We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Help with online virus scanner
Options
Comments
-
right click the exe file and click to RUN AS ADMIN
If it still doesnt work then try the others (Skip any that dont work):idea:0 -
-
ComboFix 09-05-24.07 - Home 25/05/2009 12:37.4 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.44.1033.18.2037.1043 [GMT 1:00]
Running from: c:\users\Home\Pictures\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Files Created from 2009-04-25 to 2009-05-25 )))))))))))))))))))))))))))))))
.
2009-05-25 11:43 . 2009-05-25 11:43
dc----w c:\users\Home\AppData\Local\temp
2009-05-25 11:43 . 2009-05-25 11:43
d
w c:\users\kids\AppData\Local\temp
2009-04-29 08:44 . 2009-02-05 20:06 51376 ----a-w c:\windows\system32\drivers\aswTdi.sys
2009-04-29 08:44 . 2009-02-05 20:06 23152 ----a-w c:\windows\system32\drivers\aswRdr.sys
2009-04-29 08:44 . 2009-02-05 20:07 114768 ----a-w c:\windows\system32\drivers\aswSP.sys
2009-04-29 08:44 . 2009-02-05 20:07 20560 ----a-w c:\windows\system32\drivers\aswFsBlk.sys
2009-04-29 08:44 . 2009-02-05 20:04 97480 -c--a-w c:\windows\system32\AvastSS.scr
2009-04-29 08:44 . 2009-02-05 20:11 1256296 -c--a-w c:\windows\system32\aswBoot.exe
2009-04-29 08:44 . 2009-02-05 20:06 51792 ----a-w c:\windows\system32\drivers\aswMonFlt.sys
2009-04-29 08:44 . 2009-04-29 08:44
dc----w c:\program files\Alwil Software
2009-04-27 18:45 . 2009-04-27 18:45
dc----w c:\users\Home\AppData\Local\Apps
2009-04-26 20:35 . 2009-04-26 20:35
dc----w c:\users\Public\CyberLink
2009-04-26 20:34 . 2009-04-26 20:35
dc----w c:\users\Home\AppData\Roaming\CyberLink
2009-04-25 17:21 . 2009-04-25 17:21
dc----w c:\program files\CCleaner
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-25 11:09 . 2008-06-30 03:53
dc----w c:\programdata\Google Updater
2009-05-24 12:48 . 2009-01-25 13:26
dc----w c:\program files\Malwarebytes' Anti-Malware
2009-04-29 12:12 . 2008-07-30 09:41
dc----w c:\program files\Java
2009-04-27 18:45 . 2008-06-23 20:28
dc----w c:\program files\Mozilla Thunderbird
2009-04-26 20:34 . 2008-02-26 03:45
dc----w c:\programdata\CyberLink
2009-04-25 16:54 . 2008-09-06 20:58
dc----w c:\program files\free-downloads.net
2009-04-24 20:12 . 2009-04-24 20:12
dc----w c:\program files\Trend Micro
2009-04-18 20:57 . 2009-04-18 20:52
dc----w c:\users\Home\AppData\Roaming\Spotify
2009-04-18 20:52 . 2009-04-18 20:52
dc----w c:\program files\Spotify
2009-04-16 23:55 . 2006-11-02 11:18
dc----w c:\program files\Windows Mail
2009-04-16 23:14 . 2008-02-26 03:14
dc----w c:\programdata\Microsoft Help
2009-04-14 00:39 . 2009-04-24 00:45 4656976 ----a-w c:\programdata\Microsoft\Windows Defender\Definition Updates\{EA567679-3F45-4437-BF2B-1E909DCAD786}\mpengine.dll
2009-04-12 23:02 . 2009-04-12 23:01
dc----w c:\users\Home\AppData\Roaming\vlc
2009-04-12 23:00 . 2009-04-12 23:00
dc----w c:\program files\VideoLAN
2009-04-11 20:52 . 2009-04-11 20:52
dc----w c:\program files\RealWorldPOI
2009-04-06 14:32 . 2009-01-25 13:26 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 14:32 . 2009-01-25 13:26 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-03-17 03:38 . 2009-04-16 16:19 13824 -c--a-w c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-16 16:19 24064 -c--a-w c:\windows\system32\amxread.dll
2009-03-09 04:19 . 2009-02-25 22:44 410984 -c--a-w c:\windows\system32\deploytk.dll
2009-03-06 18:50 . 2009-03-06 18:50 0 -c--a-w c:\users\Home\jagex_runescape_preferences.dat
2009-03-04 09:57 . 2009-03-04 09:57 266240 -c--a-w c:\windows\system32\CSHelper.exe
2009-03-04 09:57 . 2009-03-04 09:57 225280 -c--a-w c:\windows\system32\CSInstru.DLL
2009-03-03 04:46 . 2009-04-16 16:21 3599328 -c--a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-16 16:21 3547632 -c--a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:40 . 2009-04-16 16:18 827392 -c--a-w c:\windows\system32\wininet.dll
2009-03-03 04:39 . 2009-04-16 16:21 183296 -c--a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-16 16:21 551424 -c--a-w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-16 16:21 26112 -c--a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-16 16:18 78336 -c--a-w c:\windows\system32\ieencode.dll
2009-03-03 04:37 . 2009-04-16 16:21 98304 -c--a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-16 16:21 54784 -c--a-w c:\windows\system32\iasads.dll
2009-03-03 04:37 . 2009-04-16 16:21 44032 -c--a-w c:\windows\system32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-16 16:21 666624 -c--a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-16 16:21 17408 -c--a-w c:\windows\system32\iashost.exe
2009-03-03 02:28 . 2009-04-16 16:18 26624 -c--a-w c:\windows\system32\ieUnatt.exe
.
((((((((((((((((((((((((((((( SnapShot_2009-04-29_18.24.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2009-05-25 06:52 64908 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:02 . 2009-05-25 11:10 87460 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-06-23 23:22 . 2009-05-25 11:10 10614 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3929813110-840122575-3204768853-1000_UserData.bin
- 2008-06-23 23:16 . 2009-04-29 16:21 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-06-23 23:16 . 2009-05-25 11:21 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-06-23 23:16 . 2009-04-29 16:21 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-23 23:16 . 2009-05-25 11:21 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-23 23:16 . 2009-05-25 11:21 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-06-23 23:16 . 2009-04-29 16:21 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-05-25 06:49 . 2009-05-25 11:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-04-29 12:20 . 2009-04-29 12:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-04-29 12:20 . 2009-04-29 12:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-05-25 06:49 . 2009-05-25 11:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-06-24 00:16 . 2009-05-25 09:04 317580 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2006-11-02 10:33 . 2009-04-29 12:26 601008 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-05-25 11:13 601008 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-04-29 12:26 106498 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-05-25 11:13 106498 c:\windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-01-03 10:00 39472 ----a-w c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"BitComet"="c:\program files\BitComet\BitComet.exe" [2008-06-03 2596152]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-30 68856]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-20 217544]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-05 525360]
"PCMService"="c:\program files\Acer\Acer Arcade\PCMService.exe" [2008-01-25 155648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-22 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-22 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-22 133656]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-01-04 768520]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-21 159744]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-06 57344]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-02-06 454000]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-09-03 4702208]
c:\users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-9-5 113664]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-2-26 535336]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{DF60EEC8-0880-4246-9F1B-E1A10310EF84}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{64BC88D6-9B44-490A-BC4D-A944E6E3591F}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{13ADE3BD-099C-44B2-A160-5484D6802808}"= c:\program files\Acer\Acer Arcade\PowerCinema.exe:CyberLink PowerCinema
"{B6B81CF0-2AE4-455F-98A8-CA8E19F5FCDD}"= c:\program files\Acer\Acer Arcade\PCMService.exe:CyberLink PowerCinema Resident Program
"{20859917-0498-405B-A496-2F5D40E2B014}"= c:\program files\Acer\Acer Arcade\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{0123652C-844A-43DE-831A-EA7BA4B67C78}"= c:\program files\Acer\Acer Arcade\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{AB2CA533-4D4A-4EAB-98B3-BACD35DA0665}"= c:\program files\Acer\HomeMedia\HomeMedia.exe:HomeMedia
"{09DC3416-BD03-46A4-8BAC-BDBBB2CD50F0}"= UDP:c:\users\Home\AppData\Local\Temp\Installer.exe:SpeedTouch Home Install Wizard
"{DEE1C961-DD91-4148-915B-7FB8ACADE30E}"= TCP:c:\users\Home\AppData\Local\Temp\Installer.exe:SpeedTouch Home Install Wizard
"{5A583172-BFA5-49A1-865C-C4F4B84F875A}"= UDP:c:\program files\Thomson\ST330\service\st330service.exe:ST330 service
"{8615FDF5-DFAE-45F5-A4A1-F1D194BE367D}"= TCP:c:\program files\Thomson\ST330\service\st330service.exe:ST330 service
"TCP Query User{F7E7C38F-15FE-4841-9E79-9D5086A8AE60}c:\\program files\\bitcomet\\bitcomet.exe"= UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{587E3BB9-21D6-4B05-B868-8A5E5C063F2C}c:\\program files\\bitcomet\\bitcomet.exe"= TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"{BFCEB77B-2070-4CB2-B9C2-2A55FBB1556E}"= UDP:c:\program files\TalkTalk\agent\bin\bcont.exe:bcont.exe
"{E5619BFF-30DC-483F-B45B-A485884D89A6}"= TCP:c:\program files\TalkTalk\agent\bin\bcont.exe:bcont.exe
"{369D153B-DFB4-432E-89EE-08B3EFD89436}"= UDP:c:\program files\Common Files\SupportSoft\bin\tgsrvc.exe:tgsrvc.exe
"{DDF9A213-91FD-416A-B3AE-B39B3BFA08E2}"= TCP:c:\program files\Common Files\SupportSoft\bin\tgsrvc.exe:tgsrvc.exe
"{29F42DC9-DF98-45AE-87DF-43A1EAD9BD45}"= UDP:c:\program files\TalkTalk\agent\bin\bcont_nm.exe:bcont_nm.exe
"{1BC47C04-5E79-4BC8-B239-F9935BBD938C}"= TCP:c:\program files\TalkTalk\agent\bin\bcont_nm.exe:bcont_nm.exe
"{E0CFAD7A-94AA-48EF-B1CF-3465E9A6C504}"= UDP:c:\program files\TalkTalk\bin\sprtcmd.exe:sprtcmd.exe
"{ADB14288-E77F-4A1B-8E02-FCBC95088432}"= TCP:c:\program files\TalkTalk\bin\sprtcmd.exe:sprtcmd.exe
"TCP Query User{E8213B60-A003-4E2F-B7D8-964BCC091568}c:\\program files\\bitcomet\\bitcomet.exe"= UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{2D0FE775-5340-4A14-91EC-FA175653C179}c:\\program files\\bitcomet\\bitcomet.exe"= TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"{BADE3396-F0B9-47F0-A9B6-476162614135}"= UDP:c:\program files\BitComet\tools\CometBrowser.exe:BitComet Resource Browser
"{FB2258FA-EE8A-4426-8BF9-EC5BF8367754}"= TCP:c:\program files\BitComet\tools\CometBrowser.exe:BitComet Resource Browser
"{99699AA4-35E0-4751-8D21-768BB1704EB3}"= Disabled:UDP:d:\aoc\Age of Conan\AgeOfConan.exe:AgeOfConan
"{B30A5948-33C4-4C05-BB99-F6C6861D9A49}"= Disabled:TCP:d:\aoc\Age of Conan\AgeOfConan.exe:AgeOfConan
"TCP Query User{1F9E4127-B56E-4A33-AFF1-037646C61604}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{560861C6-4AAB-480C-8D4D-6CF1D57D73C0}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{C695BAB6-565B-4BE3-82B4-BEC645D90FDC}c:\\program files\\microsoft office\\office\\frontpg.exe"= UDP:c:\program files\microsoft office\office\frontpg.exe:Microsoft FrontPage
"UDP Query User{58CE2173-AA8C-418F-87D7-CFAED159352B}c:\\program files\\microsoft office\\office\\frontpg.exe"= TCP:c:\program files\microsoft office\office\frontpg.exe:Microsoft FrontPage
"{1270A110-1698-48DB-85B2-0720D39F28C9}"= UDP:24240:BitComet 24240 TCP
"{D618A038-2EDE-4085-AC80-F91ABD65D822}"= TCP:24240:BitComet 24240 UDP
"TCP Query User{48AA258C-EC5E-42E1-859A-949D56B196C3}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{5387266C-607A-4A46-8F6C-B830FD944AEE}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{1700C60C-3C7A-4857-BB02-48DA59A1FBFF}d:\\games\\doom 3\\doom3.exe"= Disabled:UDP:d:\games\doom 3\doom3.exe:DOOM 3
"UDP Query User{DE7D802F-89A2-474D-B48A-7035C3A723C9}d:\\games\\doom 3\\doom3.exe"= Disabled:TCP:d:\games\doom 3\doom3.exe:DOOM 3
"TCP Query User{AE2EFF4C-DD3F-4A84-98E8-7F4A05229B81}c:\\sierra\\empire earth\\empire earth.exe"= UDP:c:\sierra\empire earth\empire earth.exe:Empire Earth
"UDP Query User{21A74C02-E95A-4A61-9E91-373EA4ACEADF}c:\\sierra\\empire earth\\empire earth.exe"= TCP:c:\sierra\empire earth\empire earth.exe:Empire Earth
"TCP Query User{51A6C1B8-2BDC-4BA8-B822-92E93C5C8E6D}c:\\sierra\\empire earth\\empire earth.exe"= UDP:c:\sierra\empire earth\empire earth.exe:Empire Earth
"UDP Query User{CCB41075-1A98-41DB-8619-CBB9DF7BC3FB}c:\\sierra\\empire earth\\empire earth.exe"= TCP:c:\sierra\empire earth\empire earth.exe:Empire Earth
"{B2E342D6-7D4F-4731-AEAB-9E6BEC10BDC0}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDSfsu.exe"= c:\acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu
"c:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\encryption.exe"= c:\acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption
"c:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\decryption.exe"= c:\acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption
"c:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDSMgr.exe"= c:\acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr
"c:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDStbmngr.exe"= c:\acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr
"c:\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDSfsu.exe"= c:\acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu
"c:\\Acer\\Empowering Technology\\eDataSecurity\\x64\\encryption.exe"= c:\acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption
"c:\\Acer\\Empowering Technology\\eDataSecurity\\x64\\decryption.exe"= c:\acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption
"c:\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDSMgr.exe"= c:\acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr
"c:\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDStbmngr.exe"= c:\acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [29/04/2009 09:44 114768]
R2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [25/02/2008 20:04 51200]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [29/04/2009 09:44 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [29/04/2009 09:44 51792]
R2 CSHelper;CopySafe Helper Service;c:\windows\System32\CSHelper.exe [04/03/2009 10:57 266240]
R2 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [05/03/2009 22:21 55280]
R2 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 19:08 533360]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [26/02/2008 02:41 180736]
S3 ST330;ST330;c:\windows\System32\drivers\st330.sys [24/06/2008 03:12 30464]
S3 STBUS;STBUS;c:\windows\System32\drivers\stbus.sys [24/06/2008 03:12 12672]
S3 stppp;Speedtouch PPP Adapter Adapter;c:\windows\System32\drivers\stppp.sys [24/06/2008 03:12 35328]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder
2009-05-25 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-30 07:41]
2009-05-25 c:\windows\Tasks\User_Feed_Synchronization-{6C865D70-FEB0-4153-B906-1B807149BF08}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:34]
.
- - - - ORPHANS REMOVED - - - -
SafeBoot-procexp90.Sys
.
Supplementary Scan
.
mStart Page = hxxp://en.uk.acer.yahoo.com
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\wpclsp.dll
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
DPF: {0CFA086E-6336-4D95-B6AA-90F564E99631} - hxxp://www.shopandscan.com/TNSClicker.CAB
FF - ProfilePath - c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\aytilme9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.itsmylife.talktalk.net/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=vmn&type=vdio5&p=
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npArtistScope42.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npArtistScopeDRM11.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppopcaploader.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\C2MP\npdivx32.dll
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-25 12:43
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
DLLs Loaded Under Running Processes
- - - - - - - > 'Explorer.exe'(2656)
c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\acer\Empowering Technology\EPOWER\SysHook.dll
.
Completion time: 2009-05-25 12:47
ComboFix-quarantined-files.txt 2009-05-25 11:46
ComboFix2.txt 2009-04-29 18:27
ComboFix3.txt 2009-04-29 08:25
ComboFix4.txt 2009-04-25 19:46
Pre-Run: 3,280,318,464 bytes free
Post-Run: 3,304,448,000 bytes free
268 --- E O F --- 2009-04-22 07:050 -
Logs look fine
Looks like your clean to me:idea:0 -
Whilst waiting for your reply I tried kapersky again. Still not working, I get half way through with an infections showing and then it switches the computer off.:wall:0
-
Im not 100% sure its picking up actual infections. More like 'warnings' (For bit torrent etc)
Try Basmics ESET scanner post #4:idea:0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 350.8K Banking & Borrowing
- 253K Reduce Debt & Boost Income
- 453.5K Spending & Discounts
- 243.8K Work, Benefits & Business
- 598.6K Mortgages, Homes & Bills
- 176.8K Life & Family
- 257.1K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards