We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
The Forum now has a brand new text editor, adding a bunch of handy features to use when creating posts. Read more in our how-to guide
Is someone available to check this?
Comments
-
Well you need to to attempt to remove the file:idea:0
-
ComboFix 09-07-02.02 - Liz Speck 03/07/2009 11:27.3 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.44.1033.18.1915.943 [GMT 1:00]
Running from: c:\users\Liz Speck\Downloads\ComboFix.exe
Command switches used :: c:\users\Liz Speck\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FILE ::
"c:\windows\System32\drivers\pdih wctl.sys"
.
((((((((((((((((((((((((( Files Created from 2009-06-03 to 2009-07-03 )))))))))))))))))))))))))))))))
.
2009-07-03 09:56 . 2009-07-03 09:56
d
w- c:\program files\CCleaner
2009-07-02 20:04 . 2009-07-02 20:04
d
w- c:\program files\Trend Micro
2009-07-01 21:23 . 2009-07-01 21:23
d
w- c:\users\Liz Speck\AppData\Roaming\Sammsoft
2009-07-01 21:23 . 2009-07-01 21:23
d
w- c:\program files\Advanced Registry Optimizer
2009-07-01 21:16 . 2009-07-01 21:16
d
w- c:\users\Liz Speck\AppData\Roaming\Malwarebytes
2009-07-01 21:16 . 2009-06-17 10:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-01 21:16 . 2009-07-01 21:16
d
w- c:\program files\Malwarebytes' Anti-Malware
2009-07-01 21:16 . 2009-07-01 21:16
d
w- c:\programdata\Malwarebytes
2009-07-01 21:16 . 2009-06-17 10:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-22 11:47 . 2009-06-22 11:47
d
w- c:\program files\CardRecovery
2009-06-16 21:23 . 2009-06-16 21:23
d
w- c:\program files\Coupon Printer
2009-06-16 21:23 . 2009-06-16 21:23 31 ---ha-w- c:\windows\UKCpInfo.sys
2009-06-10 14:11 . 2009-06-10 14:11
d
w- c:\users\Liz Speck\AppData\Roaming\GretagMacbeth
2009-06-10 13:59 . 2007-01-25 15:41 14416 ----a-w- c:\windows\system32\drivers\pdihwctl.sys
2009-06-10 13:59 . 2007-01-25 15:41 126976 ----a-w- c:\windows\system32\drivers\direci2c.dll
2009-06-10 13:59 . 2004-10-15 07:54 44344 ----a-w- c:\windows\system32\drivers\i1display.sys
2009-06-10 13:58 . 2009-06-10 13:58
d
w- c:\program files\GretagMacbeth
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-12 08:48 . 2008-08-12 11:46
d
w- c:\programdata\Microsoft Help
2009-05-25 06:36 . 2009-05-25 06:36
d
w- c:\program files\Microsoft Games
2009-05-15 18:39 . 2009-05-15 18:39
d
w- c:\programdata\WindowsSearch
2009-05-14 07:05 . 2006-11-02 11:18
d
w- c:\program files\Windows Mail
2009-04-27 17:09 . 2009-04-09 22:28 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-04-27 17:09 . 2009-04-09 22:28 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-04-24 16:05 . 2009-06-11 22:23 827904 ----a-w- c:\windows\system32\wininet.dll
2009-04-24 16:02 . 2009-06-11 22:23 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-24 13:44 . 2009-06-11 22:23 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-04-23 12:43 . 2009-06-11 22:23 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-23 12:42 . 2009-06-11 22:23 636928 ----a-w- c:\windows\system32\localspl.dll
2009-04-21 11:55 . 2009-06-11 22:23 2033152 ----a-w- c:\windows\system32\win32k.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-07-02_21.20.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2009-07-03 09:27 47840 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:02 . 2009-07-03 09:27 74080 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-02-24 09:59 . 2009-07-02 21:17 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-02-24 09:59 . 2009-07-03 09:56 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-02-24 09:59 . 2009-07-03 09:56 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-24 09:59 . 2009-07-02 21:17 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-24 09:59 . 2009-07-03 09:56 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-24 09:59 . 2009-07-02 21:17 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-24 10:06 . 2009-07-03 09:27 8370 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2790120177-530276201-2237413621-1000_UserData.bin
- 2009-02-24 10:06 . 2009-07-02 17:59 8370 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2790120177-530276201-2237413621-1000_UserData.bin
- 2009-07-02 17:56 . 2009-07-02 17:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-07-03 09:24 . 2009-07-03 09:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-07-02 17:56 . 2009-07-02 17:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-03 09:24 . 2009-07-03 09:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 10:33 . 2009-07-03 09:28 600378 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-07-02 18:00 600378 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-07-02 18:00 105852 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-07-03 09:28 105852 c:\windows\System32\perfc009.dat
+ 2009-07-03 09:22 . 2009-07-03 09:22 262144 c:\windows\System32\config\TxR\NTUSER.DAT
+ 2009-07-03 09:22 . 2009-07-03 09:22 262144 c:\windows\System32\config\RegBack\NTUSER.DAT
+ 2009-07-03 09:22 . 2009-07-03 09:22 262144 c:\windows\System32\config\Journal\NTUSER.DAT
+ 2009-02-24 10:12 . 2009-07-03 09:23 391496 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-02-24 10:12 . 2009-07-02 17:55 391496 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-11 68856]
"AROReminder"="c:\program files\Advanced Registry Optimizer\ARO.exe" [2008-08-22 2084480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-03 136600]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-11 29744]
"Google EULA Launcher"="c:\program files\Google\Google EULA\GoogleEULALauncher.exe" [2008-05-28 20480]
"Toshiba TEMPO"="c:\program files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe" [2008-04-24 103824]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-06-24 509816]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-05-09 716800]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2008-01-11 574864]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-14 623992]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"NDSTray.exe"="NDSTray.exe" [BU]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-04-08 6037504]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-11-20 1826816]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logo Calibration Loader.lnk - c:\program files\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe [2009-6-10 708608]
ProfileReminder.lnk - c:\program files\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe [2009-6-10 954368]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{766910D8-DB4C-41D3-9910-87CE45EC81C3}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{EBC6FD4A-485B-4321-A76A-A1EE9CEF100E}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D8972CDE-67A6-4D76-9700-037C79245ABB}"= UDP:3703:Adobe Version Cue CS3 Server
"{A680F8A5-9F4D-4400-BFAD-8AFF274F2A35}"= UDP:3704:Adobe Version Cue CS3 Server
"{AB14AD5A-32B3-4A2E-A8CD-55075B0188BA}"= UDP:50900:Adobe Version Cue CS3 Server
"{A519E1E9-114A-4C1F-ACE6-195A34532BCE}"= UDP:50901:Adobe Version Cue CS3 Server
"{62A6F5C1-33A1-4507-A051-9E0D6DFCF30E}"= UDP:c:\program files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{ED4119EA-BFC8-4911-843D-0E646B293549}"= TCP:c:\program files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{37E0F057-81C7-4A27-8404-605F05D651DB}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{7CD82C72-FFAC-42EF-87ED-E8B4A02CDFD9}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DoNotAllowExceptions"= 1 (0x1)
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\System32\drivers\jswpslwf.sys [24/02/2009 11:09 20384]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [09/04/2009 23:28 108289]
R2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [17/04/2008 00:19 40960]
R2 PDIHWCTL;PDIHWCTL;c:\windows\System32\drivers\pdihwctl.sys [10/06/2009 14:59 14416]
R2 TempoMonitoringService;Notebook Performance Tuning Service ;c:\program files\Toshiba TEMPRO\TempoSVC.exe [24/04/2008 10:21 99720]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [06/02/2008 15:12 126976]
R3 FwLnk;FwLnk Driver;c:\windows\System32\drivers\FwLnk.sys [11/08/2008 16:29 7168]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [24/04/2008 19:35 73728]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [11/08/2008 16:59 29744]
S3 i1display;i1 Display;c:\windows\System32\drivers\i1display.sys [10/06/2009 14:59 44344]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [24/02/2009 11:09 954368]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
.
Supplementary Scan
.
uLocal Page = \blank.htm
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
uInternet Settings,ProxyOverride = *.local
IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4
IE: {{8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?!!!!!Toshibaukbholink-21&site=home
FF - ProfilePath - c:\users\Liz Speck\AppData\Roaming\Mozilla\Firefox\Profiles\fjw9l11t.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-03 11:31
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i????????K!???P???x????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-07-03 11:32
ComboFix-quarantined-files.txt 2009-07-03 10:32
ComboFix2.txt 2009-07-03 09:42
ComboFix3.txt 2009-07-02 21:21
Pre-Run: 37,810,851,840 bytes free
Is this one right? Do I need to run the cleaner again?
Post-Run: 37,679,423,488 bytes free
177 --- E O F --- 2009-07-02 20:030 -
Youve done right this time but combofix cant remove it (Or another code is needed which im unsure about)
Try going to that location and removing it yourself
Failing that try KILLBOX
http://killbox.net/
Copy the text in RED below
c:\windows\System32\drivers\pdih wctl.sys
Run the KillBox and choose File -> Paste from Clipboard.
Check the Delete on Reboot option and click the X. Confirm and let it restart.:idea:0 -
Sorry, what do I need to remove, location?
0 -
pdih wctl.sys:idea:0
-
OK, as above, found and removed (how do I check? probably the most stupid question you have heard!) Anything else I need to do? Thanks0
-
Run malwarebytes every few weeks
Other than that I think your ok (But bear in mind with the infections youve had this may NOT be the case):idea:0 -
Thank you for your help and advice :j0
-
no worries
:idea:0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 354.2K Banking & Borrowing
- 254.3K Reduce Debt & Boost Income
- 455.3K Spending & Discounts
- 247.1K Work, Benefits & Business
- 603.8K Mortgages, Homes & Bills
- 178.4K Life & Family
- 261.3K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.7K Read-Only Boards