We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Problems with my computer
Options
Comments
-
COMMENT
On aliEnRIK,
70 posts in this single thread and still diligently doing his bit for the group / clients
- if you think I'm talking carrrp, do nowt
- if you think it's 5 :staradmin:staradmin:staradmin:staradmin:staradmin, click on his thanks button.Disclaimer : Everything I write on this forum is my opinion. I try to be an even-handed poster and accept that you at times may not agree with these opinions or how I choose to express them, this is not my problem. The Disabled : If years cannot be added to their lives, at least life can be added to their years - Alf Morris - ℜ0 -
:idea:0
-
ComboFix 10-06-08.05 - Chris 09/06/2010 15:06:02.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.894.254 [GMT 1:00]
Running from: c:\users\Chris\Desktop\ComboFix.exe
Command switches used :: c:\users\Chris\Desktop\CFScript
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Windows Defender *enabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FILE ::
"c:\windows\system32\CF20073.exe"
"c:\windows\system32\CF27639.exe"
"c:\windows\system32\CF8622.exe"
"c:\windows\system32\drivers\lvuvc.hs"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.0.inf
c:\windows\system32\CF20073.exe
c:\windows\system32\CF8622.exe
c:\windows\system32\drivers\lvuvc.hs
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
((((((((((((((((((((((((( Files Created from 2010-05-09 to 2010-06-09 )))))))))))))))))))))))))))))))
.
2010-06-09 14:23 . 2010-06-09 14:23
d
w- c:\users\Public\AppData\Local\temp
2010-06-09 14:23 . 2010-06-09 14:23
d
w- c:\users\Default\AppData\Local\temp
2010-06-09 14:22 . 2010-06-09 14:22
d
w- c:\users\Janna\AppData\Local\temp
2010-06-09 14:22 . 2010-06-09 14:22
d
w- c:\users\georgina\AppData\Local\temp
2010-06-09 14:22 . 2010-06-09 14:22
d
w- c:\users\Clare\AppData\Local\temp
2010-06-09 13:48 . 2010-06-09 13:48 318976 ----a-w- c:\windows\system32\CF5212.exe
2010-06-09 00:16 . 2010-06-09 08:25
d
w- c:\users\Janna\AppData\Local\Temp(66)
2010-06-09 00:16 . 2010-06-09 00:16
d
w- c:\users\georgina\AppData\Local\Temp(60)
2010-06-09 00:16 . 2010-06-09 00:16
d
w- c:\users\Clare\AppData\Local\Temp(58)
2010-06-07 18:18 . 2010-06-07 18:18
d
w- c:\users\Janna\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
2010-06-06 13:04 . 2010-06-06 13:04
d
w- c:\users\Janna\AppData\Roaming\Malwarebytes
2010-06-06 12:08 . 2010-06-06 12:08
d
w- c:\users\Janna\AppData\Roaming\Avira
2010-06-05 13:18 . 2010-06-05 13:18
d
w- c:\users\Janna\AppData\Roaming\PC Suite
2010-06-04 13:53 . 2010-06-04 13:53
d
w- c:\users\Clare\AppData\Roaming\PC Suite
2010-06-04 12:26 . 2010-06-04 12:26
d
w- c:\users\georgina\AppData\Roaming\PC Suite
2010-06-04 09:55 . 2010-06-06 15:13
d
w- c:\users\Chris\{e163edfa-14f9-4f82-af40-5c174b87133a}
2010-06-04 09:53 . 2010-06-04 09:54
d
w- c:\program files\Common Files\Nokia
2010-06-04 09:52 . 2010-06-04 09:59
d
w- c:\users\Chris\AppData\Roaming\PC Suite
2010-06-04 09:52 . 2010-06-04 09:59
d
w- c:\programdata\PC Suite
2010-06-04 09:47 . 2006-05-29 07:26 50688 ----a-w- c:\windows\system32\nmwcdcls.dll
2010-06-04 09:45 . 2010-06-04 09:45
d
w- c:\programdata\Downloaded Installations
2010-06-04 09:44 . 2010-06-04 09:54
d
w- c:\program files\Common Files\PCSuite
2010-06-04 09:44 . 2010-06-04 09:58
d
w- c:\program files\Nokia
2010-05-26 05:15 . 2010-04-23 14:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-17 16:56 . 2010-05-17 16:56
d
w- c:\users\Janna\AppData\Local\Microsoft Help
2010-05-17 09:29 . 2010-05-17 09:29
d
w- c:\users\Clare\AppData\Roaming\Avira
2010-05-12 04:43 . 2010-01-29 15:40 738816 ----a-w- c:\windows\system32\inetcomm.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-09 22:23 . 2009-12-18 11:01
d
w- c:\users\Janna\AppData\Roaming\vlc
2010-06-09 22:23 . 2010-01-03 21:37
d
w- c:\users\Chris\AppData\Roaming\vlc
2010-06-09 22:23 . 2009-04-23 19:45
d
w- c:\program files\Malwarebytes' Anti-Malware
2010-06-09 13:48 . 2007-09-01 17:30
d
w- c:\program files\Google
2010-06-09 08:34 . 2007-09-01 17:27
d
w- c:\programdata\Microsoft Help
2010-06-08 14:06 . 2008-03-26 13:14
d
w- c:\program files\Safari
2010-06-07 21:07 . 2008-03-02 14:39
d
w- c:\users\Janna\AppData\Roaming\Apple Computer
2010-06-07 14:14 . 2008-12-02 12:52
d
w- c:\program files\RarZilla Free Unrar
2010-06-07 12:10 . 2008-02-04 19:34
d
w- c:\program files\Yahoo!
2010-06-04 09:43 . 2009-09-29 10:23
d
w- c:\program files\Sony Ericsson
2010-06-04 09:39 . 2009-02-21 17:14
d
w- c:\program files\Microsoft Silverlight
2010-05-29 15:40 . 2009-05-04 12:26 534 ----a-w- c:\users\Chris\AppData\Roaming\wklnhst.dat
2010-05-26 10:45 . 2008-11-07 11:27
d
w- c:\program files\Microsoft
2010-05-12 10:21 . 2009-10-03 06:15 221568
w- c:\windows\system32\MpSigStub.exe
2010-05-12 08:52 . 2006-11-02 11:18
d
w- c:\program files\Windows Mail
2010-05-11 05:02 . 2010-01-12 11:38
d
w- c:\users\Janna\AppData\Roaming\ArcSoft
2010-05-08 17:09 . 2010-05-08 17:08
d
w- c:\users\Chris\AppData\Roaming\GARMIN
2010-04-29 13:37 . 2008-02-27 13:20
d
w- c:\program files\iTunes
2010-04-29 13:36 . 2010-04-29 13:36
d
w- c:\program files\iPod
2010-04-29 13:35 . 2008-02-06 15:29
d
w- c:\program files\Common Files\Apple
2010-04-29 13:30 . 2010-04-29 13:30
d
w- c:\program files\Bonjour
2010-04-22 22:56 . 2007-09-01 17:31
d
w- c:\program files\Common Files\Java
2010-04-22 22:54 . 2007-09-01 17:31
d
w- c:\program files\Java
2010-04-20 13:38 . 2008-05-20 16:21 1722 ----a-w- c:\users\georgina\AppData\Roaming\wklnhst.dat
2010-04-18 20:12 . 2010-04-18 20:12
d
w- c:\users\Chris\AppData\Roaming\Avira
2010-04-12 16:29 . 2010-04-22 22:55 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-12 12:54 . 2010-04-12 12:54
d
w- c:\users\Clare\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
2010-04-08 12:20 . 2010-04-08 12:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 12:20 . 2010-04-08 12:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2009-12-03 08:47 . 2008-12-09 20:06 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Logitech Vid"="c:\program files\Logitech\Logitech Vid\Vid.exe" [2010-01-19 5932888]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-23 4435968]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-12-03 30192]
"BigFix"="c:\program files\Bigfix\bigfix.exe" [2006-11-16 2348584]
"CHotkey"="zHotkey.exe" [2006-11-07 547840]
"ShowWnd"="ShowWnd.exe" [2005-01-27 36864]
"ModPS2"="ModPS2Key.exe" [2006-11-07 53248]
"HostManager"="c:\program files\Common Files\AOL\1197983138\ee\AOLSoftware.exe" [2008-06-24 41824]
"Skytel"="Skytel.exe" [2007-04-13 1822720]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-16 47392]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-20 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-20 92704]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-08 185896]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-04-02 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"NSLauncher"="c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2006-11-28 2658304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-07-04 40072]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
c:\users\Clare\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
BBC iPlayer Desktop.lnk - c:\program files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe [2010-4-2 95232]
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-5-28 147456]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
c:\users\georgina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
BBC iPlayer Desktop.lnk - c:\program files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe [2010-4-2 95232]
c:\users\Janna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
c:\users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
AOL Desktop.lnk - c:\program files\Common Files\AOL\Launch\aollaunch.exe [2008-6-24 41824]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
PMB Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2009-7-14 333088]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(b):95,2f,d0,6a,6c,38,ca,01
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2009-09-29 13224]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-12-03 30192]
R3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 11:32 128512 ----a-w- c:\windows\System32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
2010-05-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1370036104-811610254-1484745332-1003Core.job
- c:\users\Clare\AppData\Local\Google\Update\GoogleUpdate.exe [2009-02-11 09:02]
2010-06-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1370036104-811610254-1484745332-1003UA.job
- c:\users\Clare\AppData\Local\Google\Update\GoogleUpdate.exe [2009-02-11 09:02]
2010-06-09 c:\windows\Tasks\User_Feed_Synchronization-{64BBF93D-2222-46DE-B919-EA8BFBFD6EFB}.job
- c:\windows\system32\msfeedssync.exe [2010-03-31 04:54]
2010-06-09 c:\windows\Tasks\User_Feed_Synchronization-{BBFFB24D-0D1A-47DA-BD32-B0082C4E4345}.job
- c:\windows\system32\msfeedssync.exe [2010-03-31 04:54]
2010-06-09 c:\windows\Tasks\User_Feed_Synchronization-{F248A71E-67A9-4B53-B6F2-9ECAEC6BF257}.job
- c:\windows\system32\msfeedssync.exe [2010-03-31 04:54]
.
.
Supplementary Scan
.
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_GB&Sys=DTP&M=E4252
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar Search - c:\programdata\AOL\ieToolbar\resources\en-US\local\search.html
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\5slfsi5y.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Chris\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\5slfsi5y.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
**************************************************************************
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000000
.
DLLs Loaded Under Running Processes
- - - - - - - > 'Explorer.exe'(5824)
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\windows\system32\ConnAPI.DLL
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\program files\Malwarebytes' Anti-Malware\mbamext.dll
c:\program files\Avira\AntiVir Desktop\shlext.dll
.
Other Running Processes
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\RtHDVCpl.exe
c:\windows\zHotkey.exe
c:\windows\ModPS2Key.exe
c:\windows\System32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\program files\Common Files\Nokia\MPAPI\MPAPI3s.exe
c:\program files\Common Files\PCSuite\Services\ServiceLayer.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\AOL\1197983138\ee\AOLDesktop.exe
c:\windows\ehome\mcupdate.EXE
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2010-06-09 15:45:31 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-09 14:45
ComboFix2.txt 2010-06-09 00:16
ComboFix3.txt 2009-04-25 17:10
ComboFix4.txt 2009-04-25 15:46
Pre-Run: 76,797,448,192 bytes free
Post-Run: 77,161,816,064 bytes free
- - End Of File - - 474E1E902D492F4411E6A96EC46906C10 -
Open notepad and copy/paste the text in RED below
File::
c:\windows\system32\CF5212.exe
Save this as "CFScript" (FULL file will be 'CFScript.txt' EXACTLY as shown)
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply
Combofix should never take more that 30 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.:idea:0 -
ComboFix 10-06-09.01 - Chris 10/06/2010 0:35.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.894.301 [GMT 1:00]
Running from: c:\users\Chris\Desktop\ComboFix.exe
Command switches used :: c:\users\Chris\Desktop\CFScript
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Windows Defender *enabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FILE ::
"c:\windows\system32\CF5212.exe"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\cleansweep.exe
c:\cleansweep.exe\cleansweep.exe
c:\cleansweep.exe\config.bin
c:\windows\system32\CF5212.exe
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
((((((((((((((((((((((((( Files Created from 2010-05-09 to 2010-06-09 )))))))))))))))))))))))))))))))
.
2010-06-09 23:52 . 2010-06-09 23:52
d
w- c:\users\Public\AppData\Local\temp
2010-06-09 23:52 . 2010-06-09 23:52
d
w- c:\users\Janna\AppData\Local\temp
2010-06-09 23:52 . 2010-06-09 23:52
d
w- c:\users\Default\AppData\Local\temp
2010-06-09 23:52 . 2010-06-09 23:52
d
w- c:\users\georgina\AppData\Local\temp
2010-06-09 23:52 . 2010-06-09 23:52
d
w- c:\users\Clare\AppData\Local\temp
2010-06-09 23:24 . 2010-06-09 23:26
d
w- C:\32788R22FWJFW
2010-06-09 18:01 . 2010-05-26 14:47 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-06-09 18:01 . 2010-05-26 17:06 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-06-09 18:01 . 2010-04-05 17:01 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-09 17:59 . 2010-05-01 14:13 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-06-09 00:16 . 2010-06-09 08:25
d
w- c:\users\Janna\AppData\Local\Temp(66)
2010-06-09 00:16 . 2010-06-09 00:16
d
w- c:\users\georgina\AppData\Local\Temp(60)
2010-06-09 00:16 . 2010-06-09 00:16
d
w- c:\users\Clare\AppData\Local\Temp(58)
2010-06-07 18:18 . 2010-06-07 18:18
d
w- c:\users\Janna\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
2010-06-06 13:04 . 2010-06-06 13:04
d
w- c:\users\Janna\AppData\Roaming\Malwarebytes
2010-06-06 12:08 . 2010-06-06 12:08
d
w- c:\users\Janna\AppData\Roaming\Avira
2010-06-05 13:18 . 2010-06-05 13:18
d
w- c:\users\Janna\AppData\Roaming\PC Suite
2010-06-04 13:53 . 2010-06-04 13:53
d
w- c:\users\Clare\AppData\Roaming\PC Suite
2010-06-04 12:26 . 2010-06-04 12:26
d
w- c:\users\georgina\AppData\Roaming\PC Suite
2010-06-04 09:55 . 2010-06-06 15:13
d
w- c:\users\Chris\{e163edfa-14f9-4f82-af40-5c174b87133a}
2010-06-04 09:53 . 2010-06-04 09:54
d
w- c:\program files\Common Files\Nokia
2010-06-04 09:52 . 2010-06-04 09:59
d
w- c:\users\Chris\AppData\Roaming\PC Suite
2010-06-04 09:52 . 2010-06-04 09:59
d
w- c:\programdata\PC Suite
2010-06-04 09:47 . 2006-05-29 07:26 50688 ----a-w- c:\windows\system32\nmwcdcls.dll
2010-06-04 09:45 . 2010-06-04 09:45
d
w- c:\programdata\Downloaded Installations
2010-06-04 09:44 . 2010-06-04 09:54
d
w- c:\program files\Common Files\PCSuite
2010-06-04 09:44 . 2010-06-04 09:58
d
w- c:\program files\Nokia
2010-05-26 05:15 . 2010-04-23 14:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-17 16:56 . 2010-05-17 16:56
d
w- c:\users\Janna\AppData\Local\Microsoft Help
2010-05-17 09:29 . 2010-05-17 09:29
d
w- c:\users\Clare\AppData\Roaming\Avira
2010-05-12 04:43 . 2010-01-29 15:40 738816 ----a-w- c:\windows\system32\inetcomm.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-09 22:23 . 2009-12-18 11:01
d
w- c:\users\Janna\AppData\Roaming\vlc
2010-06-09 22:23 . 2010-01-03 21:37
d
w- c:\users\Chris\AppData\Roaming\vlc
2010-06-09 22:23 . 2009-04-23 19:45
d
w- c:\program files\Malwarebytes' Anti-Malware
2010-06-09 18:46 . 2006-11-02 11:18
d
w- c:\program files\Windows Mail
2010-06-09 18:23 . 2007-09-01 17:27
d
w- c:\programdata\Microsoft Help
2010-06-09 13:48 . 2007-09-01 17:30
d
w- c:\program files\Google
2010-06-08 14:06 . 2008-03-26 13:14
d
w- c:\program files\Safari
2010-06-07 21:07 . 2008-03-02 14:39
d
w- c:\users\Janna\AppData\Roaming\Apple Computer
2010-06-07 14:14 . 2008-12-02 12:52
d
w- c:\program files\RarZilla Free Unrar
2010-06-07 12:10 . 2008-02-04 19:34
d
w- c:\program files\Yahoo!
2010-06-04 09:43 . 2009-09-29 10:23
d
w- c:\program files\Sony Ericsson
2010-06-04 09:39 . 2009-02-21 17:14
d
w- c:\program files\Microsoft Silverlight
2010-05-29 15:40 . 2009-05-04 12:26 534 ----a-w- c:\users\Chris\AppData\Roaming\wklnhst.dat
2010-05-26 10:45 . 2008-11-07 11:27
d
w- c:\program files\Microsoft
2010-05-12 10:21 . 2009-10-03 06:15 221568
w- c:\windows\system32\MpSigStub.exe
2010-05-11 05:02 . 2010-01-12 11:38
d
w- c:\users\Janna\AppData\Roaming\ArcSoft
2010-05-08 17:09 . 2010-05-08 17:08
d
w- c:\users\Chris\AppData\Roaming\GARMIN
2010-05-04 05:59 . 2010-06-09 18:02 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-09 18:02 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 05:55 . 2010-06-09 18:02 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 04:31 . 2010-06-09 18:02 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-04-29 13:37 . 2008-02-27 13:20
d
w- c:\program files\iTunes
2010-04-29 13:36 . 2010-04-29 13:36
d
w- c:\program files\iPod
2010-04-29 13:35 . 2008-02-06 15:29
d
w- c:\program files\Common Files\Apple
2010-04-29 13:30 . 2010-04-29 13:30
d
w- c:\program files\Bonjour
2010-04-22 22:56 . 2007-09-01 17:31
d
w- c:\program files\Common Files\Java
2010-04-22 22:54 . 2007-09-01 17:31
d
w- c:\program files\Java
2010-04-20 13:38 . 2008-05-20 16:21 1722 ----a-w- c:\users\georgina\AppData\Roaming\wklnhst.dat
2010-04-18 20:12 . 2010-04-18 20:12
d
w- c:\users\Chris\AppData\Roaming\Avira
2010-04-12 16:29 . 2010-04-22 22:55 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-12 12:54 . 2010-04-12 12:54
d
w- c:\users\Clare\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
2010-04-08 12:20 . 2010-04-08 12:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 12:20 . 2010-04-08 12:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2009-12-03 08:47 . 2008-12-09 20:06 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Logitech Vid"="c:\program files\Logitech\Logitech Vid\Vid.exe" [2010-01-19 5932888]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-23 4435968]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-12-03 30192]
"BigFix"="c:\program files\Bigfix\bigfix.exe" [2006-11-16 2348584]
"CHotkey"="zHotkey.exe" [2006-11-07 547840]
"ShowWnd"="ShowWnd.exe" [2005-01-27 36864]
"ModPS2"="ModPS2Key.exe" [2006-11-07 53248]
"HostManager"="c:\program files\Common Files\AOL\1197983138\ee\AOLSoftware.exe" [2008-06-24 41824]
"Skytel"="Skytel.exe" [2007-04-13 1822720]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-16 47392]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-20 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-20 92704]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-08 185896]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-04-02 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"NSLauncher"="c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2006-11-28 2658304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-07-04 40072]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
c:\users\Clare\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
BBC iPlayer Desktop.lnk - c:\program files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe [2010-4-2 95232]
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-5-28 147456]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
c:\users\georgina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
BBC iPlayer Desktop.lnk - c:\program files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe [2010-4-2 95232]
c:\users\Janna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
c:\users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
AOL Desktop.lnk - c:\program files\Common Files\AOL\Launch\aollaunch.exe [2008-6-24 41824]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
PMB Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2009-7-14 333088]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(b):95,2f,d0,6a,6c,38,ca,01
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2009-09-29 13224]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-12-03 30192]
R3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 11:32 128512 ----a-w- c:\windows\System32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
2010-05-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1370036104-811610254-1484745332-1003Core.job
- c:\users\Clare\AppData\Local\Google\Update\GoogleUpdate.exe [2009-02-11 09:02]
2010-06-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1370036104-811610254-1484745332-1003UA.job
- c:\users\Clare\AppData\Local\Google\Update\GoogleUpdate.exe [2009-02-11 09:02]
2010-06-09 c:\windows\Tasks\User_Feed_Synchronization-{64BBF93D-2222-46DE-B919-EA8BFBFD6EFB}.job
- c:\windows\system32\msfeedssync.exe [2010-06-09 04:30]
2010-06-09 c:\windows\Tasks\User_Feed_Synchronization-{BBFFB24D-0D1A-47DA-BD32-B0082C4E4345}.job
- c:\windows\system32\msfeedssync.exe [2010-06-09 04:30]
2010-06-10 c:\windows\Tasks\User_Feed_Synchronization-{F248A71E-67A9-4B53-B6F2-9ECAEC6BF257}.job
- c:\windows\system32\msfeedssync.exe [2010-06-09 04:30]
.
.
Supplementary Scan
.
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_GB&Sys=DTP&M=E4252
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar Search - c:\programdata\AOL\ieToolbar\resources\en-US\local\search.html
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\5slfsi5y.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - component: c:\program files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\components\SEPsearchhelperff.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Chris\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\5slfsi5y.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-10 00:57
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000000
.
DLLs Loaded Under Running Processes
- - - - - - - > 'Explorer.exe'(4912)
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\windows\system32\ConnAPI.DLL
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
.
Other Running Processes
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\RtHDVCpl.exe
c:\windows\zHotkey.exe
c:\windows\ModPS2Key.exe
c:\windows\System32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\program files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe
c:\program files\Common Files\PCSuite\Services\ServiceLayer.exe
c:\program files\Common Files\AOL\1197983138\ee\AOLDesktop.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2010-06-10 01:12:23 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-10 00:12
ComboFix2.txt 2010-06-09 14:45
ComboFix3.txt 2010-06-09 00:16
ComboFix4.txt 2009-04-25 17:10
ComboFix5.txt 2010-06-09 23:26
Pre-Run: 77,823,627,264 bytes free
Post-Run: 77,608,763,392 bytes free
- - End Of File - - F832FAA6D95C6BC070A3F5A045FDFB290 -
Give AVIRA a full scan:idea:0
-
Ok have done that this was the log not sure if you wanted me to post this or not but have done so.
Avira AntiVir Personal
Report file date: 10 June 2010 08:56
Scanning for 2191716 virus strains and unwanted programs.
The program is running as an unrestricted full version.
Online services are available:
Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows Vista
Windows version : (Service Pack 2) [6.0.6002]
Boot mode : Normally booted
Username : SYSTEM
Computer name : CHRIS-PC
Version information:
BUILD.DAT : 10.0.0.567 32097 Bytes 19/04/2010 15:07:00
AVSCAN.EXE : 10.0.3.0 433832 Bytes 17/05/2010 09:30:09
AVSCAN.DLL : 10.0.3.0 46440 Bytes 17/05/2010 09:30:09
LUKE.DLL : 10.0.2.3 104296 Bytes 07/03/2010 18:33:04
LUKERES.DLL : 10.0.0.1 12648 Bytes 10/02/2010 23:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 16:24:15
VBASE001.VDF : 7.10.1.0 1372672 Bytes 19/11/2009 16:22:47
VBASE002.VDF : 7.10.3.1 3143680 Bytes 20/01/2010 14:16:38
VBASE003.VDF : 7.10.3.75 996864 Bytes 26/01/2010 16:18:54
VBASE004.VDF : 7.10.4.203 1579008 Bytes 05/03/2010 07:02:11
VBASE005.VDF : 7.10.6.82 2494464 Bytes 15/04/2010 15:26:23
VBASE006.VDF : 7.10.7.218 2294784 Bytes 02/06/2010 12:09:22
VBASE007.VDF : 7.10.7.219 2048 Bytes 02/06/2010 12:09:23
VBASE008.VDF : 7.10.7.220 2048 Bytes 02/06/2010 12:09:23
VBASE009.VDF : 7.10.7.221 2048 Bytes 02/06/2010 12:09:23
VBASE010.VDF : 7.10.7.222 2048 Bytes 02/06/2010 12:09:23
VBASE011.VDF : 7.10.7.223 2048 Bytes 02/06/2010 12:09:23
VBASE012.VDF : 7.10.7.224 2048 Bytes 02/06/2010 12:09:23
VBASE013.VDF : 7.10.7.225 2048 Bytes 02/06/2010 12:09:23
VBASE014.VDF : 7.10.7.226 2048 Bytes 02/06/2010 12:09:23
VBASE015.VDF : 7.10.7.227 2048 Bytes 02/06/2010 12:09:24
VBASE016.VDF : 7.10.7.228 2048 Bytes 02/06/2010 12:09:25
VBASE017.VDF : 7.10.7.229 2048 Bytes 02/06/2010 12:09:25
VBASE018.VDF : 7.10.7.230 2048 Bytes 02/06/2010 12:09:25
VBASE019.VDF : 7.10.7.231 2048 Bytes 02/06/2010 12:09:25
VBASE020.VDF : 7.10.7.232 2048 Bytes 02/06/2010 12:09:25
VBASE021.VDF : 7.10.7.233 2048 Bytes 02/06/2010 12:09:25
VBASE022.VDF : 7.10.7.234 2048 Bytes 02/06/2010 12:09:25
VBASE023.VDF : 7.10.7.235 2048 Bytes 02/06/2010 12:09:25
VBASE024.VDF : 7.10.7.236 2048 Bytes 02/06/2010 12:09:25
VBASE025.VDF : 7.10.7.237 2048 Bytes 02/06/2010 12:09:25
VBASE026.VDF : 7.10.7.238 2048 Bytes 02/06/2010 12:09:26
VBASE027.VDF : 7.10.7.239 2048 Bytes 02/06/2010 12:09:26
VBASE028.VDF : 7.10.7.240 2048 Bytes 02/06/2010 12:09:26
VBASE029.VDF : 7.10.7.241 2048 Bytes 02/06/2010 12:09:26
VBASE030.VDF : 7.10.7.242 2048 Bytes 02/06/2010 12:09:26
VBASE031.VDF : 7.10.8.1 104448 Bytes 07/06/2010 11:58:08
Engineversion : 8.2.2.6
AEVDF.DLL : 8.1.2.0 106868 Bytes 17/05/2010 09:30:08
AESCRIPT.DLL : 8.1.3.31 1352058 Bytes 07/06/2010 11:58:14
AESCN.DLL : 8.1.6.1 127347 Bytes 17/05/2010 09:30:07
AESBX.DLL : 8.1.3.1 254324 Bytes 17/05/2010 09:30:08
AERDL.DLL : 8.1.4.6 541043 Bytes 17/05/2010 09:30:07
AEPACK.DLL : 8.2.1.1 426358 Bytes 10/04/2010 05:44:16
AEOFFICE.DLL : 8.1.1.0 201081 Bytes 17/05/2010 09:30:07
AEHEUR.DLL : 8.1.1.33 2724214 Bytes 07/06/2010 11:58:13
AEHELP.DLL : 8.1.11.5 242038 Bytes 07/06/2010 11:58:09
AEGEN.DLL : 8.1.3.10 377205 Bytes 07/06/2010 11:58:08
AEEMU.DLL : 8.1.2.0 393588 Bytes 17/05/2010 09:30:07
AECORE.DLL : 8.1.15.3 192886 Bytes 17/05/2010 09:30:06
AEBB.DLL : 8.1.1.0 53618 Bytes 17/05/2010 09:30:06
AVWINLL.DLL : 10.0.0.0 19304 Bytes 14/01/2010 12:03:38
AVPREF.DLL : 10.0.0.0 44904 Bytes 14/01/2010 12:03:35
AVREP.DLL : 10.0.0.8 62209 Bytes 18/02/2010 16:47:40
AVREG.DLL : 10.0.3.0 53096 Bytes 17/05/2010 09:30:10
AVSCPLR.DLL : 10.0.3.0 83816 Bytes 17/05/2010 09:30:10
AVARKT.DLL : 10.0.0.14 227176 Bytes 17/05/2010 09:30:08
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 26/01/2010 09:53:30
SQLITE3.DLL : 3.6.19.0 355688 Bytes 28/01/2010 12:57:58
AVSMTP.DLL : 10.0.0.17 63848 Bytes 16/03/2010 15:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 19/02/2010 14:41:00
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28/01/2010 13:10:20
RCTEXT.DLL : 10.0.53.0 97128 Bytes 17/05/2010 09:30:06
Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +GAME,
Start of the scan: 10 June 2010 08:56
Starting search for hidden objects.
c:\program files\logitech\logitech webcam software\lu\lulnchr.exe
c:\Program Files\Logitech\Logitech WebCam Software\LU\LULnchr.exe
[NOTE] The process is not visible.
The scan of running processes will be started
Scan process 'SearchFilterHost.exe' - '32' Module(s) have been scanned
Scan process 'SearchProtocolHost.exe' - '44' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '44' Module(s) have been scanned
Scan process 'SCServer.exe' - '35' Module(s) have been scanned
Scan process 'firefox.exe' - '104' Module(s) have been scanned
Scan process 'SoftwareUpdate.exe' - '88' Module(s) have been scanned
Scan process 'taskeng.exe' - '24' Module(s) have been scanned
Scan process 'svchost.exe' - '30' Module(s) have been scanned
Scan process 'vssvc.exe' - '49' Module(s) have been scanned
Scan process 'avscan.exe' - '81' Module(s) have been scanned
Scan process 'avcenter.exe' - '98' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '115' Module(s) have been scanned
Scan process 'COCIManager.exe' - '36' Module(s) have been scanned
Scan process 'iPodService.exe' - '30' Module(s) have been scanned
Scan process 'ServiceLayer.exe' - '45' Module(s) have been scanned
Scan process 'ehmsas.exe' - '19' Module(s) have been scanned
Scan process 'ArcCon.ac' - '60' Module(s) have been scanned
Scan process 'ONENOTEM.EXE' - '18' Module(s) have been scanned
Scan process 'ehtray.exe' - '26' Module(s) have been scanned
Scan process 'sidebar.exe' - '56' Module(s) have been scanned
Scan process 'NSLauncher.exe' - '40' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '73' Module(s) have been scanned
Scan process 'LWS.exe' - '68' Module(s) have been scanned
Scan process 'ACDaemon.exe' - '46' Module(s) have been scanned
Scan process 'jusched.exe' - '23' Module(s) have been scanned
Scan process 'avgnt.exe' - '58' Module(s) have been scanned
Scan process 'realsched.exe' - '33' Module(s) have been scanned
Scan process 'rundll32.exe' - '31' Module(s) have been scanned
Scan process 'aolsoftware.exe' - '64' Module(s) have been scanned
Scan process 'ModPS2Key.exe' - '13' Module(s) have been scanned
Scan process 'zHotkey.exe' - '39' Module(s) have been scanned
Scan process 'GoogleDesktop.exe' - '84' Module(s) have been scanned
Scan process 'RtHDVCpl.exe' - '47' Module(s) have been scanned
Scan process 'Explorer.EXE' - '137' Module(s) have been scanned
Scan process 'Dwm.exe' - '31' Module(s) have been scanned
Scan process 'taskeng.exe' - '78' Module(s) have been scanned
Scan process 'taskeng.exe' - '49' Module(s) have been scanned
Scan process 'WLIDSvcM.exe' - '16' Module(s) have been scanned
Scan process 'WUDFHost.exe' - '33' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '63' Module(s) have been scanned
Scan process 'WLIDSVC.EXE' - '69' Module(s) have been scanned
Scan process 'svchost.exe' - '9' Module(s) have been scanned
Scan process 'svchost.exe' - '49' Module(s) have been scanned
Scan process 'SeaPort.exe' - '57' Module(s) have been scanned
Scan process 'avshadow.exe' - '33' Module(s) have been scanned
Scan process 'svchost.exe' - '42' Module(s) have been scanned
Scan process 'LVPrcSrv.exe' - '29' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '35' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '32' Module(s) have been scanned
Scan process 'AOLAcsd.exe' - '35' Module(s) have been scanned
Scan process 'avguard.exe' - '65' Module(s) have been scanned
Scan process 'ACService.exe' - '24' Module(s) have been scanned
Scan process 'svchost.exe' - '65' Module(s) have been scanned
Scan process 'sched.exe' - '56' Module(s) have been scanned
Scan process 'spoolsv.exe' - '86' Module(s) have been scanned
Scan process 'svchost.exe' - '92' Module(s) have been scanned
Scan process 'rundll32.exe' - '45' Module(s) have been scanned
Scan process 'svchost.exe' - '80' Module(s) have been scanned
Scan process 'SLsvc.exe' - '23' Module(s) have been scanned
Scan process 'svchost.exe' - '37' Module(s) have been scanned
Scan process 'svchost.exe' - '153' Module(s) have been scanned
Scan process 'svchost.exe' - '115' Module(s) have been scanned
Scan process 'svchost.exe' - '67' Module(s) have been scanned
Scan process 'svchost.exe' - '54' Module(s) have been scanned
Scan process 'svchost.exe' - '35' Module(s) have been scanned
Scan process 'nvvsvc.exe' - '24' Module(s) have been scanned
Scan process 'svchost.exe' - '40' Module(s) have been scanned
Scan process 'winlogon.exe' - '31' Module(s) have been scanned
Scan process 'lsm.exe' - '22' Module(s) have been scanned
Scan process 'lsass.exe' - '60' Module(s) have been scanned
Scan process 'services.exe' - '33' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'wininit.exe' - '26' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Master boot sector HD3
[INFO] No virus was found!
Master boot sector HD4
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Starting to scan executable files (registry).
The registry was scanned ( '1656' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\tdf.dat
[DETECTION] Contains virus patterns of Adware ADWARE/DoubleD.D.16
Begin scan in 'D:\' <RECOVERY>
Beginning disinfection:
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\tdf.dat
[DETECTION] Contains virus patterns of Adware ADWARE/DoubleD.D.16
[NOTE] The file was moved to the quarantine directory under the name '4830a4c4.qua'.
End of the scan: 10 June 2010 16:09
Used time: 7:05:09 Hour(s)
The scan has been done completely.
50132 Scanned directories
1012144 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
1012143 Files not concerned
6846 Archives were scanned
0 Warnings
1 Notes
526042 Objects were scanned with rootkit scan
1 Hidden objects were found0 -
Download CCLEANER
http://www.piriform.com/ccleaner/download/slim
Run the CLEANER scan (UNTICK 'cookies')
Then run the REGISTRY scan (Backup the registry when it asks)
then your good to go for now
However, in a months time, download a FRESH copy of combofix and post that log as im not convinced its clean:idea:0 -
Will do and cheers for all your help i owe ya one.0
-
oh and i think I'd agree with you about it still not being clean as it still turns itself off and i get that crash dump blue sign up as per.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 350.8K Banking & Borrowing
- 253K Reduce Debt & Boost Income
- 453.5K Spending & Discounts
- 243.8K Work, Benefits & Business
- 598.6K Mortgages, Homes & Bills
- 176.8K Life & Family
- 257.1K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards