Elite Member
Hi,
We have a couple of problems with our laptop
First, 9 times out of ten when selecting a search result from Google it automatically redirects to some 'shopping website'. There are two or three that it goes to but i haven't really noted their names as i assume there dodgy. The get out we go back to results page and try again. It usually goes through okay the second time.
Also, it seems the computer may have downloaded something. Every now and then what sounds like a viral advert comes on through the speakers. No pictures come up just audio. I can't see any way to turn it off or stop it.
I think we have Windows firewall running and were using Sophos. I've tried to delete Sophos and install Spybot and AVG
The is the Hijack this log which came up.
Thanks for any help
James
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 5:57:11 PM, on 12/26/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Windows\system32\conime.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIE FE.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, News, Sport, Music, Movies, Money, Cars, Shopping, Windows Live from MSN UK
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, News, Sport, Music, Movies, Money, Cars, Shopping, Windows Live from MSN UK
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: D - {403D3981-DF19-3614-9874-5955E1BB9AB3} - C:\Windows\system32\hi51992.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Wireless Manager] "C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe" startup
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [EPSON Stylus SX200 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIE FE.EXE /FU "C:\Windows\TEMP\E_SB0D8.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: AffinegyService - Affinegy, Inc. - C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
--
End of file - 6023 bytes
Dedicated Member
Visit this page below to familiarize yourself to the tool below and download from one of the links provided.
A guide and tutorial on using ComboFix
If you have previously downloaded ComboFix,please delete that version now.
It is IMPORTANT that it is saved directly to your desktop
Close any open browsers.
Disconnect from the Internet.
Please do not re-connect your machine back to the Internet until Combofix has completely finished.
Disable your antivirus program and any realtime malware scanners and script blockers now
How To Disable
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.
Do NOT post the ComboFix-quarantined-files.txt unless I ask.
Re-enable your anti-virus and re-connect back to the internet and post the combofix log.
*Note*
In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again.
Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.
ComboFix SHOULD NOT be used unless requested by a forum helper.
Elite Member
Hi,
This is my ComboFix log. Thanks, James
ComboFix 09-12-25.05 - geoff 12/26/2009 20:19:08.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3061.2005 [GMT 0:00]
Running from: c:\users\geoff\Desktop\ComboFix.exe
AV: Sophos Anti-Virus *On-access scanning enabled* (Outdated) {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\ctfmon_na.exe
c:\windows\system32\hi51992.dll
c:\windows\system32\oem13.inf
.
((((((((((((((((((((((((( Files Created from 2009-11-26 to 2009-12-26 )))))))))))))))))))))))))))))))
.
2009-12-26 20:24 . 2009-12-26 20:24 -------- d-----w- c:\users\geoff\AppData\Local\temp
2009-12-26 17:31 . 2009-12-26 17:31 388096 ----a-r- c:\users\geoff\AppData\Roaming\Microsoft\Installer \{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2009-12-26 17:31 . 2009-12-26 17:31 -------- d-----w- c:\program files\TrendMicro
2009-12-26 17:07 . 2009-12-26 17:07 -------- d-----w- C:\$AVG
2009-12-26 17:07 . 2009-12-26 17:07 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-12-26 17:07 . 2009-12-26 17:07 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-12-26 17:07 . 2009-12-26 17:07 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-12-26 17:07 . 2009-12-26 17:07 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-12-26 17:07 . 2009-12-26 17:07 -------- d-----w- c:\windows\system32\drivers\Avg
2009-12-26 17:07 . 2009-12-26 17:07 -------- d-----w- c:\program files\AVG
2009-12-26 17:07 . 2009-12-26 17:07 -------- d-----w- c:\programdata\avg9
2009-12-26 16:40 . 2009-12-26 17:42 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-12-26 16:40 . 2009-12-26 16:40 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-16 23:51 . 2009-12-17 00:00 -------- d-----w- c:\users\Guest\AppData\Roaming\skypePM
2009-12-16 23:42 . 2009-12-17 00:47 -------- d-----w- c:\users\Guest\AppData\Roaming\Skype
2009-12-16 22:42 . 2009-12-25 13:40 -------- d-----w- c:\users\geoff\AppData\Roaming\skypePM
2009-12-16 22:38 . 2009-12-25 14:02 -------- d-----w- c:\users\geoff\AppData\Roaming\Skype
2009-12-16 22:37 . 2009-12-16 22:37 -------- d-----r- c:\program files\Skype
2009-12-16 22:37 . 2009-12-16 22:37 -------- d-----w- c:\program files\Common Files\Skype
2009-12-16 22:36 . 2009-12-16 22:37 -------- d-----w- c:\programdata\Skype
2009-12-14 17:27 . 2009-12-14 17:27 -------- d-----w- c:\users\geoff\AppData\Roaming\Template
2009-12-12 06:52 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-12 06:52 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-12 06:52 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-09 15:20 . 2009-12-19 16:42 -------- d-----w- c:\users\geoff\AppData\Local\Adobe
2009-12-09 10:58 . 2009-12-09 10:59 -------- d-----w- c:\users\Guest\AppData\Local\Adobe
2009-12-09 10:56 . 2009-12-09 10:56 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-09 02:01 . 2009-12-09 02:55 -------- d-----w- c:\users\Guest\AppData\Roaming\vlc
2009-12-09 01:57 . 2009-12-09 02:01 -------- d-----w- c:\users\geoff\AppData\Roaming\vlc
2009-12-09 01:57 . 2009-12-09 01:57 -------- d-----w- c:\program files\VideoLAN
2009-12-09 01:43 . 2009-12-09 01:50 -------- d-----w- c:\users\Guest\AppData\Roaming\Media Player Classic
2009-12-09 01:43 . 2009-12-09 01:43 -------- d-----w- c:\users\Guest\mplayerc_20090706
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-12-26 16:47 . 2009-10-27 20:17 -------- d-----w- c:\program files\Sophos
2009-12-16 22:42 . 2009-12-16 22:42 56 ---ha-w- c:\programdata\ezsidmv.dat
2009-12-15 10:35 . 2009-10-15 19:18 -------- d-----w- c:\program files\Microsoft Works
2009-12-14 17:27 . 2009-12-14 17:27 0 ----a-w- c:\users\geoff\AppData\Roaming\wklnhst.dat
2009-12-10 07:30 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-11-22 03:18 . 2009-11-22 03:18 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-22 03:18 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-22 03:18 . 2009-11-22 03:18 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_ 00.Wdf
2009-11-21 06:40 . 2009-12-09 23:50 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-09 23:50 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2009-12-09 23:50 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2009-12-09 23:50 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-20 23:52 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-11-20 23:52 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-11-20 23:52 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-11-20 23:52 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-11-20 23:52 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-11-20 23:52 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-11-11 11:02 . 2009-11-11 11:02 -------- d-----w- c:\program files\epson
2009-11-11 11:01 . 2009-11-11 11:00 -------- d-----w- c:\programdata\EPSON
2009-11-11 10:32 . 2009-11-11 10:32 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_ 00.Wdf
2009-11-02 20:42 . 2009-10-28 07:04 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 09:17 . 2009-11-26 09:19 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-28 11:03 . 2009-10-28 11:03 -------- d-----w- c:\program files\MSXML 4.0
2009-10-28 10:53 . 2009-10-27 20:35 -------- d-----w- c:\program files\Kerio
2009-10-27 22:02 . 2009-10-27 22:02 68616 ----a-w- c:\users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-27 20:35 . 2009-10-27 20:35 18718 ----a-r- c:\users\geoff\AppData\Roaming\Microsoft\Installer \{00F822AD-0798-4F54-BA6B-440D0BD687D7}\NewShortcut6_00F822AD07984F54BA6B440 D0BD687D7.exe
2009-10-27 19:03 . 2009-10-15 19:07 680 ----a-w- c:\users\geoff\AppData\Local\d3d9caps.dat
2009-10-27 18:29 . 2009-10-27 18:29 61224 ----a-w- c:\users\geoff\GoToAssistDownloadHelper.exe
2009-10-15 20:13 . 2009-10-15 19:07 68616 ----a-w- c:\users\geoff\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-15 19:43 . 2009-10-15 19:43 5058 ----a-w- c:\windows\Help\hhcolreg.dat
2009-10-15 19:13 . 2009-10-15 19:13 45056 ----a-r- c:\users\geoff\AppData\Roaming\Microsoft\Installer \{42929F0F-CE14-47AF-9FC7-FF297A603021}\NewShortcut1_42929F0FCE1447AF9FC7FF2 97A603021_1.exe
2009-10-15 19:13 . 2009-10-15 19:13 10134 ----a-r- c:\users\geoff\AppData\Roaming\Microsoft\Installer \{42929F0F-CE14-47AF-9FC7-FF297A603021}\ARPPRODUCTICON.exe
2009-10-08 21:08 . 2009-11-22 03:01 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-10-08 21:08 . 2009-11-22 03:01 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 21:07 . 2009-11-22 03:01 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-10-07 11:36 . 2009-12-09 23:50 243712 ----a-w- c:\windows\system32\rastls.dll
2009-10-01 01:02 . 2009-11-22 03:01 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02 . 2009-11-22 03:01 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02 . 2009-11-22 03:01 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02 . 2009-11-22 03:01 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02 . 2009-11-22 03:01 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01 . 2009-11-22 03:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01 . 2009-11-22 03:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01 . 2009-11-22 03:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01 . 2009-11-22 03:01 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01 . 2009-11-22 03:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01 . 2009-11-22 03:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.d ll
2009-10-01 01:01 . 2009-11-22 03:01 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Wireless Manager"="c:\program files\Virgin Broadband Wireless\Wireless Manager.exe" [2008-05-26 585728]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]
"Persistence"="c:\windows\system32\igfxpers.ex e" [2008-01-02 133656]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-08 3444736]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-10-25 167936]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-12-26 2033432]
c:\users\geoff\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-6-20 1221928]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-18 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dl l
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\SAVService]
@="service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(b):eb,0e,2f,49,3d,6a,ca,01
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [12/26/2009 5:07 PM 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\drivers\avgtdix.sys [12/26/2009 5:07 PM 360584]
R1 SAVOnAccess Control;SAVOnAccess Control;c:\windows\System32\drivers\savonaccesscon trol.sys [10/27/2009 8:15 PM 80128]
R1 SAVOnAccess Filter;SAVOnAccess Filter;c:\windows\System32\drivers\savonaccessfilt er.sys [10/27/2009 8:15 PM 24064]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [12/26/2009 5:07 PM 285392]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [5/2/2008 6:09 PM 161048]
R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [9/7/2005 10:13 AM 57344]
R2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [4/6/2005 10:24 AM 86016]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [12/26/2009 4:40 PM 1153368]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\System32\drivers\IntcHdmi.sys [10/27/2009 6:36 PM 111616]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [1/21/2008 2:23 AM 21504]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
.
- - - - ORPHANS REMOVED - - - -
BHO-{403D3981-DF19-3614-9874-5955E1BB9AB3} - c:\windows\system32\hi51992.dll
************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-12-26 20:24
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-12-26 20:26:28
ComboFix-quarantined-files.txt 2009-12-26 20:26
Pre-Run: 75,104,460,800 bytes free
Post-Run: 75,368,124,416 bytes free
- - End Of File - - B8BF7302E7A4FC31677A65CAC192CF74
Dedicated Member
Anti-virus and anti-spyware needs to be disabled, combofix may of killed more bad guys.AV: Sophos Anti-Virus *On-access scanning enabled* (Outdated) {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
What is going on now?
Elite Member
Hi,
At the moment, not a lot. It seems to be ok
I didn't know about the window defender, sophos wouldn't let me turn it off or delete it
Thanks for you help
James
