We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
computer virus help asap
Comments
-
How can I stop pop ups?0
-
You nned to follow my guide. Once you have done so, we can look at any other problems.0
-
Malwarebytes' Anti-Malware 1.46
https://www.malwarebytes.org
Database version: 4532
Windows 6.0.6000 (Safe Mode)
Internet Explorer 7.0.6000.17037
02/09/2010 21:38:23
mbam-log-2010-09-02 (21-38-23).txt
Scan type: Quick scan
Objects scanned: 139715
Time elapsed: 6 minute(s), 58 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\Typelib\{a57470de-14c7-4fcd-9d4c-e5711f24f0ed} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\HostOL.MailAnim (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\wnxmal (Rogue.SecuritySuite) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\scmypjml (Rogue.SecuritySuite) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Users\Kimberley\AppData\Local\upndefbug\nqngvdmshdw.exe (Rogue.SecuritySuite) -> Quarantined and deleted successfully.
C:\Users\Kimberley\AppData\Local\temp\2.9926746980440414E8.exe (Rogue.SecuritySuite) -> Quarantined and deleted successfully.0 -
I strongly suggest you run a FULL scan - your results show a fake antivirus, so first step now is a full mbam scan. Again, delete all it finds and post the log back here. I suspect combofix and hostsexpert could be needed later, but one step at a time
......Gettin' There, Wherever There is......
I have a dodgy "i" key, so ignore spelling errors due to "i" issues, ...I blame Apple
0 -
Well done Kimberley, you should feel pretty pleased with yourself ~ trying to understand the techie guys is no mean feat. They are mega helpful in this forum, but speak a foreign language a lot of the time.
Well done chaps for getting Kimberley sorted.I ave a dodgy H, so sometimes I will sound dead common, on occasion dead stupid and rarely, pig ignorant. Sometimes I may be these things, but I will always blame it on my dodgy H.
Sorry, I'm a bit of a grumble weed today, no offence intended ... well it might be, but I'll be sorry.0 -
Full System Scan
Malwarebytes' Anti-Malware 1.46
https://www.malwarebytes.org
Database version: 4532
Windows 6.0.6000
Internet Explorer 7.0.6000.17037
02/09/2010 23:28:52
mbam-log-2010-09-02 (23-28-52).txt
Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 261400
Time elapsed: 59 minute(s), 18 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)0 -
So, you should now be able to access the net ok, as you've updated mbam. I would suggest following aLiEnRIK's concise instructions to run combofix as a belt'n'braces measure:-
Please run COMBOFIX
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Shut down your anti virus
Follow the simple instructions it gives
Post the COMPLETE log it creates here (Split into sections if need be) ~ if there are loads of 'SNAPSHOT' pages then leave them out
If it comes up with a RENAMING error then RIGHT click the exe file and RENAME and call it QWERTY (Making the complete file name 'QWERTY.exe') Or SAVE as 'QWERTY' on download
(If no log comes up or you lose it, COMBOFIX.TXT can be found in C drive)......Gettin' There, Wherever There is......
I have a dodgy "i" key, so ignore spelling errors due to "i" issues, ...I blame Apple0 -
Here it is
ComboFix 10-09-01.04 - Kimberley 02/09/2010 23:57:40.4.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.44.1033.18.1013.425 [GMT 1:00]
Running from: c:\users\Kimberley\Downloads\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Kimberley\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1437.tmp
c:\users\Kimberley\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1A32.tmp
c:\users\Kimberley\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1C0.tmp
c:\users\Kimberley\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1EBE.tmp
c:\users\Kimberley\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc266C.tmp
c:\users\Kimberley\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2D4E.tmp
c:\users\Kimberley\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3AD2.tmp
c:\users\Kimberley\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3B76.tmp
c:\users\Kimberley\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3E01.tmp
c:\users\Kimberley\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3FA3.tmp
c:\users\Kimberley\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4E03.tmp
c:\users\Kimberley\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4F33.tmp
c:\users\Kimberley\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc54C8.tmp
c:\users\Kimberley\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5622.tmp
c:\users\Kimberley\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc563.tmp
c:\users\Kimberley\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5A4B.tmp
c:\users\Kimberley\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5F18.tmp
c:\users\Kimberley\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5F53.tmp
c:\users\Kimberley\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc62F7.tmp
c:\users\Kimberley\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6303.tmp
c:\users\Kimberley\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc654F.tmp
c:\users\Kimberley\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc665D.tmp
c:\users\Kimberley\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6CC0.tmp
c:\users\Kimberley\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc76C7.tmp
c:\users\Kimberley\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7C59.tmp
c:\users\Kimberley\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc82EF.tmp
c:\users\Kimberley\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc84B1.tmp
c:\users\Kimberley\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8991.tmp
c:\users\Kimberley\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8C30.tmp
c:\users\Kimberley\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9460.tmp
c:\users\Kimberley\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9815.tmp
c:\users\Kimberley\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9A2F.tmp
c:\users\Kimberley\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9DD1.tmp
c:\users\Kimberley\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9FED.tmp
c:\users\Kimberley\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA4BF.tmp
c:\users\Kimberley\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA5E8.tmp
c:\users\Kimberley\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccACAB.tmp
c:\users\Kimberley\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB53D.tmp
c:\users\Kimberley\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB543.tmp
c:\users\Kimberley\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBCA1.tmp
c:\users\Kimberley\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBEAF.tmp
c:\users\Kimberley\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC068.tmp
c:\users\Kimberley\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC06D.tmp
c:\users\Kimberley\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC183.tmp
c:\users\Kimberley\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC1F4.tmp
c:\users\Kimberley\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC373.tmp
c:\users\Kimberley\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC500.tmp
c:\users\Kimberley\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC803.tmp
c:\users\Kimberley\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCBF2.tmp
c:\users\Kimberley\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD53F.tmp
c:\users\Kimberley\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDB3C.tmp
c:\users\Kimberley\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDB69.tmp
c:\users\Kimberley\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDBC4.tmp
c:\users\Kimberley\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE3B.tmp
c:\users\Kimberley\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE825.tmp
c:\users\Kimberley\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE93C.tmp
c:\users\Kimberley\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccEC0E.tmp
c:\users\Kimberley\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccEC1F.tmp
c:\users\Kimberley\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccEF95.tmp
.
((((((((((((((((((((((((( Files Created from 2010-08-02 to 2010-09-02 )))))))))))))))))))))))))))))))
.
2010-09-02 23:07 . 2010-09-02 23:07
d
w- c:\users\Kimberley\AppData\Local\temp
2010-09-02 23:07 . 2010-09-02 23:07
d
w- c:\users\Public\AppData\Local\temp
2010-09-02 23:07 . 2010-09-02 23:07
d
w- c:\users\Default\AppData\Local\temp
2010-09-02 22:53 . 2010-09-02 22:54
d
w- C:\32788R22FWJFW
2010-09-02 09:34 . 2010-09-02 20:38
d
w- c:\users\Kimberley\AppData\Local\upndefbug
2010-08-13 08:26 . 2010-08-13 08:26
d
w- C:\68c09c98585b62d435
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-02 22:52 . 2008-06-24 17:03
d
w- c:\users\Kimberley\AppData\Roaming\SiteAdvisor
2010-09-02 21:12 . 2010-02-20 10:39
d
w- c:\programdata\avg9
2010-09-02 20:27 . 2008-09-17 18:02
d
w- c:\program files\Malwarebytes' Anti-Malware
2010-07-21 08:14 . 2010-07-21 08:14
d
w- c:\programdata\Lexmark 3600-4600 Series
2010-06-12 15:45 . 2010-06-12 15:45 50354 ----a-w- c:\users\Kimberley\AppData\Roaming\Facebook\uninstall.exe
2010-06-09 10:45 . 2010-06-09 10:45 5591040 ----a-w- c:\users\Kimberley\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
2007-08-15 05:54 . 2007-08-15 05:53 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-08-15 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-14 4452352]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-20 136600]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-03-16 17920]
"DSLSTATEXE"="c:\program files\BT Voyager 105 ADSL Modem\dslstat.exe" [2004-04-27 1716308]
"DSLAGENTEXE"="c:\program files\BT Voyager 105 ADSL Modem\dslagent.exe" [2004-02-20 77824]
"MMTray"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2002-05-20 90112]
"LXCECATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCEtime.dll" [2007-02-22 73728]
"lxcemon.exe"="c:\program files\Lexmark 4300 Series\lxcemon.exe" [2007-05-17 205744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"lxdxmon.exe"="c:\program files\Lexmark 3600-4600 Series\lxdxmon.exe" [2008-03-20 668328]
"lxdxamon"="c:\program files\Lexmark 3600-4600 Series\lxdxamon.exe" [2008-03-20 16040]
"ZPLED"="c:\program files\Wireless\RF Keyboard\1.0\ZPKBDLED.exe" [2006-02-21 347648]
"btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2009-12-07 1584640]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Philips Device Manager.lnk - c:\program files\Philips\SA28XX Device Manager\main.exe [2008-11-11 7696118]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2010-06-16 13:56 16680 ----a-w- c:\program files\Citrix\GoToAssist\570\g2awinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk
backup=c:\windows\pss\Microsoft Office OneNote 2003 Quick Launch.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^Kimberley^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^IMVU.lnk]
path=c:\users\Kimberley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk
backup=c:\windows\pss\IMVU.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2007-08-14 22:24 1862144 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2007-07-25 15:02 563984 ----a-w- c:\program files\Common Files\logishrd\LComMgr\Communications_Helper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2007-07-25 15:06 2027792 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2006-11-05 10:22 221184 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
R2 gupdate1c9a8d23339d43b;Google Update Service (gupdate1c9a8d23339d43b);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 ActionReplayDS;ActionReplayDS;c:\windows\system32\Drivers\ActionReplayDS.sys [2007-02-08 29184]
S2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe [2008-02-28 594600]
S2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxdxserv.exe [2008-02-28 98984]
S4 AVGIDSDrivervtx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSDriver.sys [x]
S4 AVGIDSFiltervtx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSFilter.sys [x]
S4 AVGIDSShimvtx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSShim.sys [x]
S4 AvgRkx86;avgrkx86.sys;c:\windows\system32\Drivers\avgrkx86.sys [x]
S4 AvgTdiX;AVG Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [x]
--- Other Services/Drivers In Memory ---
*Deregistered* - AVGIDSErHrvtx
*Deregistered* - AvgLdx86
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Contents of the 'Scheduled Tasks' folder
2010-09-01 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-19 13:34]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.crawler.com/homepage.aspx?tbid=60181
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:6092
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\Kimberley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
FF - ProfilePath - c:\users\Kimberley\AppData\Roaming\Mozilla\Firefox\Profiles\wrxh1df8.default\
FF - prefs.js: browser.search.selectedEngine - Inbox Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ig?hl=en
FF - prefs.js: keyword.URL - hxxp://uk.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_uk&p=
FF - plugin: c:\program files\Common Files\Motive\npMotive.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1508.6312\npCIDetect13.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npBTEmailConfig.dll
FF - plugin: c:\program files\Opera\program\plugins\np_gp.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Kimberley\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-03 00:07
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCECATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-09-03 00:12:37
ComboFix-quarantined-files.txt 2010-09-02 23:12
ComboFix2.txt 2010-07-03 11:45
ComboFix3.txt 2010-07-03 08:33
Pre-Run: 96,656,973,824 bytes free
Post-Run: 96,724,348,928 bytes free
- - End Of File - - CD16CCE3F2D7936F9F03E27807F258A00 -
Is it better to buy a full anti virus protection? Avast have an offer until 6th sept half price full protection at £270
-
use the free one, after uninstalling avg!!
> . !!!! ----> .0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.2K Banking & Borrowing
- 253.6K Reduce Debt & Boost Income
- 454.3K Spending & Discounts
- 245.3K Work, Benefits & Business
- 601K Mortgages, Homes & Bills
- 177.5K Life & Family
- 259.1K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards