We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Have I still got a virus?
Comments
-
ComboFix 09-04-04.01 - 2009-04-12 11:54:15.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1014.541 [GMT 1:00]
Running from: c:\documents and settings\\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated)
* Created a new restore point
.
The following files were disabled during the run:
c:\program files\iolo\Common\Lib\sguard.dll
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\Downloaded Program Files\Quarantine
.
((((((((((((((((((((((((( Files Created from 2009-03-12 to 2009-04-12 )))))))))))))))))))))))))))))))
.
2009-04-12 09:09 . 2009-04-12 09:09 <DIR> d
c:\documents and settings\\Application Data\Uniblue
2009-04-11 13:38 . 2009-04-11 13:38 <DIR> d
c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-11 13:37 . 2009-04-11 19:47 <DIR> d
c:\program files\SUPERAntiSpyware
2009-04-11 13:37 . 2009-04-11 13:37 <DIR> d
c:\documents and settings\\Application Data\SUPERAntiSpyware.com
2009-04-10 09:41 . 2009-04-10 09:41 <DIR> d
c:\program files\Avira
2009-04-10 09:41 . 2009-04-10 09:41 <DIR> d
c:\documents and settings\All Users\Application Data\Avira
2009-04-10 09:41 . 2009-02-13 11:31 55,640 --a
c:\windows\system32\drivers\avgntflt.sys
2009-04-09 18:31 . 2009-04-08 21:03 102,664 --a
c:\windows\system32\drivers\tmcomm.sys
2009-04-08 21:02 . 2009-04-09 18:01 <DIR> d
c:\documents and settings\\.housecall6.6
2009-04-08 07:47 . 2009-04-08 07:21 344,064 --a
c:\windows\system32\rmsality.nt
2009-03-30 17:29 . 2009-01-09 20:19 1,089,593
c--- c:\windows\system32\dllcache\ntprint.cat
2009-03-29 21:00 . 2009-03-29 21:00 <DIR> d
c:\windows\system32\XPSViewer
2009-03-29 21:00 . 2009-03-29 21:00 <DIR> d
c:\program files\Reference Assemblies
2009-03-29 21:00 . 2009-03-29 21:00 <DIR> d
c:\program files\MSBuild
2009-03-29 20:59 . 2009-03-29 20:59 <DIR> d
C:\6bb73318d93fc341f8c8d091
2009-03-29 20:59 . 2008-07-06 13:06 1,676,288
c:\windows\system32\xpssvcs.dll
2009-03-29 20:59 . 2008-07-06 13:06 1,676,288
c--- c:\windows\system32\dllcache\xpssvcs.dll
2009-03-29 20:59 . 2008-07-06 11:50 597,504
c--- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-03-29 20:59 . 2008-07-06 13:06 575,488
c:\windows\system32\xpsshhdr.dll
2009-03-29 20:59 . 2008-07-06 13:06 575,488
c--- c:\windows\system32\dllcache\xpsshhdr.dll
2009-03-29 20:59 . 2008-07-06 13:06 117,760
c:\windows\system32\prntvpt.dll
2009-03-29 20:59 . 2008-07-06 13:06 89,088
c--- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-03-28 13:15 . 2005-04-26 02:27 <DIR> d
c:\documents and settings\LogMeInRemoteUser.YOUR-1BC170725A\WINDOWS
2009-03-28 13:15 . 2005-05-10 10:07 <DIR> d
c:\documents and settings\LogMeInRemoteUser.YOUR-1BC170725A\Application Data\SampleView
2009-03-28 13:15 . 2009-03-28 13:15 <DIR> d
c:\documents and settings\LogMeInRemoteUser.YOUR-1BC170725A
2009-03-28 13:13 . 2009-04-10 11:19 <DIR> d
c:\program files\LogMeIn
2009-03-28 13:13 . 2008-10-16 21:35 87,352 --a
c:\windows\system32\LMIinit.dll
2009-03-28 13:13 . 2008-10-16 21:35 83,288 --a
c:\windows\system32\LMIRfsClientNP.dll
2009-03-28 13:13 . 2008-07-24 19:46 47,640 --a
c:\windows\system32\drivers\LMIRfsDriver.sys
2009-03-28 13:13 . 2008-10-16 21:35 28,984 --a
c:\windows\system32\LMIport.dll
2009-03-21 16:19 . 2009-03-21 17:10 <DIR> d
c:\program files\MSN Messenger
2009-03-18 19:00 . 2009-03-21 15:32 <DIR> d
c:\documents and settings\\Tracing
2009-03-18 18:54 . 2009-03-20 07:41 <DIR> d
c:\program files\Microsoft Silverlight
2009-03-18 18:53 . 2006-11-29 14:06 3,426,072 --a
c:\windows\system32\d3dx9_32.dll
2009-03-18 18:39 . 2009-03-18 18:39 <DIR> d
c:\program files\Common Files\Windows Live
2009-03-17 17:58 . 2009-03-17 17:58 54,156 --ah
c:\windows\QTFont.qfn
2009-03-17 17:58 . 2009-03-17 17:58 1,409 --a
c:\windows\QTFont.for
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-12 10:13
d
w c:\program files\Common Files\Logitech
2009-04-12 10:11
d
w c:\program files\Logitech
2009-04-12 10:07
d
w c:\program files\Malwarebytes' Anti-Malware
2009-04-11 12:37
d
w c:\program files\Common Files\Wise Installation Wizard
2009-04-08 05:53
d
w c:\program files\a-squared Free
2009-04-07 21:54
d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-07 21:54
d
w c:\program files\SpywareBlaster
2009-04-06 14:32 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 14:32 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-03-29 07:40
d
w c:\program files\Common Files\Adobe
2009-03-21 15:16
d
w c:\program files\Windows Live
2009-02-20 19:03
d
w c:\documents and settings\\Application Data\uTorrent
2009-02-20 18:19 266,240 ----a-w c:\windows\system32\CSHelper.exe
2009-02-20 18:19 225,280 ----a-w c:\windows\system32\CSInstru.DLL
2009-02-15 17:50
d
w c:\program files\jessops
2009-02-15 17:16
d
w c:\program files\GolfSR12_DL
2009-02-15 17:07
d
w c:\program files\mpegable
2009-02-15 17:04
d
w c:\program files\Kodak
2009-02-15 17:01
d
w c:\program files\Google
2009-02-15 08:17 50,632 ----a-w c:\documents and settings\\Application Data\mdbu.bin
2009-02-14 13:35 17,801 ----a-w c:\windows\system32\drivers\AegisP.sys
2009-02-14 13:32
d--h--w c:\program files\InstallShield Installation Information
2009-02-14 13:32
d
w c:\program files\NETGEAR
2009-02-14 07:51
d
w c:\program files\Bonusprint
2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys
2006-02-18 08:42 49,216 -c--a-w c:\documents and settings\\Application Data\GDIPFONTCACHEV1.DAT
2006-02-18 08:33 3,368 -c--a-w c:\documents and settings\Application Data\wklnhst.dat
2005-09-04 17:06 0 -csha-w c:\windows\SMINST\HPCD.sys
2002-04-16 11:27 5 --sha-w c:\windows\system32\CdI5T.drv
2005-11-24 20:33 56 -csh--r c:\windows\system32\DC756AA11E.sys
2005-11-24 20:33 3,350 -csha-w c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SMSystemAnalyzer"="c:\program files\iolo\System Mechanic 6\SMSystemAnalyzer.exe" [2006-12-20 557056]
"PanelApp"="c:\documents and settings\\Local Settings\Application Data\Valued Opinions\PanelApp\PanelApp.exe" [2007-01-03 31232]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-04-11 1830128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-11-15 135168]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"CHotkey"="zHotkey.exe" [2004-05-17 c:\windows\zHotkey.exe]
"ShowWnd"="ShowWnd.exe" [2003-09-19 c:\windows\ShowWnd.exe]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-08-12 c:\windows\system32\Hdaudpropshortcut.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-10-21 c:\windows\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2004-10-21 c:\windows\ALCWZRD.EXE]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
TabUserW.exe.lnk - c:\windows\system32\WTablet\TabUserW.exe [2006-02-16 114688]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-16 21:35 87352 c:\windows\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0smrgdf c:\program files\iolo\System Mechanic 6"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger Agent.lnk]
backup=c:\windows\pss\Logitech Desktop Messenger Agent.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmileboxTray
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a
2005-09-09 01:18 57344 c:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJLaunchEXE]
--a
2002-12-20 14:26 716800 c:\program files\Canon\BJCard\BJLaunch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
2005-04-08 14:09 102400 c:\program files\epson\Creativity Suite\Event Manager\EEventManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a
2007-11-15 14:11 267048 c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a
2008-06-08 10:31 2221352 c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a
2008-06-19 10:53 570664 c:\program files\Common Files\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a
2007-11-15 00:43 286720 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra
2008-11-18 17:31 21633320 c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
--a
2004-01-26 11:38 866816 c:\program files\Thomson\SpeedTouch USB\dragdiag.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AIM95\\aim.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-02-17 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-02-17 55024]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-04-10 108289]
R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2009-02-20 266240]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [2008-07-24 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-03-28 47640]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2009-02-14 17149]
S3 PanelSvc;PanelSvc;c:\program files\Valued Opinions\PanelApp\PanelSvc.exe [2007-05-17 77312]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\drivers\WPN111.sys [2009-02-14 362944]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
--- Other Services/Drivers In Memory ---
*Deregistered* - mchInjDrv
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{490b7ced-c691-11d9-b332-806d6172696f}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
.
Contents of the 'Scheduled Tasks' folder
2009-04-07 c:\windows\Tasks\WebReg .job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2007-03-11 22:27]
.
- - - - ORPHANS REMOVED - - - -
ShellIconOverlayIdentifiers-{B8A03725-03B9-485F-BB22-E848799D4C2A} - (no file)
HKLM-Run-Logitech Hardware Abstraction Layer - KHALMNPR.EXE
MSConfigStartUp-LDM - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
MSConfigStartUp-SystemGuardAlerter - SystemGuardAlerter.exe
.
Supplementary Scan
.
uStart Page = hxxp://www.tesco.com/
uInternet Settings,ProxyOverride = localhost
IE: &eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
DPF: PCPitstop-Tracks-Checker - hxxp://www.pcpitstop.com/privacy/PCPTracks.cab
DPF: {0CFA086E-6336-4D95-B6AA-90F564E99631} - hxxp://www.shopandscan.com/TNSClicker.CAB
DPF: {92E7E45A-D8C8-480E-AF99-176E43997CAA} - hxxp://www.pixdiscount.co.uk/clients/ImageUploader3.cab
DPF: {A9FD89D6-C839-11D3-B0FE-0050044B8FE9} - hxxp://www.opinionbar.com/download/resources/OBInstallCabinet.CAB
DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} - hxxp://drm1.reelsurvey.com/ePlayer/V3_2_0_0/ACNePlayer.cab
.
.
File Associations
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-12 11:57:26
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_USERS\S-1-5-21-3945789179-4150180528-3565565448-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
DLLs Loaded Under Running Processes
- - - - - - - > 'winlogon.exe'(652)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
c:\program files\iolo\Common\Lib\sguard.dll
- - - - - - - > 'lsass.exe'(708)
c:\program files\iolo\Common\Lib\sguard.dll
- - - - - - - > 'csrss.exe'(628)
c:\program files\iolo\Common\Lib\sguard.dll
.
Completion time: 2009-04-12 11:59:47
ComboFix-quarantined-files.txt 2009-04-12 10:59:44
Pre-Run: 216,570,925,056 bytes free
Post-Run: 216,563,322,880 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
247 --- E O F --- 2009-04-11 18:51:180 -
Thank you AlienRIK for your help and advice. I have done all of the above. I had read in a previous post from you about taking off AVG and installing AVIRA which I did do but unfortunately I read it wrong and had used the AVG bit 32 remover BEFORE I removed the AVG!!!! Hope the above is ok! Many thanks Margaret0
-
Dont worry about the AVG part
Open notepad and copy/paste the text in RED below
File::
c:\windows\QTFont.qfn
c:\windows\QTFont.for
Save this as "CFScript"
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply
Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
then ~
Run a KASPERSKY ONLINE SCAN
Post the results here
:idea:0 -
Forgot to add ~ make you you click to scan MY COMPUTER with the kaspersky scan:idea:0
-
ComboFix 09-04-04.01 - 2009-04-12 12:16:04.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1014.532 [GMT 1:00]
Running from: c:\documents and settings\\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated)
* Created a new restore point
FILE ::
c:\windows\QTFont.for
c:\windows\QTFont.qfn
.
The following files were disabled during the run:
c:\program files\iolo\Common\Lib\sguard.dll
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\QTFont.for
c:\windows\QTFont.qfn
.
((((((((((((((((((((((((( Files Created from 2009-03-12 to 2009-04-12 )))))))))))))))))))))))))))))))
.
2009-04-12 09:09 . 2009-04-12 09:09 <DIR> d
c:\documents and settings\\Application Data\Uniblue
2009-04-11 13:38 . 2009-04-11 13:38 <DIR> d
c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-11 13:37 . 2009-04-11 19:47 <DIR> d
c:\program files\SUPERAntiSpyware
2009-04-11 13:37 . 2009-04-11 13:37 <DIR> d
c:\documents and settings\\Application Data\SUPERAntiSpyware.com
2009-04-10 09:41 . 2009-04-10 09:41 <DIR> d
c:\program files\Avira
2009-04-10 09:41 . 2009-04-10 09:41 <DIR> d
c:\documents and settings\All Users\Application Data\Avira
2009-04-10 09:41 . 2009-02-13 11:31 55,640 --a
c:\windows\system32\drivers\avgntflt.sys
2009-04-09 18:31 . 2009-04-08 21:03 102,664 --a
c:\windows\system32\drivers\tmcomm.sys
2009-04-08 21:02 . 2009-04-09 18:01 <DIR> d
c:\documents and settings\\.housecall6.6
2009-04-08 07:47 . 2009-04-08 07:21 344,064 --a
c:\windows\system32\rmsality.nt
2009-03-30 17:29 . 2009-01-09 20:19 1,089,593
c--- c:\windows\system32\dllcache\ntprint.cat
2009-03-29 21:00 . 2009-03-29 21:00 <DIR> d
c:\windows\system32\XPSViewer
2009-03-29 21:00 . 2009-03-29 21:00 <DIR> d
c:\program files\Reference Assemblies
2009-03-29 21:00 . 2009-03-29 21:00 <DIR> d
c:\program files\MSBuild
2009-03-29 20:59 . 2009-03-29 20:59 <DIR> d
C:\6bb73318d93fc341f8c8d091
2009-03-29 20:59 . 2008-07-06 13:06 1,676,288
c:\windows\system32\xpssvcs.dll
2009-03-29 20:59 . 2008-07-06 13:06 1,676,288
c--- c:\windows\system32\dllcache\xpssvcs.dll
2009-03-29 20:59 . 2008-07-06 11:50 597,504
c--- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-03-29 20:59 . 2008-07-06 13:06 575,488
c:\windows\system32\xpsshhdr.dll
2009-03-29 20:59 . 2008-07-06 13:06 575,488
c--- c:\windows\system32\dllcache\xpsshhdr.dll
2009-03-29 20:59 . 2008-07-06 13:06 117,760
c:\windows\system32\prntvpt.dll
2009-03-29 20:59 . 2008-07-06 13:06 89,088
c--- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-03-28 13:15 . 2005-04-26 02:27 <DIR> d
c:\documents and settings\LogMeInRemoteUser.YOUR-1BC170725A\WINDOWS
2009-03-28 13:15 . 2005-05-10 10:07 <DIR> d
c:\documents and settings\LogMeInRemoteUser.YOUR-1BC170725A\Application Data\SampleView
2009-03-28 13:15 . 2009-03-28 13:15 <DIR> d
c:\documents and settings\LogMeInRemoteUser.YOUR-1BC170725A
2009-03-28 13:13 . 2009-04-10 11:19 <DIR> d
c:\program files\LogMeIn
2009-03-28 13:13 . 2008-10-16 21:35 87,352 --a
c:\windows\system32\LMIinit.dll
2009-03-28 13:13 . 2008-10-16 21:35 83,288 --a
c:\windows\system32\LMIRfsClientNP.dll
2009-03-28 13:13 . 2008-07-24 19:46 47,640 --a
c:\windows\system32\drivers\LMIRfsDriver.sys
2009-03-28 13:13 . 2008-10-16 21:35 28,984 --a
c:\windows\system32\LMIport.dll
2009-03-21 16:19 . 2009-03-21 17:10 <DIR> d
c:\program files\MSN Messenger
2009-03-18 19:00 . 2009-03-21 15:32 <DIR> d
c:\documents and settings\\Tracing
2009-03-18 18:54 . 2009-03-20 07:41 <DIR> d
c:\program files\Microsoft Silverlight
2009-03-18 18:53 . 2006-11-29 14:06 3,426,072 --a
c:\windows\system32\d3dx9_32.dll
2009-03-18 18:39 . 2009-03-18 18:39 <DIR> d
c:\program files\Common Files\Windows Live
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-12 10:13
d
w c:\program files\Common Files\Logitech
2009-04-12 10:11
d
w c:\program files\Logitech
2009-04-12 10:07
d
w c:\program files\Malwarebytes' Anti-Malware
2009-04-11 12:37
d
w c:\program files\Common Files\Wise Installation Wizard
2009-04-08 05:53
d
w c:\program files\a-squared Free
2009-04-07 21:54
d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-07 21:54
d
w c:\program files\SpywareBlaster
2009-04-06 14:32 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 14:32 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-03-29 07:40
d
w c:\program files\Common Files\Adobe
2009-03-21 15:16
d
w c:\program files\Windows Live
2009-02-20 19:03
d
w c:\documents and settings\\Application Data\uTorrent
2009-02-20 18:19 266,240 ----a-w c:\windows\system32\CSHelper.exe
2009-02-20 18:19 225,280 ----a-w c:\windows\system32\CSInstru.DLL
2009-02-15 17:50
d
w c:\program files\jessops
2009-02-15 17:16
d
w c:\program files\GolfSR12_DL
2009-02-15 17:07
d
w c:\program files\mpegable
2009-02-15 17:04
d
w c:\program files\Kodak
2009-02-15 17:01
d
w c:\program files\Google
2009-02-15 08:17 50,632 ----a-w c:\documents and settings\\Application Data\mdbu.bin
2009-02-14 13:35 17,801 ----a-w c:\windows\system32\drivers\AegisP.sys
2009-02-14 13:32
d--h--w c:\program files\InstallShield Installation Information
2009-02-14 13:32
d
w c:\program files\NETGEAR
2009-02-14 07:51
d
w c:\program files\Bonusprint
2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys
2006-02-18 08:42 49,216 -c--a-w c:\documents and settings\\Application Data\GDIPFONTCACHEV1.DAT
2006-02-18 08:33 3,368 -c--a-w c:\documents and settings\\Application Data\wklnhst.dat
2005-09-04 17:06 0 -csha-w c:\windows\SMINST\HPCD.sys
2002-04-16 11:27 5 --sha-w c:\windows\system32\CdI5T.drv
2005-11-24 20:33 56 -csh--r c:\windows\system32\DC756AA11E.sys
2005-11-24 20:33 3,350 -csha-w c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SMSystemAnalyzer"="c:\program files\iolo\System Mechanic 6\SMSystemAnalyzer.exe" [2006-12-20 557056]
"PanelApp"="c:\documents and settings\\Local Settings\Application Data\Valued Opinions\PanelApp\PanelApp.exe" [2007-01-03 31232]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-04-11 1830128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-11-15 135168]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"CHotkey"="zHotkey.exe" [2004-05-17 c:\windows\zHotkey.exe]
"ShowWnd"="ShowWnd.exe" [2003-09-19 c:\windows\ShowWnd.exe]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-08-12 c:\windows\system32\Hdaudpropshortcut.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-10-21 c:\windows\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2004-10-21 c:\windows\ALCWZRD.EXE]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
TabUserW.exe.lnk - c:\windows\system32\WTablet\TabUserW.exe [2006-02-16 114688]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-16 21:35 87352 c:\windows\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0smrgdf c:\program files\iolo\System Mechanic 6
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger Agent.lnk]
backup=c:\windows\pss\Logitech Desktop Messenger Agent.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a
2005-09-09 01:18 57344 c:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJLaunchEXE]
--a
2002-12-20 14:26 716800 c:\program files\Canon\BJCard\BJLaunch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
2005-04-08 14:09 102400 c:\program files\epson\Creativity Suite\Event Manager\EEventManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a
2007-11-15 14:11 267048 c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a
2008-06-08 10:31 2221352 c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a
2008-06-19 10:53 570664 c:\program files\Common Files\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a
2007-11-15 00:43 286720 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra
2008-11-18 17:31 21633320 c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
--a
2004-01-26 11:38 866816 c:\program files\Thomson\SpeedTouch USB\dragdiag.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AIM95\\aim.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-02-17 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-02-17 55024]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-04-10 108289]
R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2009-02-20 266240]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [2008-07-24 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-03-28 47640]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2009-02-14 17149]
S3 PanelSvc;PanelSvc;c:\program files\Valued Opinions\PanelApp\PanelSvc.exe [2007-05-17 77312]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\drivers\WPN111.sys [2009-02-14 362944]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
--- Other Services/Drivers In Memory ---
*Deregistered* - mchInjDrv
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{490b7ced-c691-11d9-b332-806d6172696f}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
.
Contents of the 'Scheduled Tasks' folder
2009-04-07 c:\windows\Tasks\WebReg .job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2007-03-11 22:27]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.tesco.com/
uInternet Settings,ProxyOverride = localhost
IE: &eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
DPF: PCPitstop-Tracks-Checker - hxxp://www.pcpitstop.com/privacy/PCPTracks.cab
DPF: {0CFA086E-6336-4D95-B6AA-90F564E99631} - hxxp://www.shopandscan.com/TNSClicker.CAB
DPF: {92E7E45A-D8C8-480E-AF99-176E43997CAA} - hxxp://www.pixdiscount.co.uk/clients/ImageUploader3.cab
DPF: {A9FD89D6-C839-11D3-B0FE-0050044B8FE9} - hxxp://www.opinionbar.com/download/resources/OBInstallCabinet.CAB
DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} - hxxp://drm1.reelsurvey.com/ePlayer/V3_2_0_0/ACNePlayer.cab
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-12 12:19:09
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_USERS\S-1-5-21-3945789179-4150180528-3565565448-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
DLLs Loaded Under Running Processes
- - - - - - - > 'winlogon.exe'(652)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
c:\program files\iolo\Common\Lib\sguard.dll
- - - - - - - > 'lsass.exe'(708)
c:\program files\iolo\Common\Lib\sguard.dll
- - - - - - - > 'csrss.exe'(628)
c:\program files\iolo\Common\Lib\sguard.dll
.
Completion time: 2009-04-12 12:21:01
ComboFix-quarantined-files.txt 2009-04-12 11:20:58
ComboFix2.txt 2009-04-12 10:59:48
Pre-Run: 216,553,254,912 bytes free
Post-Run: 216,537,300,992 bytes free
228 --- E O F --- 2009-04-11 18:51:180 -
Just downloading the files now to run KASPERSKY ONLINE Scan. So far it has now given me the option to scan my computer. Maybe it will when it has downloaded all the files
Yes scanning my computer now!!0 -
Sunday, April 12, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Sunday, April 12, 2009 05:23:56
Records in database: 2036368
Scan settingsScan using the following databaseextendedScan archivesyesScan mail databasesyesScan areaMy ComputerC:\
\
E:\
F:\
G:\
H:\
I:\
J:\ Scan statisticsFiles scanned120454Threat name0Infected objects0Suspicious objects0Duration of the scan01:55:48
No malware has been detected. The scan area is clean.The selected area was scanned.0 -
Download CCLEANER (Make sure you click 'DOWNLOAD LATEST VERSION' ~ make sure YAHOO TOOLBAR is unticked on installation)
http://www.filehippo.com/download_ccleaner/
Run the CLEANER scan (UNTICK 'cookies')
Then run the REGISTRY scan (Backup the registry when it asks)
Then your good to go :idea:0 -
Thank you so much AlienRIK for all your help and advice!!
I already have CCleaner downloaded so I will run it now.
You have been very busy on the boards today I see!! Thanks again for taking the time to help me out!It is very much appreciated! Margaret :beer:0 -
No worries Margaret :idea:0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.5K Banking & Borrowing
- 253.7K Reduce Debt & Boost Income
- 454.5K Spending & Discounts
- 245.5K Work, Benefits & Business
- 601.5K Mortgages, Homes & Bills
- 177.6K Life & Family
- 259.5K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards