We’d like to remind Forumites to please avoid political debate on the Forum.

This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.

📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

Problems windows\system32\fsubexdisk.sys

2»

Comments

  • Cat72
    Cat72 Posts: 2,398 Forumite
    Still cant run COMBOFIX but here is the kapersky resluts -

    Full Scan: completed
    17/04/2009 17:38:53 Detected: http://www.viruslist.com/en/advisories/23655 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9848.0_x-ww_1b897e9a\msxml4.dll
    17/04/2009 17:38:53 Detected: http://www.viruslist.com/en/advisories/23655 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213\msxml4.dll
    17/04/2009 17:38:52 Detected: http://www.viruslist.com/en/advisories/23655 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9839.0_x-ww_ed80bd5c\msxml4.dll
    17/04/2009 17:38:52 Detected: http://www.viruslist.com/en/advisories/23655 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9818.0_x-ww_8ff50c5d\msxml4.dll
    17/04/2009 17:38:52 Detected: http://www.viruslist.com/en/advisories/23655 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.1.0.0_x-ww_b319d8da\msxml4.dll
    17/04/2009 17:14:02 Detected: http://www.viruslist.com/en/advisories/26027 c:\Program Files\Common Files\AOL\Flasha.ocx
    17/04/2009 17:13:58 Detected: http://www.viruslist.com/en/advisories/26201 c:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.bak
    17/04/2009 17:13:53 Detected: http://www.viruslist.com/en/advisories/32270 c:\i386\swflash.ocx
    17/04/2009 17:13:49 Detected: http://www.viruslist.com/en/advisories/32270 c:\i386\Flash.ocx
    17/04/2009 17:17:37 Detected: http://www.viruslist.com/en/advisories/32991 c:\Program Files\Java\jre1.5.0_10\bin\javaws.exe
    17/04/2009 17:17:30 Detected: http://www.viruslist.com/en/advisories/32991 c:\Program Files\Java\j2re1.4.2_03\bin\eula.dll
    17/04/2009 17:38:36 Detected: http://www.viruslist.com/en/advisories/34012 c:\windows\system32\Macromed\Flash\NPSWF32.dll
    17/04/2009 17:05:02 Detected: http://www.viruslist.com/en/advisories/34012 c:\Documents and Settings\scott\Local Settings\Temp\mProjector957005698\FlashPlayer.3.1.1k.ocx
    17/04/2009 17:33:44 Detected: http://www.viruslist.com/en/advisories/34451 c:\windows\system32\java.exe
    17/04/2009 17:17:45 Detected: http://www.viruslist.com/en/advisories/34451 c:\Program Files\Java\jre1.6.0\bin\java.exe
    17/04/2009 17:17:36 Detected: http://www.viruslist.com/en/advisories/34451 c:\Program Files\Java\jre1.5.0_10\bin\java.exe
    17/04/2009 16:46:07 Detected: http://www.viruslist.com/en/advisories/34451 c:\windows\system32\java.exe
    17/04/2009 17:38:58 Task completed
    17/04/2009 16:20:57 Task started
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    Please update JAVA and uninstall any OLD java entries

    Then goto 'WINDOWS UPDATES' and install any critical updates
    :idea:
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    Then ~

    * Download DDS and save it to your desktop.

    http://download.bleepingcomputer.com/sUBs/dds.scr

    * Double click on the DDS icon, allow it to run.
    * A small box will open, with an explaination about the tool. No input is needed, the scan is running.
    * Notepad will open with the results.
    * Follow the instructions that pop up for posting the results.
    * Close the program window, and delete the program from your desktop.
    :idea:
  • Cat72
    Cat72 Posts: 2,398 Forumite
    DDS (Ver_09-03-16.01) - NTFSx86
    Run by scott at 9:57:13.89 on 19/04/2009
    Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.384 [GMT 1:00]
    AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
    FW: Kaspersky Internet Security *disabled*
    ============== Running Processes ===============
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    svchost.exe
    C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\BT Yahoo! Internet\ModemLock.exe
    C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Roxio Creator 2009 Ultimate\5.0\CPMonitor.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
    C:\Program Files\BT Yahoo! Internet\Watchdog.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\Program Files\Yahoo!\browser\ybrwicon.exe
    C:\Program Files\Yahoo!\browser\ybrowser.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Documents and Settings\scott\Local Settings\Temporary Internet Files\Content.IE5\X8BKUOM7\dds[1].scr
    C:\WINDOWS\system32\wscntfy.exe
    C:\Documents and Settings\scott\Local Settings\Temporary Internet Files\Content.IE5\X8BKUOM7\dds[1].scr
    ============== Pseudo HJT Report ===============
    uStart Page = hxxp://home.bt.yahoo.com/
    uSearch Page = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/
    uDefault_Page_URL = hxxp://www.dell.co.uk/myway
    uWindow Title = Microsoft Internet Explorer provided by BT Yahoo! Broadband
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    mStart Page = hxxp://home.bt.yahoo.com
    uInternet Connection Wizard,ShellNext = hxxp://www.dell.co.uk/myway
    uInternet Settings,ProxyOverride = 127.0.0.1;localhost;*.local
    uSearchURL,(Default) = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
    BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2009\ievkbd.dll
    BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
    BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
    TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
    TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
    uRun: [AutoStartNPSAgent] c:\program files\samsung\samsung new pc studio\NPSAgent.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
    mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [type32] "c:\program files\microsoft intellitype pro\type32.exe"
    mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe"
    mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe"
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
    mRun: [BTopenworld] "c:\program files\bt yahoo! internet\DialBTYahoo.exe" /ReInstallAutoDial
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
    mRun: [<NO NAME>]
    mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\11.0\sharedcom\RoxWatchTray11.exe"
    mRun: [CPMonitor] "c:\program files\roxio creator 2009 ultimate\5.0\CPMonitor.exe"
    mRun: [NPSStartup]
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\device~1.lnk - c:\program files\olympus\devicedetector\DevDtct2.exe
    IE: Add to Banner Ad Blocker - c:\program files\kaspersky lab\kaspersky internet security 2009\ie_banner_deny.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky internet security 2009\SCIEPlgn.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
    IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
    DPF: Microsoft XML Parser for Java - [URL]file://c:\windows\java\classes\xmldso.cab[/URL]
    DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
    DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
    DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/controls/yregucfg/2005_6_10_1/yregucfg.cab
    DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
    DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} - c:\program files\yahoo!\common\yucconfig.dll
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - hxxp://download.ebay.com/turbo_lister/UK/install.cab
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper200711281.dll
    DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
    DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www.snapfish.co.uk/SnapfishUKActivia.cab
    DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
    DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} - hxxps://moneymanager.egg.com/Pinsafe/accounttracking.cab
    DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
    DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} - hxxp://updates.lifescapeinc.com/installers/pinstall/pinstall.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1156603120515
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab?e=1240131138971&h=02cb1f08e794a001d6b53f0e8903d253/&filename=jinstall-6u13-windows-i586-jc.cab
    DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {924C1588-90C3-4910-B6CA-D57A1C0418FE} - hxxp://uk.bookmarks.yahoo.com/YbConvFav.CAB
    DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://acs.pandasoftware.com/activescan/as5free/asinst.cab
    DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - hxxp://download.yahoo.com/dl/installs/ymail/ymmapi.dll
    DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - hxxp://download.yahoo.com/dl/installs/yab_af.cab
    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} - hxxp://downloads.broadbandassist.com/BTYahoo!Help/PreQual/files/MotivePreQual.cab
    DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
    DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} - hxxp://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab
    DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} - hxxp://static.photobox.co.uk/sg/common/uploader_uni.cab
    DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - hxxp://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
    Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Notify: igfxcui - igfxdev.dll
    Notify: klogon - c:\windows\system32\klogon.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    ================= FIREFOX ===================
    FF - ProfilePath - c:\docume~1\scott\applic~1\mozilla\firefox\profiles\8vs1jlai.default\
    FF - prefs.js: browser.startup.homepage - hxxp://home.bt.yahoo.com/
    FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
    FF - plugin: c:\program files\java\jre1.6.0\bin\npjava11.dll
    FF - plugin: c:\program files\java\jre1.6.0\bin\npjava12.dll
    FF - plugin: c:\program files\java\jre1.6.0\bin\npjava13.dll
    FF - plugin: c:\program files\java\jre1.6.0\bin\npjava14.dll
    FF - plugin: c:\program files\java\jre1.6.0\bin\npjava32.dll
    FF - plugin: c:\program files\java\jre1.6.0\bin\npjpi160.dll
    FF - plugin: c:\program files\java\jre1.6.0\bin\npoji610.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    ============= SERVICES / DRIVERS ===============
    R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2008-4-16 112144]
    R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-1-29 33808]
    R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [2008-12-2 20464]
    R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [2008-12-2 15856]
    R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2008-7-20 213520]
    R1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [2008-12-2 25584]
    R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\roxio\backontrack\disaster recovery\SaibSVC.exe [2008-8-1 125424]
    R2 AVP;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe [2008-4-25 201992]
    R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-3-13 26640]
    R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-3-25 24592]
    S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-2-25 233472]
    S2 Roxio Upnp Server 11;Roxio Upnp Server 11;c:\program files\roxio creator 2009 ultimate\digital home 11\RoxioUpnpService11.exe [2008-8-14 367088]
    S2 RoxLiveShare11;LiveShare P2P Server 11;c:\program files\common files\roxio shared\11.0\sharedcom\RoxLiveShare11.exe [2008-8-14 309744]
    S2 RoxWatch11;Roxio Hard Drive Watcher 11;c:\program files\common files\roxio shared\11.0\sharedcom\RoxWatch11.exe [2008-8-14 170480]
    S3 FsUsbExDisk;FsUsbExDisk;\??\c:\windows\system32\fsusbexdisk.sys --> c:\windows\system32\FsUsbExDisk.SYS [?]
    S3 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11;c:\program files\roxio creator 2009 ultimate\digital home 11\RoxioUPnPRenderer11.exe [2008-8-14 313840]
    S3 RoxMediaDB11;RoxMediaDB11;c:\program files\common files\roxio shared\11.0\sharedcom\RoxMediaDB11.exe [2008-8-14 1124848]
    S4 Boonty Games;Boonty Games;c:\program files\common files\boonty shared\service\Boonty.exe [2005-11-6 69120]
    =============== Created Last 30 ================
    2009-04-19 09:53 <DIR> --d-h--- c:\windows\PIF
    2009-04-19 09:52 410,984 a
    c:\windows\system32\deploytk.dll
    2009-04-17 16:20 <DIR> --d
    C:\ComboFix
    2009-04-17 16:20 389,120 a
    c:\windows\system32\CF18122.exe
    2009-04-17 16:18 389,120 a
    c:\windows\system32\CF17880.exe
    2009-04-17 16:18 389,120 a
    c:\windows\system32\CF17759.exe
    2009-04-17 13:53 <DIR> --d
    c:\program files\Trend Micro
    2009-04-17 13:36 <DIR> --d
    c:\docume~1\scott\applic~1\Malwarebytes
    2009-04-17 13:35 15,504 a
    c:\windows\system32\drivers\mbam.sys
    2009-04-17 13:35 38,496 a
    c:\windows\system32\drivers\mbamswissarmy.sys
    2009-04-17 13:35 <DIR> --d
    c:\program files\Malwarebytes' Anti-Malware
    2009-04-17 13:35 <DIR> --d
    c:\docume~1\alluse~1\applic~1\Malwarebytes
    2009-04-17 13:03 389,120 a
    c:\windows\system32\CF12277.exe
    2009-04-17 13:00 389,120 a
    c:\windows\system32\CF11758.exe
    2009-04-17 12:58 389,120 a
    c:\windows\system32\CF11399.exe
    2009-04-17 12:57 389,120 a
    c:\windows\system32\CF11138.exe
    2009-04-17 12:53 389,120 a
    c:\windows\system32\CF10481.exe
    2009-04-17 12:52 389,120 a
    c:\windows\system32\CF9959.exe
    2009-04-16 15:40 2,560
    c:\windows\system32\xpsp4res.dll
    2009-04-16 15:40 1,203,922
    c:\windows\system32\dllcache\sysmain.sdb
    2009-04-16 15:40 215,552
    c:\windows\system32\dllcache\wordpad.exe
    2009-04-09 16:59 <DIR> --d
    c:\program files\iPod
    2009-04-09 16:58 <DIR> --d
    c:\program files\iTunes
    2009-04-09 16:58 <DIR> --d
    c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    2009-04-07 09:43 <DIR> --d
    c:\docume~1\scott\applic~1\Kodak
    2009-03-21 15:06 989,696
    c:\windows\system32\dllcache\kernel32.dll
    ==================== Find3M ====================
    2009-04-17 13:46 5,024,800 a--sh--- c:\windows\system32\drivers\fidbox.dat
    2009-04-17 13:46 1,187,872 a--sh--- c:\windows\system32\drivers\fidbox2.dat
    2009-04-17 13:46 40,336 a--sh--- c:\windows\system32\drivers\fidbox.idx
    2009-04-17 13:46 5,140 a--sh--- c:\windows\system32\drivers\fidbox2.idx
    2009-03-19 16:32 23,400 a
    c:\windows\system32\drivers\GEARAspiWDM.sys
    2009-03-06 15:22 284,160 a
    c:\windows\system32\pdh.dll
    2009-03-06 15:22 284,160
    c:\windows\system32\dllcache\pdh.dll
    2009-03-06 00:59 1,900,544 a
    c:\windows\system32\usbaaplrc.dll
    2009-03-06 00:59 36,864 a
    c:\windows\system32\drivers\usbaapl.sys
    2009-03-03 01:18 826,368 a
    c:\windows\system32\wininet.dll
    2009-03-03 01:18 826,368 a
    c:\windows\system32\dllcache\wininet.dll
    2009-02-28 05:54 636,072
    c:\windows\system32\dllcache\iexplore.exe
    2009-02-20 11:20 70,656
    c:\windows\system32\dllcache\ie4uinit.exe
    2009-02-20 11:20 13,824
    c:\windows\system32\dllcache\ieudinit.exe
    2009-02-20 06:14 161,792
    c:\windows\system32\dllcache\ieakui.dll
    2009-02-09 13:10 729,088 a
    c:\windows\system32\lsasrv.dll
    2009-02-09 13:10 729,088
    c:\windows\system32\dllcache\lsasrv.dll
    2009-02-09 13:10 714,752 a
    c:\windows\system32\ntdll.dll
    2009-02-09 13:10 617,472 a
    c:\windows\system32\advapi32.dll
    2009-02-09 13:10 401,408 a
    c:\windows\system32\rpcss.dll
    2009-02-09 13:10 714,752
    c:\windows\system32\dllcache\ntdll.dll
    2009-02-09 13:10 617,472
    c:\windows\system32\dllcache\advapi32.dll
    2009-02-09 13:10 473,600
    c:\windows\system32\dllcache\fastprox.dll
    2009-02-09 13:10 453,120
    c:\windows\system32\dllcache\wmiprvsd.dll
    2009-02-09 13:10 401,408
    c:\windows\system32\dllcache\rpcss.dll
    2009-02-09 12:13 1,846,784 a
    c:\windows\system32\win32k.sys
    2009-02-09 12:13 1,846,784
    c:\windows\system32\dllcache\win32k.sys
    2009-02-07 19:02 2,066,048
    c:\windows\system32\dllcache\ntkrnlpa.exe
    2009-02-06 12:11 110,592 a
    c:\windows\system32\services.exe
    2009-02-06 12:11 110,592
    c:\windows\system32\dllcache\services.exe
    2009-02-06 12:08 2,189,056
    c:\windows\system32\dllcache\ntoskrnl.exe
    2009-02-06 12:06 2,145,280 a
    c:\windows\system32\ntoskrnl.exe
    2009-02-06 12:06 2,145,280
    c:\windows\system32\dllcache\ntkrnlmp.exe
    2009-02-06 11:39 35,328 a
    c:\windows\system32\sc.exe
    2009-02-06 11:39 35,328
    c:\windows\system32\dllcache\sc.exe
    2009-02-06 11:32 2,023,936 a
    c:\windows\system32\ntkrnlpa.exe
    2009-02-06 11:32 2,023,936
    c:\windows\system32\dllcache\ntkrpamp.exe
    2009-02-06 11:10 227,840
    c:\windows\system32\dllcache\wmiprvse.exe
    2009-02-03 20:59 56,832 a
    c:\windows\system32\secur32.dll
    2009-02-03 20:59 56,832
    c:\windows\system32\dllcache\secur32.dll
    2008-07-14 13:17 61,480 a
    c:\documents and settings\scott\GoToAssistDownloadHelper.exe
    2005-11-11 19:09 106 a
    c:\program files\ppunistall.bat
    2008-08-29 08:37 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082920080830\index.dat
    ============= FINISH: 10:00:19.53 ===============
  • Cat72
    Cat72 Posts: 2,398 Forumite
    There was also this additional report -
    ==== Event Viewer Messages From Past Week ========
    14/04/2009 09:36:48, error: Service Control Manager [7000] - The FsUsbExDisk service failed to start due to the following error: The system cannot find the file specified.
    14/04/2009 09:36:25, error: Service Control Manager [7000] - The FsUsbExDisk service failed to start due to the following error: Access is denied.
    13/04/2009 19:45:14, error: MRxSmb [8003] - The master browser has received a server announcement from the computer CYBERCRUISER that believes that it is the master browser for the domain on transport NetBT_Tcpip_{3D8E5F7D-6C5C-4. The master browser is stopping or an election is being forced.
    ==== End Of File ===========================

    Cybercruiser is my laptop and a few times that I have been logged into my laptop my internet on the main computer no longer works .I have a bt home hub .
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    Please update Malwarebytes and run a FULL scan this time (You ran a QUICK one last time)
    :idea:
  • Cat72
    Cat72 Posts: 2,398 Forumite
    Malwarebytes' Anti-Malware 1.36
    Database version: 2009
    Windows 5.1.2600 Service Pack 3
    19/04/2009 17:13:58
    mbam-log-2009-04-19 (17-13-58).txt
    Scan type: Full Scan (C:\|D:\|)
    Objects scanned: 228808
    Time elapsed: 1 hour(s), 36 minute(s), 53 second(s)
    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0
    Memory Processes Infected:
    (No malicious items detected)
    Memory Modules Infected:
    (No malicious items detected)
    Registry Keys Infected:
    (No malicious items detected)
    Registry Values Infected:
    (No malicious items detected)
    Registry Data Items Infected:
    (No malicious items detected)
    Folders Infected:
    (No malicious items detected)
    Files Infected:
    (No malicious items detected)
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    Ok ~ Looks like your computers clean (Though im still concerned as to why combofix wouldnt run)
    :idea:
  • Cat72
    Cat72 Posts: 2,398 Forumite
    Many thanks for all your help .
    How do I delete combofix from my computer ?
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    Go to to Start > Run
    Type in box
    combofix /u
    :idea:
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 352.5K Banking & Borrowing
  • 253.7K Reduce Debt & Boost Income
  • 454.5K Spending & Discounts
  • 245.5K Work, Benefits & Business
  • 601.5K Mortgages, Homes & Bills
  • 177.6K Life & Family
  • 259.5K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16K Discuss & Feedback
  • 37.7K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture