We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Internet explorer shutting down
Options
Comments
-
ComboFix 09-09-25.01 - dad 26/09/2009 11:16.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.503.160 [GMT 1:00]
Running from: c:\documents and settings\dad\My Documents\Downloads\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\recycler\S-1-5-21-1765531960-2350244795-515786678-1003
c:\windows\Installer\1edd74.msi
c:\windows\Installer\29b6b.msi
c:\windows\Installer\29b6c.msp
c:\windows\Installer\29b6d.msp
c:\windows\Installer\29b6e.msp
c:\windows\Installer\29b6f.msp
c:\windows\Installer\29b70.msp
c:\windows\Installer\29b71.msp
c:\windows\Installer\29b72.msp
c:\windows\Installer\29b73.msp
c:\windows\Installer\29b74.msp
\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2009-08-26 to 2009-09-26 )))))))))))))))))))))))))))))))
.
2009-09-26 10:00 . 2009-09-26 10:00
d
w- c:\windows\LastGood
2009-09-26 10:00 . 2009-07-28 15:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-09-26 10:00 . 2009-03-30 09:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-09-26 10:00 . 2009-02-13 11:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-09-26 10:00 . 2009-02-13 11:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-09-26 10:00 . 2009-09-26 10:00
d
w- c:\program files\Avira
2009-09-26 10:00 . 2009-09-26 10:00
d
w- c:\documents and settings\All Users\Application Data\Avira
2009-09-25 23:57 . 2009-09-25 23:57
d
w- c:\program files\Trend Micro
2009-09-25 22:39 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-25 22:39 . 2009-09-25 23:55
d
w- c:\program files\Malwarebytes' Anti-Malware
2009-09-25 22:39 . 2009-09-25 22:39
d
w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-25 22:39 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-25 00:17 . 2009-09-25 00:17
d
w- c:\documents and settings\dad\Local Settings\Application Data\Microsoft Corporation
2009-09-25 00:10 . 2009-09-25 20:16
d
w- c:\program files\Microsoft Small Business
2009-09-25 00:03 . 2009-09-25 00:03
d
w- c:\program files\Microsoft.NET
2009-09-24 23:57 . 2009-09-24 23:57
d
w- c:\program files\MSXML 6.0
2009-09-24 23:52 . 2009-09-25 12:12
d
w- c:\program files\Microsoft SQL Server
2009-09-24 13:22 . 2009-09-23 19:12 1386112 ----a-w- C:\q822350.exe
2009-09-22 16:25 . 2009-09-22 16:25
d
w- c:\documents and settings\All Users\Application Data\Sage
2009-09-22 13:08 . 2009-09-22 13:08 122880 ----a-w- c:\windows\system32\sharedobj.dll
2009-09-22 13:08 . 2009-09-22 13:08 319488 ----a-w- c:\windows\system32\ucrtupd.exe
2009-09-22 07:11 . 2009-09-22 07:11
d
w- c:\documents and settings\Guest\Tracing
2009-09-21 15:05 . 2002-08-28 21:48 14208 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-09-21 15:05 . 2002-08-28 21:48 14208 ----a-w- c:\program files\usbscan.sys
2009-09-21 15:01 . 2009-09-21 15:01 8556 ----a-w- C:\usbscan.zip
2009-09-21 13:47 . 2009-09-21 13:47
d
w- c:\windows\system32\CatRoot_bak
2009-09-21 13:16 . 2009-09-21 13:16
d
w- c:\windows\system32\New Folder
2009-09-20 20:44 . 2007-04-17 23:00 67072 ----a-w- c:\windows\system32\escwiad.dll
2009-09-20 20:27 . 2006-12-08 10:04 76800 ----a-w- c:\windows\system32\E_FLBCDE.DLL
2009-09-20 20:27 . 2006-04-19 10:00 62976 ----a-w- c:\windows\system32\E_FD4BCDE.DLL
2009-09-20 20:26 . 2009-09-20 20:44
d
w- c:\program files\EPSON
2009-09-15 15:08 . 2009-09-22 18:31
d
w- c:\documents and settings\dad\Tracing
2009-09-15 14:59 . 2009-09-15 14:59
d
w- c:\program files\Common Files\Windows Live
2009-09-14 20:41 . 2009-09-14 20:41
d
w- c:\documents and settings\All Users\Application Data\CyberLink
2009-09-14 19:55 . 2007-06-15 15:21 26120 ----a-r- c:\windows\system32\drivers\SNTNLUSB.SYS
2009-09-14 19:55 . 2007-06-15 15:21 76288 ----a-w- c:\windows\system32\drivers\SENTINEL.SYS
2009-09-14 19:55 . 2007-06-15 15:21 50176 ----a-w- c:\windows\system32\SNTI386.DLL
2009-09-14 19:55 . 2007-06-15 15:21 18432 ----a-w- c:\windows\system32\RNBOVDD.DLL
2009-09-14 19:55 . 2009-09-14 19:55
d
w- c:\windows\system32\RNBOSENT
2009-09-14 19:54 . 2004-07-14 11:54 676864 ----a-w- c:\windows\system32\drivers\hardlock.sys
2009-09-14 19:53 . 2009-09-14 19:53 383 ----a-w- c:\windows\system32\haspdos.sys
2009-09-14 19:53 . 2009-09-14 19:53 6656 ----a-w- c:\windows\system32\haspvdd.dll
2009-09-14 19:53 . 2009-09-14 19:53 47616 ----a-w- c:\windows\system32\drivers\Haspnt.sys
2009-09-14 19:53 . 1994-02-13 06:21 11111 ----a-w- c:\windows\system32\DELTREE.EXE
2009-09-14 19:53 . 1999-10-06 09:51 463392 ----a-w- c:\windows\system32\OWL250F.DLL
2009-09-14 19:53 . 1997-01-16 00:00 1766160 ----a-w- c:\windows\system32\VBA5.DLL
2009-09-14 19:53 . 1999-10-06 09:51 471840 ----a-w- c:\windows\system32\hhupd.exe
2009-09-14 19:51 . 2009-09-14 20:07
d
w- c:\program files\FlexiSIGN-PRO 7.6v2
2009-09-13 11:20 . 2009-09-26 00:15
d
w- c:\documents and settings\All Users\Application Data\Google Updater
2009-09-12 20:06 . 2009-09-20 20:34
d
w- c:\documents and settings\All Users\Application Data\EPSON
2009-09-12 16:46 . 2009-09-13 09:26
d
w- C:\artcut6
2009-09-12 16:36 . 2009-09-12 16:36
d
w- c:\documents and settings\All Users\Application Data\InstallShield
2009-09-10 21:58 . 2009-09-10 21:58
d
w- c:\documents and settings\All Users\Application Data\Roland DG Corporation
2009-09-10 21:58 . 2009-09-10 21:58
d
w- c:\program files\CutStudio
2009-09-10 21:53 . 2009-09-11 07:42
d
w- c:\documents and settings\dad\Application Data\uTorrent
2009-09-09 07:19 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-26 09:55 . 2009-05-19 18:15
d
w- c:\program files\SPAMfighter
2009-09-25 20:29 . 2008-07-31 11:39
d--h--w- c:\program files\InstallShield Installation Information
2009-09-25 20:10 . 2008-07-31 11:59 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-09-25 16:33 . 2008-08-05 02:55 17128 ----a-w- c:\documents and settings\dad\Application Data\wklnhst.dat
2009-09-25 15:11 . 2009-04-16 11:03 1024 ----a-w- c:\windows\system32\WTCY9853.dat
2009-09-25 00:16 . 2008-07-31 12:06 623296 -c--a-w- c:\documents and settings\dad\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-22 16:23 . 2009-09-22 16:23
d
w- c:\program files\Common Files\TAS Software
2009-09-22 07:23 . 2008-09-30 15:18 1522 -c--a-w- c:\documents and settings\Guest\Application Data\wklnhst.dat
2009-09-18 08:58 . 2008-07-31 11:36
d
w- c:\program files\Microsoft Money 2005
2009-09-16 02:56 . 2008-08-25 11:13 622512 -c--a-w- c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-31 21:52 . 2008-09-11 11:32
d
w- c:\program files\NavNet
2009-08-20 22:04 . 2009-04-17 15:54
d
w- c:\documents and settings\dad\Application Data\Corel
2009-08-17 23:42 . 2009-08-17 23:42
d
w- c:\program files\Convar
2009-08-17 23:09 . 2009-08-17 23:09
d
w- c:\program files\CardRecovery
2009-08-12 15:53 . 2009-01-27 22:43
d
w- c:\program files\Common Files\Real
2009-08-12 15:52 . 2009-08-12 15:52
d
w- c:\program files\Real
2009-08-11 14:44 . 2009-08-11 14:44
d
w- c:\documents and settings\dad\Application Data\BitZipper
2009-08-11 14:44 . 2009-08-11 14:44
d
w- c:\documents and settings\dad\Application Data\ArcSoft
2009-08-11 14:44 . 2009-08-11 14:44
d
w- c:\documents and settings\dad\Application Data\AdobeUM
2009-08-11 07:22 . 2009-08-11 07:04 34 ----a-w- c:\documents and settings\dad\jagex_runescape_preferences.dat
2009-08-05 09:01 . 2005-04-25 23:05 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-30 23:10 . 2009-07-30 23:10
d
w- c:\program files\Transcendental Technologies
2009-07-17 19:01 . 2005-04-25 23:05 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 22:43 . 2005-04-25 23:06 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-29 16:12 . 2005-04-25 23:06 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2009-04-01 07:20 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2005-04-25 23:05 17408 ----a-w- c:\windows\system32\corpol.dll
2009-04-10 16:06 . 2009-04-10 16:06 100553 -c--a-w- c:\program files\deejay_supreme.zip
2008-10-27 22:41 . 2008-10-27 22:41 23 --sha-w- c:\windows\system32\dadfaaeac5_g.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-08 39408]
"Ncr"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-08 39408]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-21 198160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"SPAMfighter Agent"="c:\program files\SPAMfighter\SFAgent.exe" [2009-03-12 326792]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-05-16 213936]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-06-18 68592]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\FlexiSIGN-PRO 7.6v2\\Program\\App.exe"=
"c:\\Program Files\\FlexiSIGN-PRO 7.6v2\\Program\\App2.exe"=
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [26/09/2009 11:00 108289]
R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [12/03/2009 10:44 184968]
S2 ucrtupd;Universal Root Certificates Updates;c:\windows\system32\ucrtupd.exe [22/09/2009 14:08 319488]
S3 CH341SER;CH341SER;c:\windows\system32\drivers\CH341SER.SYS [16/04/2009 11:44 37488]
S3 hcw95bda;Hauppauge MOD7700 Tuner Driver;c:\windows\system32\drivers\hcw95bda.sys [31/07/2008 13:22 560640]
S3 hcw95rc;Hauppauge MOD7700 IR Driver;c:\windows\system32\drivers\hcw95rc.sys [31/07/2008 13:22 15616]
S4 EPGService;EPGService;c:\progra~1\WinTV\EPG Services\System\EPGService.exe [31/07/2008 13:46 437248]
S4 HauppaugeTVServer;HauppaugeTVServer;c:\progra~1\WinTV\HCWTVS~1.EXE [31/07/2008 13:45 823296]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - ANTIVIRSCHEDULERSERVICE
*NewlyCreated* - ANTIVIRSERVICE
*NewlyCreated* - AVGIO
*NewlyCreated* - AVGNTFLT
*NewlyCreated* - AVIPBB
*NewlyCreated* - SSMDRV
.
Contents of the 'Scheduled Tasks' folder
2009-09-26 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-08 13:12]
2009-09-26 c:\windows\Tasks\User_Feed_Synchronization-{ACA74B1A-F24A-4629-B176-1DD3A4316D8D}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 17:36]
2009-09-26 c:\windows\Tasks\User_Feed_Synchronization-{B8F45EB7-32A6-4BC8-9531-8E7AA8359D6A}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 17:36]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyServer = webcache.virginmedia.com:8080
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
FF - ProfilePath - c:\documents and settings\dad\Application Data\Mozilla\Firefox\Profiles\vz9iybhx.default\
FF - prefs.js: network.proxy.ftp - webcache.virginmedia.com
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - webcache.virginmedia.com
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - webcache.virginmedia.com
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - webcache.virginmedia.com
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - webcache.virginmedia.com
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -
Toolbar-Locked - (no file)
WebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
HKCU-Run-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
HKCU-Run-MSGTAG - c:\program files\MSGTAG\MSGTAG.exe
HKCU-Run-FreeCall - c:\documents and settings\dad\Desktop\freecall.exe
HKLM-Run-Corel Photo Downloader - c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
HKLM-Run-Corel File Shell Monitor - c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
HKLM-Run-Cmaudio - cmicnfg.cpl
AddRemove-FMS - c:\program files\FMS\Uninstall.exe
AddRemove-MSGTAG_is1 - c:\program files\MSGTAG\unins000.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-26 11:29
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-09-26 11:32
ComboFix-quarantined-files.txt 2009-09-26 10:31
Pre-Run: 52,061,417,472 bytes free
Post-Run: 52,425,650,176 bytes free
215 --- E O F --- 2009-09-25 12:230 -
Did Avira find anything?:idea:0
-
No nothing.0
-
Darn - I bet myself that it would be post #5 that Firefox would be mentioned.:Dmrmitchell78 wrote: »I heartily recommend Firefox - even when it shuts down it saves your tabs etc0 -
try a reset on internet explorer , may be a corrupt add on
http://support.microsoft.com/kb/923737
or do the update to IE8
http://www.microsoft.com/windows/internet-explorer/default.aspxEx forum ambassador
Long term forum member0 -
I'm doing a full scan at the moment as soon as it finishes I will switch over to explorer and see what happens. I have updated ie8
Many thanks.0 -
I'm running ie the same time as firefox with several programs open on each and some software running at the same time and no more lag or shutting down issues so far.
Will update later.
Thanks once again.0 -
Still some infection in there ~
Open notepad and copy/paste the text in RED below
File::
c:\windows\system32\WTCY9853.dat
c:\windows\system32\d3d9caps.dat
c:\documents and settings\dad\Application Data\wklnhst.dat
c:\documents and settings\Guest\Application Data\wklnhst.dat
Save this as "CFScript"
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply
Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
Ps ~ I would advise in future to follow the advice in order when posted as if there was something really nasty infecting your computer and you ran combofix willy nilly you could have ended up with an unbootable computer:idea:0 -
ComboFix 09-09-25.01 - dad 26/09/2009 12:43.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.503.222 [GMT 1:00]
Running from: c:\documents and settings\dad\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\dad\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
"c:\documents and settings\dad\Application Data\wklnhst.dat"
"c:\documents and settings\Guest\Application Data\wklnhst.dat"
"c:\windows\system32\d3d9caps.dat"
"c:\windows\system32\WTCY9853.dat"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\dad\Application Data\wklnhst.dat
c:\documents and settings\Guest\Application Data\wklnhst.dat
c:\windows\system32\d3d9caps.dat
c:\windows\system32\WTCY9853.dat
.
((((((((((((((((((((((((( Files Created from 2009-08-26 to 2009-09-26 )))))))))))))))))))))))))))))))
.
2009-09-26 10:00 . 2009-09-26 10:00
d
w- c:\windows\LastGood
2009-09-26 10:00 . 2009-07-28 15:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-09-26 10:00 . 2009-03-30 09:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-09-26 10:00 . 2009-02-13 11:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-09-26 10:00 . 2009-02-13 11:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-09-26 10:00 . 2009-09-26 10:00
d
w- c:\program files\Avira
2009-09-26 10:00 . 2009-09-26 10:00
d
w- c:\documents and settings\All Users\Application Data\Avira
2009-09-25 23:57 . 2009-09-25 23:57
d
w- c:\program files\Trend Micro
2009-09-25 22:39 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-25 22:39 . 2009-09-25 23:55
d
w- c:\program files\Malwarebytes' Anti-Malware
2009-09-25 22:39 . 2009-09-25 22:39
d
w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-25 22:39 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-25 00:17 . 2009-09-25 00:17
d
w- c:\documents and settings\dad\Local Settings\Application Data\Microsoft Corporation
2009-09-25 00:10 . 2009-09-25 20:16
d
w- c:\program files\Microsoft Small Business
2009-09-25 00:03 . 2009-09-25 00:03
d
w- c:\program files\Microsoft.NET
2009-09-24 23:57 . 2009-09-24 23:57
d
w- c:\program files\MSXML 6.0
2009-09-24 23:52 . 2009-09-25 12:12
d
w- c:\program files\Microsoft SQL Server
2009-09-24 13:22 . 2009-09-23 19:12 1386112 ----a-w- C:\q822350.exe
2009-09-22 16:25 . 2009-09-22 16:25
d
w- c:\documents and settings\All Users\Application Data\Sage
2009-09-22 13:08 . 2009-09-22 13:08 122880 ----a-w- c:\windows\system32\sharedobj.dll
2009-09-22 13:08 . 2009-09-22 13:08 319488 ----a-w- c:\windows\system32\ucrtupd.exe
2009-09-22 07:11 . 2009-09-22 07:11
d
w- c:\documents and settings\Guest\Tracing
2009-09-21 15:05 . 2002-08-28 21:48 14208 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-09-21 15:05 . 2002-08-28 21:48 14208 ----a-w- c:\program files\usbscan.sys
2009-09-21 15:01 . 2009-09-21 15:01 8556 ----a-w- C:\usbscan.zip
2009-09-21 13:47 . 2009-09-21 13:47
d
w- c:\windows\system32\CatRoot_bak
2009-09-21 13:16 . 2009-09-21 13:16
d
w- c:\windows\system32\New Folder
2009-09-20 20:44 . 2007-04-17 23:00 67072 ----a-w- c:\windows\system32\escwiad.dll
2009-09-20 20:27 . 2006-12-08 10:04 76800 ----a-w- c:\windows\system32\E_FLBCDE.DLL
2009-09-20 20:27 . 2006-04-19 10:00 62976 ----a-w- c:\windows\system32\E_FD4BCDE.DLL
2009-09-20 20:26 . 2009-09-20 20:44
d
w- c:\program files\EPSON
2009-09-15 15:08 . 2009-09-22 18:31
d
w- c:\documents and settings\dad\Tracing
2009-09-15 14:59 . 2009-09-15 14:59
d
w- c:\program files\Common Files\Windows Live
2009-09-14 20:41 . 2009-09-14 20:41
d
w- c:\documents and settings\All Users\Application Data\CyberLink
2009-09-14 19:55 . 2007-06-15 15:21 26120 ----a-r- c:\windows\system32\drivers\SNTNLUSB.SYS
2009-09-14 19:55 . 2007-06-15 15:21 76288 ----a-w- c:\windows\system32\drivers\SENTINEL.SYS
2009-09-14 19:55 . 2007-06-15 15:21 50176 ----a-w- c:\windows\system32\SNTI386.DLL
2009-09-14 19:55 . 2007-06-15 15:21 18432 ----a-w- c:\windows\system32\RNBOVDD.DLL
2009-09-14 19:55 . 2009-09-14 19:55
d
w- c:\windows\system32\RNBOSENT
2009-09-14 19:54 . 2004-07-14 11:54 676864 ----a-w- c:\windows\system32\drivers\hardlock.sys
2009-09-14 19:53 . 2009-09-14 19:53 383 ----a-w- c:\windows\system32\haspdos.sys
2009-09-14 19:53 . 2009-09-14 19:53 6656 ----a-w- c:\windows\system32\haspvdd.dll
2009-09-14 19:53 . 2009-09-14 19:53 47616 ----a-w- c:\windows\system32\drivers\Haspnt.sys
2009-09-14 19:53 . 1994-02-13 06:21 11111 ----a-w- c:\windows\system32\DELTREE.EXE
2009-09-14 19:53 . 1999-10-06 09:51 463392 ----a-w- c:\windows\system32\OWL250F.DLL
2009-09-14 19:53 . 1997-01-16 00:00 1766160 ----a-w- c:\windows\system32\VBA5.DLL
2009-09-14 19:53 . 1999-10-06 09:51 471840 ----a-w- c:\windows\system32\hhupd.exe
2009-09-14 19:51 . 2009-09-14 20:07
d
w- c:\program files\FlexiSIGN-PRO 7.6v2
2009-09-13 11:20 . 2009-09-26 00:15
d
w- c:\documents and settings\All Users\Application Data\Google Updater
2009-09-12 20:06 . 2009-09-20 20:34
d
w- c:\documents and settings\All Users\Application Data\EPSON
2009-09-12 16:46 . 2009-09-13 09:26
d
w- C:\artcut6
2009-09-12 16:36 . 2009-09-12 16:36
d
w- c:\documents and settings\All Users\Application Data\InstallShield
2009-09-10 21:58 . 2009-09-10 21:58
d
w- c:\documents and settings\All Users\Application Data\Roland DG Corporation
2009-09-10 21:58 . 2009-09-10 21:58
d
w- c:\program files\CutStudio
2009-09-10 21:53 . 2009-09-11 07:42
d
w- c:\documents and settings\dad\Application Data\uTorrent
2009-09-09 07:19 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-26 09:55 . 2009-05-19 18:15
d
w- c:\program files\SPAMfighter
2009-09-25 20:29 . 2008-07-31 11:39
d--h--w- c:\program files\InstallShield Installation Information
2009-09-25 00:16 . 2008-07-31 12:06 623296 -c--a-w- c:\documents and settings\dad\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-22 16:23 . 2009-09-22 16:23
d
w- c:\program files\Common Files\TAS Software
2009-09-18 08:58 . 2008-07-31 11:36
d
w- c:\program files\Microsoft Money 2005
2009-09-16 02:56 . 2008-08-25 11:13 622512 -c--a-w- c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-31 21:52 . 2008-09-11 11:32
d
w- c:\program files\NavNet
2009-08-20 22:04 . 2009-04-17 15:54
d
w- c:\documents and settings\dad\Application Data\Corel
2009-08-17 23:42 . 2009-08-17 23:42
d
w- c:\program files\Convar
2009-08-17 23:09 . 2009-08-17 23:09
d
w- c:\program files\CardRecovery
2009-08-12 15:53 . 2009-01-27 22:43
d
w- c:\program files\Common Files\Real
2009-08-12 15:52 . 2009-08-12 15:52
d
w- c:\program files\Real
2009-08-11 14:44 . 2009-08-11 14:44
d
w- c:\documents and settings\dad\Application Data\BitZipper
2009-08-11 14:44 . 2009-08-11 14:44
d
w- c:\documents and settings\dad\Application Data\ArcSoft
2009-08-11 14:44 . 2009-08-11 14:44
d
w- c:\documents and settings\dad\Application Data\AdobeUM
2009-08-11 07:22 . 2009-08-11 07:04 34 ----a-w- c:\documents and settings\dad\jagex_runescape_preferences.dat
2009-08-05 09:01 . 2005-04-25 23:05 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-30 23:10 . 2009-07-30 23:10
d
w- c:\program files\Transcendental Technologies
2009-07-17 19:01 . 2005-04-25 23:05 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 22:43 . 2005-04-25 23:06 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-29 16:12 . 2005-04-25 23:06 827392
w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2009-04-01 07:20 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2005-04-25 23:05 17408 ----a-w- c:\windows\system32\corpol.dll
2009-04-10 16:06 . 2009-04-10 16:06 100553 -c--a-w- c:\program files\deejay_supreme.zip
2008-10-27 22:41 . 2008-10-27 22:41 23 --sha-w- c:\windows\system32\dadfaaeac5_g.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-08 39408]
"Ncr"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-08 39408]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-21 198160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"SPAMfighter Agent"="c:\program files\SPAMfighter\SFAgent.exe" [2009-03-12 326792]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-05-16 213936]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-06-18 68592]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\FlexiSIGN-PRO 7.6v2\\Program\\App.exe"=
"c:\\Program Files\\FlexiSIGN-PRO 7.6v2\\Program\\App2.exe"=
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [26/09/2009 11:00 108289]
R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [12/03/2009 10:44 184968]
S2 ucrtupd;Universal Root Certificates Updates;c:\windows\system32\ucrtupd.exe [22/09/2009 14:08 319488]
S3 CH341SER;CH341SER;c:\windows\system32\drivers\CH341SER.SYS [16/04/2009 11:44 37488]
S3 hcw95bda;Hauppauge MOD7700 Tuner Driver;c:\windows\system32\drivers\hcw95bda.sys [31/07/2008 13:22 560640]
S3 hcw95rc;Hauppauge MOD7700 IR Driver;c:\windows\system32\drivers\hcw95rc.sys [31/07/2008 13:22 15616]
S4 EPGService;EPGService;c:\progra~1\WinTV\EPG Services\System\EPGService.exe [31/07/2008 13:46 437248]
S4 HauppaugeTVServer;HauppaugeTVServer;c:\progra~1\WinTV\HCWTVS~1.EXE [31/07/2008 13:45 823296]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - ANTIVIRSCHEDULERSERVICE
*NewlyCreated* - ANTIVIRSERVICE
*NewlyCreated* - AVGIO
*NewlyCreated* - AVGNTFLT
*NewlyCreated* - AVIPBB
*NewlyCreated* - SSMDRV
.
Contents of the 'Scheduled Tasks' folder
2009-09-26 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-08 13:12]
2009-09-26 c:\windows\Tasks\User_Feed_Synchronization-{ACA74B1A-F24A-4629-B176-1DD3A4316D8D}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 17:36]
2009-09-26 c:\windows\Tasks\User_Feed_Synchronization-{B8F45EB7-32A6-4BC8-9531-8E7AA8359D6A}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 17:36]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyServer = webcache.virginmedia.com:8080
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
FF - ProfilePath - c:\documents and settings\dad\Application Data\Mozilla\Firefox\Profiles\vz9iybhx.default\
FF - prefs.js: network.proxy.ftp - webcache.virginmedia.com
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - webcache.virginmedia.com
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - webcache.virginmedia.com
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - webcache.virginmedia.com
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - webcache.virginmedia.com
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-26 12:50
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-09-26 12:53
ComboFix-quarantined-files.txt 2009-09-26 11:53
ComboFix2.txt 2009-09-26 10:32
Pre-Run: 52,468,465,664 bytes free
Post-Run: 52,456,804,352 bytes free
198 --- E O F --- 2009-09-25 12:230 -
Started doing it again :mad:0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351K Banking & Borrowing
- 253.1K Reduce Debt & Boost Income
- 453.6K Spending & Discounts
- 244K Work, Benefits & Business
- 598.9K Mortgages, Homes & Bills
- 176.9K Life & Family
- 257.3K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards