Jump to content

WarZone

Members
  • Posts

    19
  • Joined

  • Last visited

Reputation

0 Neutral
  1. I have had very serious problems with loading Windows XP so I have not been able to get onto the Internet. Just managed now. Main Issues: Machine freezes Mouse and pointer not functioning properly If I manage to load Windows, it could take 30 min Typing is a horror - pointer is not stable
  2. Hi & Many Thanks ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK esets_scanner_update returned -1 esets_gle=53251 # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6419 # api_version=3.0.2 # EOSSerial=04a1e973a06ad34a890130796efec372 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2011-01-03 01:08:31 # local_time=2011-01-03 01:08:31 (+0000, GMT Standard Time) # country="United Kingdom" # lang=9 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 60158513 60158513 0 0 # compatibility_mode=1032 16777173 100 95 53602 37299671 0 0 # compatibility_mode=4352 16777215 100 0 0 0 0 0 # compatibility_mode=6143 16777215 0 0 0 0 0 0 # compatibility_mode=6401 16777213 66 100 12475 5886533 0 0 # compatibility_mode=8192 67108863 100 0 10308 10308 0 0 # scanned=127964 # found=3 # cleaned=3 # scan_time=7636 C:\Program Files\TestDirector\bin\VCSBin\Utils\ExamDiff\ExamDiff.exe a variant of Win32/Packed.PECrypt32.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Documents and Settings\Comet\Local Settings\Application Data\{3E1E4A70-E00D-45D5-A3EE-9F67764F6FF1}\chrome\content\overlay.xul.vir probably a variant of Win32/Agent.NVQFFQI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP298\A0123280.exe a variant of Win32/Packed.PECrypt32.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C ----------------------------------------------------- Results of screen317's Security Check version 0.99.8 Windows XP Service Pack 3 Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Disabled! AVG 2011 ESET Online Scanner v3 Online Armor 4.5 ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware HijackThis 2.0.2 Java 6 Update 18 Out of date Java installed! Adobe Flash Player 10.0.12.36 Adobe Reader 9.3.1 Out of date Adobe Reader installed! ```````````````````````````````` Process Check: objlist.exe by Laurent ``````````End of Log````````````
  3. DDS log: DDS (Ver_10-12-12.02) - NTFSx86 Run by Comet at 1:22:07.07 on 30/12/2010 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1014.414 [GMT 0:00] AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: Online Armor Firewall *Enabled* ============== Running Processes =============== C:\PROGRA~1\AVG\AVG10\avgchsvx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Tall Emu\Online Armor\OAcat.exe C:\Program Files\Tall Emu\Online Armor\oasrv.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\AVG\AVG10\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\igfxtray.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\Yahoo!\browser\ycommon.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Tall Emu\Online Armor\oaui.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\AVG\AVG10\avgtray.exe C:\Program Files\Tall Emu\Online Armor\OAhlp.exe C:\Program Files\HPQ\SHARED\HPQWMI.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe C:\PROGRA~1\AVG\AVG10\avgrsx.exe C:\Program Files\AVG\AVG10\avgcsrvx.exe C:\Documents and Settings\Comet\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.co.uk/ig?hl=en uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/ uInternet Settings,ProxyOverride = 127.0.0.1;*.local uSearchURL,(Default) = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/ uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll BHO: HelperObject Class: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 8\SnagItBHO.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll BHO: BHOManager Class: {474264bc-9571-47c1-85b9-780f756dc9ce} - c:\windows\system32\BHOManager.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar4.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 8\SnagItIEAddin.dll TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar4.dll TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [soundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe mRun: [AGRSMMSG] AGRSMMSG.exe mRun: [Apoint] c:\program files\apoint2k\Apoint.exe mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe mRun: [YBrowser] c:\progra~1\yahoo!\browser\ybrwicon.exe mRun: [HP Software Update] c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [@OnlineArmor GUI] "c:\program files\tall emu\online armor\oaui.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallati...uot;ver=9.0.872 dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\kunle ex\msdebinn\mssql\binn\sqlmaint.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\progra~1\yahoo!\messen~1\ypager.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL Trusted Zone: premierinn.com\bookings Trusted Zone: yahoo.com Trusted Zone: yahoo.com\login DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} - hxxp://site.ebrary.com/pub/mcgraw-hill/support/plugins/ebraryRdr.cab DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/F/D/9/FD9E437D-5BC8-4264-A093-DFA2C39D197E/LegitCheckControl.cab DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1183664200281 DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab DPF: {98C53984-8BF8-4D11-9B1C-C324FCA9CADE} - hxxp://mylaptop:8080/qcbin/Spider90.ocx DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll Notify: igfxcui - igfxsrvc.dll SEH: ShHook Class: {a5949e07-8536-4625-a3d0-2dd83f559990} - c:\windows\system32\ShellHook.dll SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll SEH: OA Shell Helper: {4f07da45-8170-4859-9b5f-037ef2970034} - c:\progra~1\tallem~1\online~1\oaevent.dll ============= SERVICES / DRIVERS =============== R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728] R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984] R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2010-3-10 223312] R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2010-3-10 24656] R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2010-3-10 29776] R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400] R2 MySQL51;MySQL51;"c:\program files\mysql\mysql server 5.1\bin\mysqld" --defaults-file="c:\program files\mysql\mysql server 5.1\my.ini" mysql51 --> c:\program files\mysql\mysql server 5.1\bin\mysqld [?] R2 OAcat;Online Armor Helper Service;c:\program files\tall emu\online armor\oacat.exe [2010-3-10 1282248] R2 paldrv;paldrv;c:\windows\system32\pal_drv.sys [2007-9-25 10951] R2 SvcOnlineArmor;Online Armor;c:\program files\tall emu\online armor\oasrv.exe [2010-3-10 3291336] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192] S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-11-23 6128208] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-19 136176] S2 TDService;TDService;c:\progra~1\common~1\mercur~1\tdapis~1\tdservice.exe --> c:\progra~1\common~1\mercur~1\tdapis~1\TDService.exe [?] S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592] S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2010-12-30 517448] S3 FLASHREADER;%FLASHREADER.SvcDesc%;c:\windows\system32\drivers\CAUSB.SYS [2006-12-4 68164] =============== File Associations =============== .txt= =============== Created Last 30 ================ 2010-12-30 00:57:21 -------- d-----w- c:\docume~1\comet\applic~1\AVG10 2010-12-30 00:55:47 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files 2010-12-30 00:52:38 -------- d-----w- c:\windows\system32\drivers\AVG 2010-12-30 00:52:38 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10 2010-12-30 00:32:15 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData 2010-12-29 23:31:16 98816 ----a-w- c:\windows\sed.exe 2010-12-29 23:31:16 89088 ----a-w- c:\windows\MBR.exe 2010-12-29 23:31:16 256512 ----a-w- c:\windows\PEV.exe 2010-12-29 23:31:16 161792 ----a-w- c:\windows\SWREG.exe 2010-12-29 22:42:08 -------- d-----w- C:\AVGTemp 2010-12-25 07:37:03 -------- d-----w- c:\docume~1\alluse~1\applic~1\RegCure 2010-12-25 06:29:01 200704 ----a-w- c:\windows\system32\vbalExpBar6.ocx 2010-12-25 06:29:00 44544 ----a-w- c:\windows\system32\GIF89.DLL 2010-12-25 06:28:54 15360 ----a-w- c:\windows\system32\inetfr.DLL 2010-12-25 06:28:54 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL 2010-12-25 06:28:54 119568 ----a-w- c:\windows\system32\VB6FR.DLL 2010-12-25 06:28:53 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL 2010-12-25 06:28:53 -------- d-----w- c:\program files\Free Easy Burner 2010-12-25 06:28:53 -------- d-----w- c:\docume~1\comet\applic~1\FreeBurner 2010-12-15 11:40:42 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys 2010-12-15 11:37:51 45568 ------w- c:\windows\system32\dllcache\wab.exe 2010-12-08 04:12:38 251728 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-12-04 15:33:12 -------- d-----w- c:\program files\List Generator 2010-12-04 10:50:55 -------- d-----w- c:\docume~1\comet\applic~1\code128java 2010-12-04 10:28:11 -------- d-----w- c:\docume~1\comet\locals~1\applic~1\CSomar_Tech 2010-12-04 10:27:24 -------- d-----w- c:\program files\Barcode Maker 2.6 2010-12-04 10:14:10 -------- d-----w- c:\program files\Barcode Generator 2010-12-04 10:11:42 -------- d-----w- c:\program files\Setup 2010-12-04 00:01:37 -------- d-----w- c:\program files\IDAutomation.com Word and Excel Add-in ==================== Find3M ==================== 2010-12-04 10:13:37 249856 ------w- c:\windows\Setup1.exe 2010-12-04 10:13:36 73216 ----a-w- c:\windows\ST6UNST.EXE 2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll 2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll 2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl 2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec 2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys 2010-01-30 11:07:04 29456637 ----a-w- c:\program files\SweetHome3D-2.2-windows.exe 2010-01-28 13:10:25 693800 ----a-w- c:\program files\WindowsXP-Windows2000-Script56-KB917344-x86-enu.exe 2010-01-21 10:46:38 27386256 ----a-w- c:\program files\AdbeRdr930_en_US.exe 2010-01-20 19:22:50 3546726 ----a-w- c:\program files\npp.5.6.4.Installer.exe 2007-07-07 15:07:05 265376 ----a-w- c:\program files\chaosshredder.exe 2007-07-05 21:28:59 21640064 ----a-w- c:\program files\Nokia_PC_Suite_6_84_10_3_eng_web.exe ============= FINISH: 1:28:50.07 ===============
  4. Hi, Could not uninstall AVG but managed to get it sorted. Combofix Log: ComboFix 10-12-28.03 - Comet 29/12/2010 23:36:22.6.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1014.453 [GMT 0:00] Running from: c:\documents and settings\Comet\Desktop\ComboFix.exe FW: Online Armor Firewall *Disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Comet\Local Settings\Application Data\{3E1E4A70-E00D-45D5-A3EE-9F67764F6FF1} c:\documents and settings\Comet\Local Settings\Application Data\{3E1E4A70-E00D-45D5-A3EE-9F67764F6FF1}\chrome.manifest c:\documents and settings\Comet\Local Settings\Application Data\{3E1E4A70-E00D-45D5-A3EE-9F67764F6FF1}\chrome\content\_cfg.js c:\documents and settings\Comet\Local Settings\Application Data\{3E1E4A70-E00D-45D5-A3EE-9F67764F6FF1}\chrome\content\overlay.xul c:\documents and settings\Comet\Local Settings\Application Data\{3E1E4A70-E00D-45D5-A3EE-9F67764F6FF1}\install.rdf c:\documents and settings\Comet\System c:\documents and settings\Comet\System\win_qs8.jqx c:\windows\system32\Oeminfo.ini E:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2010-11-28 to 2010-12-29 ))))))))))))))))))))))))))))))) . 2010-12-29 23:03 . 2010-12-29 23:21 -------- d-----w- c:\documents and settings\Administrator 2010-12-29 22:42 . 2010-12-29 22:42 -------- d-----w- C:\AVGTemp 2010-12-25 07:37 . 2010-12-29 23:29 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure 2010-12-25 06:29 . 2006-11-18 11:38 200704 ----a-w- c:\windows\system32\vbalExpBar6.ocx 2010-12-25 06:29 . 1998-07-13 17:53 44544 ----a-w- c:\windows\system32\GIF89.DLL 2010-12-25 06:28 . 2000-10-01 18:00 119568 ----a-w- c:\windows\system32\VB6FR.DLL 2010-12-25 06:28 . 1998-07-12 22:00 15360 ----a-w- c:\windows\system32\inetfr.DLL 2010-12-25 06:28 . 1998-07-12 22:00 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL 2010-12-25 06:28 . 2010-12-25 12:28 -------- d-----w- c:\program files\Free Easy Burner 2010-12-25 06:28 . 2010-12-25 06:30 -------- d-----w- c:\documents and settings\Comet\Application Data\FreeBurner 2010-12-25 06:28 . 1998-07-12 18:00 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL 2010-12-15 11:40 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys 2010-12-15 11:37 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe 2010-12-04 15:33 . 2010-12-04 15:33 -------- d-----w- c:\program files\List Generator 2010-12-04 10:50 . 2010-12-04 10:50 -------- d-----w- c:\documents and settings\Comet\Application Data\code128java 2010-12-04 10:28 . 2010-12-04 10:28 -------- d-----w- c:\documents and settings\Comet\Local Settings\Application Data\CSomar_Tech 2010-12-04 10:27 . 2010-12-04 10:27 -------- d-----w- c:\program files\Barcode Maker 2.6 2010-12-04 10:14 . 2010-12-04 10:43 -------- d-----w- c:\program files\Barcode Generator 2010-12-04 10:11 . 2010-12-04 10:11 -------- d-----w- c:\program files\Setup 2010-12-04 00:01 . 2010-12-04 22:37 -------- d-----w- c:\program files\IDAutomation.com Word and Excel Add-in . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-12-20 18:09 . 2010-02-28 14:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-12-20 18:08 . 2010-02-28 14:20 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-12-04 10:13 . 2007-03-26 20:32 249856 ------w- c:\windows\Setup1.exe 2010-12-04 10:13 . 2007-03-26 20:32 73216 ----a-w- c:\windows\ST6UNST.EXE 2010-11-18 18:12 . 2004-08-04 08:00 81920 ----a-w- c:\windows\system32\isign32.dll 2010-11-06 00:26 . 2004-08-04 08:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-11-06 00:26 . 2004-08-04 08:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-11-06 00:26 . 2004-08-04 08:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2010-11-03 12:25 . 2004-08-04 08:00 385024 ----a-w- c:\windows\system32\html.iec 2010-11-02 15:17 . 2004-08-04 08:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys 2010-10-28 13:13 . 2004-08-04 08:00 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-10-26 13:25 . 2004-08-04 08:00 1853312 ----a-w- c:\windows\system32\win32k.sys 2010-01-30 11:07 . 2010-01-30 11:06 29456637 ----a-w- c:\program files\SweetHome3D-2.2-windows.exe 2010-01-28 13:10 . 2010-01-28 13:10 693800 ----a-w- c:\program files\WindowsXP-Windows2000-Script56-KB917344-x86-enu.exe 2010-01-21 10:46 . 2010-01-21 10:46 27386256 ----a-w- c:\program files\AdbeRdr930_en_US.exe 2010-01-20 19:22 . 2010-01-20 19:22 3546726 ----a-w- c:\program files\npp.5.6.4.Installer.exe 2007-07-07 15:07 . 2007-07-07 15:07 265376 ----a-w- c:\program files\chaosshredder.exe 2007-07-05 21:28 . 2007-07-05 21:28 21640064 ----a-w- c:\program files\Nokia_PC_Suite_6_84_10_3_eng_web.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-28 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-02-08 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-02-08 126976] "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544] "AGRSMMSG"="AGRSMMSG.exe" [2005-04-13 88209] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2005-02-08 159744] "hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-05-04 794624] "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952] "YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2003-12-09 57344] "HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768] "@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2009-12-05 6622920] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "AvgUninstallURL"="start http:" [X] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096] c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] Service Manager.lnk - c:\program files\kunle ex\msdeBinn\MSSQL\Binn\sqlmaint.exe [2002-12-17 156224] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{A5949E07-8536-4625-A3D0-2DD83F559990}"= "c:\windows\system32\ShellHook.dll" [2006-02-21 45056] "{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2009-12-05 923336] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Audible Download Manager.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Audible Download Manager.lnk backup=c:\windows\pss\Audible Download Manager.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BT Broadband Desktop Help.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BT Broadband Desktop Help.lnk backup=c:\windows\pss\BT Broadband Desktop Help.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SnagIt 8.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SnagIt 8.lnk backup=c:\windows\pss\SnagIt 8.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset] 2005-03-29 13:45 233534 ----a-w- c:\program files\HPQ\Default Settings\Cpqset.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl] 2004-12-03 12:24 290816 ----a-w- c:\program files\HPQ\Quick Launch Buttons\eabservr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk] 2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-04-28 14:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2006-01-12 16:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-03-17 20:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "iPodService"=3 (0x3) "NBService"=3 (0x3) "SQLSERVERAGENT"=3 (0x3) "MSSQLServerADHelper"=3 (0x3) "MSSQLSERVER"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "%windir%\\system32\\drivers\\svchost.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [10/03/2010 19:18 223312] R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [10/03/2010 19:18 24656] R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [10/03/2010 19:18 29776] R2 MySQL51;MySQL51;"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld" --defaults-file="c:\program files\MySQL\MySQL Server 5.1\my.ini" MySQL51 --> c:\program files\MySQL\MySQL Server 5.1\bin\mysqld [?] R2 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [10/03/2010 19:18 1282248] R2 paldrv;paldrv;c:\windows\system32\pal_drv.sys [25/09/2007 19:56 10951] R2 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [10/03/2010 19:18 3291336] R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [19/10/2010 16:52 136176] S2 TDService;TDService;c:\progra~1\COMMON~1\MERCUR~1\TDAPIS~1\TDService.exe --> c:\progra~1\COMMON~1\MERCUR~1\TDAPIS~1\TDService.exe [?] S3 FLASHREADER;%FLASHREADER.SvcDesc%;c:\windows\system32\drivers\CAUSB.SYS [04/12/2006 11:37 68164] . Contents of the 'Scheduled Tasks' folder 2010-12-28 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50] 2010-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-19 16:52] 2010-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-19 16:52] 2010-12-29 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.co.uk/ig?hl=en uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/ uInternet Settings,ProxyOverride = 127.0.0.1;*.local uSearchURL,(Default) = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 Trusted Zone: premierinn.com\bookings Trusted Zone: yahoo.com Trusted Zone: yahoo.com\login DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {98C53984-8BF8-4D11-9B1C-C324FCA9CADE} - hxxp://mylaptop:8080/qcbin/Spider90.ocx . . ------- File Associations ------- . .txt= . - - - - ORPHANS REMOVED - - - - URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll MSConfigStartUp-Motive SmartBridge - c:\progra~1\BTHOME~1\Help\SMARTB~1\BTHelpNotifier.exe AddRemove-AviSynth - c:\program files\AviSynth 2.5\Uninstall.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-12-29 23:51 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL51] "ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL51" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . Completion time: 2010-12-29 23:59:18 ComboFix-quarantined-files.txt 2010-12-29 23:59 ComboFix2.txt 2010-03-13 22:28 Pre-Run: 20,598,431,744 bytes free Post-Run: 22,289,321,984 bytes free - - End Of File - - 559DB11C305D4CD7A440044518641463
  5. --------------------------------- MBAM log after the above incident (Trojan.Hiloti again): Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5405 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 28/12/2010 11:32:47 mbam-log-2010-12-28 (11-32-47).txt Scan type: Quick scan Objects scanned: 167530 Time elapsed: 18 minute(s), 47 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\documents and settings\Comet\local settings\temp\0.35508565358097444.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
  6. Hi, Online Armor just detected an unknown program that wants to run on my computer: 035508565358097444.exe At the same time I got an IE message: "Do you want to allow this website to open a programon your computer?" from: b4g4.cz.cc
  7. Hi & Many thanks MBAM Log: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5405 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 27/12/2010 23:11:46 mbam-log-2010-12-27 (23-11-46).txt Scan type: Quick scan Objects scanned: 166898 Time elapsed: 31 minute(s), 13 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) -------------------------------------------------- DDS.text: DDS (Ver_10-12-12.02) - NTFSx86 Run by Comet at 9:53:05.45 on 28/12/2010 Internet Explorer: 8.0.6001.18702 ============== Running Processes =============== C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\Program Files\Tall Emu\Online Armor\OAcat.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Tall Emu\Online Armor\oasrv.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Apoint2K\Apoint.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\PROGRA~1\Yahoo!\browser\ycommon.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Tall Emu\Online Armor\oaui.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\HPQ\SHARED\HPQWMI.exe C:\Program Files\Tall Emu\Online Armor\OAhlp.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe C:\Documents and Settings\Comet\Desktop\dds.scr C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k bthsvcs C:\WINDOWS\system32\svchost.exe -k imgsvc ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.co.uk/ig?hl=en uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/ uInternet Settings,ProxyOverride = 127.0.0.1;*.local uSearchURL,(Default) = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/ uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll BHO: HelperObject Class: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 8\SnagItBHO.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll BHO: BHOManager Class: {474264bc-9571-47c1-85b9-780f756dc9ce} - c:\windows\system32\BHOManager.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar4.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 8\SnagItIEAddin.dll TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar4.dll TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [soundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe mRun: [AGRSMMSG] AGRSMMSG.exe mRun: [Apoint] c:\program files\apoint2k\Apoint.exe mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe mRun: [YBrowser] c:\progra~1\yahoo!\browser\ybrwicon.exe mRun: [HP Software Update] c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [@OnlineArmor GUI] "c:\program files\tall emu\online armor\oaui.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\progra~1\yahoo!\messen~1\ypager.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL Trusted Zone: premierinn.com\bookings Trusted Zone: yahoo.com Trusted Zone: yahoo.com\login DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} - hxxp://site.ebrary.com/pub/mcgraw-hill/support/plugins/ebraryRdr.cab DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/F/D/9/FD9E437D-5BC8-4264-A093-DFA2C39D197E/LegitCheckControl.cab DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1183664200281 DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab DPF: {98C53984-8BF8-4D11-9B1C-C324FCA9CADE} - hxxp://mylaptop:8080/qcbin/Spider90.ocx DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll Notify: avgrsstarter - avgrsstx.dll Notify: igfxcui - igfxsrvc.dll SEH: ShHook Class: {a5949e07-8536-4625-a3d0-2dd83f559990} - c:\windows\system32\ShellHook.dll SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll SEH: OA Shell Helper: {4f07da45-8170-4859-9b5f-037ef2970034} - c:\progra~1\tallem~1\online~1\oaevent.dll ============= SERVICES / DRIVERS =============== R? FLASHREADER;%FLASHREADER.SvcDesc% R? gupdate;Google Update Service (gupdate) R? TDService;TDService R? WinDefend;Windows Defender S? avg9wd;AVG Free WatchDog S? AvgLdx86;AVG AVI Loader Driver x86 S? AvgMfx86;AVG On-access Scanner Minifilter Driver x86 S? AvgTdiX;AVG Free Network Redirector S? MySQL51;MySQL51 S? OAcat;Online Armor Helper Service S? OADevice;OADriver S? OAmon;OAmon S? OAnet;OAnet S? paldrv;paldrv S? SvcOnlineArmor;Online Armor =============== Created Last 30 ================ 2010-12-25 07:37:03 -------- d-----w- c:\docume~1\alluse~1\applic~1\RegCure 2010-12-25 06:29:01 200704 ----a-w- c:\windows\system32\vbalExpBar6.ocx 2010-12-25 06:29:00 44544 ----a-w- c:\windows\system32\GIF89.DLL 2010-12-25 06:28:54 15360 ----a-w- c:\windows\system32\inetfr.DLL 2010-12-25 06:28:54 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL 2010-12-25 06:28:54 119568 ----a-w- c:\windows\system32\VB6FR.DLL 2010-12-25 06:28:53 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL 2010-12-25 06:28:53 -------- d-----w- c:\program files\Free Easy Burner 2010-12-25 06:28:53 -------- d-----w- c:\docume~1\comet\applic~1\FreeBurner 2010-12-15 11:40:42 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys 2010-12-15 11:37:51 45568 ------w- c:\windows\system32\dllcache\wab.exe 2010-12-04 15:33:12 -------- d-----w- c:\program files\List Generator 2010-12-04 10:50:55 -------- d-----w- c:\docume~1\comet\applic~1\code128java 2010-12-04 10:28:11 -------- d-----w- c:\docume~1\comet\locals~1\applic~1\CSomar_Tech 2010-12-04 10:27:24 -------- d-----w- c:\program files\Barcode Maker 2.6 2010-12-04 10:14:10 -------- d-----w- c:\program files\Barcode Generator 2010-12-04 10:11:42 -------- d-----w- c:\program files\Setup 2010-12-04 00:01:37 -------- d-----w- c:\program files\IDAutomation.com Word and Excel Add-in ==================== Find3M ==================== 2010-12-04 10:13:37 249856 ------w- c:\windows\Setup1.exe 2010-12-04 10:13:36 73216 ----a-w- c:\windows\ST6UNST.EXE 2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll 2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll 2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl 2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec 2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys 2010-01-30 11:07:04 29456637 ----a-w- c:\program files\SweetHome3D-2.2-windows.exe 2010-01-28 13:10:25 693800 ----a-w- c:\program files\WindowsXP-Windows2000-Script56-KB917344-x86-enu.exe 2010-01-21 10:46:38 27386256 ----a-w- c:\program files\AdbeRdr930_en_US.exe 2010-01-20 19:22:50 3546726 ----a-w- c:\program files\npp.5.6.4.Installer.exe 2007-07-07 15:07:05 265376 ----a-w- c:\program files\chaosshredder.exe 2007-07-05 21:28:59 21640064 ----a-w- c:\program files\Nokia_PC_Suite_6_84_10_3_eng_web.exe ============= FINISH: 9:57:17.21 ===============
  8. Hi, Malwarebytes is detecting Trojan.Hiloti, Trojan.Dropper and Backdoor Agent every other day after successful removal. Please see attached HijackThis Log. Lately, I have been seeing a Java message update while browsing and a remote file (b4g4.cz.cc) trying to update something on my computer.
  9. Things are running smooth. Many thanks for your help. Do I need to update Java?
  10. Thanks, as requested: Malwarebytes' Anti-Malware 1.44 Database version: 3864 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 13/03/2010 22:58:12 mbam-log-2010-03-13 (22-58-12).txt Scan type: Quick Scan Objects scanned: 133140 Time elapsed: 11 minute(s), 18 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  11. ComboFix Log: ComboFix 10-03-12.04 - Comet 13/03/2010 22:15:47.5.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1014.458 [GMT 0:00] Running from: c:\documents and settings\Comet\Desktop\Combo-Fix.exe Command switches used :: c:\documents and settings\Comet\Desktop\CFScript.txt AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: Online Armor Firewall *disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A} . ((((((((((((((((((((((((( Files Created from 2010-02-13 to 2010-03-13 ))))))))))))))))))))))))))))))) . 2010-03-12 09:57 . 2010-03-12 10:17 -------- d-----w- C:\Combo-Fix 2010-03-12 09:34 . 2010-03-12 09:34 360584 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys 2010-03-12 09:34 . 2010-03-12 09:34 333192 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys 2010-03-12 09:34 . 2010-03-12 09:34 28424 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys 2010-03-12 09:34 . 2010-03-12 09:34 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2010-03-12 09:32 . 2010-02-18 23:09 800536 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll 2010-03-12 09:32 . 2010-02-18 23:09 613656 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe 2010-03-12 09:32 . 2010-02-18 23:09 1658136 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll 2010-03-12 09:32 . 2010-02-18 23:09 1007896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe 2010-03-10 19:32 . 2009-10-23 15:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe 2010-03-10 19:18 . 2010-03-11 07:11 -------- d-----w- c:\documents and settings\Comet\Application Data\OnlineArmor 2010-03-10 19:18 . 2010-03-10 20:04 -------- d-----w- c:\documents and settings\All Users\Application Data\OnlineArmor 2010-03-10 19:18 . 2009-12-05 07:28 24656 ----a-w- c:\windows\system32\drivers\OAmon.sys 2010-03-10 19:18 . 2009-12-05 07:27 29776 ----a-w- c:\windows\system32\drivers\OAnet.sys 2010-03-10 19:18 . 2009-12-05 07:27 223312 ----a-w- c:\windows\system32\drivers\OADriver.sys 2010-03-10 19:18 . 2010-03-10 19:18 -------- d-----w- c:\program files\Tall Emu 2010-03-10 12:40 . 2010-03-10 12:40 503808 ----a-w- c:\documents and settings\Comet\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3d70af72-n\msvcp71.dll 2010-03-10 12:40 . 2010-03-10 12:40 499712 ----a-w- c:\documents and settings\Comet\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3d70af72-n\jmc.dll 2010-03-10 12:40 . 2010-03-10 12:40 348160 ----a-w- c:\documents and settings\Comet\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3d70af72-n\msvcr71.dll 2010-03-10 12:40 . 2010-03-10 12:40 61440 ----a-w- c:\documents and settings\Comet\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6ad6540b-n\decora-sse.dll 2010-03-10 12:40 . 2010-03-10 12:40 12800 ----a-w- c:\documents and settings\Comet\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6ad6540b-n\decora-d3d.dll 2010-03-10 08:47 . 2010-03-10 08:47 -------- d-sh--w- c:\documents and settings\Comet\IECompatCache 2010-03-03 22:45 . 2010-03-10 20:00 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-03-03 22:45 . 2010-03-10 18:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-03-03 12:52 . 2010-03-03 12:52 52224 ----a-w- c:\documents and settings\Comet\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll 2010-03-03 12:51 . 2010-03-08 17:52 117760 ----a-w- c:\documents and settings\Comet\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-03-03 12:50 . 2010-03-03 12:50 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2010-03-03 12:47 . 2010-03-03 12:47 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-03-03 12:47 . 2010-03-03 12:47 -------- d-----w- c:\documents and settings\Comet\Application Data\SUPERAntiSpyware.com 2010-03-03 11:19 . 2010-03-03 11:19 -------- d-----w- c:\documents and settings\Comet\DoctorWeb 2010-03-01 08:49 . 2010-03-01 08:49 -------- d-----w- c:\documents and settings\Comet\Local Settings\Application Data\{3E1E4A70-E00D-45D5-A3EE-9F67764F6FF1} 2010-02-28 15:54 . 2010-02-28 15:54 -------- d-sh--w- c:\documents and settings\Comet\PrivacIE 2010-02-28 15:51 . 2010-02-28 15:51 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2010-02-28 15:51 . 2010-02-28 15:51 -------- d-sh--w- c:\documents and settings\Comet\IETldCache 2010-02-28 15:46 . 2010-02-28 15:46 -------- d-----w- c:\windows\ie8updates 2010-02-28 15:41 . 2010-02-28 15:42 -------- dc-h--w- c:\windows\ie8 2010-02-28 15:36 . 2009-12-11 08:38 69120 ------w- c:\windows\system32\dllcache\iecompat.dll 2010-02-28 15:36 . 2009-12-21 19:14 12800 ------w- c:\windows\system32\dllcache\xpshims.dll 2010-02-28 15:36 . 2009-12-21 19:14 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll 2010-02-28 14:21 . 2010-02-28 14:21 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2010-02-28 14:20 . 2010-02-28 14:20 -------- d-----w- c:\documents and settings\Comet\Application Data\Malwarebytes 2010-02-28 14:20 . 2010-01-07 16:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-02-28 14:20 . 2010-02-28 14:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-02-28 14:20 . 2010-02-28 14:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-02-28 14:20 . 2010-01-07 16:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-02-24 23:09 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe 2010-02-23 23:12 . 2010-02-23 23:12 -------- d-----w- C:\DKACACIA 2010-02-18 23:17 . 2010-02-18 23:09 1260800 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe 2010-02-18 23:17 . 2010-02-18 23:10 3777280 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe 2010-02-18 23:11 . 2010-02-18 23:11 -------- d-----w- C:\$AVG 2010-02-18 23:10 . 2010-03-12 09:34 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-02-18 23:09 . 2010-02-18 23:09 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9 2010-02-16 10:22 . 2010-03-04 10:57 -------- d-----w- c:\documents and settings\Comet\Application Data\VTC Preferences Folder . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-03-13 18:32 . 2008-09-24 19:59 12 ----a-w- c:\windows\bthservsdp.dat 2010-03-12 18:45 . 2009-06-25 09:23 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar 2010-03-12 09:34 . 2008-05-26 12:14 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2010-03-12 09:33 . 2008-05-26 12:14 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-03-11 06:59 . 2007-05-07 20:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-03-10 22:21 . 2007-07-10 20:06 -------- d-----w- c:\program files\kunle ex 2010-03-03 14:02 . 2007-10-28 13:48 -------- d-----w- c:\program files\DigidooNotecard 2010-03-03 13:53 . 2009-04-17 19:54 -------- d-----w- c:\program files\Free PowerPoint-PPT to Image Jpg-Jpeg Bmp Tiff Png Converter 2010-03-03 12:45 . 2006-10-02 18:26 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2010-02-25 15:02 . 2008-11-15 17:46 -------- d-----w- c:\documents and settings\Comet\Application Data\U3 2010-02-18 23:09 . 2008-05-26 12:13 -------- d-----w- c:\program files\AVG 2010-01-30 11:07 . 2010-01-30 11:07 -------- d-----w- c:\program files\Sweet Home 3D 2010-01-30 11:07 . 2010-01-30 11:06 29456637 ----a-w- c:\program files\SweetHome3D-2.2-windows.exe 2010-01-28 13:10 . 2010-01-28 13:10 693800 ----a-w- c:\program files\WindowsXP-Windows2000-Script56-KB917344-x86-enu.exe 2010-01-27 17:29 . 2006-10-14 00:28 -------- d-----w- c:\program files\Acoustica MP3 CD Burner 2010-01-21 10:46 . 2010-01-21 10:46 27386256 ----a-w- c:\program files\AdbeRdr930_en_US.exe 2010-01-20 23:02 . 2007-09-23 19:28 -------- d-----w- c:\documents and settings\Comet\Application Data\Notepad++ 2010-01-20 19:24 . 2007-09-23 19:28 -------- d-----w- c:\program files\Notepad++ 2010-01-20 19:22 . 2010-01-20 19:22 3546726 ----a-w- c:\program files\npp.5.6.4.Installer.exe 2010-01-17 00:07 . 2005-08-04 07:44 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-01-14 11:12 . 2009-10-03 00:35 181120 ------w- c:\windows\system32\MpSigStub.exe 2009-12-31 16:50 . 2004-08-04 08:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys 2009-12-21 19:14 . 2004-08-04 08:00 916480 ------w- c:\windows\system32\wininet.dll 2009-12-17 17:14 . 2009-02-05 23:52 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-12-16 18:43 . 2004-08-04 08:00 343040 ----a-w- c:\windows\system32\mspaint.exe 2009-12-14 07:08 . 2004-08-04 08:00 33280 ----a-w- c:\windows\system32\csrsrv.dll 2009-12-06 22:09 . 2009-12-06 22:08 595499 ----a-w- c:\program files\Autoruns.zip 2007-07-07 15:07 . 2007-07-07 15:07 265376 ----a-w- c:\program files\chaosshredder.exe 2007-07-05 21:28 . 2007-07-05 21:28 21640064 ----a-w- c:\program files\Nokia_PC_Suite_6_84_10_3_eng_web.exe 2007-04-16 16:09 . 2007-04-16 16:09 22886 ----a-w- c:\program files\uninstal.log . ((((((((((((((((((((((((((((( SnapShot@2010-03-12_10.13.58 ))))))))))))))))))))))))))))))))))))))))) . + 2010-03-13 18:34 . 2010-03-13 18:34 16384 c:\windows\temp\Perflib_Perfdata_468.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2009-11-25 13:01 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-28 68856] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-02-18 2012912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-02-08 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-02-08 126976] "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544] "AGRSMMSG"="AGRSMMSG.exe" [2005-04-13 88209] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2005-02-08 159744] "hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-05-04 794624] "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952] "btbb_wcm_McciTrayApp"="c:\program files\btbb_wcm\McciTrayApp.exe" [2005-12-29 543232] "YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2003-12-09 57344] "HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672] "@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2009-12-05 6622920] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096] c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{A5949E07-8536-4625-A3D0-2DD83F559990}"= "c:\windows\system32\ShellHook.dll" [2006-02-21 45056] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] "{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2009-12-05 923336] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2010-03-12 09:34 12464 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BT Broadband Desktop Help.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BT Broadband Desktop Help.lnk backup=c:\windows\pss\BT Broadband Desktop Help.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SnagIt 8.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SnagIt 8.lnk backup=c:\windows\pss\SnagIt 8.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset] 2005-03-29 13:45 233534 ----a-w- c:\program files\HPQ\Default Settings\Cpqset.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl] 2004-12-03 12:24 290816 ----a-w- c:\program files\HPQ\Quick Launch Buttons\eabservr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2009-01-06 13:06 290088 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge] 2006-02-06 17:52 462935 ----a-w- c:\progra~1\BTHOME~1\Help\SMARTB~1\BTHelpNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2006-01-12 16:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-01-05 16:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "iPodService"=3 (0x3) "NBService"=3 (0x3) "SQLSERVERAGENT"=3 (0x3) "MSSQLServerADHelper"=3 (0x3) "MSSQLSERVER"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\ypager.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "%windir%\\system32\\drivers\\svchost.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [26/05/2008 12:14 216200] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [18/02/2010 23:10 242696] R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [10/03/2010 19:18 223312] R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [10/03/2010 19:18 24656] R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [10/03/2010 19:18 29776] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 10:25 12872] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [17/02/2010 10:15 66632] R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [12/03/2010 09:34 308064] R2 MySQL51;MySQL51;"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld" --defaults-file="c:\program files\MySQL\MySQL Server 5.1\my.ini" MySQL51 --> c:\program files\MySQL\MySQL Server 5.1\bin\mysqld [?] R2 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [10/03/2010 19:18 1282248] R2 paldrv;paldrv;c:\windows\system32\pal_drv.sys [25/09/2007 19:56 10951] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17/02/2010 10:15 12872] S2 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [10/03/2010 19:18 3291336] S2 TDService;TDService;c:\progra~1\COMMON~1\MERCUR~1\TDAPIS~1\TDService.exe --> c:\progra~1\COMMON~1\MERCUR~1\TDAPIS~1\TDService.exe [?] S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592] S3 FLASHREADER;%FLASHREADER.SvcDesc%;c:\windows\system32\drivers\CAUSB.SYS [04/12/2006 11:37 68164] . Contents of the 'Scheduled Tasks' folder 2010-03-11 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2010-03-10 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.co.uk/ig?hl=en uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/ uInternet Settings,ProxyOverride = 127.0.0.1;*.local uSearchURL,(Default) = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/ IE: &Yahoo! Search IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Yahoo! &Dictionary IE: Yahoo! &Maps IE: Yahoo! &SMS Trusted Zone: premierinn.com\bookings Trusted Zone: yahoo.com Trusted Zone: yahoo.com\login DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {98C53984-8BF8-4D11-9B1C-C324FCA9CADE} - hxxp://mylaptop:8080/qcbin/Spider90.ocx . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-03-13 22:25 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL51] "ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL51" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(464) c:\program files\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\WININET.dll - - - - - - - > 'explorer.exe'(2892) c:\windows\system32\WININET.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . Completion time: 2010-03-13 22:28:00 ComboFix-quarantined-files.txt 2010-03-13 22:27 ComboFix2.txt 2010-03-13 16:51 ComboFix3.txt 2010-03-12 10:17 Pre-Run: 41,090,879,488 bytes free Post-Run: 41,061,462,016 bytes free - - End Of File - - C74FCAA0B1DDA42241056E5F31EC2166 Please see attachment for HijackThis. Thanks
  12. New ComboFix Log: ComboFix 10-03-12.04 - Comet 13/03/2010 16:37:33.4.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1014.477 [GMT 0:00] Running from: c:\documents and settings\Comet\Desktop\Combo-Fix.exe AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: Online Armor Firewall *disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\prsgrc.dll . ---- Previous Run ------- . c:\windows\Aqeyujek.dat c:\windows\Fcazogev.bin c:\windows\system32\prsgrc.dll . ((((((((((((((((((((((((( Files Created from 2010-02-13 to 2010-03-13 ))))))))))))))))))))))))))))))) . 2010-03-12 09:57 . 2010-03-12 10:17 -------- d-----w- C:\Combo-Fix 2010-03-12 09:34 . 2010-03-12 09:34 360584 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys 2010-03-12 09:34 . 2010-03-12 09:34 333192 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys 2010-03-12 09:34 . 2010-03-12 09:34 28424 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys 2010-03-12 09:34 . 2010-03-12 09:34 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2010-03-12 09:32 . 2010-02-18 23:09 800536 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll 2010-03-12 09:32 . 2010-02-18 23:09 613656 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe 2010-03-12 09:32 . 2010-02-18 23:09 1658136 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll 2010-03-12 09:32 . 2010-02-18 23:09 1007896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe 2010-03-10 19:32 . 2009-10-23 15:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe 2010-03-10 19:18 . 2010-03-11 07:11 -------- d-----w- c:\documents and settings\Comet\Application Data\OnlineArmor 2010-03-10 19:18 . 2010-03-10 20:04 -------- d-----w- c:\documents and settings\All Users\Application Data\OnlineArmor 2010-03-10 19:18 . 2009-12-05 07:28 24656 ----a-w- c:\windows\system32\drivers\OAmon.sys 2010-03-10 19:18 . 2009-12-05 07:27 29776 ----a-w- c:\windows\system32\drivers\OAnet.sys 2010-03-10 19:18 . 2009-12-05 07:27 223312 ----a-w- c:\windows\system32\drivers\OADriver.sys 2010-03-10 19:18 . 2010-03-10 19:18 -------- d-----w- c:\program files\Tall Emu 2010-03-10 12:40 . 2010-03-10 12:40 503808 ----a-w- c:\documents and settings\Comet\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3d70af72-n\msvcp71.dll 2010-03-10 12:40 . 2010-03-10 12:40 499712 ----a-w- c:\documents and settings\Comet\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3d70af72-n\jmc.dll 2010-03-10 12:40 . 2010-03-10 12:40 348160 ----a-w- c:\documents and settings\Comet\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3d70af72-n\msvcr71.dll 2010-03-10 12:40 . 2010-03-10 12:40 61440 ----a-w- c:\documents and settings\Comet\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6ad6540b-n\decora-sse.dll 2010-03-10 12:40 . 2010-03-10 12:40 12800 ----a-w- c:\documents and settings\Comet\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6ad6540b-n\decora-d3d.dll 2010-03-10 08:47 . 2010-03-10 08:47 -------- d-sh--w- c:\documents and settings\Comet\IECompatCache 2010-03-03 22:45 . 2010-03-10 20:00 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-03-03 22:45 . 2010-03-10 18:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-03-03 12:52 . 2010-03-03 12:52 52224 ----a-w- c:\documents and settings\Comet\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll 2010-03-03 12:51 . 2010-03-08 17:52 117760 ----a-w- c:\documents and settings\Comet\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-03-03 12:50 . 2010-03-03 12:50 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2010-03-03 12:47 . 2010-03-03 12:47 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-03-03 12:47 . 2010-03-03 12:47 -------- d-----w- c:\documents and settings\Comet\Application Data\SUPERAntiSpyware.com 2010-03-03 11:19 . 2010-03-03 11:19 -------- d-----w- c:\documents and settings\Comet\DoctorWeb 2010-03-01 08:49 . 2010-03-01 08:49 -------- d-----w- c:\documents and settings\Comet\Local Settings\Application Data\{3E1E4A70-E00D-45D5-A3EE-9F67764F6FF1} 2010-02-28 15:54 . 2010-02-28 15:54 -------- d-sh--w- c:\documents and settings\Comet\PrivacIE 2010-02-28 15:51 . 2010-02-28 15:51 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2010-02-28 15:51 . 2010-02-28 15:51 -------- d-sh--w- c:\documents and settings\Comet\IETldCache 2010-02-28 15:46 . 2010-02-28 15:46 -------- d-----w- c:\windows\ie8updates 2010-02-28 15:41 . 2010-02-28 15:42 -------- dc-h--w- c:\windows\ie8 2010-02-28 15:36 . 2009-12-11 08:38 69120 ------w- c:\windows\system32\dllcache\iecompat.dll 2010-02-28 15:36 . 2009-12-21 19:14 12800 ------w- c:\windows\system32\dllcache\xpshims.dll 2010-02-28 15:36 . 2009-12-21 19:14 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll 2010-02-28 14:21 . 2010-02-28 14:21 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2010-02-28 14:20 . 2010-02-28 14:20 -------- d-----w- c:\documents and settings\Comet\Application Data\Malwarebytes 2010-02-28 14:20 . 2010-01-07 16:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-02-28 14:20 . 2010-02-28 14:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-02-28 14:20 . 2010-02-28 14:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-02-28 14:20 . 2010-01-07 16:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-02-24 23:09 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe 2010-02-23 23:12 . 2010-02-23 23:12 -------- d-----w- C:\DKACACIA 2010-02-18 23:17 . 2010-02-18 23:09 1260800 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe 2010-02-18 23:17 . 2010-02-18 23:10 3777280 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe 2010-02-18 23:11 . 2010-02-18 23:11 -------- d-----w- C:\$AVG 2010-02-18 23:10 . 2010-03-12 09:34 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-02-18 23:09 . 2010-02-18 23:09 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9 2010-02-16 10:22 . 2010-03-04 10:57 -------- d-----w- c:\documents and settings\Comet\Application Data\VTC Preferences Folder . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-03-13 00:45 . 2008-09-24 19:59 12 ----a-w- c:\windows\bthservsdp.dat 2010-03-12 18:45 . 2009-06-25 09:23 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar 2010-03-12 09:34 . 2008-05-26 12:14 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2010-03-12 09:33 . 2008-05-26 12:14 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-03-11 06:59 . 2007-05-07 20:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-03-10 22:21 . 2007-07-10 20:06 -------- d-----w- c:\program files\kunle ex 2010-03-03 14:02 . 2007-10-28 13:48 -------- d-----w- c:\program files\DigidooNotecard 2010-03-03 13:53 . 2009-04-17 19:54 -------- d-----w- c:\program files\Free PowerPoint-PPT to Image Jpg-Jpeg Bmp Tiff Png Converter 2010-03-03 12:45 . 2006-10-02 18:26 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2010-02-25 15:02 . 2008-11-15 17:46 -------- d-----w- c:\documents and settings\Comet\Application Data\U3 2010-02-18 23:09 . 2008-05-26 12:13 -------- d-----w- c:\program files\AVG 2010-01-30 11:07 . 2010-01-30 11:07 -------- d-----w- c:\program files\Sweet Home 3D 2010-01-30 11:07 . 2010-01-30 11:06 29456637 ----a-w- c:\program files\SweetHome3D-2.2-windows.exe 2010-01-28 13:10 . 2010-01-28 13:10 693800 ----a-w- c:\program files\WindowsXP-Windows2000-Script56-KB917344-x86-enu.exe 2010-01-27 17:29 . 2006-10-14 00:28 -------- d-----w- c:\program files\Acoustica MP3 CD Burner 2010-01-21 10:46 . 2010-01-21 10:46 27386256 ----a-w- c:\program files\AdbeRdr930_en_US.exe 2010-01-20 23:02 . 2007-09-23 19:28 -------- d-----w- c:\documents and settings\Comet\Application Data\Notepad++ 2010-01-20 19:24 . 2007-09-23 19:28 -------- d-----w- c:\program files\Notepad++ 2010-01-20 19:22 . 2010-01-20 19:22 3546726 ----a-w- c:\program files\npp.5.6.4.Installer.exe 2010-01-17 00:07 . 2005-08-04 07:44 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-01-14 11:12 . 2009-10-03 00:35 181120 ------w- c:\windows\system32\MpSigStub.exe 2009-12-31 16:50 . 2004-08-04 08:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys 2009-12-21 19:14 . 2004-08-04 08:00 916480 ------w- c:\windows\system32\wininet.dll 2009-12-17 17:14 . 2009-02-05 23:52 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-12-16 18:43 . 2004-08-04 08:00 343040 ----a-w- c:\windows\system32\mspaint.exe 2009-12-14 07:08 . 2004-08-04 08:00 33280 ----a-w- c:\windows\system32\csrsrv.dll 2009-12-06 22:09 . 2009-12-06 22:08 595499 ----a-w- c:\program files\Autoruns.zip 2007-07-07 15:07 . 2007-07-07 15:07 265376 ----a-w- c:\program files\chaosshredder.exe 2007-07-05 21:28 . 2007-07-05 21:28 21640064 ----a-w- c:\program files\Nokia_PC_Suite_6_84_10_3_eng_web.exe 2007-04-16 16:09 . 2007-04-16 16:09 22886 ----a-w- c:\program files\uninstal.log . ((((((((((((((((((((((((((((( SnapShot@2010-03-12_10.13.58 ))))))))))))))))))))))))))))))))))))))))) . + 2010-03-13 16:30 . 2010-03-13 16:30 16384 c:\windows\temp\Perflib_Perfdata_44c.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2009-11-25 13:01 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-28 68856] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-02-18 2012912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-02-08 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-02-08 126976] "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544] "AGRSMMSG"="AGRSMMSG.exe" [2005-04-13 88209] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2005-02-08 159744] "hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-05-04 794624] "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952] "btbb_wcm_McciTrayApp"="c:\program files\btbb_wcm\McciTrayApp.exe" [2005-12-29 543232] "YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2003-12-09 57344] "HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672] "@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2009-12-05 6622920] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096] c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{A5949E07-8536-4625-A3D0-2DD83F559990}"= "c:\windows\system32\ShellHook.dll" [2006-02-21 45056] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] "{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2009-12-05 923336] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2010-03-12 09:34 12464 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BT Broadband Desktop Help.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BT Broadband Desktop Help.lnk backup=c:\windows\pss\BT Broadband Desktop Help.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SnagIt 8.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SnagIt 8.lnk backup=c:\windows\pss\SnagIt 8.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset] 2005-03-29 13:45 233534 ----a-w- c:\program files\HPQ\Default Settings\Cpqset.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl] 2004-12-03 12:24 290816 ----a-w- c:\program files\HPQ\Quick Launch Buttons\eabservr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2009-01-06 13:06 290088 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge] 2006-02-06 17:52 462935 ----a-w- c:\progra~1\BTHOME~1\Help\SMARTB~1\BTHelpNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2006-01-12 16:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-01-05 16:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "iPodService"=3 (0x3) "NBService"=3 (0x3) "SQLSERVERAGENT"=3 (0x3) "MSSQLServerADHelper"=3 (0x3) "MSSQLSERVER"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\ypager.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "%windir%\\system32\\drivers\\svchost.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [26/05/2008 12:14 216200] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [18/02/2010 23:10 242696] R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [10/03/2010 19:18 223312] R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [10/03/2010 19:18 24656] R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [10/03/2010 19:18 29776] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 10:25 12872] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [17/02/2010 10:15 66632] R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [12/03/2010 09:34 308064] R2 MySQL51;MySQL51;"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld" --defaults-file="c:\program files\MySQL\MySQL Server 5.1\my.ini" MySQL51 --> c:\program files\MySQL\MySQL Server 5.1\bin\mysqld [?] R2 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [10/03/2010 19:18 1282248] R2 paldrv;paldrv;c:\windows\system32\pal_drv.sys [25/09/2007 19:56 10951] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17/02/2010 10:15 12872] S2 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [10/03/2010 19:18 3291336] S2 TDService;TDService;c:\progra~1\COMMON~1\MERCUR~1\TDAPIS~1\TDService.exe --> c:\progra~1\COMMON~1\MERCUR~1\TDAPIS~1\TDService.exe [?] S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592] S3 FLASHREADER;%FLASHREADER.SvcDesc%;c:\windows\system32\drivers\CAUSB.SYS [04/12/2006 11:37 68164] . Contents of the 'Scheduled Tasks' folder 2010-03-11 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2010-03-10 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.co.uk/ig?hl=en uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/ uInternet Settings,ProxyOverride = 127.0.0.1;*.local uSearchURL,(Default) = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/ IE: &Yahoo! Search IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Yahoo! &Dictionary IE: Yahoo! &Maps IE: Yahoo! &SMS Trusted Zone: premierinn.com\bookings Trusted Zone: yahoo.com Trusted Zone: yahoo.com\login DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {98C53984-8BF8-4D11-9B1C-C324FCA9CADE} - hxxp://mylaptop:8080/qcbin/Spider90.ocx . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-03-13 16:47 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL51] "ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL51" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(464) c:\program files\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\WININET.dll . Completion time: 2010-03-13 16:51:13 ComboFix-quarantined-files.txt 2010-03-13 16:50 ComboFix2.txt 2010-03-12 10:17 Pre-Run: 41,099,571,200 bytes free Post-Run: 41,091,215,360 bytes free - - End Of File - - 6B9BCA83503E1C284FAAC94AF3E9F4FF Also, please see new Hijackthis Log attached. Thanks
  13. That's what I did before. I have double checked and the content is the same; ComboFix 10-03-11.04 - Comet 12/03/2010 21:50:59.3.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1014.488 [GMT 0:00] Running from: C:\Documents and Settings\Comet\Desktop\Combo-Fix.exe Command switches used :: C:\Documents and Settings\Comet\Desktop\CFScript.txt AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: Online Armor Firewall *disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A} file zipped: c:\windows\Aqeyujek.dat file zipped: c:\windows\Fcazogev.bin .
  14. That was the only Log I found. ComboFix did a reboot, then a message appeared indicating not to run any applications and then another message indicating a preparing a log. A few seconds later ComboFix suddenly disappeared. This could be due to Online Armor now kicking in. What do you suggest I do now?
  15. Thank you for your feedback. ComboFix Log: ComboFix 10-03-11.04 - Comet 12/03/2010 21:50:59.3.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1014.488 [GMT 0:00] Running from: C:\Documents and Settings\Comet\Desktop\Combo-Fix.exe Command switches used :: C:\Documents and Settings\Comet\Desktop\CFScript.txt AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: Online Armor Firewall *disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A} file zipped: c:\windows\Aqeyujek.dat file zipped: c:\windows\Fcazogev.bin . --------------------------------------------- Please see attachment for HijackThis
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.