We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
Help please
Comments
-
Will speak to son.
Any advice on what to do next appreciated.0 -
TICK these in hijack and FIX them ~
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)
O16 - DPF: {4F912770-A045-4603-951E-9B8377084354} (cpbrukie2 Control) - http://a19.g.akamai.net/7/19/7125/14.../cpbrukie2.cab
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
(The one in BOLD is nasty)
Please run COMBOFIX
Follow the simple instructions it gives
Post the COMPLETE log it creates here (Split into sections if need be)
If it comes up with a RENAMING error then RIGHT click the exe file and RENAME and call it QWERTY (Making the complete file name 'QWERTY.exe'). Or SAVE as 'QWERTY' on download:idea:0 -
Hi - My computer seems weird the screensaver as reverted to one from a couple of years ago. My taskbar (bottom of screen) as disapeared. I will reboot and see if it comes back.
ComboFix 09-05-18.02 - User 18/05/2009 22:23.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.223.81 [GMT 1:00]
Running from: c:\documents and settings\User\My Documents\QWERTY.exe
AV: avast! antivirus 4.8.1296 [VPS 090518-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\LocalService\Application Data\twain_32
c:\documents and settings\LocalService\Application Data\twain_32\user.ds
c:\documents and settings\NetworkService\Application Data\twain_32
c:\documents and settings\NetworkService\Application Data\twain_32\user.ds
c:\documents and settings\User\Application Data\wiaserva.log
c:\program files\INSTALL.LOG
c:\windows\jestertb.dll
c:\windows\system32\dz1.txt
c:\windows\system32\E95THK16.EXE
c:\windows\system32\encapi32.dll
c:\windows\system32\inform.dat
c:\windows\system32\MabryObj.dll
c:\windows\system32\p1.txt
c:\windows\system32\r24.txt
.
((((((((((((((((((((((((( Files Created from 2009-04-18 to 2009-05-18 )))))))))))))))))))))))))))))))
.
2009-05-18 19:36 . 2009-05-18 19:36
d
w c:\program files\filehippo.com
2009-05-18 19:15 . 2009-05-18 19:15
d
w c:\program files\Trend Micro
2009-05-18 17:30 . 2009-05-18 17:30
d
w c:\documents and settings\User\Application Data\Malwarebytes
2009-05-18 17:30 . 2009-04-06 14:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-18 17:29 . 2009-04-06 14:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-18 17:29 . 2009-05-18 17:29
d
w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-18 17:29 . 2009-05-18 17:30
d
w c:\program files\Malwarebytes' Anti-Malware
2009-05-18 16:48 . 2009-05-18 16:48
d-sh--w c:\documents and settings\LocalService\IETldCache
2009-05-18 07:02 . 2009-05-18 17:05
d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-05-18 07:01 . 2009-05-18 17:08
d
w c:\program files\Spyware Doctor
2009-05-17 23:12 . 2009-05-17 23:12
d-sh--w c:\documents and settings\User\IECompatCache
2009-05-17 23:09 . 2009-05-17 23:09
d-sh--w c:\documents and settings\User\PrivacIE
2009-05-17 23:05 . 2009-05-17 23:05
d-sh--w c:\windows\system32\config\systemprofile\IETldCache
2009-05-17 23:01 . 2009-05-17 23:01
d-sh--w c:\documents and settings\User\IETldCache
2009-05-17 22:57 . 2009-05-17 22:57
d
w c:\windows\ie8updates
2009-05-17 22:55 . 2009-04-25 05:30 102400 -c----w c:\windows\system32\dllcache\iecompat.dll
2009-05-17 22:50 . 2009-05-17 22:54
dc-h--w c:\windows\ie8
2009-05-16 03:12 . 2009-05-18 17:24
d
w c:\documents and settings\User\.housecall6.6
2009-05-12 19:19 . 2009-05-12 19:19
d
w c:\documents and settings\User\Application Data\Yahoo!
2009-05-11 15:35 . 2009-05-18 18:56
d-sh--w c:\windows\system32\bookls
2009-05-08 18:21 . 2009-05-08 18:21
d
w c:\program files\Windows Defender
2009-04-24 05:50 . 2009-04-24 05:49 410984 ----a-w c:\windows\system32\deploytk.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-18 21:32 . 2008-07-11 18:32 34175008 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-05-18 20:52 . 2008-07-11 18:32 400508 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-17 23:37 . 2007-12-13 04:30
d
w c:\program files\Windows Live Safety Center
2009-05-17 20:56 . 2005-04-06 07:34
d
w c:\program files\Yahoo!
2009-05-13 07:07 . 2004-10-16 13:06
d
w c:\program files\Office10
2009-05-12 19:19 . 2007-02-02 10:32
d
w c:\program files\CCleaner
2009-05-08 18:02 . 2005-02-02 21:24
d
w c:\program files\Microsoft AntiSpyware
2009-04-24 05:49 . 2005-06-02 07:29
d
w c:\program files\Java
2009-03-08 03:34 . 2004-02-06 17:05 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 03:34 . 2003-03-31 12:00 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 03:33 . 2003-03-31 12:00 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 03:33 . 2003-03-31 12:00 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 03:32 . 2003-03-31 12:00 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 03:32 . 2003-03-31 12:00 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 03:31 . 2003-03-31 12:00 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 03:31 . 2003-03-31 12:00 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 03:31 . 2003-03-31 12:00 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 03:22 . 2003-03-31 12:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2003-03-31 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-02-28 08:34 . 2008-06-09 14:13 848 --sha-w c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Reminder"="c:\program files\Microsoft Money\System\reminder.exe" [1998-07-24 36864]
"EPSON Stylus Photo R300 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE" [2003-09-11 99840]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"filehippo.com"="c:\program files\filehippo.com\UpdateChecker.exe" [2009-04-06 146944]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus Photo R300 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE" [2003-09-11 99840]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-24 148888]
"NeroCheck"="c:\windows\system32\\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"OFFICEKB"="c:\program files\Labtec\Keyboard\V5.1\kbdap32a.exe" [2008-01-03 387584]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-10 289064]
"Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-08-16 531272]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\User\Start Menu\Programs\Startup\
Microsoft Works Calendar Reminders.lnk - c:\program files\MSWorks\Calendar\WKCALREM.EXE [1998-7-21 68368]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Exif Launcher.lnk - c:\program files\FinePixViewer\QuickDCF.exe [2002-1-9 200704]
Microsoft Office.lnk - c:\program files\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"EnableProfileQuota"= 1 (0x1)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave1"= serwvdrv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [12/06/2008 22:15 111184]
R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [07/07/2005 16:23 11776]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/06/2008 22:15 20560]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
S3 RSC4_A02;U.S. Robotics Wireless USB Adapter Driver;c:\windows\system32\drivers\RSC4USB.sys [22/07/2006 13:32 349792]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-05-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
2009-05-18 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-PhotoShow Deluxe Media Manager - c:\progra~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe
HKCU-Run-MsnMsgr - c:\program files\Windows Live\Messenger\MsnMsgr.Exe
.
Supplementary Scan
.
uStart Page = hxxp://www.tiscali.co.uk
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\Office10\EXCEL.EXE/3000
DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} - hxxp://sell.autotrader.co.uk/uk-ola/common/TraderMediaX.cab
DPF: {3B5E9B23-7537-4601-A9E8-FA0D956DEA16} - hxxp://www.couponreport.net/ftp/v3123/csauie1.cab
DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} - hxxps://moneymanager.egg.com/Pinsafe/accounttracking.cab
DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} - hxxp://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37440.cab
.
.
File Associations
.
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-18 22:32
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
EPSON Stylus Photo R300 Series = c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /M "Stylus Photo R300" /EF "HKCU"?4????????????????a?w~???????????????p????????????????????b?w????p???????????8???????????h??w????p???????z??wp???????????)??|???????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-05-18 22:39
ComboFix-quarantined-files.txt 2009-05-18 21:39
Pre-Run: 66,722,545,664 bytes free
Post-Run: 67,015,323,648 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
173 --- E O F --- 2009-05-15 16:300 -
How do I switch my computer off safely with no task bar?0
-
I managed to re-start my computer and the task bar as at least re-appeared but my screensaver is from ages ago which seems a bit strange. This appeared in notepad on my screensaver as well will post in case its relevant.
#
# An unexpected error has been detected by Java Runtime Environment:
#
# Internal Error (safepoint.cpp:583), pid=1088, tid=3804
# Error: Illegal threadstate encountered: 6
#
# Java VM: Java HotSpot(TM) Client VM (11.3-b02 mixed mode, sharing windows-x86)
# If you would like to submit a bug report, please visit:
# http://java.sun.com/webapps/bugreport/crash.jsp
#
T H R E A D
Current thread (0x03134400): JavaThread "Thread-53" [_thread_in_vm, id=3804, stack(0x03720000,0x03770000)]
Stack: [0x03720000,0x03770000]
[error occurred during error reporting (printing stack bounds), id 0xc0000005]
Java frames: (J=compiled Java code, j=interpreted, Vv=VM code)
j com.kaspersky.kosp.NativeInterface.startUpdate()Z+0
j com.kaspersky.kosp.update.Update.runner()V+196
j com.kaspersky.kosp.common.PrivilegedThread$1.run()Ljava/lang/Boolean;+4
j com.kaspersky.kosp.common.PrivilegedThread$1.run()Ljava/lang/Object;+1
v ~StubRoutines::call_stub
j java.security.AccessController.doPrivileged(Ljava/security/PrivilegedExceptionAction;Ljava/security/AccessControlContext;)Ljava/lang/Object;+0
j com.kaspersky.kosp.common.PrivilegedThread.run()V+14
v ~StubRoutines::call_stub
P R O C E S S
Java Threads: ( => current thread )
0x030e4c00 JavaThread "Thread-71" [_thread_in_native_trans, id=2172, stack(0x039e0000,0x03a30000)]
0x03253400 JavaThread "thread applet-com.kaspersky.kosp.ReportApplet.class-15" [_thread_blocked, id=3388, stack(0x03e40000,0x03e90000)]
0x0309d800 JavaThread "Applet 16 LiveConnect Worker Thread" [_thread_blocked, id=1216, stack(0x03a30000,0x03a80000)]
0x02b32800 JavaThread "thread applet-com.kaspersky.kosp.MainApplet.class-14" [_thread_blocked, id=3000, stack(0x03940000,0x03990000)]
0x03155400 JavaThread "Applet 15 LiveConnect Worker Thread" [_thread_blocked, id=176, stack(0x038f0000,0x03940000)]
=>0x03134400 JavaThread "Thread-53" [_thread_in_vm, id=3804, stack(0x03720000,0x03770000)]
0x030d5800 JavaThread "TimerQueue" daemon [_thread_blocked, id=984, stack(0x03da0000,0x03df0000)]
0x03240400 JavaThread "AWT-EventQueue-1" [_thread_blocked, id=1588, stack(0x04140000,0x04190000)]
0x02a6b400 JavaThread "AWT-EventQueue-0" [_thread_blocked, id=3620, stack(0x03df0000,0x03e40000)]
0x02afb800 JavaThread "thread applet-com.kaspersky.kosp.ReportApplet.class-9" [_thread_blocked, id=3748, stack(0x03d00000,0x03d50000)]
0x02af8c00 JavaThread "Applet 10 LiveConnect Worker Thread" [_thread_blocked, id=2720, stack(0x03bc0000,0x03c10000)]
0x0307a800 JavaThread "thread applet-com.kaspersky.kosp.MainApplet.class-8" [_thread_blocked, id=1408, stack(0x03470000,0x034c0000)]
0x02a65800 JavaThread "AWT-EventQueue-10" [_thread_blocked, id=3952, stack(0x03cb0000,0x03d00000)]
0x02b1d400 JavaThread "Applet 9 LiveConnect Worker Thread" [_thread_blocked, id=4052, stack(0x03b70000,0x03bc0000)]
0x02ae6400 JavaThread "AWT-Shutdown" [_thread_blocked, id=484, stack(0x03c60000,0x03cb0000)]
0x02a8a800 JavaThread "Browser Side Object Cleanup Thread" [_thread_blocked, id=1040, stack(0x03b20000,0x03b70000)]
0x02a85800 JavaThread "Windows Tray Icon Thread" [_thread_in_native, id=2572, stack(0x034c0000,0x03510000)]
0x03092c00 JavaThread "CacheCleanUpThread" daemon [_thread_blocked, id=920, stack(0x03380000,0x033d0000)]
0x03085800 JavaThread "CacheMemoryCleanUpThread" daemon [_thread_blocked, id=236, stack(0x03560000,0x035b0000)]
0x0307f000 JavaThread "Java Plug-In Heartbeat Thread" [_thread_blocked, id=2680, stack(0x03510000,0x03560000)]
0x03079000 JavaThread "AWT-Windows" daemon [_thread_in_native, id=2164, stack(0x033d0000,0x03420000)]
0x02b4e800 JavaThread "Java2D Disposer" daemon [_thread_blocked, id=2944, stack(0x03330000,0x03380000)]
0x02b48c00 JavaThread "Java Plug-In Pipe Worker Thread (Client-Side)" daemon [_thread_in_native, id=3384, stack(0x03270000,0x032c0000)]
0x02b49800 JavaThread "traceMsgQueueThread" daemon [_thread_blocked, id=2464, stack(0x02fd0000,0x03020000)]
0x02ad9400 JavaThread "Timer-0" [_thread_blocked, id=1156, stack(0x02f80000,0x02fd0000)]
0x02a82000 JavaThread "Low Memory Detector" daemon [_thread_blocked, id=2428, stack(0x02d30000,0x02d80000)]
0x02a7b800 JavaThread "CompilerThread0" daemon [_thread_blocked, id=1736, stack(0x02ce0000,0x02d30000)]
0x02a7a000 JavaThread "Attach Listener" daemon [_thread_blocked, id=1648, stack(0x02c90000,0x02ce0000)]
0x02a78c00 JavaThread "Signal Dispatcher" daemon [_thread_blocked, id=2632, stack(0x02c40000,0x02c90000)]
0x02a74000 JavaThread "Finalizer" daemon [_thread_blocked, id=3940, stack(0x02bf0000,0x02c40000)]
0x02a6f400 JavaThread "Reference Handler" daemon [_thread_blocked, id=128, stack(0x02ba0000,0x02bf0000)]
0x002b6c00 JavaThread "main" [_thread_blocked, id=2888, stack(0x008c0000,0x00910000)]
Other Threads:
0x02a6dc00 VMThread [stack: 0x02b50000,0x02ba0000] [id=2312]
0x02a95800 WatcherThread [stack: 0x02d80000,0x02dd0000] [id=2360]
VM state:synchronizing (normal execution)
VM Mutex/Monitor currently owned by a thread: ([mutex/lock_event])
[0x002b5b90] UNKNOWN - owner thread: 0x02a6dc00
[0x002b5ff0] UNKNOWN - owner thread: 0x030e4c00
Heap
def new generation total 960K, used 910K [0x22990000, 0x22a90000, 0x22e70000)
eden space 896K, 100% used [0x22990000, 0x22a70000, 0x22a70000)
from space 64K, 22% used [0x22a80000, 0x22a83880, 0x22a90000)
to space 64K, 0% used [0x22a70000, 0x22a70000, 0x22a80000)
tenured generation total 5092K, used 4318K [0x22e70000, 0x23369000, 0x26990000)
the space 5092K, 84% used [0x22e70000, 0x232a79a0, 0x232a7a00, 0x23369000)
compacting perm gen total 12288K, used 4177K [0x26990000, 0x27590000, 0x2a990000)
the space 12288K, 33% used [0x26990000, 0x26da4690, 0x26da4800, 0x27590000)
ro space 8192K, 63% used [0x2a990000, 0x2aea8810, 0x2aea8a00, 0x2b190000)
rw space 12288K, 53% used [0x2b190000, 0x2b7fd300, 0x2b7fd400, 0x2bd90000)
Dynamic libraries:
0x00400000 - 0x00424000 C:\Program Files\Java\jre6\bin\java.exe
0x7c900000 - 0x7c9b2000 C:\WINDOWS\system32\ntdll.dll
0x7c800000 - 0x7c8f6000 C:\WINDOWS\system32\kernel32.dll
0x77dd0000 - 0x77e6b000 C:\WINDOWS\system32\ADVAPI32.dll
0x77e70000 - 0x77f02000 C:\WINDOWS\system32\RPCRT4.dll
0x77fe0000 - 0x77ff1000 C:\WINDOWS\system32\Secur32.dll
0x7c340000 - 0x7c396000 C:\Program Files\Java\jre6\bin\msvcr71.dll
0x6d800000 - 0x6da56000 C:\Program Files\Java\jre6\bin\client\jvm.dll
0x7e410000 - 0x7e4a1000 C:\WINDOWS\system32\USER32.dll
0x77f10000 - 0x77f59000 C:\WINDOWS\system32\GDI32.dll
0x76b40000 - 0x76b6d000 C:\WINDOWS\system32\WINMM.dll
0x76390000 - 0x763ad000 C:\WINDOWS\system32\IMM32.DLL
0x5cd70000 - 0x5cd77000 C:\WINDOWS\system32\serwvdrv.dll
0x5b0a0000 - 0x5b0a7000 C:\WINDOWS\system32\umdmxfrm.dll
0x6d290000 - 0x6d298000 C:\Program Files\Java\jre6\bin\hpi.dll
0x76bf0000 - 0x76bfb000 C:\WINDOWS\system32\PSAPI.DLL
0x6d7b0000 - 0x6d7bc000 C:\Program Files\Java\jre6\bin\verify.dll
0x6d330000 - 0x6d34f000 C:\Program Files\Java\jre6\bin\java.dll
0x6d7f0000 - 0x6d7ff000 C:\Program Files\Java\jre6\bin\zip.dll
0x6d430000 - 0x6d436000 C:\Program Files\Java\jre6\bin\jp2native.dll
0x6d1d0000 - 0x6d1e3000 C:\Program Files\Java\jre6\bin\deploy.dll
0x77a80000 - 0x77b15000 C:\WINDOWS\system32\CRYPT32.dll
0x77b20000 - 0x77b32000 C:\WINDOWS\system32\MSASN1.dll
0x77c10000 - 0x77c68000 C:\WINDOWS\system32\msvcrt.dll
0x7c9c0000 - 0x7d1d7000 C:\WINDOWS\system32\SHELL32.dll
0x77f60000 - 0x77fd6000 C:\WINDOWS\system32\SHLWAPI.dll
0x774e0000 - 0x7761d000 C:\WINDOWS\system32\ole32.dll
0x77120000 - 0x771ab000 C:\WINDOWS\system32\OLEAUT32.dll
0x63000000 - 0x630e6000 C:\WINDOWS\system32\WININET.dll
0x02dd0000 - 0x02dd9000 C:\WINDOWS\system32\Normaliz.dll
0x1a400000 - 0x1a532000 C:\WINDOWS\system32\urlmon.dll
0x5dca0000 - 0x5de88000 C:\WINDOWS\system32\iertutil.dll
0x773d0000 - 0x774d3000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x6d6b0000 - 0x6d6f2000 C:\Program Files\Java\jre6\bin\regutils.dll
0x77c00000 - 0x77c08000 C:\WINDOWS\system32\VERSION.dll
0x7d1e0000 - 0x7d49c000 C:\WINDOWS\system32\msi.dll
0x6d610000 - 0x6d623000 C:\Program Files\Java\jre6\bin\net.dll
0x71ab0000 - 0x71ac7000 C:\WINDOWS\system32\WS2_32.dll
0x71aa0000 - 0x71aa8000 C:\WINDOWS\system32\WS2HELP.dll
0x6d630000 - 0x6d639000 C:\Program Files\Java\jre6\bin\nio.dll
0x6d000000 - 0x6d14a000 C:\Program Files\Java\jre6\bin\awt.dll
0x73000000 - 0x73026000 C:\WINDOWS\system32\WINSPOOL.DRV
0x5ad70000 - 0x5ada8000 C:\WINDOWS\system32\uxtheme.dll
0x74720000 - 0x7476c000 C:\WINDOWS\system32\MSCTF.dll
0x755c0000 - 0x755ee000 C:\WINDOWS\system32\msctfime.ime
0x6d230000 - 0x6d284000 C:\Program Files\Java\jre6\bin\fontmanager.dll
0x71a50000 - 0x71a8f000 C:\WINDOWS\System32\mswsock.dll
0x76f20000 - 0x76f47000 C:\WINDOWS\system32\DNSAPI.dll
0x76fb0000 - 0x76fb8000 C:\WINDOWS\System32\winrnr.dll
0x76f60000 - 0x76f8c000 C:\WINDOWS\system32\WLDAP32.dll
0x76fc0000 - 0x76fc6000 C:\WINDOWS\system32\rasadhlp.dll
0x662b0000 - 0x66308000 C:\WINDOWS\system32\hnetcfg.dll
0x71a90000 - 0x71a98000 C:\WINDOWS\System32\wshtcpip.dll
0x68000000 - 0x68036000 C:\WINDOWS\system32\rsaenh.dll
0x769c0000 - 0x76a74000 C:\WINDOWS\system32\USERENV.dll
0x5b860000 - 0x5b8b5000 C:\WINDOWS\system32\netapi32.dll
0x6d1a0000 - 0x6d1c3000 C:\Program Files\Java\jre6\bin\dcpr.dll
0x10000000 - 0x100b4000 C:\Documents and Settings\User\Local Settings\temp\jkos-User\binaries\kosglue-7.0.26.0.dll
0x7c420000 - 0x7c4a7000 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll
0x78130000 - 0x781cb000 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll
0x03670000 - 0x036b7000 C:\Documents and Settings\User\Local Settings\temp\jkos-User\binaries\kave.dll
0x02f50000 - 0x02f5d000 C:\Documents and Settings\User\Local Settings\temp\jkos-User\binaries\FSSync.dll
0x77690000 - 0x776b1000 C:\WINDOWS\system32\NTMARTA.DLL
0x71bf0000 - 0x71c03000 C:\WINDOWS\system32\SAMLIB.dll
VM Arguments:
jvm_args: -D__jvm_launched=4078261956 -Xbootclasspath/a:C:\PROGRA~1\Java\jre6\lib\deploy.jar;C:\PROGRA~1\Java\jre6\lib\javaws.jar;C:\PROGRA~1\Java\jre6\lib\plugin.jar
java_command: sun.plugin2.main.client.PluginMain write_pipe_name=jpi2_pid220_pipe3,read_pipe_name=jpi2_pid220_pipe2
Launcher Type: SUN_STANDARD
Environment Variables:
PATH=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
USERNAME=User
OS=Windows_NT
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 1, AuthenticAMD
S Y S T E M
OS: Windows XP Build 2600 Service Pack 3
CPU:total 1 (1 cores per cpu, 1 threads per core) family 6 model 8 stepping 1, cmov, cx8, fxsr, mmx, sse, mmxext, 3dnow, 3dnowext
Memory: 4k page, physical 228848k(34700k free), swap 559812k(60464k free)
vm_info: Java HotSpot(TM) Client VM (11.3-b02) for windows-x86 JRE (1.6.0_13-b03), built on Mar 9 2009 01:15:24 by "java_re" with MS VC++ 7.1
time: Mon May 18 23:10:47 2009
elapsed time: 563 seconds
Maybe I did something wrong and this caused my computer to behave srangely.
Anyway thanks for your help to date it is much appreciated.0 -
Combofix deleted all these nasties ~
c:\documents and settings\LocalService\Application Data\twain_32
c:\documents and settings\LocalService\Application Data\twain_32\user.ds
c:\documents and settings\NetworkService\Application Data\twain_32
c:\documents and settings\NetworkService\Application Data\twain_32\user.ds
c:\documents and settings\User\Application Data\wiaserva.log
c:\program files\INSTALL.LOG
c:\windows\jestertb.dll
c:\windows\system32\dz1.txt
c:\windows\system32\E95THK16.EXE
c:\windows\system32\encapi32.dll
c:\windows\system32\inform.dat
c:\windows\system32\MabryObj.dll
c:\windows\system32\p1.txt
c:\windows\system32\r24.txt
Id hazard a guess one of the problems youve had is by downloading the screensaver in the 1st place (A lot are infected)
Id also guess that your still infected
run a KASPERSKY ONLINE SCAN (click to scan 'MY COMPUTER')
http://www.kaspersky.co.uk/virusscanner
Please post the complete log it creates (This only SCANS it DOESNT delete anything, so we'd need to see anything it finds):idea:0 -
Hi
I ran the scan it took over 8 hours and it said no malware detected. Nothing was found it said no malware detected. The scan report is blank so nothing to copy and put on here. Is this right? I took a screenshot of the results of the scan saying how many files etc and time but I cannot copy it onto here. Is it likely my computer is now ok?0 -
Yes. Id say your ok (Not guaranteed but at least your way cleaner than you were)
If you have aymore issues please repost here:idea:0 -
Thank you very much for your help, it is much appreciated.0
-
Following on from my problems earlier. I have just done a full scan with my Avast. It found 1 infected file - C:\System VolumeInfomation\_restore(97352DB0-335C.4904.AC7 Malware:Win32:Pavu(Drp). This was successfully removed to chest.
Can anyone please advise if I need to do anything further to protect my computer. Thank you.
Jackie
Sorry for earlier confusion for posting this on wrong message.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply

Categories
- All Categories
- 350.4K Banking & Borrowing
- 252.9K Reduce Debt & Boost Income
- 453.3K Spending & Discounts
- 243.4K Work, Benefits & Business
- 597.9K Mortgages, Homes & Bills
- 176.6K Life & Family
- 256.4K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards