files\AOL\1187270995\ee\AOLSoftware.exe" [2006-11-14 50736]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 232184]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-12-10 30192]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-02-21 366400]
"toolbar_eula_launcher"="c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 28672]
"LXCECATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCEtime.dll" [2005-07-20 73728]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"tsnp2std"="c:\windows\tsnp2std.exe" [2007-01-05 258048]
"snp2std"="c:\windows\vsnp2std.exe" [2006-09-15 675840]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-12-04 198160]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"BullGuard"="c:\program files\BullGuard Ltd\BullGuard\BullGuard.exe" [2010-06-15 2071360]
c:\users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2010-6-10 25214]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\BgGamingMonitor.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsMain]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2009-03-03 266240]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 135664]
R2 SrvCDEject;SrvCDEject;c:\program files\Packard Bell\SrvCDEject.exe [2006-07-25 613376]
R3 BgRaSvc;BgRaSvc;c:\program files\BullGuard Ltd\BullGuard\Support\BgRaSvc.exe [2010-06-15 122688]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-12-10 30192]
S1 afw;Agnitum Firewall Driver;c:\windows\system32\DRIVERS\afw.sys [2009-12-04 29208]
S1 BdSpy;BdSpy;c:\windows\system32\DRIVERS\BdSpy.sys [2010-04-28 55888]
S2 BsBrowser;BullGuard antiphishing service;c:\windows\System32\SvcHost.exe [2006-11-02 22016]
S2 BsFileScan;BullGuard on-access service;c:\windows\System32\SvcHost.exe [2006-11-02 22016]
S2 BsFire;BullGuard firewall service;c:\windows\System32\SvcHost.exe [2006-11-02 22016]
S2 BsMailProxy;BullGuard e-mail monitoring service;c:\windows\System32\SvcHost.exe [2006-11-02 22016]
S2 BsMain;BullGuard main service;c:\windows\System32\SvcHost.exe [2006-11-02 22016]
S2 BsUpdate;BullGuard update service;c:\program files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [2010-06-15 348480]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 3xHybrid;ASUSTek SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybrid.sys [2007-01-16 1116800]
S3 afwcore;afwcore;c:\windows\system32\DRIVERS\afwcore.sys [2009-12-04 318488]
S3 BsScanner;BullGuard scanning service;c:\program files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [2010-06-15 301376]
S3 X10Hid;X10 Hid Device;c:\windows\system32\Drivers\x10hid.sys [2006-11-17 13976]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
BullGuard_Main REG_MULTI_SZ BsMain
BullGuard REG_MULTI_SZ BsFileScan BsMailProxy BsFire
BullGuard_LowPriv REG_MULTI_SZ BsBrowser
.
Contents of the 'Scheduled Tasks' folder
2010-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 10:43]
2010-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 10:43]
2007-11-10 c:\windows\Tasks\PBReg.job
- c:\program files\HDReg\HDRegApp.exe [2005-06-21 12:05]
2007-12-18 c:\windows\Tasks\PBRegbk.job
- c:\program files\HDReg\HDRegApp.exe [2005-06-21 12:05]
2010-06-23 c:\windows\Tasks\Recovery DVD Creator.job
- c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2007-08-16 16:34]
.
.
Supplementary Scan
.
uStart Page = hxxp://format.packardbell.com/cgi-bin/redirect/?country=UK&range=AD&phase=8&key=IESTART
mStart Page = hxxp://www.myaolbroadband.co.uk
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
LSP: c:\windows\system32\BGLsp.dll
DPF: {05CDEE1D-D109-4992-B72B-6D4F5E2AB731} - hxxp://static.photobox.co.uk/sg/common/ImageUploader4.cab
FF - ProfilePath - c:\users\home\AppData\Roaming\Mozilla\Firefox\Profiles\h90ark01.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://rmsurveys.research-int.com/
FF - component: c:\program files\BullGuard Ltd\BullGuard\Antiphishing\FF\antiphishing@bullguard\components\BGFFComponent.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\users\home\AppData\Roaming\Mozilla\Firefox\Profiles\h90ark01.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPcol308.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npcsau7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\users\home\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-23 18:33
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCECATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
scanning hidden files ...
c:\users\home\AppData\Local\Temp\catchme.dll 53248 bytes executable
scan completed successfully
hidden files: 1
**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_USERS\S-1-5-21-601384330-350029153-2478979763-1002\Software\SecuROM\License information*]
"datasecu"=hex:a1,8e,fe,cf,56,be,9f,1a,13,00,97,f7,06,9e,ca,9c,dc,25,31,46,af,
bf,7d,c6,1a,a8,c7,3f,87,b0,e2,e3,e5,01,0f,a1,41,1d,1c,aa,bb,41,e4,1c,4d,64,\
"rkeysecu"=hex:ef,38,ed,d3,01,09,ab,41,fc,87,1c,6c,40,aa,27,2f
.
Completion time: 2010-06-23 18:35:21
ComboFix-quarantined-files.txt 2010-06-23 17:35
ComboFix2.txt 2010-06-23 10:51
Pre-Run: 231,216,787,456 bytes free
Post-Run: 231,209,824,256 bytes free
- - End Of File - - BCFDAA82BF56D1538E8EBD9F79E7666E0 -
I would just do what alienRIK advises (and not run superantispyware). You are in very safe hands!0
-
Hows it running now?:idea:0
-
It seems to be working fine. Is there anything else I need to do?
Many thanks for your help and your time AlienRik, and Grandmaster too.0 -
Oh, and you mentioned firewalls. Which one would you recommend I go for?0
-
The problem is that whilst you have bullguard on your system, you cant install another one. Its possible you could disable it and use windows, but I cant guarantee that would work either.
So you need to decide if your willing to uninstall Bullguard first
As for the computer, if you say its fine then im happy
Id give it a spring clean too though ~
Download CCLEANER
http://www.piriform.com/ccleaner/download/slim
Run the CLEANER scan (UNTICK 'cookies')
Then run the REGISTRY scan (Backup the registry when it asks):idea:0 -
I've got Bullguard on a free trial so am quite happy to uninstall it. I only got it because it actually found the virus, whereas Norton (which is what I had before) didn't even pick it up.
I'll do a search and see what AV is recommended as I hate to be taking up so much of your time.
Thanks very much again, I really really appreciate it. :staradmin
Once I've done the CCleaner, do you think I'd be safe to use internet banking again? (sorry, yet another question!)0 -
Id recommend a free av
AVAST, AVIRA or MSE
The best free firewall at the moment (Well the top firewall, period) is COMODO:idea:0 -
Internet banking ~
Personally id recommend you use FIREFOX with the NOSCRIPT plugin to protect yourself as much as possible from web based trojans and page redirects:idea:0 -
Am trying to download the Noscript, but it's coming up with an error message:
What do I do?Firefox could not install the file at
https://addons.mozilla.org/en-US/firefox/downloads/latest/722/addon-722-latest.xpi?src=addondetail
because: Invalid file hash (possible download corruption)
-261
0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 350.4K Banking & Borrowing
- 252.9K Reduce Debt & Boost Income
- 453.3K Spending & Discounts
- 243.4K Work, Benefits & Business
- 598K Mortgages, Homes & Bills
- 176.6K Life & Family
- 256.5K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards