help removing w32.sillyfdc trojan

124

Comments

  • pavlovs_dog
    pavlovs_dog Posts: 10,215 Forumite
    Part of the Furniture 1,000 Posts Name Dropper Combo Breaker
    info.txt .............
    info.txt logfile of random's system information tool 1.06 2009-03-29 21:37:32

    ======Uninstall list======

    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package !!90120000-0015-0409-0000-0000000FF1CE} /uninstall !!4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package !!90120000-0016-0409-0000-0000000FF1CE} /uninstall !!4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package !!90120000-0018-0409-0000-0000000FF1CE} /uninstall !!4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package !!90120000-0019-0409-0000-0000000FF1CE} /uninstall !!4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package !!90120000-001A-0409-0000-0000000FF1CE} /uninstall !!4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package !!90120000-001B-0409-0000-0000000FF1CE} /uninstall !!4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package !!90120000-001F-0409-0000-0000000FF1CE} /uninstall !!3EC77D26-799B-4CD8-914F-C1565E796173}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package !!90120000-001F-040C-0000-0000000FF1CE} /uninstall !!430971B1-C31E-45DA-81E0-72C095BAB72C}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package !!90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package !!90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package !!90120000-0044-0409-0000-0000000FF1CE} /uninstall !!4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package !!90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package !!90120000-00A1-0409-0000-0000000FF1CE} /uninstall !!4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package !!90120000-00BA-0409-0000-0000000FF1CE} /uninstall !!4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package !!90120000-0114-0409-0000-0000000FF1CE} /uninstall !!4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package !!90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package !!90120000-0117-0409-0000-0000000FF1CE} /uninstall !!4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
    Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
    Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
    Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
    Adobe Shockwave Player-->C:\Windows\System32\Adobe\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Adobe\SHOCKW~1\Install.log
    Agere Systems PCI-SV92PP Soft Modem-->agrsmdel
    AppCore-->MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
    Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
    Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
    ArtistScope Plugin IE-->"C:\Program Files\Internet Explorer\plugins\uninstall.exe" "/U:C:\Program Files\Internet Explorer\plugins\Uninstall\uninstall.xml"
    ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
    AV-->MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
    AVS DVD Player version 2.4-->"C:\Program Files\AVS4YOU\AVSDVDPlayer\unins000.exe"
    AVS4YOU Software Navigator 1.2-->"C:\Program Files\AVS4YOU\AVSSoftwareNavigator\unins000.exe"
    Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
    ccCommon-->MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
    Cymraeg Ail Iaith - Bwyd (De) 1.3-->C:\Program Files\NGfL Cymru\Cymraeg Ail Iaith - Bwyd (De)\uninst.exe
    Cysgliad-->MsiExec.exe /I{C3556121-9628-46CD-A636-83AC0DE2521A}
    EPSON Printer Software-->C:\Windows\system32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
    Focus 500,000 Images-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{445D8BDE-8E58-418A-BAE4-2443F0D7B2A7}
    Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0531C63A913CC9D1.exe" /uninstall
    HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    iTunes-->MsiExec.exe /I{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}
    J2SE Runtime Environment 5.0 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
    LiveUpdate 3.2 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
    LiveUpdate Notice (Symantec Corporation)-->MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
    Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
    Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
    Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
    Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
    Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
    Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
    Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
    Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
    Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
    Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
    Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
    Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
    Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
    Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
    Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
    Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
    Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
    Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
    Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
    Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    MSRedist-->MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
    Norton AntiVirus-->MsiExec.exe /X{830D8CBD-C668-49e2-A969-C2C2106332E0}
    Norton Confidential Browser Component-->MsiExec.exe /I{4843B611-8FCB-4428-8C23-31D0A5EAE164}
    Norton Confidential Web Protection Component-->MsiExec.exe /I{D353CC51-430D-4C6F-9B7E-52003DA1E05A}
    Norton Internet Security (Symantec Corporation)-->"C:\Program Files\Common Files\Symantec Shared\SymSetup\!!5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_2_0_30\!!5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}.exe" /X
    Norton Internet Security-->MsiExec.exe /I{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}
    Norton Internet Security-->MsiExec.exe /I{48185814-A224-447A-81DA-71BD20580E1B}
    Norton Internet Security-->MsiExec.exe /I{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}
    Norton Internet Security-->MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
    Norton Internet Security-->MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
    Norton Protection Center-->MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}
    QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
    Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
    Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package !!90120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
    Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package !!90120000-0030-0000-0000-0000000FF1CE} /uninstall !!797AE457-BA17-4BBC-B501-25FB3A0103C7}
    Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package !!90120000-0030-0000-0000-0000000FF1CE} /uninstall !!6491B8AA-D11C-4648-A461-6234B31EB7E2}
    Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package !!90120000-0030-0000-0000-0000000FF1CE} /uninstall !!648FC016-2D6B-4A16-8D87-404533642F4B}
    Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package !!90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
    Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package !!90120000-0030-0000-0000-0000000FF1CE} /uninstall !!558B709B-821B-4FC5-90FC-9A8890641E77}
    Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package !!90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
    Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package !!90120000-0030-0000-0000-0000000FF1CE} /uninstall !!5F7F6FFF-395D-480E-8450-64F385D82C5F}
    Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package !!90120000-0030-0000-0000-0000000FF1CE} /uninstall !!885E081B-72BD-4E76-8E98-30B4BE468FAC}
    Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package !!90120000-0030-0000-0000-0000000FF1CE} /uninstall !!4551666D-0FD6-4C69-8A81-1C6F2E64517C}
    SPBBC 32bit-->MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
    Spotify-->"C:\Program Files\Spotify\uninstall.exe"
    SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
    SymNet-->MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
    Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package !!90120000-0030-0000-0000-0000000FF1CE} /uninstall !!4AD3A076-427C-491F-A5B7-7D1DE788A756}
    Update for Office 2007 (KB946691)-->msiexec /package !!90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
    Update for Outlook 2007 Junk Email Filter (kb962871)-->msiexec /package !!90120000-0030-0000-0000-0000000FF1CE} /uninstall !!297857BF-4011-449B-BD74-DB64D182821C}
    Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
    Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
    Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00}

    ======Security center information======

    AV: Norton Internet Security
    FW: Norton Internet Security
    AS: Windows Defender
    AS: SUPERAntiSpyware
    AS: Norton Internet Security (disabled)

    ======System event log======

    Computer Name: Pavilion
    Event Code: 15016
    Message: Unable to initialize the security package Kerberos for server side authentication. The data field contains the error number.
    Record Number: 94518
    Source Name: Microsoft-Windows-HttpEvent
    Time Written: 20090329090428.701809-000
    Event Type: Error
    User:

    Computer Name: Pavilion
    Event Code: 4226
    Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
    Record Number: 94639
    Source Name: Tcpip
    Time Written: 20090329131129.405171-000
    Event Type: Warning
    User:

    Computer Name: Pavilion
    Event Code: 4226
    Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
    Record Number: 94644
    Source Name: Tcpip
    Time Written: 20090329134954.606330-000
    Event Type: Warning
    User:

    Computer Name: Pavilion
    Event Code: 4226
    Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
    Record Number: 94646
    Source Name: Tcpip
    Time Written: 20090329140612.524225-000
    Event Type: Warning
    User:

    Computer Name: Pavilion
    Event Code: 4226
    Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
    Record Number: 94673
    Source Name: Tcpip
    Time Written: 20090329184111.607013-000
    Event Type: Warning
    User:

    =====Application event log=====

    Computer Name: Pavilion
    Event Code: 10
    Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
    Record Number: 33535
    Source Name: Microsoft-Windows-WMI
    Time Written: 20090328114031.000000-000
    Event Type: Error
    User:

    Computer Name: Pavilion
    Event Code: 1530
    Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

    DETAIL -
    1 user registry handles leaked from \Registry\User\S-1-5-21-436374069-115176313-1417001333-1003:
    Process 608 (\Device\HarddiskVolume1\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-436374069-115176313-1417001333-1003

    Record Number: 33540
    Source Name: Microsoft-Windows-User Profiles Service
    Time Written: 20090328114057.000000-000
    Event Type: Warning
    User: NT AUTHORITY\SYSTEM

    Computer Name: Pavilion
    Event Code: 10
    Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
    Record Number: 33576
    Source Name: Microsoft-Windows-WMI
    Time Written: 20090329080731.000000-000
    Event Type: Error
    User:

    Computer Name: Pavilion
    Event Code: 1530
    Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

    DETAIL -
    1 user registry handles leaked from \Registry\User\S-1-5-21-436374069-115176313-1417001333-1003:
    Process 604 (\Device\HarddiskVolume1\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-436374069-115176313-1417001333-1003

    Record Number: 33597
    Source Name: Microsoft-Windows-User Profiles Service
    Time Written: 20090329090231.000000-000
    Event Type: Warning
    User: NT AUTHORITY\SYSTEM

    Computer Name: Pavilion
    Event Code: 10
    Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
    Record Number: 33630
    Source Name: Microsoft-Windows-WMI
    Time Written: 20090329090514.000000-000
    Event Type: Error
    User:

    =====Security event log=====

    Computer Name: Pavilion
    Event Code: 1100
    Message: The event logging service has shut down.
    Record Number: 1271
    Source Name: Microsoft-Windows-Eventlog
    Time Written: 20090327201236.356375-000
    Event Type: Audit Success
    User:

    Computer Name: Pavilion
    Event Code: 1100
    Message: The event logging service has shut down.
    Record Number: 1272
    Source Name: Microsoft-Windows-Eventlog
    Time Written: 20090328114105.519814-000
    Event Type: Audit Success
    User:

    Computer Name: Pavilion
    Event Code: 1108
    Message: The event logging service encountered an error while processing an incoming event published from Microsoft-Windows-Security-Auditing.
    Record Number: 1273
    Source Name: Microsoft-Windows-Eventlog
    Time Written: 20090328114106.800375-000
    Event Type: Audit Success
    User:

    Computer Name: Pavilion
    Event Code: 1100
    Message: The event logging service has shut down.
    Record Number: 1274
    Source Name: Microsoft-Windows-Eventlog
    Time Written: 20090329090245.144125-000
    Event Type: Audit Success
    User:

    Computer Name: Pavilion
    Event Code: 4616
    Message: The system time was changed.

    Subject:
    Security ID: S-1-5-19
    Account Name: LOCAL SERVICE
    Account Domain: NT AUTHORITY
    Logon ID: 0x3e5

    Process Information:
    Process ID: 0x4dc
    Name: C:\Windows\System32\svchost.exe

    Previous Time: 10:02:44 AM 3/29/2009
    New Time: 10:02:44 AM 3/29/2009

    This event is generated when the system time is changed. It is normal for the Windows Time Service, which runs with System privilege, to change the system time on a regular basis. Other system time changes may be indicative of attempts to tamper with the computer.
    Record Number: 1275
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20090329090248.503500-000
    Event Type: Audit Success
    User:

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
    "PROCESSOR_ARCHITECTURE"=x86
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "USERNAME"=SYSTEM
    "windir"=%SystemRoot%
    "PROCESSOR_LEVEL"=15
    "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 7, GenuineIntel
    "PROCESSOR_REVISION"=0407
    "NUMBER_OF_PROCESSORS"=2
    "TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
    "DFSTRACINGON"=FALSE
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
    "QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

    EOF
    know thyself
    Nid wy'n gofyn bywyd moethus...
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    sorry ~ my bad

    I gave wrong prog to scan with


    * Download DDS and save it to your desktop
    * Double click on the DDS icon, allow it to run.
    * A small box will open, with an explaination about the tool. No input is needed, the scan is running.
    * Notepad will open with the results.
    * Follow the instructions that pop up for posting the results.
    * Close the program window, and delete the program from your desktop.
    :idea:
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    I assume this is a legit program~
    C:\Program Files\NGfL Cymru\Cymraeg Ail Iaith
    :idea:
  • spud17
    spud17 Posts: 4,431 Forumite
    Part of the Furniture 1,000 Posts Name Dropper Combo Breaker
    Move along, nothing to see.
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    spud17 wrote: »

    .................:p
    :idea:
  • pavlovs_dog
    pavlovs_dog Posts: 10,215 Forumite
    Part of the Furniture 1,000 Posts Name Dropper Combo Breaker
    DDS (Ver_09-03-16.01) - NTFSx86
    Run by Emma at 17:40:47.13 on 30/03/2009
    Internet Explorer: 7.0.6001.18000
    Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.959.300 [GMT 1:00]

    AV: Norton Internet Security *On-access scanning enabled* (Updated)
    FW: Norton Internet Security *enabled*

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Windows\system32\CSHelper.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\System32\spool\drivers\w32x86\3\E_FATIAIA.EXE
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
    C:\WINDOWS\system32\Macromed\Flash\FlashUtil9f.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Emma\Desktop\dds.scr
    C:\Windows\system32\conime.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uSearch Page = hxxp://www.google.com
    uStart Page = hxxp://www.google.co.uk/
    uSearch Bar = hxxp://www.google.com/ie
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Link Helper: !!18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: !!1e8a6170-7264-4d0f-beae-d42a53123c75} - c:\program files\common files\symantec shared\coshared\browser\1.5\NppBho.dll
    BHO: Groove GFS Browser Helper: !!72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: !!7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
    BHO: Windows Live Sign-in Helper: !!9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
    BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
    TB: Show Norton Toolbar: !!90222687-f593-4738-b738-fbee9c7b26df} - c:\program files\common files\symantec shared\coshared\browser\1.5\UIBHO.dll
    TB: &Google Toolbar: !!2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
    uRun: [EPSON Stylus Photo R220 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiaia.exe /fu "c:\windows\temp\E_S2C34.tmp" /EF "HKCU"
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
    mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    dRunOnce: [<NO NAME>]
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_03\bin\npjpi150_03.dll
    IE: !!2670000A-7350-4f3c-8081-5663EE0C6C49} - !!48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
    IE: !!92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    DPF: !!0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab
    DPF: !!166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: !!406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www.truprint.co.uk/TruprintActivia.cab
    DPF: !!4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/pr01/resources/VistaMSNPUplden-gb.cab
    DPF: !!6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
    DPF: !!8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    Handler: grooveLocalGWS - !!88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    SEH: SABShellExecuteHook Class: !!5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

    ============= SERVICES / DRIVERS ===============

    R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\idsdefs\20090311.001\IDSvix86.sys [2009-3-12 270384]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-3-23 9968]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 72944]
    R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2009-3-12 266240]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-2-26 101936]
    R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 7408]
    R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2007-1-9 38200]

    =============== Created Last 30 ================

    2009-03-29 09:27 <DIR> --d
    c:\programdata\SUPERAntiSpyware.com
    2009-03-29 09:27 <DIR> --d
    c:\progra~2\SUPERAntiSpyware.com
    2009-03-29 09:27 <DIR> --d
    c:\users\emma\appdata\roaming\SUPERAntiSpyware.com
    2009-03-29 09:27 <DIR> --d
    c:\program files\SUPERAntiSpyware
    2009-03-29 09:26 <DIR> --d
    c:\program files\common files\Wise Installation Wizard
    2009-03-27 20:52 49,265 a
    c:\windows\system32\jpicpl32.cpl
    2009-03-27 20:32 <DIR> --d
    C:\QWERTYexe
    2009-03-27 20:32 318,976 a
    c:\windows\system32\CF7984.exe
    2009-03-27 20:31 318,976 a
    c:\windows\system32\CF7788.exe
    2009-03-26 19:47 318,976 a
    c:\windows\system32\CF11975.exe
    2009-03-26 19:43 318,976 a
    c:\windows\system32\CF11247.exe
    2009-03-26 19:37 318,976 a
    c:\windows\system32\CF10075.exe
    2009-03-26 19:36 318,976 a
    c:\windows\system32\CF9820.exe
    2009-03-26 19:35 318,976 a
    c:\windows\system32\CF9167.exe
    2009-03-26 19:30 <DIR> --d
    c:\program files\Trend Micro
    2009-03-26 18:07 <DIR> --d
    c:\users\emma\appdata\roaming\Malwarebytes
    2009-03-26 18:07 15,504 a
    c:\windows\system32\drivers\mbam.sys
    2009-03-26 18:07 38,496 a
    c:\windows\system32\drivers\mbamswissarmy.sys
    2009-03-26 18:07 <DIR> --d
    c:\programdata\Malwarebytes
    2009-03-26 18:07 <DIR> --d
    c:\progra~2\Malwarebytes
    2009-03-26 18:07 <DIR> --d
    c:\program files\Malwarebytes' Anti-Malware
    2009-03-19 04:48 <DIR> --d
    c:\programdata\Google
    2009-03-19 04:47 <DIR> --d
    c:\windows\system32\Adobe
    2009-03-19 04:41 <DIR> --d
    c:\program files\NGfL Cymru
    2009-03-19 04:39 34,526,359 a
    c:\users\emma\cymraeg_ail_iaith_bwyd.exe
    2009-03-12 20:56 225,280 a
    c:\windows\system32\CSInstru.DLL
    2009-03-12 20:56 266,240 a
    c:\windows\system32\CSHelper.exe
    2009-03-12 20:55 1,810,304 a
    c:\users\emma\ArtistScope_IE_42.exe
    2009-03-11 06:03 7,680 a
    c:\windows\system32\spwmp.dll
    2009-03-11 06:03 4,096 a
    c:\windows\system32\msdxm.ocx
    2009-03-11 06:03 4,096 a
    c:\windows\system32\dxmasf.dll
    2009-03-11 06:03 8,147,456 a
    c:\windows\system32\wmploc.DLL
    2009-03-11 06:03 268,288 a
    c:\windows\system32\schannel.dll
    2009-03-11 06:03 2,033,152 a
    c:\windows\system32\win32k.sys
    2009-03-08 00:37 107,368 a
    c:\windows\system32\GEARAspi.dll
    2009-03-08 00:37 15,464 a
    c:\windows\system32\drivers\GEARAspiWDM.sys
    2009-03-08 00:36 <DIR> --d
    c:\program files\iPod
    2009-03-08 00:36 <DIR> --d
    c:\programdata\!!3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2009-03-08 00:36 <DIR> --d
    c:\program files\iTunes
    2009-03-08 00:36 <DIR> --d
    c:\progra~2\!!3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2009-03-08 00:35 <DIR> --d
    c:\program files\Bonjour
    2009-03-08 00:34 <DIR> --d
    c:\programdata\Apple Computer
    2009-03-08 00:32 <DIR> --d
    c:\programdata\Apple
    2009-03-08 00:30 69,076,264 a
    c:\users\emma\iTunesSetup.exe

    ==================== Find3M ====================

    2009-03-08 00:33 86,016 a
    c:\windows\inf\infstor.dat
    2009-03-08 00:33 51,200 a
    c:\windows\inf\infpub.dat
    2009-03-08 00:33 86,016 a
    c:\windows\inf\infstrng.dat
    2009-01-15 07:11 827,392 a
    c:\windows\system32\wininet.dll
    2008-10-09 18:54 2,400,784 a
    c:\users\emma\WLinstaller.exe
    2008-06-21 12:58 665,600 a
    c:\windows\inf\drvindex.dat
    2008-01-21 03:41 174 a--sh--- c:\program files\desktop.ini
    2006-11-02 13:40 287,440 a
    c:\windows\inf\perflib\0409\perfi.dat
    2006-11-02 13:40 287,440 a
    c:\windows\inf\perflib\0409\perfh.dat
    2006-11-02 13:40 30,674 a
    c:\windows\inf\perflib\0409\perfd.dat
    2006-11-02 13:40 30,674 a
    c:\windows\inf\perflib\0409\perfc.dat
    2006-11-02 10:20 287,440 a
    c:\windows\inf\perflib\0000\perfi.dat
    2006-11-02 10:20 287,440 a
    c:\windows\inf\perflib\0000\perfh.dat
    2006-11-02 10:20 30,674 a
    c:\windows\inf\perflib\0000\perfd.dat
    2006-11-02 10:20 30,674 a
    c:\windows\inf\perflib\0000\perfc.dat
    2008-10-31 18:38 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
    2008-10-31 18:38 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
    2008-10-31 18:38 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat

    ============= FINISH: 17:41:55.59 ===============
    know thyself
    Nid wy'n gofyn bywyd moethus...
  • pavlovs_dog
    pavlovs_dog Posts: 10,215 Forumite
    Part of the Furniture 1,000 Posts Name Dropper Combo Breaker
    hope that means something to you Alienrik!
    know thyself
    Nid wy'n gofyn bywyd moethus...
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    Log looks ok to me

    Id still periodically try to get COMBOFIX running if I were you (And keep running FRESH downloads as its only updated direct via the site download)
    :idea:
  • A good tip if you cannot remove something from your drive as it is embedded in windows is to download a disk bootable OS like SLAX.

    Recently Zonealarm gave me problems and windows refused to remove the faulty file.

    The eventuiality was I used Slax found the file in the windows directory and was able to delete it.

    I then rebooted and windows worked fne.

    Be warned however, there is no guarantee of windows recovery as you may delete something essential
  • aliEnRIK wrote: »
    Kaspersky is the best 'all in one' av on the market

    Whichever you choose id personally still use Malwarebytes, Superantispyware and Spybot as scanners (And spybot to prevent certain nasties infecting the HOSTS list)

    I use AVIRA anti virus myself (free version)

    Anyways, do as follows so we can see whats running behind the scenes ~
    • Click Continue at the disclaimer screen.
    • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

    I have used AVG by Grisoft for years and never a problem.

    Also its free
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 350.1K Banking & Borrowing
  • 252.8K Reduce Debt & Boost Income
  • 453.1K Spending & Discounts
  • 243.1K Work, Benefits & Business
  • 597.5K Mortgages, Homes & Bills
  • 176.5K Life & Family
  • 256.1K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 37.6K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.