Help please

2

Comments

  • jacquie
    jacquie Posts: 89 Forumite
    Will speak to son.

    Any advice on what to do next appreciated.
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    TICK these in hijack and FIX them ~
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)
    O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)
    O16 - DPF: {4F912770-A045-4603-951E-9B8377084354} (cpbrukie2 Control) - http://a19.g.akamai.net/7/19/7125/14.../cpbrukie2.cab
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
    (The one in BOLD is nasty)

    Please run COMBOFIX
    Follow the simple instructions it gives
    Post the COMPLETE log it creates here (Split into sections if need be)

    If it comes up with a RENAMING error then RIGHT click the exe file and RENAME and call it QWERTY (Making the complete file name 'QWERTY.exe'). Or SAVE as 'QWERTY' on download
    :idea:
  • jacquie
    jacquie Posts: 89 Forumite
    Hi - My computer seems weird the screensaver as reverted to one from a couple of years ago. My taskbar (bottom of screen) as disapeared. I will reboot and see if it comes back.

    ComboFix 09-05-18.02 - User 18/05/2009 22:23.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.223.81 [GMT 1:00]
    Running from: c:\documents and settings\User\My Documents\QWERTY.exe
    AV: avast! antivirus 4.8.1296 [VPS 090518-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    c:\documents and settings\LocalService\Application Data\twain_32
    c:\documents and settings\LocalService\Application Data\twain_32\user.ds
    c:\documents and settings\NetworkService\Application Data\twain_32
    c:\documents and settings\NetworkService\Application Data\twain_32\user.ds
    c:\documents and settings\User\Application Data\wiaserva.log
    c:\program files\INSTALL.LOG
    c:\windows\jestertb.dll
    c:\windows\system32\dz1.txt
    c:\windows\system32\E95THK16.EXE
    c:\windows\system32\encapi32.dll
    c:\windows\system32\inform.dat
    c:\windows\system32\MabryObj.dll
    c:\windows\system32\p1.txt
    c:\windows\system32\r24.txt
    .
    ((((((((((((((((((((((((( Files Created from 2009-04-18 to 2009-05-18 )))))))))))))))))))))))))))))))
    .
    2009-05-18 19:36 . 2009-05-18 19:36
    d
    w c:\program files\filehippo.com
    2009-05-18 19:15 . 2009-05-18 19:15
    d
    w c:\program files\Trend Micro
    2009-05-18 17:30 . 2009-05-18 17:30
    d
    w c:\documents and settings\User\Application Data\Malwarebytes
    2009-05-18 17:30 . 2009-04-06 14:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
    2009-05-18 17:29 . 2009-04-06 14:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
    2009-05-18 17:29 . 2009-05-18 17:29
    d
    w c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-05-18 17:29 . 2009-05-18 17:30
    d
    w c:\program files\Malwarebytes' Anti-Malware
    2009-05-18 16:48 . 2009-05-18 16:48
    d-sh--w c:\documents and settings\LocalService\IETldCache
    2009-05-18 07:02 . 2009-05-18 17:05
    d---a-w c:\documents and settings\All Users\Application Data\TEMP
    2009-05-18 07:01 . 2009-05-18 17:08
    d
    w c:\program files\Spyware Doctor
    2009-05-17 23:12 . 2009-05-17 23:12
    d-sh--w c:\documents and settings\User\IECompatCache
    2009-05-17 23:09 . 2009-05-17 23:09
    d-sh--w c:\documents and settings\User\PrivacIE
    2009-05-17 23:05 . 2009-05-17 23:05
    d-sh--w c:\windows\system32\config\systemprofile\IETldCache
    2009-05-17 23:01 . 2009-05-17 23:01
    d-sh--w c:\documents and settings\User\IETldCache
    2009-05-17 22:57 . 2009-05-17 22:57
    d
    w c:\windows\ie8updates
    2009-05-17 22:55 . 2009-04-25 05:30 102400 -c----w c:\windows\system32\dllcache\iecompat.dll
    2009-05-17 22:50 . 2009-05-17 22:54
    dc-h--w c:\windows\ie8
    2009-05-16 03:12 . 2009-05-18 17:24
    d
    w c:\documents and settings\User\.housecall6.6
    2009-05-12 19:19 . 2009-05-12 19:19
    d
    w c:\documents and settings\User\Application Data\Yahoo!
    2009-05-11 15:35 . 2009-05-18 18:56
    d-sh--w c:\windows\system32\bookls
    2009-05-08 18:21 . 2009-05-08 18:21
    d
    w c:\program files\Windows Defender
    2009-04-24 05:50 . 2009-04-24 05:49 410984 ----a-w c:\windows\system32\deploytk.dll
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-05-18 21:32 . 2008-07-11 18:32 34175008 --sha-w c:\windows\system32\drivers\fidbox.dat
    2009-05-18 20:52 . 2008-07-11 18:32 400508 --sha-w c:\windows\system32\drivers\fidbox.idx
    2009-05-17 23:37 . 2007-12-13 04:30
    d
    w c:\program files\Windows Live Safety Center
    2009-05-17 20:56 . 2005-04-06 07:34
    d
    w c:\program files\Yahoo!
    2009-05-13 07:07 . 2004-10-16 13:06
    d
    w c:\program files\Office10
    2009-05-12 19:19 . 2007-02-02 10:32
    d
    w c:\program files\CCleaner
    2009-05-08 18:02 . 2005-02-02 21:24
    d
    w c:\program files\Microsoft AntiSpyware
    2009-04-24 05:49 . 2005-06-02 07:29
    d
    w c:\program files\Java
    2009-03-08 03:34 . 2004-02-06 17:05 914944 ----a-w c:\windows\system32\wininet.dll
    2009-03-08 03:34 . 2003-03-31 12:00 43008 ----a-w c:\windows\system32\licmgr10.dll
    2009-03-08 03:33 . 2003-03-31 12:00 18944 ----a-w c:\windows\system32\corpol.dll
    2009-03-08 03:33 . 2003-03-31 12:00 420352 ----a-w c:\windows\system32\vbscript.dll
    2009-03-08 03:32 . 2003-03-31 12:00 72704 ----a-w c:\windows\system32\admparse.dll
    2009-03-08 03:32 . 2003-03-31 12:00 71680 ----a-w c:\windows\system32\iesetup.dll
    2009-03-08 03:31 . 2003-03-31 12:00 34816 ----a-w c:\windows\system32\imgutil.dll
    2009-03-08 03:31 . 2003-03-31 12:00 48128 ----a-w c:\windows\system32\mshtmler.dll
    2009-03-08 03:31 . 2003-03-31 12:00 45568 ----a-w c:\windows\system32\mshta.exe
    2009-03-08 03:22 . 2003-03-31 12:00 156160 ----a-w c:\windows\system32\msls31.dll
    2009-03-06 14:22 . 2003-03-31 12:00 284160 ----a-w c:\windows\system32\pdh.dll
    2009-02-28 08:34 . 2008-06-09 14:13 848 --sha-w c:\windows\system32\KGyGaAvL.sys
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Reminder"="c:\program files\Microsoft Money\System\reminder.exe" [1998-07-24 36864]
    "EPSON Stylus Photo R300 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE" [2003-09-11 99840]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
    "filehippo.com"="c:\program files\filehippo.com\UpdateChecker.exe" [2009-04-06 146944]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "EPSON Stylus Photo R300 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE" [2003-09-11 99840]
    "REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-24 148888]
    "NeroCheck"="c:\windows\system32\\NeroCheck.exe" [2001-07-09 155648]
    "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
    "OFFICEKB"="c:\program files\Labtec\Keyboard\V5.1\kbdap32a.exe" [2008-01-03 387584]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
    "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-10 289064]
    "Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-08-16 531272]
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
    c:\documents and settings\User\Start Menu\Programs\Startup\
    Microsoft Works Calendar Reminders.lnk - c:\program files\MSWorks\Calendar\WKCALREM.EXE [1998-7-21 68368]
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
    Exif Launcher.lnk - c:\program files\FinePixViewer\QuickDCF.exe [2002-1-9 200704]
    Microsoft Office.lnk - c:\program files\Office10\OSA.EXE [2001-2-13 83360]
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "EnableProfileQuota"= 1 (0x1)
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
    "wave1"= serwvdrv.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [12/06/2008 22:15 111184]
    R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [07/07/2005 16:23 11776]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/06/2008 22:15 20560]
    R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
    S3 RSC4_A02;U.S. Robotics Wireless USB Adapter Driver;c:\windows\system32\drivers\RSC4USB.sys [22/07/2006 13:32 349792]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
    .
    Contents of the 'Scheduled Tasks' folder
    2009-05-02 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
    2009-05-18 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
    .
    - - - - ORPHANS REMOVED - - - -
    HKCU-Run-PhotoShow Deluxe Media Manager - c:\progra~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe
    HKCU-Run-MsnMsgr - c:\program files\Windows Live\Messenger\MsnMsgr.Exe

    .
    Supplementary Scan
    .
    uStart Page = hxxp://www.tiscali.co.uk
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Settings,ProxyOverride = <local>
    IE: E&xport to Microsoft Excel - c:\progra~1\Office10\EXCEL.EXE/3000
    DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} - hxxp://sell.autotrader.co.uk/uk-ola/common/TraderMediaX.cab
    DPF: {3B5E9B23-7537-4601-A9E8-FA0D956DEA16} - hxxp://www.couponreport.net/ftp/v3123/csauie1.cab
    DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} - hxxps://moneymanager.egg.com/Pinsafe/accounttracking.cab
    DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} - hxxp://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37440.cab
    .
    .
    File Associations
    .
    .
    **************************************************************************
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-05-18 22:32
    Windows 5.1.2600 Service Pack 3 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    EPSON Stylus Photo R300 Series = c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /M "Stylus Photo R300" /EF "HKCU"?4????????????????a?w~???????????????p????????????????????b?w????p???????????8???????????h??w????p???????z??wp???????????)??|???????
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    **************************************************************************
    .
    Completion time: 2009-05-18 22:39
    ComboFix-quarantined-files.txt 2009-05-18 21:39
    Pre-Run: 66,722,545,664 bytes free
    Post-Run: 67,015,323,648 bytes free
    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
    173 --- E O F --- 2009-05-15 16:30
  • jacquie
    jacquie Posts: 89 Forumite
    How do I switch my computer off safely with no task bar?
  • jacquie
    jacquie Posts: 89 Forumite
    I managed to re-start my computer and the task bar as at least re-appeared but my screensaver is from ages ago which seems a bit strange. This appeared in notepad on my screensaver as well will post in case its relevant.

    #
    # An unexpected error has been detected by Java Runtime Environment:
    #
    # Internal Error (safepoint.cpp:583), pid=1088, tid=3804
    # Error: Illegal threadstate encountered: 6
    #
    # Java VM: Java HotSpot(TM) Client VM (11.3-b02 mixed mode, sharing windows-x86)
    # If you would like to submit a bug report, please visit:
    # http://java.sun.com/webapps/bugreport/crash.jsp
    #
    T H R E A D
    Current thread (0x03134400): JavaThread "Thread-53" [_thread_in_vm, id=3804, stack(0x03720000,0x03770000)]
    Stack: [0x03720000,0x03770000]
    [error occurred during error reporting (printing stack bounds), id 0xc0000005]
    Java frames: (J=compiled Java code, j=interpreted, Vv=VM code)
    j com.kaspersky.kosp.NativeInterface.startUpdate()Z+0
    j com.kaspersky.kosp.update.Update.runner()V+196
    j com.kaspersky.kosp.common.PrivilegedThread$1.run()Ljava/lang/Boolean;+4
    j com.kaspersky.kosp.common.PrivilegedThread$1.run()Ljava/lang/Object;+1
    v ~StubRoutines::call_stub
    j java.security.AccessController.doPrivileged(Ljava/security/PrivilegedExceptionAction;Ljava/security/AccessControlContext;)Ljava/lang/Object;+0
    j com.kaspersky.kosp.common.PrivilegedThread.run()V+14
    v ~StubRoutines::call_stub
    P R O C E S S
    Java Threads: ( => current thread )
    0x030e4c00 JavaThread "Thread-71" [_thread_in_native_trans, id=2172, stack(0x039e0000,0x03a30000)]
    0x03253400 JavaThread "thread applet-com.kaspersky.kosp.ReportApplet.class-15" [_thread_blocked, id=3388, stack(0x03e40000,0x03e90000)]
    0x0309d800 JavaThread "Applet 16 LiveConnect Worker Thread" [_thread_blocked, id=1216, stack(0x03a30000,0x03a80000)]
    0x02b32800 JavaThread "thread applet-com.kaspersky.kosp.MainApplet.class-14" [_thread_blocked, id=3000, stack(0x03940000,0x03990000)]
    0x03155400 JavaThread "Applet 15 LiveConnect Worker Thread" [_thread_blocked, id=176, stack(0x038f0000,0x03940000)]
    =>0x03134400 JavaThread "Thread-53" [_thread_in_vm, id=3804, stack(0x03720000,0x03770000)]
    0x030d5800 JavaThread "TimerQueue" daemon [_thread_blocked, id=984, stack(0x03da0000,0x03df0000)]
    0x03240400 JavaThread "AWT-EventQueue-1" [_thread_blocked, id=1588, stack(0x04140000,0x04190000)]
    0x02a6b400 JavaThread "AWT-EventQueue-0" [_thread_blocked, id=3620, stack(0x03df0000,0x03e40000)]
    0x02afb800 JavaThread "thread applet-com.kaspersky.kosp.ReportApplet.class-9" [_thread_blocked, id=3748, stack(0x03d00000,0x03d50000)]
    0x02af8c00 JavaThread "Applet 10 LiveConnect Worker Thread" [_thread_blocked, id=2720, stack(0x03bc0000,0x03c10000)]
    0x0307a800 JavaThread "thread applet-com.kaspersky.kosp.MainApplet.class-8" [_thread_blocked, id=1408, stack(0x03470000,0x034c0000)]
    0x02a65800 JavaThread "AWT-EventQueue-10" [_thread_blocked, id=3952, stack(0x03cb0000,0x03d00000)]
    0x02b1d400 JavaThread "Applet 9 LiveConnect Worker Thread" [_thread_blocked, id=4052, stack(0x03b70000,0x03bc0000)]
    0x02ae6400 JavaThread "AWT-Shutdown" [_thread_blocked, id=484, stack(0x03c60000,0x03cb0000)]
    0x02a8a800 JavaThread "Browser Side Object Cleanup Thread" [_thread_blocked, id=1040, stack(0x03b20000,0x03b70000)]
    0x02a85800 JavaThread "Windows Tray Icon Thread" [_thread_in_native, id=2572, stack(0x034c0000,0x03510000)]
    0x03092c00 JavaThread "CacheCleanUpThread" daemon [_thread_blocked, id=920, stack(0x03380000,0x033d0000)]
    0x03085800 JavaThread "CacheMemoryCleanUpThread" daemon [_thread_blocked, id=236, stack(0x03560000,0x035b0000)]
    0x0307f000 JavaThread "Java Plug-In Heartbeat Thread" [_thread_blocked, id=2680, stack(0x03510000,0x03560000)]
    0x03079000 JavaThread "AWT-Windows" daemon [_thread_in_native, id=2164, stack(0x033d0000,0x03420000)]
    0x02b4e800 JavaThread "Java2D Disposer" daemon [_thread_blocked, id=2944, stack(0x03330000,0x03380000)]
    0x02b48c00 JavaThread "Java Plug-In Pipe Worker Thread (Client-Side)" daemon [_thread_in_native, id=3384, stack(0x03270000,0x032c0000)]
    0x02b49800 JavaThread "traceMsgQueueThread" daemon [_thread_blocked, id=2464, stack(0x02fd0000,0x03020000)]
    0x02ad9400 JavaThread "Timer-0" [_thread_blocked, id=1156, stack(0x02f80000,0x02fd0000)]
    0x02a82000 JavaThread "Low Memory Detector" daemon [_thread_blocked, id=2428, stack(0x02d30000,0x02d80000)]
    0x02a7b800 JavaThread "CompilerThread0" daemon [_thread_blocked, id=1736, stack(0x02ce0000,0x02d30000)]
    0x02a7a000 JavaThread "Attach Listener" daemon [_thread_blocked, id=1648, stack(0x02c90000,0x02ce0000)]
    0x02a78c00 JavaThread "Signal Dispatcher" daemon [_thread_blocked, id=2632, stack(0x02c40000,0x02c90000)]
    0x02a74000 JavaThread "Finalizer" daemon [_thread_blocked, id=3940, stack(0x02bf0000,0x02c40000)]
    0x02a6f400 JavaThread "Reference Handler" daemon [_thread_blocked, id=128, stack(0x02ba0000,0x02bf0000)]
    0x002b6c00 JavaThread "main" [_thread_blocked, id=2888, stack(0x008c0000,0x00910000)]
    Other Threads:
    0x02a6dc00 VMThread [stack: 0x02b50000,0x02ba0000] [id=2312]
    0x02a95800 WatcherThread [stack: 0x02d80000,0x02dd0000] [id=2360]
    VM state:synchronizing (normal execution)
    VM Mutex/Monitor currently owned by a thread: ([mutex/lock_event])
    [0x002b5b90] UNKNOWN - owner thread: 0x02a6dc00
    [0x002b5ff0] UNKNOWN - owner thread: 0x030e4c00
    Heap
    def new generation total 960K, used 910K [0x22990000, 0x22a90000, 0x22e70000)
    eden space 896K, 100% used [0x22990000, 0x22a70000, 0x22a70000)
    from space 64K, 22% used [0x22a80000, 0x22a83880, 0x22a90000)
    to space 64K, 0% used [0x22a70000, 0x22a70000, 0x22a80000)
    tenured generation total 5092K, used 4318K [0x22e70000, 0x23369000, 0x26990000)
    the space 5092K, 84% used [0x22e70000, 0x232a79a0, 0x232a7a00, 0x23369000)
    compacting perm gen total 12288K, used 4177K [0x26990000, 0x27590000, 0x2a990000)
    the space 12288K, 33% used [0x26990000, 0x26da4690, 0x26da4800, 0x27590000)
    ro space 8192K, 63% used [0x2a990000, 0x2aea8810, 0x2aea8a00, 0x2b190000)
    rw space 12288K, 53% used [0x2b190000, 0x2b7fd300, 0x2b7fd400, 0x2bd90000)
    Dynamic libraries:
    0x00400000 - 0x00424000 C:\Program Files\Java\jre6\bin\java.exe
    0x7c900000 - 0x7c9b2000 C:\WINDOWS\system32\ntdll.dll
    0x7c800000 - 0x7c8f6000 C:\WINDOWS\system32\kernel32.dll
    0x77dd0000 - 0x77e6b000 C:\WINDOWS\system32\ADVAPI32.dll
    0x77e70000 - 0x77f02000 C:\WINDOWS\system32\RPCRT4.dll
    0x77fe0000 - 0x77ff1000 C:\WINDOWS\system32\Secur32.dll
    0x7c340000 - 0x7c396000 C:\Program Files\Java\jre6\bin\msvcr71.dll
    0x6d800000 - 0x6da56000 C:\Program Files\Java\jre6\bin\client\jvm.dll
    0x7e410000 - 0x7e4a1000 C:\WINDOWS\system32\USER32.dll
    0x77f10000 - 0x77f59000 C:\WINDOWS\system32\GDI32.dll
    0x76b40000 - 0x76b6d000 C:\WINDOWS\system32\WINMM.dll
    0x76390000 - 0x763ad000 C:\WINDOWS\system32\IMM32.DLL
    0x5cd70000 - 0x5cd77000 C:\WINDOWS\system32\serwvdrv.dll
    0x5b0a0000 - 0x5b0a7000 C:\WINDOWS\system32\umdmxfrm.dll
    0x6d290000 - 0x6d298000 C:\Program Files\Java\jre6\bin\hpi.dll
    0x76bf0000 - 0x76bfb000 C:\WINDOWS\system32\PSAPI.DLL
    0x6d7b0000 - 0x6d7bc000 C:\Program Files\Java\jre6\bin\verify.dll
    0x6d330000 - 0x6d34f000 C:\Program Files\Java\jre6\bin\java.dll
    0x6d7f0000 - 0x6d7ff000 C:\Program Files\Java\jre6\bin\zip.dll
    0x6d430000 - 0x6d436000 C:\Program Files\Java\jre6\bin\jp2native.dll
    0x6d1d0000 - 0x6d1e3000 C:\Program Files\Java\jre6\bin\deploy.dll
    0x77a80000 - 0x77b15000 C:\WINDOWS\system32\CRYPT32.dll
    0x77b20000 - 0x77b32000 C:\WINDOWS\system32\MSASN1.dll
    0x77c10000 - 0x77c68000 C:\WINDOWS\system32\msvcrt.dll
    0x7c9c0000 - 0x7d1d7000 C:\WINDOWS\system32\SHELL32.dll
    0x77f60000 - 0x77fd6000 C:\WINDOWS\system32\SHLWAPI.dll
    0x774e0000 - 0x7761d000 C:\WINDOWS\system32\ole32.dll
    0x77120000 - 0x771ab000 C:\WINDOWS\system32\OLEAUT32.dll
    0x63000000 - 0x630e6000 C:\WINDOWS\system32\WININET.dll
    0x02dd0000 - 0x02dd9000 C:\WINDOWS\system32\Normaliz.dll
    0x1a400000 - 0x1a532000 C:\WINDOWS\system32\urlmon.dll
    0x5dca0000 - 0x5de88000 C:\WINDOWS\system32\iertutil.dll
    0x773d0000 - 0x774d3000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
    0x6d6b0000 - 0x6d6f2000 C:\Program Files\Java\jre6\bin\regutils.dll
    0x77c00000 - 0x77c08000 C:\WINDOWS\system32\VERSION.dll
    0x7d1e0000 - 0x7d49c000 C:\WINDOWS\system32\msi.dll
    0x6d610000 - 0x6d623000 C:\Program Files\Java\jre6\bin\net.dll
    0x71ab0000 - 0x71ac7000 C:\WINDOWS\system32\WS2_32.dll
    0x71aa0000 - 0x71aa8000 C:\WINDOWS\system32\WS2HELP.dll
    0x6d630000 - 0x6d639000 C:\Program Files\Java\jre6\bin\nio.dll
    0x6d000000 - 0x6d14a000 C:\Program Files\Java\jre6\bin\awt.dll
    0x73000000 - 0x73026000 C:\WINDOWS\system32\WINSPOOL.DRV
    0x5ad70000 - 0x5ada8000 C:\WINDOWS\system32\uxtheme.dll
    0x74720000 - 0x7476c000 C:\WINDOWS\system32\MSCTF.dll
    0x755c0000 - 0x755ee000 C:\WINDOWS\system32\msctfime.ime
    0x6d230000 - 0x6d284000 C:\Program Files\Java\jre6\bin\fontmanager.dll
    0x71a50000 - 0x71a8f000 C:\WINDOWS\System32\mswsock.dll
    0x76f20000 - 0x76f47000 C:\WINDOWS\system32\DNSAPI.dll
    0x76fb0000 - 0x76fb8000 C:\WINDOWS\System32\winrnr.dll
    0x76f60000 - 0x76f8c000 C:\WINDOWS\system32\WLDAP32.dll
    0x76fc0000 - 0x76fc6000 C:\WINDOWS\system32\rasadhlp.dll
    0x662b0000 - 0x66308000 C:\WINDOWS\system32\hnetcfg.dll
    0x71a90000 - 0x71a98000 C:\WINDOWS\System32\wshtcpip.dll
    0x68000000 - 0x68036000 C:\WINDOWS\system32\rsaenh.dll
    0x769c0000 - 0x76a74000 C:\WINDOWS\system32\USERENV.dll
    0x5b860000 - 0x5b8b5000 C:\WINDOWS\system32\netapi32.dll
    0x6d1a0000 - 0x6d1c3000 C:\Program Files\Java\jre6\bin\dcpr.dll
    0x10000000 - 0x100b4000 C:\Documents and Settings\User\Local Settings\temp\jkos-User\binaries\kosglue-7.0.26.0.dll
    0x7c420000 - 0x7c4a7000 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll
    0x78130000 - 0x781cb000 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll
    0x03670000 - 0x036b7000 C:\Documents and Settings\User\Local Settings\temp\jkos-User\binaries\kave.dll
    0x02f50000 - 0x02f5d000 C:\Documents and Settings\User\Local Settings\temp\jkos-User\binaries\FSSync.dll
    0x77690000 - 0x776b1000 C:\WINDOWS\system32\NTMARTA.DLL
    0x71bf0000 - 0x71c03000 C:\WINDOWS\system32\SAMLIB.dll
    VM Arguments:
    jvm_args: -D__jvm_launched=4078261956 -Xbootclasspath/a:C:\PROGRA~1\Java\jre6\lib\deploy.jar;C:\PROGRA~1\Java\jre6\lib\javaws.jar;C:\PROGRA~1\Java\jre6\lib\plugin.jar
    java_command: sun.plugin2.main.client.PluginMain write_pipe_name=jpi2_pid220_pipe3,read_pipe_name=jpi2_pid220_pipe2
    Launcher Type: SUN_STANDARD
    Environment Variables:
    PATH=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
    USERNAME=User
    OS=Windows_NT
    PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 1, AuthenticAMD

    S Y S T E M
    OS: Windows XP Build 2600 Service Pack 3
    CPU:total 1 (1 cores per cpu, 1 threads per core) family 6 model 8 stepping 1, cmov, cx8, fxsr, mmx, sse, mmxext, 3dnow, 3dnowext
    Memory: 4k page, physical 228848k(34700k free), swap 559812k(60464k free)
    vm_info: Java HotSpot(TM) Client VM (11.3-b02) for windows-x86 JRE (1.6.0_13-b03), built on Mar 9 2009 01:15:24 by "java_re" with MS VC++ 7.1
    time: Mon May 18 23:10:47 2009
    elapsed time: 563 seconds

    Maybe I did something wrong and this caused my computer to behave srangely.

    Anyway thanks for your help to date it is much appreciated.
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    Combofix deleted all these nasties ~
    c:\documents and settings\LocalService\Application Data\twain_32
    c:\documents and settings\LocalService\Application Data\twain_32\user.ds
    c:\documents and settings\NetworkService\Application Data\twain_32
    c:\documents and settings\NetworkService\Application Data\twain_32\user.ds
    c:\documents and settings\User\Application Data\wiaserva.log
    c:\program files\INSTALL.LOG
    c:\windows\jestertb.dll
    c:\windows\system32\dz1.txt
    c:\windows\system32\E95THK16.EXE
    c:\windows\system32\encapi32.dll
    c:\windows\system32\inform.dat
    c:\windows\system32\MabryObj.dll
    c:\windows\system32\p1.txt
    c:\windows\system32\r24.txt

    Id hazard a guess one of the problems youve had is by downloading the screensaver in the 1st place (A lot are infected)

    Id also guess that your still infected

    run a KASPERSKY ONLINE SCAN (click to scan 'MY COMPUTER')
    http://www.kaspersky.co.uk/virusscanner
    Please post the complete log it creates (This only SCANS it DOESNT delete anything, so we'd need to see anything it finds)
    :idea:
  • jacquie
    jacquie Posts: 89 Forumite
    Hi

    I ran the scan it took over 8 hours and it said no malware detected. Nothing was found it said no malware detected. The scan report is blank so nothing to copy and put on here. Is this right? I took a screenshot of the results of the scan saying how many files etc and time but I cannot copy it onto here. Is it likely my computer is now ok?
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    Yes. Id say your ok (Not guaranteed but at least your way cleaner than you were)

    If you have aymore issues please repost here
    :idea:
  • jacquie
    jacquie Posts: 89 Forumite
    Thank you very much for your help, it is much appreciated.
  • jacquie
    jacquie Posts: 89 Forumite
    Following on from my problems earlier. I have just done a full scan with my Avast. It found 1 infected file - C:\System VolumeInfomation\_restore(97352DB0-335C.4904.AC7 Malware:Win32:Pavu(Drp). This was successfully removed to chest.

    Can anyone please advise if I need to do anything further to protect my computer. Thank you.

    Jackie

    Sorry for earlier confusion for posting this on wrong message.
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 350.4K Banking & Borrowing
  • 252.9K Reduce Debt & Boost Income
  • 453.3K Spending & Discounts
  • 243.4K Work, Benefits & Business
  • 597.9K Mortgages, Homes & Bills
  • 176.6K Life & Family
  • 256.4K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 37.6K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.