not recognising Windows files

jinky67

It seems to be scanning ok

should I stop and uninstall still?

jinky67

SuperAntiSpyware log

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/20/2009 at 05:07 PM

Application Version : 4.26.1000

Core Rules Database Version : 3816
Trace Rules Database Version: 1770

Scan type : Complete Scan
Total Scan Time : 00:24:15

Memory items scanned : 747
Memory threats detected : 0
Registry items scanned : 6720
Registry threats detected : 1
File items scanned : 20252
File threats detected : 1

Adware.Tracking Cookie
C:\Users\jinky\AppData\Roaming\Microsoft\Windows\Cookies\jinky@atdmt[1].txt

Adware.MyWebSearch/FunWebProducts
HKU\S-1-5-21-870120329-3058545315-4065139281-1000\SOFTWARE\FunWebProducts

jinky67

Combo fix log


ComboFix 09-04-19.01 - jinky 20/04/2009 17:17.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.955.192 [GMT 1:00]
Running from: c:\users\jinky\Downloads\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-03-20 to 2009-04-20 )))))))))))))))))))))))))))))))
.

2009-04-20 15:40 . 2009-04-20 15:40

---

d

---

w c:\users\All Users\SUPERAntiSpyware.com
2009-04-20 15:40 . 2009-04-20 15:40

---

d

---

w c:\programdata\SUPERAntiSpyware.com
2009-04-20 12:06 . 2009-04-06 14:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-20 12:06 . 2009-04-06 14:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-21 16:33 . 2008-12-16 05:31 4096 ----a-w c:\windows\system32\dxmasf.dll
2009-03-21 16:33 . 2008-12-16 05:31 7680 ----a-w c:\windows\system32\spwmp.dll
2009-03-21 16:33 . 2008-12-16 05:31 4096 ----a-w c:\windows\system32\msdxm.ocx
2009-03-21 16:33 . 2008-12-16 03:29 8147456 ----a-w c:\windows\system32\wmploc.DLL
2009-03-21 16:32 . 2008-11-27 04:43 268288 ----a-w c:\windows\system32\schannel.dll
2009-03-21 16:32 . 2009-02-09 03:10 2033152 ----a-w c:\windows\system32\win32k.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-20 16:16 . 2009-04-20 16:15 3179 ----a-w C:\Bug.txt
2009-04-20 16:15 . 2008-08-07 16:54

---

d

---

w c:\program files\Common Files\Wise Installation Wizard
2009-04-20 12:06 . 2009-01-27 13:46

---

d

---

w c:\program files\Malwarebytes' Anti-Malware
2009-04-20 08:13 . 2006-11-02 11:18

---

d

---

w c:\program files\Windows Mail
2009-04-20 08:08 . 2008-08-07 16:58

---

d

---

w c:\programdata\Microsoft Help
2009-03-26 18:43 . 2009-03-26 18:43

---

d

---

w c:\program files\Mozilla Firefox 3.1 Beta 3
2009-03-25 00:34 . 2009-02-25 11:02

---

d

---

w c:\program files\Common Files\Adobe AIR
2009-03-25 00:30 . 2009-03-25 00:29

---

d

---

w c:\program files\Common Files\Adobe
2009-03-25 00:20 . 2008-08-07 16:06

---

d

---

w c:\program files\Java
2009-03-20 18:50 . 2009-03-20 18:50 3358720 ----a-w c:\windows\System32\GPhotos.scr
2009-03-09 05:19 . 2009-01-02 23:40 410984 ----a-w c:\windows\System32\deploytk.dll
2009-03-03 04:46 . 2009-04-18 08:26 3599328 ----a-w c:\windows\System32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-18 08:26 3547632 ----a-w c:\windows\System32\ntoskrnl.exe
2009-03-03 04:40 . 2009-04-18 08:24 827392 ----a-w c:\windows\System32\wininet.dll
2009-03-03 04:39 . 2009-04-18 08:26 183296 ----a-w c:\windows\System32\sdohlp.dll
2009-03-03 04:39 . 2009-04-18 08:26 551424 ----a-w c:\windows\System32\rpcss.dll
2009-03-03 04:39 . 2009-04-18 08:26 26112 ----a-w c:\windows\System32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-18 08:24 78336 ----a-w c:\windows\System32\ieencode.dll
2009-03-03 04:37 . 2009-04-18 08:26 98304 ----a-w c:\windows\System32\iasrecst.dll
2009-03-03 04:37 . 2009-04-18 08:26 54784 ----a-w c:\windows\System32\iasads.dll
2009-03-03 04:37 . 2009-04-18 08:26 44032 ----a-w c:\windows\System32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-18 08:26 666624 ----a-w c:\windows\System32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-18 08:26 17408 ----a-w c:\windows\System32\iashost.exe
2009-03-03 02:28 . 2009-04-18 08:24 26624 ----a-w c:\windows\System32\ieUnatt.exe
2009-02-27 16:00 . 2009-02-11 02:42

---

d

---

w c:\program files\Microsoft Silverlight
2009-02-22 16:56 . 2008-11-30 10:43

---

d

---

w c:\program files\Windows Live
2009-02-06 19:03 . 2009-02-06 19:03 307576 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 18:52 . 2009-02-06 18:52 49504 ----a-w c:\windows\System32\sirenacm.dll
2009-01-28 10:48 . 2006-11-02 10:25 51200 ----a-w c:\windows\Inf\infpub.dat
2009-01-28 10:48 . 2006-11-02 10:25 143360 ----a-w c:\windows\Inf\infstrng.dat
2009-01-28 10:48 . 2006-11-02 10:25 86016 ----a-w c:\windows\Inf\infstor.dat
2009-01-28 09:00 . 2009-01-28 09:00 680 ----a-w c:\users\jinky\AppData\Local\d3d9caps.dat
2009-01-27 21:44 . 2009-01-27 18:39 1564 ----a-w C:\aaw7boot.log
2009-01-05 21:20 . 2008-11-27 12:24 86896 ----a-w c:\users\jinky\AppData\Local\GDIPFONTCACHEV1.DAT
2008-12-01 15:36 . 2008-12-01 15:36 0 ----a-w c:\users\jinky\AppData\Roaming\wklnhst.dat
2008-01-21 02:43 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
2009-03-25 00:2009-03-25 00:31 31:43 . c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-11-28 21:07 . 2008-11-27 14:24 16384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-11-28 21:07 . 2008-11-27 14:24 32768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-11-28 21:07 . 2008-11-27 14:24 16384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"filehippo.com"="c:\program files\filehippo.com\UpdateChecker.exe" [2008-12-31 146432]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-03-25 30192]
"Google EULA Launcher"="c:\program files\Google\Google EULA\GoogleEULALauncher.exe" [2008-05-28 20480]
"Toshiba TEMPO"="c:\program files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe" [2008-04-24 103824]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-06-24 509816]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-05-09 716800]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2008-01-11 574864]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"Wireless Manager"="c:\program files\Virgin Broadband Wireless\Wireless Manager.exe" [2008-05-26 585728]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-02-06 454000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"NDSTray.exe"="NDSTray.exe" [BU]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-04-08 6037504]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-11-20 1826816]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{43597A08-21ED-471C-AE18-6998A0F6D651}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{3BA6AD5F-B5C4-4A70-9B1E-DA764E2474B9}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{96CA63A0-F8AA-4E47-B4FE-550B6F339306}c:\\users\\jinky\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\xdn869rm\\housecall66[1].exe"= UDP:c:\users\jinky\appdata\local\microsoft\windows\temporary internet files\content.ie5\xdn869rm\housecall66[1].exe:housecall66[1].exe
"UDP Query User{EEC6CC16-EB4E-4DC7-870A-3C904ECFCEC5}c:\\users\\jinky\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\xdn869rm\\housecall66[1].exe"= TCP:c:\users\jinky\appdata\local\microsoft\windows\temporary internet files\content.ie5\xdn869rm\housecall66[1].exe:housecall66[1].exe
"{FE6BA825-D158-40DD-8868-79101F23E0F8}"= UDP:c:\program files\Virgin Broadband Wireless\Wireless Manager.exe:Wireless Manager
"{26F66326-08FF-47EF-A069-36CF7C6A5F9A}"= TCP:c:\program files\Virgin Broadband Wireless\Wireless Manager.exe:Wireless Manager
"{6991FC5A-4799-416D-A2AA-603411194143}"= UDP:c:\program files\Virgin Broadband Wireless\Wireless Manager.exe:Wireless Manager
"{132AACF6-9E35-430F-963D-CF879E042C08}"= TCP:c:\program files\Virgin Broadband Wireless\Wireless Manager.exe:Wireless Manager
"{5D85B81E-8A67-480C-8A48-917A9CB8B415}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"TCP Query User{9CAE2C58-4310-47D8-AB9D-CFDA4841A0D9}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{198EC51B-2544-4B8E-8CCC-B32803D3549A}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

R3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-03-25 30192]
S1 aswSP;avast! Self Protection; [x]
S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [2007-04-23 25896]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-02-05 51792]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-16 40960]
S2 fssfltr;fssfltr;c:\windows\system32\DRIVERS\fssfltr.sys [2008-12-08 55264]
S2 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
S2 TempoMonitoringService;Notebook Performance Tuning Service ;c:\program files\Toshiba TEMPRO\TempoSVC.exe [2008-04-24 99720]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2008-02-06 126976]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2008-10-24 342016]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - SASKUTIL
.
Contents of the 'Scheduled Tasks' folder

2009-04-20 c:\windows\Tasks\User_Feed_Synchronization-{097E59B4-E338-4467-A135-E88C3842F328}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe


.

---

Supplementary Scan

---

.
uStart Page = hxxp://www.google.co.uk/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: !!{76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4
IE: !!{8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?!!!!!Toshibaukbholink-21&site=home
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://prerelease.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
FF - ProfilePath - c:\users\jinky\AppData\Roaming\Mozilla\Firefox\Profiles\j7p0uvx1.default\
FF - prefs.js: browser.search.selectedEngine - MyWebSearch
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZNfox000&fl=0&ptb=FomE3P9NvsszOwGr0I0ZUg&st=kwd&o=kwd&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&searchfor=
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-20 17:22
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i???????5`?u??P?#?x?#???#???#??

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.

---

LOCKED REGISTRY KEYS

---

[HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2009-04-20 17:23
ComboFix-quarantined-files.txt 2009-04-20 16:23

Pre-Run: 47,935,971,328 bytes free
Post-Run: 47,732,793,344 bytes free

195 --- E O F --- 2009-04-20 08:11

aliEnRIK

run LSPFIX


Download HostsXpert
http://www.softpedia.com/get/Security/Security-Related/Hoster.shtml
and then follow the below steps.

* Unzip HostsXpert.zip
* It will create a folder named HostsXpert in whatever folder you extract it to.
* Run HostsXpert.exe by double clicking on it.
* click the Make Writeable? button.
* click Restore Microsoft's Hosts File and then click OK.
* Click the X to exit the program


then run a KASPERSKY ONLINE SCAN (click to scan 'MY COMPUTER')
http://www.kaspersky.co.uk/virusscanner
Please post the complete log it creates

jinky67

could not run run LSPFIX

message said....
Winsock Regristry Key is missing or could not be accessed

aliEnRIK

Carry on with the rest

jinky67

I in the process of doing the Kapersky scan but I keep getting these types of messages appear whilst browsing on here........



"A script on this page may be busy, or it may have stopped responding. You can stop the script now, or you can continue to see if the script will complete.

Script: file:///C:/Program%20Files/Mozilla%20Firefox%203.1%20Beta%203/components/nsLoginManager.js:302"

jinky67

The scan said no malware had been detected

aliEnRIK

Did you select to scan the WHOLE computer with Kaspersky?
If so it looks like your systems clean

jinky67

yeah I did

whooooo hooooo :cool::rotfl:

thank you

one last question then....

So do I leave all these new downloads on my lappy, or should I delete them all?