We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Windows Update Problem
Comments
-
Hi Rik - done the full Kaspersky online scan - took two hours. Nothing detected (so no log to post!)
Is there anything else you can think of?
Thanks
If at first you don't succeed, then sky-diving isn't for you0 -
Use the Norton removal tool (Still some in there)
http://service1.symantec.com/Support/tsgeninfo.nsf/docid/2005033108162039
Open notepad and copy/paste the text in RED below
File::
c:\windows\System32\ieUnatt.exe
C:\sqmdata02.sqm
C:\sqmnoopt02.sqm
C:\sqmdata01.sqm
C:\sqmnoopt01.sqm
C:\sqmdata00.sqm
C:\sqmnoopt00.sqm
C:\sqmdata19.sqm
C:\sqmnoopt19.sqm
C:\sqmdata18.sqm
C:\sqmnoopt18.sqm
C:\sqmdata17.sqm
C:\sqmnoopt17.sqm
C:\sqmdata16.sqm
C:\sqmnoopt16.sqm
C:\sqmdata15.sqm
C:\sqmnoopt15.sqm
C:\sqmdata14.sqm
C:\sqmnoopt14.sqm
C:\sqmdata13.sqm
C:\sqmnoopt13.sqm
C:\sqmdata12.sqm
C:\sqmnoopt12.sqm
C:\sqmdata11.sqm
C:\sqmnoopt11.sqm
C:\sqmdata10.sqm
C:\sqmnoopt10.sqm
C:\sqmdata09.sqm
C:\sqmnoopt09.sqm
C:\sqmdata08.sqm
C:\sqmnoopt08.sqm
C:\sqmdata07.sqm
C:\sqmnoopt07.sqm
C:\sqmdata06.sqm
C:\sqmnoopt06.sqm
C:\sqmdata05.sqm
C:\sqmnoopt05.sqm
C:\sqmdata04.sqm
C:\sqmnoopt04.sqm
C:\sqmdata03.sqm
C:\sqmnoopt03.sqm
Dirlook::
c:\programdata\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
Save this as "CFScript"
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply
Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
Download CCLEANER (Make sure you click 'DOWNLOAD LATEST VERSION' ~ make sure YAHOO TOOLBAR is unticked on installation)
http://www.filehippo.com/download_ccleaner/
Run the CLEANER scan (UNTICK 'cookies')
Then run the REGISTRY scan (Backup the registry when it asks)
reboot
Download GLARY UTILITIES (Make sure you click 'DOWNLOAD NOW' ~ UNTICK the ASK toolbar on installation)
http://www.download.com/Glary-Utilities/3000-2094_4-10508531.html
Run the ONE CLICK scan:idea:0 -
Norton removal tool done.
Combo fix done - log:
ComboFix 09-04-25.01 - Jojo 24/04/2009 18:27.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2038.1015 [GMT 1:00]
Running from: c:\users\Jojo\Downloads\ComboFix.exe
Command switches used :: c:\users\Jojo\Desktop\CFScript.txt
FW: ZoneAlarm Firewall *enabled*
FILE ::
C:\sqmdata00.sqm
C:\sqmdata01.sqm
C:\sqmdata02.sqm
C:\sqmdata03.sqm
C:\sqmdata04.sqm
C:\sqmdata05.sqm
C:\sqmdata06.sqm
C:\sqmdata07.sqm
C:\sqmdata08.sqm
C:\sqmdata09.sqm
C:\sqmdata10.sqm
C:\sqmdata11.sqm
C:\sqmdata12.sqm
C:\sqmdata13.sqm
C:\sqmdata14.sqm
C:\sqmdata15.sqm
C:\sqmdata16.sqm
C:\sqmdata17.sqm
C:\sqmdata18.sqm
C:\sqmdata19.sqm
C:\sqmnoopt00.sqm
C:\sqmnoopt01.sqm
C:\sqmnoopt02.sqm
C:\sqmnoopt03.sqm
C:\sqmnoopt04.sqm
C:\sqmnoopt05.sqm
C:\sqmnoopt06.sqm
C:\sqmnoopt07.sqm
C:\sqmnoopt08.sqm
C:\sqmnoopt09.sqm
C:\sqmnoopt10.sqm
C:\sqmnoopt11.sqm
C:\sqmnoopt12.sqm
C:\sqmnoopt13.sqm
C:\sqmnoopt14.sqm
C:\sqmnoopt15.sqm
C:\sqmnoopt16.sqm
C:\sqmnoopt17.sqm
C:\sqmnoopt18.sqm
C:\sqmnoopt19.sqm
c:\windows\System32\ieUnatt.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\sqmdata00.sqm
C:\sqmdata01.sqm
C:\sqmdata02.sqm
C:\sqmdata03.sqm
C:\sqmdata04.sqm
C:\sqmdata05.sqm
C:\sqmdata06.sqm
C:\sqmdata07.sqm
C:\sqmdata08.sqm
C:\sqmdata09.sqm
C:\sqmdata10.sqm
C:\sqmdata11.sqm
C:\sqmdata12.sqm
C:\sqmdata13.sqm
C:\sqmdata14.sqm
C:\sqmdata15.sqm
C:\sqmdata16.sqm
C:\sqmdata17.sqm
C:\sqmdata18.sqm
C:\sqmdata19.sqm
C:\sqmnoopt00.sqm
C:\sqmnoopt01.sqm
C:\sqmnoopt02.sqm
C:\sqmnoopt03.sqm
C:\sqmnoopt04.sqm
C:\sqmnoopt05.sqm
C:\sqmnoopt06.sqm
C:\sqmnoopt07.sqm
C:\sqmnoopt08.sqm
C:\sqmnoopt09.sqm
C:\sqmnoopt10.sqm
C:\sqmnoopt11.sqm
C:\sqmnoopt12.sqm
C:\sqmnoopt13.sqm
C:\sqmnoopt14.sqm
C:\sqmnoopt15.sqm
C:\sqmnoopt16.sqm
C:\sqmnoopt17.sqm
C:\sqmnoopt18.sqm
C:\sqmnoopt19.sqm
c:\windows\System32\ieUnatt.exe
.
((((((((((((((((((((((((( Files Created from 2009-05-24 to 2009-4-24 )))))))))))))))))))))))))))))))
.
2009-04-24 17:13 . 2009-04-24 17:13
d
w c:\programdata\NortonInstaller
2009-04-21 18:33 . 2008-04-07 04:38 22872 ----a-r c:\windows\system32\AdobePDFUI.dll
2009-04-19 17:05 . 2009-04-19 17:13
d
w c:\users\Jojo\AppData\Local\Paint.NET
2009-04-17 16:22 . 2009-04-17 16:22
d
w c:\programdata\FLEXnet
2009-04-16 15:10 . 2009-03-03 04:46 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-04-16 15:10 . 2009-03-03 04:46 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-04-16 15:10 . 2009-03-03 04:39 551424 ----a-w c:\windows\system32\rpcss.dll
2009-04-16 15:10 . 2009-03-03 03:04 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-04-16 15:10 . 2009-03-03 04:39 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-04-16 15:10 . 2009-03-03 04:39 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-04-16 15:10 . 2009-03-03 04:37 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-04-16 15:10 . 2009-03-03 04:37 54784 ----a-w c:\windows\system32\iasads.dll
2009-04-16 15:10 . 2009-03-03 04:37 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-04-16 15:10 . 2009-03-03 02:38 17408 ----a-w c:\windows\system32\iashost.exe
2009-04-16 15:10 . 2008-12-06 04:42 376832 ----a-w c:\windows\system32\winhttp.dll
2009-04-16 15:00 . 2009-02-13 08:49 1255936 ----a-w c:\windows\system32\lsasrv.dll
2009-04-16 15:00 . 2009-02-13 08:49 72704 ----a-w c:\windows\system32\secur32.dll
2009-04-16 15:00 . 2009-03-17 03:38 13824 ----a-w c:\windows\system32\apilogen.dll
2009-04-16 15:00 . 2009-03-17 03:38 24064 ----a-w c:\windows\system32\amxread.dll
2009-04-16 14:59 . 2008-06-06 03:27 38912 ----a-w c:\windows\system32\xolehlp.dll
2009-04-16 14:59 . 2008-06-06 03:27 562176 ----a-w c:\windows\system32\msdtcprx.dll
2009-04-14 11:41 . 2009-04-14 11:41
d
w c:\programdata\SUPERAntiSpyware.com
2009-04-14 11:41 . 2009-04-14 11:41
d
w c:\users\Jojo\AppData\Roaming\SUPERAntiSpyware.com
2009-04-08 21:15 . 2009-03-19 15:32 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-04-08 21:15 . 2008-04-17 11:12 107368 ----a-w c:\windows\system32\GEARAspi.dll
2009-04-08 21:14 . 2009-04-08 21:15
d
w c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-24 17:32 . 2008-01-05 02:02
d
w c:\programdata\Kontiki
2009-04-24 17:20 . 2008-03-02 23:17 352614 ---ha-w c:\windows\system32\drivers\vsconfig.xml
2009-04-23 10:14 . 2007-05-30 13:04 319456 ----a-w c:\windows\DIFxAPI.dll
2009-04-20 14:33 . 2008-03-02 19:14
d
w c:\programdata\Spybot - Search & Destroy
2009-04-20 13:22 . 2008-11-19 19:01
d
w c:\program files\Malwarebytes' Anti-Malware
2009-04-19 17:06 . 2009-04-19 17:06
d
w c:\program files\Paint.NET
2009-04-17 16:21 . 2007-12-27 19:31 97696 ----a-w c:\users\Jojo\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-17 16:14 . 2008-08-30 11:39 7511846 ----a-w c:\windows\Internet Logs\tvDebug.zip
2009-04-17 16:11 . 2008-03-10 11:21
d
w c:\program files\Common Files\Adobe
2009-04-17 16:11 . 2009-04-17 16:11
d
w c:\program files\Common Files\Macrovision Shared
2009-04-17 16:10 . 2006-11-02 10:25 86016 ----a-w c:\windows\Inf\infstor.dat
2009-04-17 16:10 . 2006-11-02 10:25 51200 ----a-w c:\windows\Inf\infpub.dat
2009-04-17 16:10 . 2006-11-02 10:25 143360 ----a-w c:\windows\Inf\infstrng.dat
2009-04-17 15:43 . 2009-03-02 20:29
d
w c:\users\Jojo\AppData\Roaming\Download Manager
2009-04-16 18:18 . 2006-11-02 11:18
d
w c:\program files\Windows Mail
2009-04-16 15:14 . 2007-05-31 14:27
d
w c:\programdata\Microsoft Help
2009-04-15 17:03 . 2007-05-30 12:47
d
w c:\program files\Java
2009-04-14 11:41 . 2009-04-14 11:41
d
w c:\program files\SUPERAntiSpyware
2009-04-14 11:40 . 2009-04-14 11:40
d
w c:\program files\Common Files\Wise Installation Wizard
2009-04-08 21:15 . 2009-04-08 21:14
d
w c:\program files\iTunes
2009-04-08 21:14 . 2009-04-08 21:14
d
w c:\program files\iPod
2009-04-08 21:14 . 2009-03-02 14:23
d
w c:\program files\Common Files\Apple
2009-04-06 14:32 . 2008-11-19 19:01 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 14:32 . 2008-11-19 19:01 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-03-22 12:11 . 2008-03-02 19:14
d
w c:\program files\Spybot - Search & Destroy
2009-03-17 03:38 . 2009-04-16 15:00 40960 ----a-w c:\windows\AppPatch\apihex86.dll
2009-03-17 02:49 . 2007-05-31 14:25
d
w c:\program files\Microsoft Works
2009-03-17 02:38 . 2009-03-17 02:38
d
w c:\programdata\Avira
2009-03-17 02:38 . 2009-03-17 02:38
d
w c:\program files\Avira
2009-03-17 01:42 . 2009-03-17 01:42
d
w c:\users\Mummy\AppData\Roaming\Malwarebytes
2009-03-17 01:11 . 2008-11-21 20:53
d
w c:\program files\OXXOGames
2009-03-17 01:09 . 2008-11-12 16:49
d--h--w c:\programdata\{26009715-9383-403E-996E-D70BE8109C3D}
2009-03-17 01:09 . 2008-01-08 19:25
d
w c:\program files\Creative
2009-03-17 01:08 . 2008-11-21 20:54
d
w c:\program files\SCREENSEVEN
2009-03-17 01:06 . 2009-02-18 21:27
d
w c:\program files\Inkscape
2009-03-17 01:04 . 2009-02-18 21:32
d
w c:\users\Jojo\AppData\Roaming\Inkscape
2009-03-14 12:19 . 2009-03-14 12:18 15981758 ----a-w c:\windows\Internet Logs\vsmon_on_demand_2009_03_14_00_31_39_full.dmp.zip
2009-03-13 13:26 . 2009-03-13 13:26 9322230 ----a-w c:\windows\Internet Logs\vsmon_on_demand_2009_03_13_03_14_56_full.dmp.zip
2009-03-12 17:55 . 2009-03-12 17:54
d
w c:\programdata\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-12 17:32 . 2009-03-12 17:32
d
w c:\program files\Bonjour
2009-03-12 13:53 . 2009-03-12 13:52 26230041 ----a-w c:\windows\Internet Logs\vsmon_on_demand_2009_03_12_00_49_01_full.dmp.zip
2009-03-10 10:28 . 2009-03-10 10:27 30899303 ----a-w c:\windows\Internet Logs\vsmon_on_demand_2009_03_10_09_49_39_full.dmp.zip
2009-03-09 10:34 . 2009-03-09 10:33 30924085 ----a-w c:\windows\Internet Logs\vsmon_on_demand_2009_03_08_22_54_17_full.dmp.zip
2009-03-09 04:19 . 2008-11-19 19:41 410984 ----a-w c:\windows\System32\deploytk.dll
2009-03-07 10:31 . 2009-03-07 10:31 15148913 ----a-w c:\windows\Internet Logs\vsmon_on_demand_2009_03_06_23_10_40_full.dmp.zip
2009-03-05 09:17 . 2009-03-05 09:16 30905081 ----a-w c:\windows\Internet Logs\vsmon_on_demand_2009_03_04_22_56_05_full.dmp.zip
2009-03-04 12:20 . 2009-03-04 12:19 11965581 ----a-w c:\windows\Internet Logs\vsmon_on_demand_2009_03_04_12_13_35_full.dmp.zip
2009-03-04 10:46 . 2009-03-04 10:45 7193467 ----a-w c:\windows\Internet Logs\vsmon_on_demand_2009_03_03_23_53_05_full.dmp.zip
2009-03-03 21:39 . 2009-03-03 21:39 266240 ----a-w c:\windows\System32\CSHelper.exe
2009-03-03 21:39 . 2009-03-03 21:39 225280 ----a-w c:\windows\System32\CSInstru.DLL
2009-03-03 04:40 . 2009-04-16 15:05 827392 ----a-w c:\windows\System32\wininet.dll
2009-03-03 04:37 . 2009-04-16 15:05 78336 ----a-w c:\windows\System32\ieencode.dll
2009-03-02 14:27 . 2009-03-02 14:27
d
w c:\users\Jojo\AppData\Roaming\Apple Computer
2009-03-02 14:27 . 2009-03-02 14:25
d
w c:\programdata\Apple Computer
2009-03-02 14:26 . 2009-03-02 14:25
d
w c:\program files\QuickTime
2009-03-02 14:24 . 2009-03-02 14:24
d
w c:\program files\Apple Software Update
2009-03-02 14:23 . 2009-03-02 14:23
d
w c:\programdata\Apple
2009-02-27 11:06 . 2009-02-27 11:05 594 ----a-w C:\updatedatfix.log
2009-02-25 21:13 . 2009-02-25 21:13
d
w c:\program files\Microsoft Silverlight
2009-02-25 21:01 . 2008-02-21 15:08
d
w c:\program files\Google
2009-02-24 01:47 . 2009-02-24 01:47
d
w c:\program files\Trend Micro
2009-02-23 00:29 . 2009-02-23 00:28 95000 ----a-w c:\windows\System32\GDIPFONTCACHEV1.DAT
2009-02-23 00:28 . 2009-02-23 00:28 8224 ----a-w c:\users\Mummy\AppData\Local\GDIPFONTCACHEV1.DAT
2009-02-18 17:16 . 2009-02-18 16:49 160437 ----a-w c:\windows\hpoins29.dat
2009-02-09 03:10 . 2009-03-13 03:00 2033152 ----a-w c:\windows\System32\win32k.sys
2008-08-25 19:31 . 2008-08-25 19:31 680 ----a-w c:\users\Jojo\AppData\Local\d3d9caps.dat
2008-06-04 13:36 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
2008-11-19 20:07 . 2008-03-21 08:26 16384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-11-19 20:07 . 2008-03-21 08:26 32768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-11-19 20:07 . 2008-03-21 08:26 16384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2008-04-09 11:52 . 2008-04-09 11:52 32768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008040920080410\index.dat
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\programdata\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} ----
2009-03-12 17:55 . 2009-03-12 17:55 4218 ----a-w c:\programdata\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}\x86\DIFxInstallLog.txt
((((((((((((((((((((((((((((( SnapShot@2009-04-24_12.18.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-05-30 12:59 . 2009-04-24 17:21 63580 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2006-11-02 13:05 . 2009-04-24 11:38 89420 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-04-24 17:21 89420 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2007-12-27 19:32 . 2009-04-24 17:21 14226 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2958443330-3385910354-2662665195-1000_UserData.bin
+ 2007-12-27 18:23 . 2009-04-24 17:18 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-12-27 18:23 . 2009-04-24 11:57 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-12-27 18:23 . 2009-04-24 11:57 81920 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-12-27 18:23 . 2009-04-24 17:18 81920 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-12-27 18:23 . 2009-04-24 11:57 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2007-12-27 18:23 . 2009-04-24 17:18 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-04-24 17:18 . 2009-04-24 17:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-04-24 11:35 . 2009-04-24 11:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-04-24 11:35 . 2009-04-24 11:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-04-24 17:18 . 2009-04-24 17:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-06-04 18:35 . 2009-04-24 13:53 371380 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2006-11-02 10:33 . 2009-04-24 11:39 600378 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-04-24 17:23 600378 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-04-24 11:39 105852 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-04-24 17:23 105852 c:\windows\System32\perfc009.dat
+ 2006-11-02 12:43 . 2009-04-24 17:27 262144 c:\windows\System32\config\systemprofile\ntuser.dat
- 2006-11-02 12:43 . 2009-04-24 11:58 262144 c:\windows\System32\config\systemprofile\ntuser.dat
- 2006-11-02 12:47 . 2009-04-24 12:02 262144 c:\windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2006-11-02 12:47 . 2009-04-24 17:20 262144 c:\windows\ServiceProfiles\NetworkService\ntuser.dat
- 2006-11-02 12:47 . 2009-04-24 12:02 262144 c:\windows\ServiceProfiles\LocalService\ntuser.dat
+ 2006-11-02 12:47 . 2009-04-24 17:20 262144 c:\windows\ServiceProfiles\LocalService\ntuser.dat
+ 2007-05-30 12:59 . 2009-04-24 17:17 1325904 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2007-05-30 12:59 . 2009-04-23 23:35 1325904 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.If at first you don't succeed, then sky-diving isn't for you0 -
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2007-05-21 433840]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-02-21 171448]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-03-23 1830128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 411192]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-05-16 509496]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-04-26 538744]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-27 815104]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-04-10 413696]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872]
"4oD"="c:\program files\Kontiki\KHost.exe" [2008-01-25 1032376]
"iPrint Tray"="c:\windows\system32\iprntctl.exe" [2006-05-25 40960]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-01-09 959976]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2008-03-13 2060288]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2007-05-04 571024]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-04-02 577536]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-27 133912]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-27 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-27 154392]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-02-27 38768]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-02-27 640376]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-08-27 4702208]
"NDSTray.exe"="NDSTray.exe" [BU]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2008-09-10 1826816]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
c:\users\Jojo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{2FDDE26F-17A2-4DB6-8CF0-1040A8127ADD}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{426FBA8C-10AC-40D4-8338-AA7023BC4F55}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{8EEE4593-0A47-4462-ADCD-4B5CB488F6F5}"= UDP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{279F4B37-E35A-461C-B530-88F9779603F9}"= TCP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{41E918F4-6491-471C-B3A7-E94B844C6ABD}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{BCD6D1BB-CD65-47C6-B5D0-25203AC0938B}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{6031D1EE-F5A7-4007-B51B-ECFE970E8B10}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{3DD2CAED-52A9-4AE3-833A-9040F6974796}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{6612C609-73BC-4389-BF9B-FE210A4FD4BF}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{7FFDA97F-A172-4D71-A41B-BB9DD2B22446}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{604FF3CB-EA00-4791-A1AB-0F6EC0CC213D}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{80FAC545-3904-43E4-BAC6-28ABECD9545E}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpiscnapp.exe:hpiscnapp.exe
"{147D8044-D9BC-431B-9B58-F3FCD72BC8D5}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpiscnapp.exe:hpiscnapp.exe
"{00AAE44F-21E6-44A6-84A1-EEEAE0F2E555}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{2C9FC68A-29A1-4305-9EE3-E69B35FB6456}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{D29B3E20-E9A8-46F3-B6F9-FCEAF6FC6A77}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{B5A0F134-B0F8-44AA-899B-815168E73AF3}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{61C26DB6-B911-4C86-AC65-7394209CBF1F}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{A30CB4A7-ED0B-4133-9955-EFD1D698AC6B}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 1131136]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-03-23 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-03-23 72944]
S2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2009-03-03 266240]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2008-03-13 24576]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [2007-04-09 8192]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\shell\AutoRun\command -
\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b5f3eac-c911-11dd-8f2e-806e6f6e6963}]
\shell\AutoRun\command -\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b5f3ec2-c911-11dd-8f2e-001cbf22ec78}]
\shell\AutoRun\command -\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{429f15e2-c6ab-11dd-9bd3-001cbf22ec78}]
\shell\AutoRun\command -\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{429f15ff-c6ab-11dd-9bd3-001cbf22ec78}]
\shell\AutoRun\command - G:\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{609148d8-ed2d-11dd-930d-001b24c0b4fd}]
\shell\AutoRun\command -\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bf406bf2-2820-11de-8547-001b24c0b4fd}]
\shell\AutoRun\command - G:\StarterOfficeGuardian.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8abe214-f02a-11dc-b6a0-001b24c0b4fd}]
\shell\AutoRun\command - G:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
2008-05-16 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]
2009-04-24 c:\windows\Tasks\User_Feed_Synchronization-{9D9621D0-81A3-4FFC-A8FE-E9F10C5D988F}.job
- c:\windows\system32\msfeedssync.exe [2008-06-04 07:33]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.hotmail.com/
uInternet Settings,ProxyOverride = *.local
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: !!{76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4
DPF: {BA3BAF69-72B1-4BCE-BE96-A4D304EAFBB4} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader4.cab?20080821050326
FF - ProfilePath - c:\users\Jojo\AppData\Roaming\Mozilla\Firefox\Profiles\ygwsun55.default\
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npArtistScope42.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npArtistScopeDRM11.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-24 18:32
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i??????!?|?D??8???`????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-04-24 18:35
ComboFix-quarantined-files.txt 2009-04-24 17:34
ComboFix2.txt 2009-04-24 12:20
Pre-Run: 31,734,636,544 bytes free
Post-Run: 31,590,273,024 bytes free
420 --- E O F --- 2009-04-22 16:08
I'll do the CCleaner scan now, and then the next bit. Thanks for your patience.
xxIf at first you don't succeed, then sky-diving isn't for you0 -
I've done the CCleaner scan and removed all the rubbish it found.
I've done a registry scan - it's come up with a few things - should I fix them?
CheersIf at first you don't succeed, then sky-diving isn't for you0 -
Open notepad and copy/paste the text in RED below
File::
c:\programdata\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}\x86\DIFxInstallLog.txt
C:\updatedatfix.log
c:\windows\hpoins29.dat
c:\windows\System32\deploytk.dll
Dirlook::
c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
Save this as "CFScript"
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply
Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
then ~
1. Boot your computer into the Safe Mode.
2. Navigate to the c:\windows\internet logs folder.
3. Delete the backup.rdb and iamdb.rdb files in the folder.
4.Reboot into the normal mode.
Try the update
:idea:0 -
Right! Done the Glary scan, and fixed all that it found (loads!)
Also done the COmbo Fix thing again - here's the latest log:
ComboFix 09-04-25.01 - Jojo 24/04/2009 19:21.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2038.989 [GMT 1:00]
Running from: c:\users\Jojo\Downloads\ComboFix.exe
Command switches used :: c:\users\Jojo\Desktop\CFScript.txt
FW: ZoneAlarm Firewall *enabled*
* Created a new restore point
FILE ::
c:\programdata\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}\x86\DIFxInstallLog.txt
C:\updatedatfix.log
c:\windows\hpoins29.dat
c:\windows\System32\deploytk.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programdata\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}\x86\DIFxInstallLog.txt
C:\updatedatfix.log
c:\windows\hpoins29.dat
c:\windows\System32\deploytk.dll
.
((((((((((((((((((((((((( Files Created from 2009-05-24 to 2009-4-24 )))))))))))))))))))))))))))))))
.
2009-04-24 18:18 . 2009-04-24 18:18
d
w c:\users\Jojo\AppData\Roaming\GlarySoft
2009-04-24 17:13 . 2009-04-24 17:13
d
w c:\programdata\NortonInstaller
2009-04-21 18:33 . 2008-04-07 04:38 22872 ----a-r c:\windows\system32\AdobePDFUI.dll
2009-04-19 17:05 . 2009-04-19 17:13
d
w c:\users\Jojo\AppData\Local\Paint.NET
2009-04-17 16:22 . 2009-04-17 16:22
d
w c:\programdata\FLEXnet
2009-04-16 15:10 . 2009-03-03 04:46 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-04-16 15:10 . 2009-03-03 04:46 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-04-16 15:10 . 2009-03-03 04:39 551424 ----a-w c:\windows\system32\rpcss.dll
2009-04-16 15:10 . 2009-03-03 03:04 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-04-16 15:10 . 2009-03-03 04:39 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-04-16 15:10 . 2009-03-03 04:39 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-04-16 15:10 . 2009-03-03 04:37 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-04-16 15:10 . 2009-03-03 04:37 54784 ----a-w c:\windows\system32\iasads.dll
2009-04-16 15:10 . 2009-03-03 04:37 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-04-16 15:10 . 2009-03-03 02:38 17408 ----a-w c:\windows\system32\iashost.exe
2009-04-16 15:10 . 2008-12-06 04:42 376832 ----a-w c:\windows\system32\winhttp.dll
2009-04-16 15:00 . 2009-02-13 08:49 1255936 ----a-w c:\windows\system32\lsasrv.dll
2009-04-16 15:00 . 2009-02-13 08:49 72704 ----a-w c:\windows\system32\secur32.dll
2009-04-16 15:00 . 2009-03-17 03:38 13824 ----a-w c:\windows\system32\apilogen.dll
2009-04-16 15:00 . 2009-03-17 03:38 24064 ----a-w c:\windows\system32\amxread.dll
2009-04-16 14:59 . 2008-06-06 03:27 38912 ----a-w c:\windows\system32\xolehlp.dll
2009-04-16 14:59 . 2008-06-06 03:27 562176 ----a-w c:\windows\system32\msdtcprx.dll
2009-04-14 11:41 . 2009-04-14 11:41
d
w c:\programdata\SUPERAntiSpyware.com
2009-04-14 11:41 . 2009-04-14 11:41
d
w c:\users\Jojo\AppData\Roaming\SUPERAntiSpyware.com
2009-04-08 21:15 . 2009-03-19 15:32 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-04-08 21:15 . 2008-04-17 11:12 107368 ----a-w c:\windows\system32\GEARAspi.dll
2009-04-08 21:14 . 2009-04-08 21:15
d
w c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-24 18:24 . 2008-01-05 02:02
d
w c:\programdata\Kontiki
2009-04-24 18:14 . 2009-04-24 18:14
d
w c:\program files\AskBarDis
2009-04-24 18:14 . 2009-04-24 18:14
d
w c:\program files\Glary Utilities
2009-04-24 18:06 . 2008-03-02 23:17 352614 ---ha-w c:\windows\system32\drivers\vsconfig.xml
2009-04-24 17:40 . 2008-03-02 19:14
d
w c:\programdata\Spybot - Search & Destroy
2009-04-23 10:14 . 2007-05-30 13:04 319456 ----a-w c:\windows\DIFxAPI.dll
2009-04-20 13:22 . 2008-11-19 19:01
d
w c:\program files\Malwarebytes' Anti-Malware
2009-04-19 17:06 . 2009-04-19 17:06
d
w c:\program files\Paint.NET
2009-04-17 16:21 . 2007-12-27 19:31 97696 ----a-w c:\users\Jojo\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-17 16:14 . 2008-08-30 11:39 7511846 ----a-w c:\windows\Internet Logs\tvDebug.zip
2009-04-17 16:11 . 2008-03-10 11:21
d
w c:\program files\Common Files\Adobe
2009-04-17 16:11 . 2009-04-17 16:11
d
w c:\program files\Common Files\Macrovision Shared
2009-04-17 16:10 . 2006-11-02 10:25 86016 ----a-w c:\windows\Inf\infstor.dat
2009-04-17 16:10 . 2006-11-02 10:25 51200 ----a-w c:\windows\Inf\infpub.dat
2009-04-17 16:10 . 2006-11-02 10:25 143360 ----a-w c:\windows\Inf\infstrng.dat
2009-04-17 15:43 . 2009-03-02 20:29
d
w c:\users\Jojo\AppData\Roaming\Download Manager
2009-04-16 18:18 . 2006-11-02 11:18
d
w c:\program files\Windows Mail
2009-04-16 15:14 . 2007-05-31 14:27
d
w c:\programdata\Microsoft Help
2009-04-15 17:03 . 2007-05-30 12:47
d
w c:\program files\Java
2009-04-14 11:41 . 2009-04-14 11:41
d
w c:\program files\SUPERAntiSpyware
2009-04-14 11:40 . 2009-04-14 11:40
d
w c:\program files\Common Files\Wise Installation Wizard
2009-04-08 21:15 . 2009-04-08 21:14
d
w c:\program files\iTunes
2009-04-08 21:14 . 2009-04-08 21:14
d
w c:\program files\iPod
2009-04-08 21:14 . 2009-03-02 14:23
d
w c:\program files\Common Files\Apple
2009-04-06 14:32 . 2008-11-19 19:01 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 14:32 . 2008-11-19 19:01 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-03-22 12:11 . 2008-03-02 19:14
d
w c:\program files\Spybot - Search & Destroy
2009-03-17 03:38 . 2009-04-16 15:00 40960 ----a-w c:\windows\AppPatch\apihex86.dll
2009-03-17 02:49 . 2007-05-31 14:25
d
w c:\program files\Microsoft Works
2009-03-17 02:38 . 2009-03-17 02:38
d
w c:\programdata\Avira
2009-03-17 02:38 . 2009-03-17 02:38
d
w c:\program files\Avira
2009-03-17 01:42 . 2009-03-17 01:42
d
w c:\users\Mummy\AppData\Roaming\Malwarebytes
2009-03-17 01:11 . 2008-11-21 20:53
d
w c:\program files\OXXOGames
2009-03-17 01:09 . 2008-11-12 16:49
d--h--w c:\programdata\{26009715-9383-403E-996E-D70BE8109C3D}
2009-03-17 01:09 . 2008-01-08 19:25
d
w c:\program files\Creative
2009-03-17 01:08 . 2008-11-21 20:54
d
w c:\program files\SCREENSEVEN
2009-03-17 01:06 . 2009-02-18 21:27
d
w c:\program files\Inkscape
2009-03-17 01:04 . 2009-02-18 21:32
d
w c:\users\Jojo\AppData\Roaming\Inkscape
2009-03-14 12:19 . 2009-03-14 12:18 15981758 ----a-w c:\windows\Internet Logs\vsmon_on_demand_2009_03_14_00_31_39_full.dmp.zip
2009-03-13 13:26 . 2009-03-13 13:26 9322230 ----a-w c:\windows\Internet Logs\vsmon_on_demand_2009_03_13_03_14_56_full.dmp.zip
2009-03-12 17:55 . 2009-03-12 17:54
d
w c:\programdata\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-12 17:32 . 2009-03-12 17:32
d
w c:\program files\Bonjour
2009-03-12 13:53 . 2009-03-12 13:52 26230041 ----a-w c:\windows\Internet Logs\vsmon_on_demand_2009_03_12_00_49_01_full.dmp.zip
2009-03-10 10:28 . 2009-03-10 10:27 30899303 ----a-w c:\windows\Internet Logs\vsmon_on_demand_2009_03_10_09_49_39_full.dmp.zip
2009-03-09 10:34 . 2009-03-09 10:33 30924085 ----a-w c:\windows\Internet Logs\vsmon_on_demand_2009_03_08_22_54_17_full.dmp.zip
2009-03-07 10:31 . 2009-03-07 10:31 15148913 ----a-w c:\windows\Internet Logs\vsmon_on_demand_2009_03_06_23_10_40_full.dmp.zip
2009-03-05 09:17 . 2009-03-05 09:16 30905081 ----a-w c:\windows\Internet Logs\vsmon_on_demand_2009_03_04_22_56_05_full.dmp.zip
2009-03-04 12:20 . 2009-03-04 12:19 11965581 ----a-w c:\windows\Internet Logs\vsmon_on_demand_2009_03_04_12_13_35_full.dmp.zip
2009-03-04 10:46 . 2009-03-04 10:45 7193467 ----a-w c:\windows\Internet Logs\vsmon_on_demand_2009_03_03_23_53_05_full.dmp.zip
2009-03-03 21:39 . 2009-03-03 21:39 266240 ----a-w c:\windows\System32\CSHelper.exe
2009-03-03 21:39 . 2009-03-03 21:39 225280 ----a-w c:\windows\System32\CSInstru.DLL
2009-03-03 04:40 . 2009-04-16 15:05 827392 ----a-w c:\windows\System32\wininet.dll
2009-03-03 04:37 . 2009-04-16 15:05 78336 ----a-w c:\windows\System32\ieencode.dll
2009-03-02 14:27 . 2009-03-02 14:27
d
w c:\users\Jojo\AppData\Roaming\Apple Computer
2009-03-02 14:27 . 2009-03-02 14:25
d
w c:\programdata\Apple Computer
2009-03-02 14:26 . 2009-03-02 14:25
d
w c:\program files\QuickTime
2009-03-02 14:24 . 2009-03-02 14:24
d
w c:\program files\Apple Software Update
2009-03-02 14:23 . 2009-03-02 14:23
d
w c:\programdata\Apple
2009-02-25 21:13 . 2009-02-25 21:13
d
w c:\program files\Microsoft Silverlight
2009-02-25 21:01 . 2008-02-21 15:08
d
w c:\program files\Google
2009-02-24 01:47 . 2009-02-24 01:47
d
w c:\program files\Trend Micro
2009-02-23 00:29 . 2009-02-23 00:28 95000 ----a-w c:\windows\System32\GDIPFONTCACHEV1.DAT
2009-02-23 00:28 . 2009-02-23 00:28 8224 ----a-w c:\users\Mummy\AppData\Local\GDIPFONTCACHEV1.DAT
2009-02-09 03:10 . 2009-03-13 03:00 2033152 ----a-w c:\windows\System32\win32k.sys
2008-08-25 19:31 . 2008-08-25 19:31 680 ----a-w c:\users\Jojo\AppData\Local\d3d9caps.dat
2008-06-04 13:36 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
2008-11-19 20:07 . 2008-03-21 08:26 16384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-11-19 20:07 . 2008-03-21 08:26 32768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-11-19 20:07 . 2008-03-21 08:26 16384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2008-04-09 11:52 . 2008-04-09 11:52 32768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008040920080410\index.dat
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} ----
2009-04-08 21:15 . 2009-04-08 21:15 3350 ----a-w c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\DIFxInstallLog.txt
2009-03-25 00:19 . 2009-03-25 00:19 7919 ----a-w c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\gearaspiwdmx86.cat
2009-03-19 15:38 . 2009-03-19 15:38 2763 ----a-w c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\GEARAspiWDM.inf
2009-03-19 15:32 . 2009-03-19 15:32 23400 ----a-w c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-02-04 12:56 . 2009-02-04 12:56 75112 ----a-w c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\DifXInstall32.exe
2008-04-17 11:12 . 2008-04-17 11:12 107368 ----a-w c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspi.dll
2006-11-02 05:21 . 2006-11-02 05:21 319456 ----a-w c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\DIFxAPI.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-07-17 16:20 279944 ----a-w c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2007-05-21 433840]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-02-21 171448]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-03-23 1830128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 411192]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-05-16 509496]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-04-26 538744]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-27 815104]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-04-10 413696]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872]
"4oD"="c:\program files\Kontiki\KHost.exe" [2008-01-25 1032376]
"iPrint Tray"="c:\windows\system32\iprntctl.exe" [2006-05-25 40960]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-01-09 959976]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2008-03-13 2060288]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2007-05-04 571024]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-04-02 577536]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-27 133912]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-27 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-27 154392]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-02-27 640376]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-08-27 4702208]
"NDSTray.exe"="NDSTray.exe" [BU]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2008-09-10 1826816]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
c:\users\Jojo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{2FDDE26F-17A2-4DB6-8CF0-1040A8127ADD}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{426FBA8C-10AC-40D4-8338-AA7023BC4F55}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{8EEE4593-0A47-4462-ADCD-4B5CB488F6F5}"= UDP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{279F4B37-E35A-461C-B530-88F9779603F9}"= TCP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{41E918F4-6491-471C-B3A7-E94B844C6ABD}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{BCD6D1BB-CD65-47C6-B5D0-25203AC0938B}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{6031D1EE-F5A7-4007-B51B-ECFE970E8B10}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{3DD2CAED-52A9-4AE3-833A-9040F6974796}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{6612C609-73BC-4389-BF9B-FE210A4FD4BF}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{7FFDA97F-A172-4D71-A41B-BB9DD2B22446}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{604FF3CB-EA00-4791-A1AB-0F6EC0CC213D}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{80FAC545-3904-43E4-BAC6-28ABECD9545E}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpiscnapp.exe:hpiscnapp.exe
"{147D8044-D9BC-431B-9B58-F3FCD72BC8D5}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpiscnapp.exe:hpiscnapp.exe
"{00AAE44F-21E6-44A6-84A1-EEEAE0F2E555}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{2C9FC68A-29A1-4305-9EE3-E69B35FB6456}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{D29B3E20-E9A8-46F3-B6F9-FCEAF6FC6A77}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{B5A0F134-B0F8-44AA-899B-815168E73AF3}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{61C26DB6-B911-4C86-AC65-7394209CBF1F}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{A30CB4A7-ED0B-4133-9955-EFD1D698AC6B}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
S2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2009-03-03 266240]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\shell\AutoRun\command -\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b5f3eac-c911-11dd-8f2e-806e6f6e6963}]
\shell\AutoRun\command -\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b5f3ec2-c911-11dd-8f2e-001cbf22ec78}]
\shell\AutoRun\command -\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{429f15e2-c6ab-11dd-9bd3-001cbf22ec78}]
\shell\AutoRun\command -\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{429f15ff-c6ab-11dd-9bd3-001cbf22ec78}]
\shell\AutoRun\command - G:\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{609148d8-ed2d-11dd-930d-001b24c0b4fd}]
\shell\AutoRun\command -\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bf406bf2-2820-11de-8547-001b24c0b4fd}]
\shell\AutoRun\command - G:\StarterOfficeGuardian.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8abe214-f02a-11dc-b6a0-001b24c0b4fd}]
\shell\AutoRun\command - G:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
2008-05-16 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]
2009-04-24 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-04-24 08:49]
2009-04-24 c:\windows\Tasks\User_Feed_Synchronization-{9D9621D0-81A3-4FFC-A8FE-E9F10C5D988F}.job
- c:\windows\system32\msfeedssync.exe [2008-06-04 07:33]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.hotmail.com/
uInternet Settings,ProxyOverride = *.local
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: !!{76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4
DPF: {BA3BAF69-72B1-4BCE-BE96-A4D304EAFBB4} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader4.cab?20080821050326
FF - ProfilePath - c:\users\Jojo\AppData\Roaming\Mozilla\Firefox\Profiles\ygwsun55.default\
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npArtistScope42.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npArtistScopeDRM11.dll
.If at first you don't succeed, then sky-diving isn't for you0 -
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-24 19:25
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i??????!?|?D??8???`????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-04-24 19:27
ComboFix-quarantined-files.txt 2009-04-24 18:27
ComboFix2.txt 2009-04-24 17:35
ComboFix3.txt 2009-04-24 12:20
Pre-Run: 31,341,002,752 bytes free
Post-Run: 30,991,663,104 bytes free
324 --- E O F --- 2009-04-22 16:08
I'll do the thing with safe mode that you said above, and retry the update (presumably not in safe mode?)
Cheers!!
xx:TIf at first you don't succeed, then sky-diving isn't for you0 -
Do that thing in safe mode but dont update yet. Ive missed more infections (My bad)
Hang tight for more to remove using combofix:idea:0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351.3K Banking & Borrowing
- 253.2K Reduce Debt & Boost Income
- 453.8K Spending & Discounts
- 244.3K Work, Benefits & Business
- 599.5K Mortgages, Homes & Bills
- 177.1K Life & Family
- 257.8K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.2K Discuss & Feedback
- 37.6K Read-Only Boards