We’d like to remind Forumites to please avoid political debate on the Forum.

This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.

📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

Hijack this help

1456810

Comments

  • tranmererovers
    tranmererovers Posts: 2,313 Forumite
    Part of the Furniture 1,000 Posts Combo Breaker
    tranmererovers wrote: »
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\!!7bef049a-2c00-11dc-a1ea-000e505b3b81}]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Toy.exe
    .

    there is no space in the word 'currentversion'. It is not there when I edit it but seems to be there when I preview and submit the post :confused:
    It's easier to get forgiveness than to ask permission ;)
  • tranmererovers
    tranmererovers Posts: 2,313 Forumite
    Part of the Furniture 1,000 Posts Combo Breaker
    Reluctant_spender wrote: »
    Your friend use AOL?

    There appears to be lots of entries for that.

    That bloody entry is still there - [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\!!7bef049a-2c00-11dc-a1ea-000e505b3b81}]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Toy.exe

    Can you show all files and then search for Toy.exe.

    What else is wrong?

    No they don't use AOL so I am going to uninstall all AOL programs for them.

    Have searched for toy.exe (including all hidden and system files) and it returned nothing.

    It all seems to be working ok now with the exception of the usb drives (for mouse and usb pen!)
    It's easier to get forgiveness than to ask permission ;)
  • tranmererovers
    tranmererovers Posts: 2,313 Forumite
    Part of the Furniture 1,000 Posts Combo Breaker
    Only noticed that space as I was scrutinising for the entry. Shall I re run combofix and change the last script you suggested to remove the space??



    Quote:
    KillAll::

    Registry::
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\!!7bef049a-2c00-11dc-a1ea-000e505b3b81}]

    It's put it back in again!!!!!!!
    It's easier to get forgiveness than to ask permission ;)
  • Reluctant_spender
    Reluctant_spender Posts: 2,785 Forumite
    Part of the Furniture Combo Breaker
    Can you follow the below path

    C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Toy.exe


    That file does not appear to be doing anything and nothing is flagging it up. I think we leave it.
  • tranmererovers
    tranmererovers Posts: 2,313 Forumite
    Part of the Furniture 1,000 Posts Combo Breaker
    Reluctant_spender wrote: »
    Can you follow the below path

    C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Toy.exe




    That file does not appear to be doing anything and nothing is flagging it up. I think we leave it.

    Thanks again for your quick response!

    Hi, by 'follow the below path', I have gone into explorer and found a c:\windows\system32\rundll32.exe and a shell32.exe as files but nothing else.

    Was that what you meant?
    It's easier to get forgiveness than to ask permission ;)
  • Reluctant_spender
    Reluctant_spender Posts: 2,785 Forumite
    Part of the Furniture Combo Breaker
    Exactly what I meant - not sure why it's still showing.
  • tranmererovers
    tranmererovers Posts: 2,313 Forumite
    Part of the Furniture 1,000 Posts Combo Breaker
    Reluctant_spender wrote: »
    Exactly what I meant - not sure why it's still showing.

    So do I need to rerun combofix and take the space out of that word :confused: or do you think we are all done and dusted now?
    (apart from the problem with the usb drives which I will start a separate thread for once this one has closed :D )
    It's easier to get forgiveness than to ask permission ;)
  • Reluctant_spender
    Reluctant_spender Posts: 2,785 Forumite
    Part of the Furniture Combo Breaker
    You mean the space in the word current?
    KillAll::

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\!!7bef049a-2c00-11dc-a1ea-000e505b3b81}]
  • tranmererovers
    tranmererovers Posts: 2,313 Forumite
    Part of the Furniture 1,000 Posts Combo Breaker
    yes! That's the one!
    It's easier to get forgiveness than to ask permission ;)
  • tranmererovers
    tranmererovers Posts: 2,313 Forumite
    Part of the Furniture 1,000 Posts Combo Breaker
    Thanks reluctant spender for all your help!

    Have rerun combofix (removing the space!) But as you can see from the log it is still there.

    ComboFix 08-10-27.02 - another 2008-10-30 12:14:38.5 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.34 [GMT 0:00]
    Running from: C:\Documents and Settings\another\Desktop\ComboFix.exe
    Command switches used :: C:\Documents and Settings\another\Desktop\CFScript.txt
    * Created a new restore point
    .

    ((((((((((((((((((((((((( Files Created from 2008-09-28 to 2008-10-30 )))))))))))))))))))))))))))))))
    .

    2008-10-28 22:47 . 2008-10-28 22:47 <DIR> d
    C:\Program Files\Belarc
    2008-10-27 22:24 . 2008-10-27 22:24 410,976 --a
    C:\WINDOWS\SYSTEM32\deploytk.dll
    2008-10-27 22:24 . 2008-10-27 22:24 73,728 --a
    C:\WINDOWS\SYSTEM32\javacpl.cpl
    2008-10-27 22:01 . 2001-08-17 13:28 794,654 --a
    C:\WINDOWS\SYSTEM32\DLLCACHE\usr1801.sys
    2008-10-27 22:00 . 2001-08-17 22:36 386,560 --a
    C:\WINDOWS\SYSTEM32\DLLCACHE\sgiul50.dll
    2008-10-27 21:59 . 2001-08-17 13:28 899,146 --a
    C:\WINDOWS\SYSTEM32\DLLCACHE\r2mdkxga.sys
    2008-10-27 21:58 . 2001-08-17 14:05 351,616 --a
    C:\WINDOWS\SYSTEM32\DLLCACHE\ovcodek2.sys
    2008-10-27 21:57 . 2002-08-29 04:00 1,875,968 --a
    C:\WINDOWS\SYSTEM32\DLLCACHE\msir3jp.lex
    2008-10-27 21:56 . 2002-08-29 04:00 1,158,818 --a
    C:\WINDOWS\SYSTEM32\DLLCACHE\korwbrkr.lex
    2008-10-27 21:55 . 2002-08-29 04:00 10,129,408 --a
    C:\WINDOWS\SYSTEM32\DLLCACHE\hwxkor.dll
    2008-10-27 21:54 . 2001-08-17 14:56 1,733,120 --a
    C:\WINDOWS\SYSTEM32\DLLCACHE\g400d.dll
    2008-10-27 21:53 . 2001-08-17 12:14 952,007 --a
    C:\WINDOWS\SYSTEM32\DLLCACHE\diwan.sys
    2008-10-27 21:52 . 2002-08-29 04:00 1,677,824 --a
    C:\WINDOWS\SYSTEM32\DLLCACHE\chsbrkr.dll
    2008-10-27 21:51 . 2001-08-17 13:28 871,388 --a
    C:\WINDOWS\SYSTEM32\DLLCACHE\bcmdm.sys
    2008-10-27 21:50 . 2001-08-17 13:28 762,780 --a
    C:\WINDOWS\SYSTEM32\DLLCACHE\3cwmcru.sys
    2008-10-27 21:49 . 2001-08-17 14:56 66,048 --a
    C:\WINDOWS\SYSTEM32\DLLCACHE\s3legacy.dll
    2008-10-23 20:34 . 2008-10-23 20:34 <DIR> d
    C:\WINDOWS\SYSTEM32\scripting
    2008-10-23 20:34 . 2008-10-23 20:34 <DIR> d
    C:\WINDOWS\SYSTEM32\en
    2008-10-23 20:34 . 2008-10-23 20:34 <DIR> d
    C:\WINDOWS\l2schemas
    2008-10-22 10:59 . 2008-04-14 00:12 712,704
    C:\WINDOWS\SYSTEM32\windowscodecs.dll
    2008-10-22 10:59 . 2008-04-14 00:12 346,112
    C:\WINDOWS\SYSTEM32\windowscodecsext.dll
    2008-10-22 10:59 . 2008-04-14 00:12 276,992
    C:\WINDOWS\SYSTEM32\wmphoto.dll
    2008-10-22 10:59 . 2008-04-14 00:12 69,120
    C:\WINDOWS\SYSTEM32\wlanapi.dll
    2008-10-22 10:59 . 2008-04-14 00:12 69,120 --a
    C:\WINDOWS\SYSTEM32\DLLCACHE\wlanapi.dll
    2008-10-22 10:59 . 2008-04-14 00:12 53,248
    C:\WINDOWS\SYSTEM32\tsgqec.dll
    2008-10-22 10:59 . 2008-04-14 00:12 53,248 --a
    C:\WINDOWS\SYSTEM32\DLLCACHE\tsgqec.dll
    2008-10-22 10:59 . 2008-04-14 00:12 50,688
    C:\WINDOWS\SYSTEM32\tspkg.dll
    2008-10-22 10:59 . 2008-04-14 00:12 50,688 --a
    C:\WINDOWS\SYSTEM32\DLLCACHE\tspkg.dll
    2008-10-22 10:57 . 2008-04-14 00:09 13,463,552 --a
    C:\WINDOWS\SYSTEM32\DLLCACHE\hwxjpn.dll
    2008-10-22 10:56 . 2008-04-13 16:36 144,384
    C:\WINDOWS\SYSTEM32\DRIVERS\hdaudbus.sys
    2008-10-22 10:55 . 2008-04-14 00:11 650,752
    C:\WINDOWS\SYSTEM32\dot3ui.dll
    2008-10-22 10:54 . 2008-04-14 00:11 136,192 --a
    C:\WINDOWS\SYSTEM32\DLLCACHE\aaclient.dll
    2008-10-22 10:54 . 2008-04-14 00:11 136,192
    C:\WINDOWS\SYSTEM32\aaclient.dll
    2008-10-18 10:58 . 2008-10-18 10:58 <DIR> d--hs---- C:\Documents and Settings\another\UserData
    2008-10-17 18:32 . 2008-08-14 10:09 2,145,280 --a
    C:\WINDOWS\SYSTEM32\DLLCACHE\ntkrnlmp.exe
    2008-10-17 18:32 . 2008-08-14 09:33 2,023,936 --a
    C:\WINDOWS\SYSTEM32\DLLCACHE\ntkrpamp.exe
    2008-10-16 21:22 . 2008-10-25 21:18 1,393 --a
    C:\WINDOWS\imsins.BAK
    2008-10-14 21:47 . 2008-10-14 21:47 <DIR> d
    C:\WINDOWS\ERUNT
    2008-10-14 21:42 . 2008-10-15 19:04 <DIR> d
    C:\SDFix
    2008-10-13 21:36 . 2008-10-26 12:40 <DIR> d--h
    C:\$AVG8.VAULT$
    2008-10-11 11:19 . 2008-10-23 22:06 <DIR> d
    C:\Documents and Settings\NetworkService\Application Data\yahoo!
    2008-10-11 11:06 . 2008-10-26 12:41 <DIR> d
    C:\WINDOWS\SYSTEM32\DRIVERS\Avg
    2008-10-11 11:06 . 2008-10-11 11:06 <DIR> d
    C:\Program Files\AVG
    2008-10-11 11:06 . 2008-10-11 11:06 <DIR> d
    C:\Documents and Settings\All Users\Application Data\avg8
    2008-10-11 11:06 . 2008-10-11 11:06 97,928 --a
    C:\WINDOWS\SYSTEM32\DRIVERS\avgldx86.sys
    2008-10-11 11:06 . 2008-10-11 11:06 76,040 --a
    C:\WINDOWS\SYSTEM32\DRIVERS\avgtdix.sys
    2008-10-11 11:06 . 2008-10-11 11:06 10,520 --a
    C:\WINDOWS\SYSTEM32\avgrsstx.dll
    2008-10-11 11:00 . 2004-10-15 17:32 83,096 --a
    C:\WINDOWS\SYSTEM32\SSSensor.dll
    2008-10-11 11:00 . 2004-10-15 17:17 60,496 --a
    C:\WINDOWS\SYSTEM32\DRIVERS\Teefer.sys
    2008-10-11 11:00 . 2004-10-15 17:18 21,075 --a
    C:\WINDOWS\SYSTEM32\DRIVERS\wpsdrvnt.sys
    2008-10-11 11:00 . 2004-10-15 17:32 14,568 --a
    C:\WINDOWS\SYSTEM32\DRIVERS\wg6n.sys
    2008-10-11 11:00 . 2004-10-15 17:32 14,568 --a
    C:\WINDOWS\SYSTEM32\DRIVERS\wg5n.sys
    2008-10-11 11:00 . 2004-10-15 17:32 14,568 --a
    C:\WINDOWS\SYSTEM32\DRIVERS\wg4n.sys
    2008-10-11 11:00 . 2004-10-15 17:32 14,568 --a
    C:\WINDOWS\SYSTEM32\DRIVERS\wg3n.sys
    2008-10-11 10:59 . 2008-10-11 10:59 <DIR> d
    C:\Program Files\Sygate
    2008-10-11 10:50 . 2008-10-11 10:50 <DIR> d
    C:\Program Files\Lavasoft
    2008-10-11 10:50 . 2008-10-11 10:53 <DIR> d
    C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-10-11 10:48 . 2008-10-11 10:59 <DIR> d
    C:\Program Files\Common Files\Wise Installation Wizard
    2008-10-11 10:33 . 2008-10-26 07:54 <DIR> d-a
    C:\Documents and Settings\All Users\Application Data\TEMP
    2008-10-11 10:32 . 2008-10-11 10:32 <DIR> d
    C:\Program Files\SpywareBlaster
    2008-10-11 10:23 . 2008-10-11 10:25 <DIR> d
    C:\Program Files\Spybot - Search & Destroy
    2008-10-11 10:23 . 2008-10-15 18:05 <DIR> d
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-10-11 09:41 . 2008-10-11 09:41 <DIR> d
    C:\Documents and Settings\Administrator\Application Data\Malwarebytes
    2008-10-11 09:39 . 2004-09-24 16:05 <DIR> d
    C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver
    2008-10-11 09:39 . 2004-09-24 16:07 <DIR> d
    C:\Documents and Settings\Administrator\Application Data\Sonic
    2008-10-11 09:39 . 2004-09-24 16:02 <DIR> d
    C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
    2008-10-11 09:39 . 2004-09-24 16:07 <DIR> d
    C:\Documents and Settings\Administrator\Application Data\AOL
    2008-10-11 09:39 . 2008-10-11 09:39 <DIR> d
    C:\Documents and Settings\Administrator
    2008-10-11 09:35 . 2008-10-15 20:53 <DIR> d
    C:\Program Files\Malwarebytes' Anti-Malware
    2008-10-11 09:35 . 2008-10-11 09:35 <DIR> d
    C:\Documents and Settings\another\Application Data\Malwarebytes
    2008-10-11 09:35 . 2008-10-11 09:35 <DIR> d
    C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-10-11 09:35 . 2008-09-09 23:07 38,528 --a
    C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys
    2008-10-11 09:35 . 2008-09-09 23:07 17,200 --a
    C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys
    2008-10-11 09:32 . 2008-10-11 09:32 <DIR> d
    C:\Program Files\Trend Micro
    2008-09-30 20:51 . 2008-09-30 20:51 <DIR> d
    C:\Program Files\Samsung
    2008-09-30 20:02 . 2008-09-30 20:02 <DIR> d
    C:\Program Files\Windows Media Connect 2
    2008-09-30 20:00 . 2008-09-30 20:00 <DIR> d
    C:\WINDOWS\SYSTEM32\LogFiles
    2008-09-30 20:00 . 2008-09-30 20:01 <DIR> d
    C:\WINDOWS\SYSTEM32\DRIVERS\UMDF
    2008-09-30 19:15 . 2006-05-03 21:53 174,592 --a
    C:\WINDOWS\SYSTEM32\framedyn.dll
    2008-09-30 19:14 . 2008-09-30 19:15 <DIR> d
    C:\WINDOWS\SYSTEM32\Samsung_USB_Drivers
    2008-09-30 19:14 . 2006-07-24 15:05 5,632 --a
    C:\WINDOWS\SYSTEM32\DRIVERS\StarOpen.sys
    2008-09-30 19:14 . 2005-08-28 19:51 766 --a
    C:\WINDOWS\SYSTEM32\Uninstall.ico

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-29 23:15
    d--h--w C:\Program Files\InstallShield Installation Information
    2008-10-27 22:24
    d
    w C:\Program Files\Java
    2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
    2008-09-01 19:13
    d
    w C:\Documents and Settings\another\Application Data\AdobeUM
    .

    ((((((((((((((((((((((((((((( snapshot_2008-10-28_10.21.16.18 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-04-13 18:36:41 37,248 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\isapnp.sys
    + 2008-04-13 19:36:42 37,248 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\isapnp.sys
    - 2008-04-13 18:36:44 68,224 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\pci.sys
    + 2008-04-13 19:36:44 68,224 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\pci.sys
    - 2008-04-13 18:45:37 59,520 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\usbhub.sys
    + 2008-04-13 19:45:38 59,520 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\usbhub.sys
    - 2008-04-13 18:45:36 143,872 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\usbport.sys
    + 2008-04-13 19:45:36 143,872 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\usbport.sys
    - 2008-04-13 18:45:35 20,608 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\usbuhci.sys
    + 2008-04-13 19:45:36 20,608 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\usbuhci.sys
    - 2008-04-14 00:12:08 74,240 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\usbui.dll
    + 2008-04-14 01:12:08 74,240 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\usbui.dll
    - 2008-04-13 18:36:41 37,248 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\isapnp.sys
    + 2008-04-13 19:36:42 37,248 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\isapnp.sys
    - 2008-04-13 18:36:44 68,224 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\pci.sys
    + 2008-04-13 19:36:44 68,224 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\pci.sys
    - 2008-04-13 18:45:37 59,520 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\usbhub.sys
    + 2008-04-13 19:45:38 59,520 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\usbhub.sys
    - 2008-04-13 18:45:36 143,872 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\usbport.sys
    + 2008-04-13 19:45:36 143,872 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\usbport.sys
    - 2008-04-13 18:45:35 20,608 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\usbuhci.sys
    + 2008-04-13 19:45:36 20,608 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\usbuhci.sys
    + 2008-04-13 18:36:44 68,224 ----a-w C:\WINDOWS\SYSTEM32\ReinstallBackups\0001\DriverFiles\i386\pci.sys
    + 2008-04-13 18:36:41 37,248 ----a-w C:\WINDOWS\SYSTEM32\ReinstallBackups\0003\DriverFiles\i386\isapnp.sys
    + 2008-04-13 18:45:37 59,520 ----a-w C:\WINDOWS\SYSTEM32\ReinstallBackups\0004\DriverFiles\i386\usbhub.sys
    + 2008-04-13 18:45:36 143,872 ----a-w C:\WINDOWS\SYSTEM32\ReinstallBackups\0004\DriverFiles\i386\usbport.sys
    + 2008-04-13 18:45:35 20,608 ----a-w C:\WINDOWS\SYSTEM32\ReinstallBackups\0004\DriverFiles\i386\usbuhci.sys
    + 2008-04-14 00:12:08 74,240 ----a-w C:\WINDOWS\SYSTEM32\ReinstallBackups\0004\DriverFiles\i386\usbui.dll
    + 2008-04-13 19:45:38 59,520 ----a-w C:\WINDOWS\SYSTEM32\ReinstallBackups\0006\DriverFiles\i386\usbhub.sys
    + 2008-04-13 19:45:36 143,872 ----a-w C:\WINDOWS\SYSTEM32\ReinstallBackups\0006\DriverFiles\i386\usbport.sys
    + 2008-04-13 19:45:36 20,608 ----a-w C:\WINDOWS\SYSTEM32\ReinstallBackups\0006\DriverFiles\i386\usbuhci.sys
    + 2008-04-14 01:12:08 74,240 ----a-w C:\WINDOWS\SYSTEM32\ReinstallBackups\0006\DriverFiles\i386\usbui.dll
    + 2008-04-13 19:45:38 59,520 ----a-w C:\WINDOWS\SYSTEM32\ReinstallBackups\0007\DriverFiles\i386\usbhub.sys
    + 2008-04-13 19:45:36 143,872 ----a-w C:\WINDOWS\SYSTEM32\ReinstallBackups\0007\DriverFiles\i386\usbport.sys
    + 2008-04-13 19:45:36 20,608 ----a-w C:\WINDOWS\SYSTEM32\ReinstallBackups\0007\DriverFiles\i386\usbuhci.sys
    + 2008-04-14 01:12:08 74,240 ----a-w C:\WINDOWS\SYSTEM32\ReinstallBackups\0007\DriverFiles\i386\usbui.dll
    - 2008-04-14 00:12:08 74,240 ----a-w C:\WINDOWS\SYSTEM32\usbui.dll
    + 2008-04-14 01:12:08 74,240 ----a-w C:\WINDOWS\SYSTEM32\usbui.dll
    + 2008-10-30 12:24:54 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_5fc.dat
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 1695232]
    "STManager"="C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" [2003-10-16 118784]
    "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" [2005-08-31 2478080]
    "NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2004-09-07 1871872]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 290816]
    "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 53248]
    "IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184]
    "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-03-15 122933]
    "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
    "AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2004-02-25 496752]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-09-24 98304]
    "EPSON Stylus C64 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" [2003-05-27 99840]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
    "PinnacleDriverCheck"="C:\WINDOWS\System32\PSDrvCheck.exe" [2004-03-10 406016]
    "REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
    "SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
    "YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 129536]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-07-16 180269]
    "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 94208]
    "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 77824]
    "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 114688]
    "EPSON Stylus Photo R220 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE" [2005-03-09 98304]
    "SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 2577632]
    "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-10-11 1234712]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-10-27 136600]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 15360]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-12-14 113664]
    AOL 9.0 Tray Icon.lnk - C:\Program Files\AOL 9.0\aoltray.exe [2004-09-24 156784]
    BT Yahoo! Help.lnk - C:\Program Files\BT Yahoo\BT Yahoo Help\bin\matcli.exe [2005-05-21 217088]
    Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe [2002-01-09 200704]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.MJPG"= Pvmjpg21.dll
    "VIDC.PIM1"= pclepim1.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YPAGER.EXE"=
    "C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\SpeedTouch\\Dr SpeedTouch\\drst.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
    "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-10-11 97928]
    R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-10-11 875288]
    R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-11 231704]
    R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-10-11 76040]
    R2 JavaQuickStarterService;Java Quick Starter;C:\Program Files\Java\jre6\bin\jqs.exe [2008-10-27 152984]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\!!7bef049a-2c00-11dc-a1ea-000e505b3b81}]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Toy.exe
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-30 12:29:01
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\vsdatant]
    "ImagePath"=""
    .
    Other Running Processes
    .
    C:\Program Files\Sygate\SPF\Smc.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\WINDOWS\SYSTEM32\MsPMSPSv.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\WINDOWS\SYSTEM32\wscntfy.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
    .
    **************************************************************************
    .
    Completion time: 2008-10-30 12:42:02 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-10-30 12:41:39
    ComboFix2.txt 2008-10-28 10:23:09
    ComboFix3.txt 2008-10-18 10:21:45
    ComboFix4.txt 2008-10-15 22:04:55
    ComboFix5.txt 2008-10-30 12:11:32

    Pre-Run: 10,914,385,920 bytes free
    Post-Run: 10,930,941,952 bytes free

    239 --- E O F --- 2008-10-25 21:19:05

    *goes off muttering expletives under her breath*
    It's easier to get forgiveness than to ask permission ;)
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 352.3K Banking & Borrowing
  • 253.6K Reduce Debt & Boost Income
  • 454.3K Spending & Discounts
  • 245.3K Work, Benefits & Business
  • 601K Mortgages, Homes & Bills
  • 177.5K Life & Family
  • 259.1K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16K Discuss & Feedback
  • 37.7K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture