We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Problems with my computer
Options
Comments
-
Well its clearly NOT upto date
Assuming youve done your bit correctly then im guessing something nasty is stopping it
Please run COMBOFIX (make sure its a FRESH copy as they only update on the actual site)
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Shut down your anti virus
Follow the simple instructions it gives
Post the COMPLETE log it creates here (Split into sections if need be) ~ if there are loads of 'SNAPSHOT' pages then leave them out
If it comes up with a RENAMING error then RIGHT click the exe file and RENAME and call it QWERTY (Making the complete file name 'QWERTY.exe') Or SAVE as 'QWERTY' on download
(If no log comes up or you lose it, COMBOFIX.TXT can be found in C drive):idea:0 -
Just an update i logged out of one account on here and went back into mine which is the main one and i updated it and is now up to date as it has a new Database version than the other one so I'm running a new full scan.0
-
Malwarebytes' Anti-Malware 1.46
https://www.malwarebytes.org
Database version: 4179
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904
08/06/2010 18:21:46
mbam-log-2010-06-08 (18-21-46).txt
Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Objects scanned: 435213
Time elapsed: 2 hour(s), 31 minute(s), 18 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)0 -
Download and run a fresh copy of combofix now please:idea:0
-
I can't i've downloaded that link posted above for combo Fix and when i open it an error message comes up saying i can't call it ComboFix(2) happens every time.0
-
sorted it.0
-
ComboFix 10-06-08.02 - Chris 09/06/2010 0:29.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.894.111 [GMT 1:00]
Running from: c:\users\Chris\Downloads\ComboFix2010.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Windows Defender *enabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.0.inf
c:\windows\TEMP\logishrd\LVPrcInj09.dll
.
((((((((((((((((((((((((( Files Created from 2010-05-09 to 2010-06-09 )))))))))))))))))))))))))))))))
.
2010-06-09 00:00 . 2010-06-09 00:00
d
w- c:\users\Default\AppData\Local\temp
2010-06-09 00:00 . 2010-06-09 00:00
d
w- c:\users\Clare\AppData\Local\temp
2010-06-08 23:57 . 2010-06-08 23:57
d
w- c:\users\Janna\AppData\Local\temp
2010-06-08 23:55 . 2010-06-08 23:55
d
w- c:\users\georgina\AppData\Local\temp
2010-06-08 17:25 . 2010-06-08 17:24 318976 ----a-w- c:\windows\system32\CF27639.exe
2010-06-07 18:18 . 2010-06-07 18:18
d
w- c:\users\Janna\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
2010-06-07 11:57 . 2010-06-07 11:55 318976 ----a-w- c:\windows\system32\CF8622.exe
2010-06-06 13:04 . 2010-06-06 13:04
d
w- c:\users\Janna\AppData\Roaming\Malwarebytes
2010-06-06 12:08 . 2010-06-06 12:08
d
w- c:\users\Janna\AppData\Roaming\Avira
2010-06-05 13:18 . 2010-06-05 13:18
d
w- c:\users\Janna\AppData\Roaming\PC Suite
2010-06-04 13:53 . 2010-06-04 13:53
d
w- c:\users\Clare\AppData\Roaming\PC Suite
2010-06-04 12:26 . 2010-06-04 12:26
d
w- c:\users\georgina\AppData\Roaming\PC Suite
2010-06-04 09:55 . 2010-06-06 15:13
d
w- c:\users\Chris\{e163edfa-14f9-4f82-af40-5c174b87133a}
2010-06-04 09:53 . 2010-06-04 09:54
d
w- c:\program files\Common Files\Nokia
2010-06-04 09:52 . 2010-06-04 09:59
d
w- c:\users\Chris\AppData\Roaming\PC Suite
2010-06-04 09:52 . 2010-06-04 09:59
d
w- c:\programdata\PC Suite
2010-06-04 09:47 . 2006-05-29 07:26 50688 ----a-w- c:\windows\system32\nmwcdcls.dll
2010-06-04 09:45 . 2010-06-04 09:45
d
w- c:\programdata\Downloaded Installations
2010-06-04 09:44 . 2010-06-04 09:54
d
w- c:\program files\Common Files\PCSuite
2010-06-04 09:44 . 2010-06-04 09:58
d
w- c:\program files\Nokia
2010-05-26 05:15 . 2010-04-23 14:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-17 16:56 . 2010-05-17 16:56
d
w- c:\users\Janna\AppData\Local\Microsoft Help
2010-05-17 09:29 . 2010-05-17 09:29
d
w- c:\users\Clare\AppData\Roaming\Avira
2010-05-16 19:40 . 2010-05-16 19:40 318976 ----a-w- c:\windows\system32\CF20073.exe
2010-05-12 04:43 . 2010-01-29 15:40 738816 ----a-w- c:\windows\system32\inetcomm.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-08 21:48 . 2010-01-03 21:37
d
w- c:\users\Chris\AppData\Roaming\vlc
2010-06-08 14:06 . 2008-03-26 13:14
d
w- c:\program files\Safari
2010-06-08 09:17 . 2009-12-18 11:01
d
w- c:\users\Janna\AppData\Roaming\vlc
2010-06-08 09:13 . 2009-04-23 19:45
d
w- c:\program files\Malwarebytes' Anti-Malware
2010-06-08 05:46 . 2007-09-01 17:30
d
w- c:\program files\Google
2010-06-07 21:07 . 2008-03-02 14:39
d
w- c:\users\Janna\AppData\Roaming\Apple Computer
2010-06-07 14:14 . 2008-12-02 12:52
d
w- c:\program files\RarZilla Free Unrar
2010-06-07 12:10 . 2008-02-04 19:34
d
w- c:\program files\Yahoo!
2010-06-04 09:43 . 2009-09-29 10:23
d
w- c:\program files\Sony Ericsson
2010-06-04 09:39 . 2009-02-21 17:14
d
w- c:\program files\Microsoft Silverlight
2010-05-29 15:40 . 2009-05-04 12:26 534 ----a-w- c:\users\Chris\AppData\Roaming\wklnhst.dat
2010-05-26 10:45 . 2008-11-07 11:27
d
w- c:\program files\Microsoft
2010-05-12 10:21 . 2009-10-03 06:15 221568
w- c:\windows\system32\MpSigStub.exe
2010-05-12 08:52 . 2006-11-02 11:18
d
w- c:\program files\Windows Mail
2010-05-12 08:52 . 2007-09-01 17:27
d
w- c:\programdata\Microsoft Help
2010-05-11 05:02 . 2010-01-12 11:38
d
w- c:\users\Janna\AppData\Roaming\ArcSoft
2010-05-08 17:09 . 2010-05-08 17:08
d
w- c:\users\Chris\AppData\Roaming\GARMIN
2010-04-29 14:39 . 2009-04-23 19:45 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 14:39 . 2009-04-23 19:45 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-29 13:37 . 2008-02-27 13:20
d
w- c:\program files\iTunes
2010-04-29 13:36 . 2010-04-29 13:36
d
w- c:\program files\iPod
2010-04-29 13:35 . 2008-02-06 15:29
d
w- c:\program files\Common Files\Apple
2010-04-29 13:30 . 2010-04-29 13:30
d
w- c:\program files\Bonjour
2010-04-22 22:56 . 2007-09-01 17:31
d
w- c:\program files\Common Files\Java
2010-04-22 22:54 . 2007-09-01 17:31
d
w- c:\program files\Java
2010-04-20 13:38 . 2008-05-20 16:21 1722 ----a-w- c:\users\georgina\AppData\Roaming\wklnhst.dat
2010-04-18 23:15 . 2009-11-20 16:16 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-04-18 20:12 . 2010-04-18 20:12
d
w- c:\users\Chris\AppData\Roaming\Avira
2010-04-12 16:29 . 2010-04-22 22:55 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-12 12:54 . 2010-04-12 12:54
d
w- c:\users\Clare\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
2010-04-08 12:20 . 2010-04-08 12:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 12:20 . 2010-04-08 12:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2009-12-03 08:47 . 2008-12-09 20:06 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Logitech Vid"="c:\program files\Logitech\Logitech Vid\Vid.exe" [2010-01-19 5932888]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-23 4435968]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-12-03 30192]
"BigFix"="c:\program files\Bigfix\bigfix.exe" [2006-11-16 2348584]
"CHotkey"="zHotkey.exe" [2006-11-07 547840]
"ShowWnd"="ShowWnd.exe" [2005-01-27 36864]
"ModPS2"="ModPS2Key.exe" [2006-11-07 53248]
"HostManager"="c:\program files\Common Files\AOL\1197983138\ee\AOLSoftware.exe" [2008-06-24 41824]
"Skytel"="Skytel.exe" [2007-04-13 1822720]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-16 47392]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-20 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-20 92704]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-08 185896]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-04-02 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"NSLauncher"="c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2006-11-28 2658304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-07-04 40072]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
c:\users\georgina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
BBC iPlayer Desktop.lnk - c:\program files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe [2010-4-2 95232]
c:\users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
AOL Desktop.lnk - c:\program files\Common Files\AOL\Launch\aollaunch.exe [2008-6-24 41824]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
PMB Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2009-7-14 333088]
c:\users\Janna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(b):95,2f,d0,6a,6c,38,ca,01
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2009-09-29 13224]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-12-03 30192]
R3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 11:32 128512 ----a-w- c:\windows\System32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
2010-06-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1370036104-811610254-1484745332-1003Core.job
- c:\users\Clare\AppData\Local\Google\Update\GoogleUpdate.exe [2009-02-11 09:02]
2010-06-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1370036104-811610254-1484745332-1003UA.job
- c:\users\Clare\AppData\Local\Google\Update\GoogleUpdate.exe [2009-02-11 09:02]
2010-06-09 c:\windows\Tasks\User_Feed_Synchronization-{64BBF93D-2222-46DE-B919-EA8BFBFD6EFB}.job
- c:\windows\system32\msfeedssync.exe [2010-03-31 04:54]
2010-06-09 c:\windows\Tasks\User_Feed_Synchronization-{BBFFB24D-0D1A-47DA-BD32-B0082C4E4345}.job
- c:\windows\system32\msfeedssync.exe [2010-03-31 04:54]
2010-06-09 c:\windows\Tasks\User_Feed_Synchronization-{F248A71E-67A9-4B53-B6F2-9ECAEC6BF257}.job
- c:\windows\system32\msfeedssync.exe [2010-03-31 04:54]
.
.
Supplementary Scan
.
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_GB&Sys=DTP&M=E4252
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar Search - c:\programdata\AOL\ieToolbar\resources\en-US\local\search.html
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\5slfsi5y.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Chris\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\5slfsi5y.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
AddRemove-AOL Regclient - c:\program files\AOL\RC\uninstall.exe
**************************************************************************
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000000
.
DLLs Loaded Under Running Processes
- - - - - - - > 'Explorer.exe'(3232)
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\windows\system32\ConnAPI.DLL
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
.
Other Running Processes
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\RtHDVCpl.exe
c:\windows\zHotkey.exe
c:\windows\ModPS2Key.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\program files\Common Files\AOL\1197983138\ee\AOLDesktop.exe
c:\program files\Common Files\Nokia\MPAPI\MPAPI3s.exe
c:\program files\Common Files\PCSuite\Services\ServiceLayer.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-06-09 01:15:59 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-09 00:15
ComboFix2.txt 2009-04-25 17:10
ComboFix3.txt 2009-04-25 15:46
Pre-Run: 74,953,809,920 bytes free
Post-Run: 77,606,903,808 bytes free
- - End Of File - - F624FF591F67FF4AA2F4BE4FAA5C60520 -
Open notepad and copy/paste the text in RED below
File::
c:\windows\system32\CF20073.exe
c:\windows\system32\CF27639.exe
c:\windows\system32\CF8622.exe
c:\windows\system32\drivers\lvuvc.hs
Save this as "CFScript" (FULL file will be 'CFScript.txt' EXACTLY as shown)
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply
Combofix should never take more that 30 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.:idea:0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 350.8K Banking & Borrowing
- 253.1K Reduce Debt & Boost Income
- 453.5K Spending & Discounts
- 243.8K Work, Benefits & Business
- 598.7K Mortgages, Homes & Bills
- 176.8K Life & Family
- 257.1K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards