| SteveC |
| (regular) |
| Mon Jun 29 2009 01:41 PM |
|
Re: Please can you check my Hijacktjis log
|
Hi Bricat
Hope I`ve got this right, if not please advise
Steve
ComboFix 09-06-28.02 - Steve 29/06/2009 13:19.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.1525.834 [GMT 1:00]
Running from: c:\users\Steve\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\msvrc20.dll
c:\windows\setup.exe
.
((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-06-29 )))))))))))))))))))))))))))))))
.
2009-06-29 12:24 . 2009-06-29 12:25 -------- d-----w- c:\users\Steve\AppData\Local\temp
2009-06-28 17:51 . 2009-06-28 17:52 -------- d-----w- c:\program files\OpenOffice.org 3
2009-06-28 17:51 . 2009-06-28 17:50 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-28 17:50 . 2009-06-28 17:50 -------- d-----w- c:\program files\Java
2009-06-28 15:37 . 2009-06-28 15:38 -------- d-----w- c:\users\Steve\My Address Book
2009-06-28 12:05 . 2009-06-28 12:05 -------- d-----w- c:\program files\Trend Micro
2009-06-23 14:51 . 2009-06-01 10:09 2052376 ----a-w- c:\programdata\avg8\update\backup\avgcorex.dll
2009-06-23 14:51 . 2009-06-01 10:09 423424 ----a-w- c:\programdata\avg8\update\backup\avgwdwsc.dll
2009-06-23 14:51 . 2009-06-01 10:09 310528 ----a-w- c:\programdata\avg8\update\backup\avglngx.dll
2009-06-23 14:51 . 2009-06-01 10:09 177432 ----a-w- c:\programdata\avg8\update\backup\avgmail.dll
2009-06-23 14:51 . 2009-06-01 10:09 3288856 ----a-w- c:\programdata\avg8\update\backup\setup.exe
2009-06-23 14:51 . 2009-06-01 10:09 486680 ----a-w- c:\programdata\avg8\update\backup\avgrsx.exe
2009-06-23 14:50 . 2009-06-01 10:08 1439488 ----a-w- c:\programdata\avg8\update\backup\avgupd.dll
2009-06-23 14:50 . 2009-06-01 10:08 755992 ----a-w- c:\programdata\avg8\update\backup\avginet.dll
2009-06-20 20:09 . 2009-06-20 20:09 -------- d--h--w- C:\$AVG8.VAULT$
2009-06-15 15:59 . 2009-06-15 15:59 -------- d-----w- c:\program files\Paint.NET
2009-06-15 15:58 . 2009-06-28 17:42 -------- d-----w- c:\users\Steve\AppData\Local\Paint.NET
2009-06-15 10:27 . 2009-04-21 11:39 2034688 ----a-w- c:\windows\system32\win32k.sys
2009-06-15 10:27 . 2009-04-24 16:02 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-15 10:27 . 2009-04-23 12:15 828416 ----a-w- c:\windows\system32\wininet.dll
2009-06-15 10:27 . 2009-04-23 12:14 623616 ----a-w- c:\windows\system32\localspl.dll
2009-06-15 10:26 . 2009-04-23 12:15 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-06-07 16:03 . 2009-06-07 16:03 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-06-07 16:02 . 2006-11-29 12:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-06-07 16:02 . 2009-06-07 16:02 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-06-07 16:01 . 2009-06-07 16:01 -------- d-----w- c:\program files\Microsoft
2009-06-07 16:01 . 2009-06-07 16:01 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-06-07 16:00 . 2009-06-07 16:00 -------- d-----w- c:\windows\PCHEALTH
2009-06-07 15:56 . 2009-06-07 15:56 -------- d-----w- c:\program files\Common Files\Windows Live
2009-06-06 09:15 . 2009-06-06 09:15 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-06-06 08:02 . 2009-06-15 18:48 -------- d-----w- c:\program files\Photobie
2009-06-04 17:51 . 2009-06-04 18:49 -------- d-----w- c:\users\Steve\AppData\Roaming\IObit
2009-06-01 12:56 . 2009-06-01 12:56 -------- d-----w- c:\users\Steve\AppData\Roaming\AdobeUM
2009-06-01 12:38 . 2009-06-07 11:41 -------- d-----w- c:\program files\IObit
2009-06-01 10:53 . 2009-06-01 10:55 -------- d-----w- c:\windows\system32\ca-ES
2009-06-01 10:53 . 2009-06-01 10:55 -------- d-----w- c:\windows\system32\eu-ES
2009-06-01 10:53 . 2009-06-01 10:55 -------- d-----w- c:\windows\system32\vi-VN
2009-06-01 10:41 . 2009-06-01 10:41 -------- d-----w- c:\windows\system32\EventProviders
2009-06-01 10:39 . 2009-04-11 06:32 438744 ----a-w- c:\windows\system32\mcupdate_GenuineIntel.dll
2009-06-01 10:38 . 2009-04-11 06:28 996352 ----a-w- c:\windows\system32\WMNetMgr.dll
2009-06-01 10:37 . 2009-04-11 06:28 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2009-06-01 10:37 . 2009-04-11 06:28 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2009-06-01 10:37 . 2009-04-11 06:28 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2009-06-01 10:37 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2009-06-01 10:37 . 2009-04-11 06:28 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2009-06-01 10:37 . 2009-04-11 06:28 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2009-06-01 10:37 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2009-06-01 10:37 . 2009-04-11 06:28 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2009-06-01 10:37 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll
2009-06-01 10:37 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2009-06-01 10:37 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-29 12:07 . 2009-05-10 09:19 53744 ----a-w- c:\users\Steve\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-28 15:48 . 2009-05-10 16:12 12 ----a-w- c:\windows\bthservsdp.dat
2009-06-23 14:50 . 2009-05-10 11:05 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-23 14:50 . 2009-05-10 11:04 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-23 14:50 . 2009-05-10 11:04 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-21 09:43 . 2009-05-10 09:24 -------- d-----w- c:\program files\Launch Manager
2009-06-19 18:08 . 2009-05-13 18:10 -------- d-----w- c:\program files\ieSpell
2009-06-07 16:04 . 2009-05-16 18:22 -------- d-----w- c:\program files\Windows Live
2009-06-05 16:07 . 2009-05-13 18:31 -------- d-----w- c:\program files\Google
2009-06-04 18:43 . 2009-05-16 18:21 -------- d-----w- c:\programdata\WLInstaller
2009-06-01 10:56 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar
2009-06-01 10:56 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-06-01 10:56 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
2009-06-01 10:56 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery
2009-06-01 10:56 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender
2009-06-01 10:53 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-05-16 18:24 . 2009-05-16 18:22 -------- dcsh--w- c:\program files\Common Files\WindowsLiveInstaller
2009-05-16 11:37 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2009-05-16 11:37 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2009-05-16 10:12 . 2009-05-16 10:12 680 ----a-w- c:\users\Steve\AppData\Local\d3d9caps.dat
2009-05-13 18:13 . 2009-05-13 18:13 -------- d-----w- c:\users\Steve\AppData\Roaming\ieSpell
2009-05-11 11:50 . 2009-05-11 11:50 -------- d-----w- c:\programdata\Yahoo! Companion
2009-05-10 16:01 . 2009-05-10 16:01 -------- d-----w- c:\program files\WIDCOMM
2009-05-10 15:26 . 2009-05-10 15:26 61440 ----a-w- c:\windows\system32\winipsec.dll
2009-05-10 15:26 . 2009-05-10 15:26 272896 ----a-w- c:\windows\system32\polstore.dll
2009-05-10 15:21 . 2009-05-10 15:21 2048 ----a-w- c:\windows\system32\msxml3r.dll
2009-05-10 15:18 . 2009-05-10 15:18 37888 ----a-w- c:\windows\system32\printcom.dll
2009-05-10 15:17 . 2009-05-10 15:17 14848 ----a-w- c:\windows\system32\wshrm.dll
2009-05-10 15:16 . 2009-05-10 15:16 2048 ----a-w- c:\windows\system32\msxml6r.dll
2009-05-10 14:30 . 2009-05-10 14:30 1793536 ----a-w- c:\windows\system32\NlsLexicons0045.dll
2009-05-10 14:30 . 2009-05-10 14:30 1808896 ----a-w- c:\windows\system32\NlsLexicons0046.dll
2009-05-10 14:29 . 2009-05-10 14:29 1411072 ----a-w- c:\windows\system32\NlsLexicons0047.dll
2009-05-10 14:29 . 2009-05-10 14:29 1558016 ----a-w- c:\windows\system32\NlsLexicons0049.dll
2009-05-10 14:29 . 2009-05-10 14:29 1236992 ----a-w- c:\windows\system32\NlsLexicons0020.dll
2009-05-10 14:29 . 2009-05-10 14:29 1782272 ----a-w- c:\windows\system32\NlsLexicons0039.dll
2009-05-10 14:29 . 2009-05-10 14:29 2136064 ----a-w- c:\windows\system32\NlsLexicons0021.dll
2009-05-10 14:29 . 2009-05-10 14:29 5499904 ----a-w- c:\windows\system32\NlsLexicons0022.dll
2009-05-10 14:29 . 2009-05-10 14:29 7964672 ----a-w- c:\windows\system32\NlsLexicons0024.dll
2009-05-10 14:28 . 2009-05-10 14:28 5791232 ----a-w- c:\windows\system32\NlsLexicons0026.dll
2009-05-10 14:28 . 2009-05-10 14:28 6224896 ----a-w- c:\windows\system32\NlsLexicons0027.dll
2009-05-10 14:28 . 2009-05-10 14:28 4175872 ----a-w- c:\windows\system32\NlsLexicons0010.dll
2009-05-10 14:28 . 2009-05-10 14:28 2466816 ----a-w- c:\windows\system32\NlsLexicons0011.dll
2009-05-10 14:28 . 2009-05-10 14:28 4981248 ----a-w- c:\windows\system32\NlsLexicons0013.dll
2009-05-10 14:27 . 2009-05-10 14:27 3331072 ----a-w- c:\windows\system32\NlsLexicons0018.dll
2009-05-10 14:27 . 2009-05-10 14:27 6781440 ----a-w- c:\windows\system32\NlsLexicons0019.dll
2009-05-10 14:27 . 2009-05-10 14:27 11722752 ----a-w- c:\windows\system32\NlsLexicons0001.dll
2009-05-10 14:26 . 2009-05-10 14:26 4164096 ----a-w- c:\windows\system32\NlsLexicons0002.dll
2009-05-10 14:26 . 2009-05-10 14:26 1452544 ----a-w- c:\windows\system32\NlsLexicons0003.dll
2009-05-10 14:26 . 2009-05-10 14:26 3419136 ----a-w- c:\windows\system32\NlsLexicons004a.dll
2009-05-10 14:25 . 2009-05-10 14:25 1702912 ----a-w- c:\windows\system32\NlsLexicons004b.dll
2009-05-10 14:25 . 2009-05-10 14:25 4093440 ----a-w- c:\windows\system32\NlsLexicons004c.dll
2009-05-10 14:25 . 2009-05-10 14:25 1972736 ----a-w- c:\windows\system32\NlsLexicons004e.dll
2009-05-10 14:25 . 2009-05-10 14:25 4045824 ----a-w- c:\windows\system32\NlsLexicons003e.dll
2009-05-10 14:25 . 2009-05-10 14:25 4096 ----a-w- c:\windows\system32\NlsLexicons002a.dll
2009-05-10 14:25 . 2009-05-10 14:25 6014976 ----a-w- c:\windows\system32\NlsLexicons001a.dll
2009-05-10 14:25 . 2009-05-10 14:25 6585856 ----a-w- c:\windows\system32\NlsLexicons001b.dll
2009-05-10 14:24 . 2009-05-10 14:24 6346240 ----a-w- c:\windows\system32\NlsLexicons001d.dll
2009-05-10 14:24 . 2009-05-10 14:24 9892864 ----a-w- c:\windows\system32\NlsLexicons000a.dll
2009-05-10 14:24 . 2009-05-10 14:24 6237696 ----a-w- c:\windows\system32\NlsLexicons000c.dll
2009-05-10 14:24 . 2009-05-10 14:24 1722368 ----a-w- c:\windows\system32\NlsLexicons000d.dll
2009-05-10 14:23 . 2009-05-10 14:23 5654528 ----a-w- c:\windows\system32\NlsLexicons000f.dll
2009-05-10 14:23 . 2009-05-10 14:23 4616192 ----a-w- c:\windows\system32\NlsLexicons0414.dll
2009-05-10 14:23 . 2009-05-10 14:23 5090816 ----a-w- c:\windows\system32\NlsLexicons0416.dll
2009-05-10 14:23 . 2009-05-10 14:23 5031936 ----a-w- c:\windows\system32\NlsLexicons0816.dll
2009-05-10 14:11 . 2009-05-10 14:11 6656 ----a-w- c:\windows\system32\kbd106n.dll
2009-05-10 14:09 . 2009-05-10 14:09 9728 ----a-w- c:\windows\system32\lsass.exe
2009-05-10 13:05 . 2009-05-10 13:05 181760 ----a-w- c:\windows\system32\fsquirt.exe
2009-05-10 13:05 . 2009-05-10 13:05 29184 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2009-05-10 13:05 . 2009-05-10 13:05 220160 ----a-w- c:\windows\system32\drivers\bthport.sys
2009-05-10 12:13 . 2009-05-10 12:13 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-05-10 11:37 . 2009-05-10 11:37 84480 ----a-w- c:\windows\system32\INETRES.dll
2009-05-10 11:32 . 2009-05-10 11:32 72704 ----a-w- c:\windows\system32\admparse.dll
2009-05-10 11:05 . 2009-05-10 11:05 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-10 11:04 . 2009-05-10 11:04 -------- d-----w- c:\program files\AVG
2009-05-10 11:04 . 2009-05-10 11:04 -------- d-----w- c:\programdata\avg8
2009-05-10 10:44 . 2009-05-10 10:44 -------- d-----w- c:\program files\MSXML 4.0
2009-05-10 10:11 . 2006-12-05 05:21 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-05-10 10:09 . 2006-12-05 05:22 -------- d-----w- c:\programdata\Symantec
2009-05-10 10:04 . 2006-12-05 05:02 319984 ----a-w- c:\windows\DIFxAPI.dll
2009-05-10 10:04 . 2006-12-05 05:02 -------- d-----w- c:\program files\Realtek
2009-05-10 09:52 . 2009-05-10 09:52 51224 ----a-w- c:\windows\system32\wuauclt.exe
2009-05-10 09:52 . 2009-05-10 09:52 43544 ----a-w- c:\windows\system32\wups2.dll
2009-05-10 09:52 . 2009-05-10 09:52 1809944 ----a-w- c:\windows\system32\wuaueng.dll
2009-05-10 09:52 . 2009-05-10 09:52 1524736 ----a-w- c:\windows\system32\wucltux.dll
2009-05-10 09:43 . 2009-05-10 09:43 83456 ----a-w- c:\windows\system32\wudriver.dll
2009-05-10 09:43 . 2009-05-10 09:43 34328 ----a-w- c:\windows\system32\wups.dll
2009-05-10 09:43 . 2009-05-10 09:43 561688 ----a-w- c:\windows\system32\wuapi.dll
2009-05-10 09:42 . 2009-05-10 09:42 31232 ----a-w- c:\windows\system32\wuapp.exe
2009-05-10 09:42 . 2009-05-10 09:42 162064 ----a-w- c:\windows\system32\wuwebv.dll
2009-05-10 09:39 . 2009-05-10 09:19 -------- d-----w- c:\program files\Acer Inc
2009-05-10 09:33 . 2006-12-05 05:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-10 09:19 . 2009-05-10 09:19 -------- d-----w- c:\programdata\InstallShield
2009-05-10 09:19 . 2006-12-05 05:02 -------- d-----w- c:\program files\Common Files\InstallShield
2009-05-10 09:19 . 2009-05-10 09:19 -------- d-----w- c:\program files\Yahoo!
2009-05-10 08:54 . 2009-05-10 08:54 3 ----a-w- c:\windows\AFirst.cmd
2009-05-10 08:54 . 2009-05-10 08:54 1390 ----a-w- c:\windows\CLEANUP.CMD
2009-04-11 06:33 . 2009-06-01 10:39 986600 ----a-w- c:\windows\system32\winload.exe
2009-04-11 06:33 . 2009-06-01 10:39 926184 ----a-w- c:\windows\system32\winresume.exe
2009-04-11 06:33 . 2009-06-01 10:38 292840 ----a-w- c:\windows\system32\drivers\volmgrx.sys
2009-04-11 06:33 . 2009-06-01 10:39 897000 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnhancedStorageShell]
@="{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}"
[HKEY_CLASSES_ROOT\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}]
2009-04-11 06:28 114176 ----a-w- c:\windows\System32\EhStorShell.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"?????????"="??????????????e" [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-11-17 453120]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-23 1948440]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"PCMService"="c:\program files\Acer\Acer Arcade\PCMService.exe" [2006-11-18 151552]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-11-22 7757824]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-28 148888]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2006-12-01 4186112]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-6-7 553021]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"BindDirectlyToPropertySetStorage"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):20,af,53,7c,a8,e2,c9,01
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{A303ACC2-9F91-49C7-BE3F-A554E47E408F}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{61BFDEBB-77AC-45B8-BF7B-50ED71CF529C}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{6A850F4E-211A-4A3D-83B2-A0C33C7D1A1B}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"{6E930E70-D766-488A-A851-DB9FAD5B7C5E}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [10/05/2009 12:04 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [10/05/2009 12:05 108552]
R2 {2FF8D163-C3C2-46ce-BD8D-D85AC1BC56DD};{2FF8D163-C3C2-46ce-BD8D-D85AC1BC56DD};c:\program files\Acer\Acer Arcade\000.fcl [05/12/2006 06:12 6656]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [10/05/2009 12:04 906520]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [10/05/2009 12:04 298776]
S3 gupdate1c9d3f942348750;Google Update Service (gupdate1c9d3f942348750);c:\program files\Google\Update\GoogleUpdate.exe [13/05/2009 19:33 133104]
S3 WSVD;WSVD;c:\windows\System32\drivers\WSVD.sys [11/05/2009 15:10 80744]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder
2009-06-29 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2009-06-27 14:19]
2009-05-14 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-13 18:32]
2009-06-07 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-06-07 17:15]
2009-06-29 c:\windows\Tasks\User_Feed_Synchronization-{469A7028-36D8-49E2-9473-FC90DEC37D59}.job
- c:\windows\system32\msfeedssync.exe [2009-05-15 07:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://uk.my.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://en.uk.acer.yahoo.com
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-29 13:24
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{2FF8D163-C3C2-46ce-BD8D-D85AC1BC56DD}]
"ImagePath"="\??\c:\program files\Acer\Acer Arcade\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-06-29 13:27
ComboFix-quarantined-files.txt 2009-06-29 12:26
Pre-Run: 14,353,776,640 bytes free
Post-Run: 14,323,814,400 bytes free
295 --- E O F --- 2009-06-27 12:55
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:34:54, on 28/06/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Users\Steve\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*http://uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.uk.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKCU\..\Run: [?????????] ??????????????e
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Update Service (gupdate1c9d3f942348750) (gupdate1c9d3f942348750) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
--
End of file - 8159 bytes