help removing w32.sillyfdc trojan

pavlovs_dog

info.txt .............

info.txt logfile of random's system information tool 1.06 2009-03-29 21:37:32

======Uninstall list======

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package !!90120000-0015-0409-0000-0000000FF1CE} /uninstall !!4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package !!90120000-0016-0409-0000-0000000FF1CE} /uninstall !!4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package !!90120000-0018-0409-0000-0000000FF1CE} /uninstall !!4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package !!90120000-0019-0409-0000-0000000FF1CE} /uninstall !!4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package !!90120000-001A-0409-0000-0000000FF1CE} /uninstall !!4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package !!90120000-001B-0409-0000-0000000FF1CE} /uninstall !!4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package !!90120000-001F-0409-0000-0000000FF1CE} /uninstall !!3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package !!90120000-001F-040C-0000-0000000FF1CE} /uninstall !!430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package !!90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package !!90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package !!90120000-0044-0409-0000-0000000FF1CE} /uninstall !!4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package !!90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package !!90120000-00A1-0409-0000-0000000FF1CE} /uninstall !!4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package !!90120000-00BA-0409-0000-0000000FF1CE} /uninstall !!4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package !!90120000-0114-0409-0000-0000000FF1CE} /uninstall !!4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package !!90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package !!90120000-0117-0409-0000-0000000FF1CE} /uninstall !!4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Adobe Shockwave Player-->C:\Windows\System32\Adobe\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Adobe\SHOCKW~1\Install.log
Agere Systems PCI-SV92PP Soft Modem-->agrsmdel
AppCore-->MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArtistScope Plugin IE-->"C:\Program Files\Internet Explorer\plugins\uninstall.exe" "/U:C:\Program Files\Internet Explorer\plugins\Uninstall\uninstall.xml"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AV-->MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
AVS DVD Player version 2.4-->"C:\Program Files\AVS4YOU\AVSDVDPlayer\unins000.exe"
AVS4YOU Software Navigator 1.2-->"C:\Program Files\AVS4YOU\AVSSoftwareNavigator\unins000.exe"
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
ccCommon-->MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
Cymraeg Ail Iaith - Bwyd (De) 1.3-->C:\Program Files\NGfL Cymru\Cymraeg Ail Iaith - Bwyd (De)\uninst.exe
Cysgliad-->MsiExec.exe /I{C3556121-9628-46CD-A636-83AC0DE2521A}
EPSON Printer Software-->C:\Windows\system32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
Focus 500,000 Images-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{445D8BDE-8E58-418A-BAE4-2443F0D7B2A7}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0531C63A913CC9D1.exe" /uninstall
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
iTunes-->MsiExec.exe /I{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}
J2SE Runtime Environment 5.0 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
LiveUpdate 3.2 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation)-->MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MSRedist-->MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
Norton AntiVirus-->MsiExec.exe /X{830D8CBD-C668-49e2-A969-C2C2106332E0}
Norton Confidential Browser Component-->MsiExec.exe /I{4843B611-8FCB-4428-8C23-31D0A5EAE164}
Norton Confidential Web Protection Component-->MsiExec.exe /I{D353CC51-430D-4C6F-9B7E-52003DA1E05A}
Norton Internet Security (Symantec Corporation)-->"C:\Program Files\Common Files\Symantec Shared\SymSetup\!!5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_2_0_30\!!5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}.exe" /X
Norton Internet Security-->MsiExec.exe /I{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}
Norton Internet Security-->MsiExec.exe /I{48185814-A224-447A-81DA-71BD20580E1B}
Norton Internet Security-->MsiExec.exe /I{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}
Norton Internet Security-->MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Internet Security-->MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Protection Center-->MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package !!90120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package !!90120000-0030-0000-0000-0000000FF1CE} /uninstall !!797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package !!90120000-0030-0000-0000-0000000FF1CE} /uninstall !!6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package !!90120000-0030-0000-0000-0000000FF1CE} /uninstall !!648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package !!90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package !!90120000-0030-0000-0000-0000000FF1CE} /uninstall !!558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package !!90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package !!90120000-0030-0000-0000-0000000FF1CE} /uninstall !!5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package !!90120000-0030-0000-0000-0000000FF1CE} /uninstall !!885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package !!90120000-0030-0000-0000-0000000FF1CE} /uninstall !!4551666D-0FD6-4C69-8A81-1C6F2E64517C}
SPBBC 32bit-->MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spotify-->"C:\Program Files\Spotify\uninstall.exe"
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
SymNet-->MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package !!90120000-0030-0000-0000-0000000FF1CE} /uninstall !!4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package !!90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb962871)-->msiexec /package !!90120000-0030-0000-0000-0000000FF1CE} /uninstall !!297857BF-4011-449B-BD74-DB64D182821C}
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00}

======Security center information======

AV: Norton Internet Security
FW: Norton Internet Security
AS: Windows Defender
AS: SUPERAntiSpyware
AS: Norton Internet Security (disabled)

======System event log======

Computer Name: Pavilion
Event Code: 15016
Message: Unable to initialize the security package Kerberos for server side authentication. The data field contains the error number.
Record Number: 94518
Source Name: Microsoft-Windows-HttpEvent
Time Written: 20090329090428.701809-000
Event Type: Error
User:

Computer Name: Pavilion
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Record Number: 94639
Source Name: Tcpip
Time Written: 20090329131129.405171-000
Event Type: Warning
User:

Computer Name: Pavilion
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Record Number: 94644
Source Name: Tcpip
Time Written: 20090329134954.606330-000
Event Type: Warning
User:

Computer Name: Pavilion
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Record Number: 94646
Source Name: Tcpip
Time Written: 20090329140612.524225-000
Event Type: Warning
User:

Computer Name: Pavilion
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Record Number: 94673
Source Name: Tcpip
Time Written: 20090329184111.607013-000
Event Type: Warning
User:

=====Application event log=====

Computer Name: Pavilion
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 33535
Source Name: Microsoft-Windows-WMI
Time Written: 20090328114031.000000-000
Event Type: Error
User:

Computer Name: Pavilion
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-436374069-115176313-1417001333-1003:
Process 608 (\Device\HarddiskVolume1\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-436374069-115176313-1417001333-1003

Record Number: 33540
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20090328114057.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Pavilion
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 33576
Source Name: Microsoft-Windows-WMI
Time Written: 20090329080731.000000-000
Event Type: Error
User:

Computer Name: Pavilion
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-436374069-115176313-1417001333-1003:
Process 604 (\Device\HarddiskVolume1\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-436374069-115176313-1417001333-1003

Record Number: 33597
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20090329090231.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Pavilion
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 33630
Source Name: Microsoft-Windows-WMI
Time Written: 20090329090514.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: Pavilion
Event Code: 1100
Message: The event logging service has shut down.
Record Number: 1271
Source Name: Microsoft-Windows-Eventlog
Time Written: 20090327201236.356375-000
Event Type: Audit Success
User:

Computer Name: Pavilion
Event Code: 1100
Message: The event logging service has shut down.
Record Number: 1272
Source Name: Microsoft-Windows-Eventlog
Time Written: 20090328114105.519814-000
Event Type: Audit Success
User:

Computer Name: Pavilion
Event Code: 1108
Message: The event logging service encountered an error while processing an incoming event published from Microsoft-Windows-Security-Auditing.
Record Number: 1273
Source Name: Microsoft-Windows-Eventlog
Time Written: 20090328114106.800375-000
Event Type: Audit Success
User:

Computer Name: Pavilion
Event Code: 1100
Message: The event logging service has shut down.
Record Number: 1274
Source Name: Microsoft-Windows-Eventlog
Time Written: 20090329090245.144125-000
Event Type: Audit Success
User:

Computer Name: Pavilion
Event Code: 4616
Message: The system time was changed.

Subject:
Security ID: S-1-5-19
Account Name: LOCAL SERVICE
Account Domain: NT AUTHORITY
Logon ID: 0x3e5

Process Information:
Process ID: 0x4dc
Name: C:\Windows\System32\svchost.exe

Previous Time: 10:02:44 AM 3/29/2009
New Time: 10:02:44 AM 3/29/2009

This event is generated when the system time is changed. It is normal for the Windows Time Service, which runs with System privilege, to change the system time on a regular basis. Other system time changes may be indicative of attempts to tamper with the computer.
Record Number: 1275
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090329090248.503500-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=0407
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

---

EOF

---

aliEnRIK

sorry ~ my bad

I gave wrong prog to scan with


* Download DDS and save it to your desktop
* Double click on the DDS icon, allow it to run.
* A small box will open, with an explaination about the tool. No input is needed, the scan is running.
* Notepad will open with the results.
* Follow the instructions that pop up for posting the results.
* Close the program window, and delete the program from your desktop.

aliEnRIK

I assume this is a legit program~
C:\Program Files\NGfL Cymru\Cymraeg Ail Iaith

spud17

Look yer boyo,

http://www.wjec.co.uk/index.php?nav=14&news=21

aliEnRIK

spud17 wrote: »

Look yer boyo,

http://www.wjec.co.uk/index.php?nav=14&news=21

.................:p

pavlovs_dog

DDS (Ver_09-03-16.01) - NTFSx86
Run by Emma at 17:40:47.13 on 30/03/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.959.300 [GMT 1:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated)
FW: Norton Internet Security *enabled*

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\CSHelper.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIAIA.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\WINDOWS\system32\Macromed\Flash\FlashUtil9f.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Emma\Desktop\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.co.uk/
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: !!18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: !!1e8a6170-7264-4d0f-beae-d42a53123c75} - c:\program files\common files\symantec shared\coshared\browser\1.5\NppBho.dll
BHO: Groove GFS Browser Helper: !!72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: !!7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: !!9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
TB: Show Norton Toolbar: !!90222687-f593-4738-b738-fbee9c7b26df} - c:\program files\common files\symantec shared\coshared\browser\1.5\UIBHO.dll
TB: &Google Toolbar: !!2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [EPSON Stylus Photo R220 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiaia.exe /fu "c:\windows\temp\E_S2C34.tmp" /EF "HKCU"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRunOnce: [<NO NAME>]
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_03\bin\npjpi150_03.dll
IE: !!2670000A-7350-4f3c-8081-5663EE0C6C49} - !!48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: !!92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: !!0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab
DPF: !!166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: !!406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www.truprint.co.uk/TruprintActivia.cab
DPF: !!4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/pr01/resources/VistaMSNPUplden-gb.cab
DPF: !!6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: !!8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - !!88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: !!5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\idsdefs\20090311.001\IDSvix86.sys [2009-3-12 270384]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-3-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 72944]
R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2009-3-12 266240]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-2-26 101936]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 7408]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2007-1-9 38200]

=============== Created Last 30 ================

2009-03-29 09:27 <DIR> --d

---

c:\programdata\SUPERAntiSpyware.com
2009-03-29 09:27 <DIR> --d

---

c:\progra~2\SUPERAntiSpyware.com
2009-03-29 09:27 <DIR> --d

---

c:\users\emma\appdata\roaming\SUPERAntiSpyware.com
2009-03-29 09:27 <DIR> --d

---

c:\program files\SUPERAntiSpyware
2009-03-29 09:26 <DIR> --d

---

c:\program files\common files\Wise Installation Wizard
2009-03-27 20:52 49,265 a

---

c:\windows\system32\jpicpl32.cpl
2009-03-27 20:32 <DIR> --d

---

C:\QWERTYexe
2009-03-27 20:32 318,976 a

---

c:\windows\system32\CF7984.exe
2009-03-27 20:31 318,976 a

---

c:\windows\system32\CF7788.exe
2009-03-26 19:47 318,976 a

---

c:\windows\system32\CF11975.exe
2009-03-26 19:43 318,976 a

---

c:\windows\system32\CF11247.exe
2009-03-26 19:37 318,976 a

---

c:\windows\system32\CF10075.exe
2009-03-26 19:36 318,976 a

---

c:\windows\system32\CF9820.exe
2009-03-26 19:35 318,976 a

---

c:\windows\system32\CF9167.exe
2009-03-26 19:30 <DIR> --d

---

c:\program files\Trend Micro
2009-03-26 18:07 <DIR> --d

---

c:\users\emma\appdata\roaming\Malwarebytes
2009-03-26 18:07 15,504 a

---

c:\windows\system32\drivers\mbam.sys
2009-03-26 18:07 38,496 a

---

c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-26 18:07 <DIR> --d

---

c:\programdata\Malwarebytes
2009-03-26 18:07 <DIR> --d

---

c:\progra~2\Malwarebytes
2009-03-26 18:07 <DIR> --d

---

c:\program files\Malwarebytes' Anti-Malware
2009-03-19 04:48 <DIR> --d

---

c:\programdata\Google
2009-03-19 04:47 <DIR> --d

---

c:\windows\system32\Adobe
2009-03-19 04:41 <DIR> --d

---

c:\program files\NGfL Cymru
2009-03-19 04:39 34,526,359 a

---

c:\users\emma\cymraeg_ail_iaith_bwyd.exe
2009-03-12 20:56 225,280 a

---

c:\windows\system32\CSInstru.DLL
2009-03-12 20:56 266,240 a

---

c:\windows\system32\CSHelper.exe
2009-03-12 20:55 1,810,304 a

---

c:\users\emma\ArtistScope_IE_42.exe
2009-03-11 06:03 7,680 a

---

c:\windows\system32\spwmp.dll
2009-03-11 06:03 4,096 a

---

c:\windows\system32\msdxm.ocx
2009-03-11 06:03 4,096 a

---

c:\windows\system32\dxmasf.dll
2009-03-11 06:03 8,147,456 a

---

c:\windows\system32\wmploc.DLL
2009-03-11 06:03 268,288 a

---

c:\windows\system32\schannel.dll
2009-03-11 06:03 2,033,152 a

---

c:\windows\system32\win32k.sys
2009-03-08 00:37 107,368 a

---

c:\windows\system32\GEARAspi.dll
2009-03-08 00:37 15,464 a

---

c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-08 00:36 <DIR> --d

---

c:\program files\iPod
2009-03-08 00:36 <DIR> --d

---

c:\programdata\!!3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-03-08 00:36 <DIR> --d

---

c:\program files\iTunes
2009-03-08 00:36 <DIR> --d

---

c:\progra~2\!!3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-03-08 00:35 <DIR> --d

---

c:\program files\Bonjour
2009-03-08 00:34 <DIR> --d

---

c:\programdata\Apple Computer
2009-03-08 00:32 <DIR> --d

---

c:\programdata\Apple
2009-03-08 00:30 69,076,264 a

---

c:\users\emma\iTunesSetup.exe

==================== Find3M ====================

2009-03-08 00:33 86,016 a

---

c:\windows\inf\infstor.dat
2009-03-08 00:33 51,200 a

---

c:\windows\inf\infpub.dat
2009-03-08 00:33 86,016 a

---

c:\windows\inf\infstrng.dat
2009-01-15 07:11 827,392 a

---

c:\windows\system32\wininet.dll
2008-10-09 18:54 2,400,784 a

---

c:\users\emma\WLinstaller.exe
2008-06-21 12:58 665,600 a

---

c:\windows\inf\drvindex.dat
2008-01-21 03:41 174 a--sh--- c:\program files\desktop.ini
2006-11-02 13:40 287,440 a

---

c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 13:40 287,440 a

---

c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 13:40 30,674 a

---

c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 13:40 30,674 a

---

c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 10:20 287,440 a

---

c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:20 287,440 a

---

c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:20 30,674 a

---

c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:20 30,674 a

---

c:\windows\inf\perflib\0000\perfc.dat
2008-10-31 18:38 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-10-31 18:38 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-10-31 18:38 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat

============= FINISH: 17:41:55.59 ===============

pavlovs_dog

hope that means something to you Alienrik!

aliEnRIK

Log looks ok to me

Id still periodically try to get COMBOFIX running if I were you (And keep running FRESH downloads as its only updated direct via the site download)

need_an_original_namexx

A good tip if you cannot remove something from your drive as it is embedded in windows is to download a disk bootable OS like SLAX.

Recently Zonealarm gave me problems and windows refused to remove the faulty file.

The eventuiality was I used Slax found the file in the windows directory and was able to delete it.

I then rebooted and windows worked fne.

Be warned however, there is no guarantee of windows recovery as you may delete something essential

a.hamilton123

aliEnRIK wrote: »

Kaspersky is the best 'all in one' av on the market

Whichever you choose id personally still use Malwarebytes, Superantispyware and Spybot as scanners (And spybot to prevent certain nasties infecting the HOSTS list)

I use AVIRA anti virus myself (free version)

Anyways, do as follows so we can see whats running behind the scenes ~

• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

I have used AVG by Grisoft for years and never a problem.

Also its free