We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
Internet explorer shutting down
Comments
-
update and run malwarebytes again
Then download a fresh copy of combofix and run that (Its only updated via the actual site)
Then ill peruse the logfile for nasties (Pointless looking through the old one as clearly its gotten worse since that was run):idea:0 -
ComboFix 09-09-25.01 - dad 28/09/2009 0:03.3.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.503.230 [GMT 1:00]
Running from: c:\documents and settings\dad\My Documents\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2009-08-27 to 2009-09-27 )))))))))))))))))))))))))))))))
.
2009-09-27 03:37 . 2009-09-27 03:37
d
w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-09-27 03:33 . 2009-09-27 03:40
d
w- c:\documents and settings\dad\Local Settings\Application Data\Temp
2009-09-26 20:43 . 2009-09-26 20:52
d
w- c:\documents and settings\dad\.housecall6.6
2009-09-26 20:39 . 2009-09-27 20:06 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-09-26 10:00 . 2009-07-28 15:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-09-26 10:00 . 2009-03-30 09:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-09-26 10:00 . 2009-02-13 11:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-09-26 10:00 . 2009-02-13 11:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-09-26 10:00 . 2009-09-26 10:00
d
w- c:\program files\Avira
2009-09-26 10:00 . 2009-09-26 10:00
d
w- c:\documents and settings\All Users\Application Data\Avira
2009-09-25 23:57 . 2009-09-25 23:57
d
w- c:\program files\Trend Micro
2009-09-25 22:39 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-25 22:39 . 2009-09-25 23:55
d
w- c:\program files\Malwarebytes' Anti-Malware
2009-09-25 22:39 . 2009-09-25 22:39
d
w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-25 22:39 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-25 00:17 . 2009-09-25 00:17
d
w- c:\documents and settings\dad\Local Settings\Application Data\Microsoft Corporation
2009-09-25 00:10 . 2009-09-25 20:16
d
w- c:\program files\Microsoft Small Business
2009-09-25 00:03 . 2009-09-25 00:03
d
w- c:\program files\Microsoft.NET
2009-09-24 23:57 . 2009-09-24 23:57
d
w- c:\program files\MSXML 6.0
2009-09-24 23:52 . 2009-09-25 12:12
d
w- c:\program files\Microsoft SQL Server
2009-09-24 13:22 . 2009-09-23 19:12 1386112 ----a-w- C:\q822350.exe
2009-09-22 16:25 . 2009-09-22 16:25
d
w- c:\documents and settings\All Users\Application Data\Sage
2009-09-22 13:08 . 2009-09-22 13:08 122880 ----a-w- c:\windows\system32\sharedobj.dll
2009-09-22 13:08 . 2009-09-22 13:08 319488 ----a-w- c:\windows\system32\ucrtupd.exe
2009-09-22 07:11 . 2009-09-22 07:11
d
w- c:\documents and settings\Guest\Tracing
2009-09-21 15:05 . 2002-08-28 21:48 14208 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-09-21 15:05 . 2002-08-28 21:48 14208 ----a-w- c:\program files\usbscan.sys
2009-09-21 15:01 . 2009-09-21 15:01 8556 ----a-w- C:\usbscan.zip
2009-09-21 13:47 . 2009-09-21 13:47
d
w- c:\windows\system32\CatRoot_bak
2009-09-21 13:16 . 2009-09-21 13:16
d
w- c:\windows\system32\New Folder
2009-09-20 20:44 . 2007-04-17 23:00 67072 ----a-w- c:\windows\system32\escwiad.dll
2009-09-20 20:27 . 2006-12-08 10:04 76800 ----a-w- c:\windows\system32\E_FLBCDE.DLL
2009-09-20 20:27 . 2006-04-19 10:00 62976 ----a-w- c:\windows\system32\E_FD4BCDE.DLL
2009-09-20 20:26 . 2009-09-20 20:44
d
w- c:\program files\EPSON
2009-09-15 15:08 . 2009-09-22 18:31
d
w- c:\documents and settings\dad\Tracing
2009-09-15 14:59 . 2009-09-15 14:59
d
w- c:\program files\Common Files\Windows Live
2009-09-14 20:41 . 2009-09-14 20:41
d
w- c:\documents and settings\All Users\Application Data\CyberLink
2009-09-14 19:55 . 2007-06-15 15:21 26120 ----a-r- c:\windows\system32\drivers\SNTNLUSB.SYS
2009-09-14 19:55 . 2007-06-15 15:21 76288 ----a-w- c:\windows\system32\drivers\SENTINEL.SYS
2009-09-14 19:55 . 2007-06-15 15:21 50176 ----a-w- c:\windows\system32\SNTI386.DLL
2009-09-14 19:55 . 2007-06-15 15:21 18432 ----a-w- c:\windows\system32\RNBOVDD.DLL
2009-09-14 19:55 . 2009-09-14 19:55
d
w- c:\windows\system32\RNBOSENT
2009-09-14 19:54 . 2004-07-14 11:54 676864 ----a-w- c:\windows\system32\drivers\hardlock.sys
2009-09-14 19:53 . 2009-09-14 19:53 383 ----a-w- c:\windows\system32\haspdos.sys
2009-09-14 19:53 . 2009-09-14 19:53 6656 ----a-w- c:\windows\system32\haspvdd.dll
2009-09-14 19:53 . 2009-09-14 19:53 47616 ----a-w- c:\windows\system32\drivers\Haspnt.sys
2009-09-14 19:53 . 1994-02-13 06:21 11111 ----a-w- c:\windows\system32\DELTREE.EXE
2009-09-14 19:53 . 1999-10-06 09:51 463392 ----a-w- c:\windows\system32\OWL250F.DLL
2009-09-14 19:53 . 1997-01-16 00:00 1766160 ----a-w- c:\windows\system32\VBA5.DLL
2009-09-14 19:53 . 1999-10-06 09:51 471840 ----a-w- c:\windows\system32\hhupd.exe
2009-09-14 19:51 . 2009-09-14 20:07
d
w- c:\program files\FlexiSIGN-PRO 7.6v2
2009-09-13 11:20 . 2009-09-27 03:20
d
w- c:\documents and settings\All Users\Application Data\Google Updater
2009-09-12 20:06 . 2009-09-20 20:34
d
w- c:\documents and settings\All Users\Application Data\EPSON
2009-09-12 16:46 . 2009-09-13 09:26
d
w- C:\artcut6
2009-09-12 16:36 . 2009-09-12 16:36
d
w- c:\documents and settings\All Users\Application Data\InstallShield
2009-09-10 21:58 . 2009-09-10 21:58
d
w- c:\documents and settings\All Users\Application Data\Roland DG Corporation
2009-09-10 21:58 . 2009-09-10 21:58
d
w- c:\program files\CutStudio
2009-09-10 21:53 . 2009-09-11 07:42
d
w- c:\documents and settings\dad\Application Data\uTorrent
2009-09-09 07:19 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-27 22:56 . 2009-05-19 18:15
d
w- c:\program files\SPAMfighter
2009-09-27 12:17 . 2009-09-27 12:17 0 ----a-w- c:\documents and settings\dad\Application Data\wklnhst.dat
2009-09-27 03:33 . 2008-08-08 00:09
d
w- c:\program files\Google
2009-09-26 20:41 . 2009-03-17 10:55
d
w- c:\program files\Java
2009-09-25 20:29 . 2008-07-31 11:39
d--h--w- c:\program files\InstallShield Installation Information
2009-09-25 00:16 . 2008-07-31 12:06 623296 -c--a-w- c:\documents and settings\dad\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-22 16:23 . 2009-09-22 16:23
d
w- c:\program files\Common Files\TAS Software
2009-09-18 08:58 . 2008-07-31 11:36
d
w- c:\program files\Microsoft Money 2005
2009-09-16 02:56 . 2008-08-25 11:13 622512 -c--a-w- c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-31 21:52 . 2008-09-11 11:32
d
w- c:\program files\NavNet
2009-08-20 22:04 . 2009-04-17 15:54
d
w- c:\documents and settings\dad\Application Data\Corel
2009-08-17 23:42 . 2009-08-17 23:42
d
w- c:\program files\Convar
2009-08-17 23:09 . 2009-08-17 23:09
d
w- c:\program files\CardRecovery
2009-08-12 15:53 . 2009-01-27 22:43
d
w- c:\program files\Common Files\Real
2009-08-12 15:52 . 2009-08-12 15:52
d
w- c:\program files\Real
2009-08-11 14:44 . 2009-08-11 14:44
d
w- c:\documents and settings\dad\Application Data\BitZipper
2009-08-11 14:44 . 2009-08-11 14:44
d
w- c:\documents and settings\dad\Application Data\ArcSoft
2009-08-11 14:44 . 2009-08-11 14:44
d
w- c:\documents and settings\dad\Application Data\AdobeUM
2009-08-11 07:22 . 2009-08-11 07:04 34 ----a-w- c:\documents and settings\dad\jagex_runescape_preferences.dat
2009-08-05 09:01 . 2005-04-25 23:05 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-31 14:23 . 2008-12-21 22:24 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-30 23:10 . 2009-07-30 23:10
d
w- c:\program files\Transcendental Technologies
2009-07-17 19:01 . 2005-04-25 23:05 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 22:43 . 2005-04-25 23:06 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-04-10 16:06 . 2009-04-10 16:06 100553 -c--a-w- c:\program files\deejay_supreme.zip
2008-10-27 22:41 . 2008-10-27 22:41 23 --sha-w- c:\windows\system32\dadfaaeac5_g.dll
.
((((((((((((((((((((((((((((( [EMAIL="SnapShot@2009-09-26_10.29.23"]SnapShot@2009-09-26_10.29.23[/EMAIL] )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-27 03:32 . 2009-09-27 03:32 22528 c:\windows\Installer\c33fa.msi
+ 2009-09-26 20:41 . 2009-07-31 14:23 149280 c:\windows\system32\javaws.exe
+ 2009-09-26 20:41 . 2009-07-31 14:23 145184 c:\windows\system32\javaw.exe
+ 2009-09-26 20:41 . 2009-07-31 14:23 145184 c:\windows\system32\java.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7}]
2009-09-22 05:35 573936 ----a-w- c:\program files\Google\Chrome Frame\Application\4.0.211.7\npchrome_tab.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-08 39408]
"Ncr"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-08 39408]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Google Update"="c:\documents and settings\dad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-09-27 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-21 198160]
"SPAMfighter Agent"="c:\program files\SPAMfighter\SFAgent.exe" [2009-03-12 326792]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-05-16 213936]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-06-18 68592]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-31 149280]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\FlexiSIGN-PRO 7.6v2\\Program\\App.exe"=
"c:\\Program Files\\FlexiSIGN-PRO 7.6v2\\Program\\App2.exe"=
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [26/09/2009 11:00 108289]
R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [12/03/2009 10:44 184968]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [27/09/2009 04:32 133104]
S2 ucrtupd;Universal Root Certificates Updates;c:\windows\system32\ucrtupd.exe [22/09/2009 14:08 319488]
S3 CH341SER;CH341SER;c:\windows\system32\drivers\CH341SER.SYS [16/04/2009 11:44 37488]
S3 hcw95bda;Hauppauge MOD7700 Tuner Driver;c:\windows\system32\drivers\hcw95bda.sys [31/07/2008 13:22 560640]
S3 hcw95rc;Hauppauge MOD7700 IR Driver;c:\windows\system32\drivers\hcw95rc.sys [31/07/2008 13:22 15616]
S4 EPGService;EPGService;c:\progra~1\WinTV\EPG Services\System\EPGService.exe [31/07/2008 13:46 437248]
S4 HauppaugeTVServer;HauppaugeTVServer;c:\progra~1\WinTV\HCWTVS~1.EXE [31/07/2008 13:45 823296]
.
Contents of the 'Scheduled Tasks' folder
2009-09-27 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-08 13:12]
2009-09-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-27 03:32]
2009-09-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-27 03:32]
2009-09-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3620052795-7640031-1459545943-1007Core.job
- c:\documents and settings\dad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-27 03:32]
2009-09-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3620052795-7640031-1459545943-1007UA.job
- c:\documents and settings\dad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-27 03:32]
2009-09-27 c:\windows\Tasks\User_Feed_Synchronization-{ACA74B1A-F24A-4629-B176-1DD3A4316D8D}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 17:36]
2009-09-27 c:\windows\Tasks\User_Feed_Synchronization-{B8F45EB7-32A6-4BC8-9531-8E7AA8359D6A}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 17:36]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyServer = webcache.virginmedia.com:8080
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Handler: cf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\program files\Google\Chrome Frame\Application\4.0.211.7\npchrome_tab.dll
FF - ProfilePath - c:\documents and settings\dad\Application Data\Mozilla\Firefox\Profiles\vz9iybhx.default\
FF - prefs.js: network.proxy.ftp - webcache.virginmedia.com
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - webcache.virginmedia.com
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - webcache.virginmedia.com
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - webcache.virginmedia.com
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - webcache.virginmedia.com
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-28 00:14
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
DLLs Loaded Under Running Processes
- - - - - - - > 'explorer.exe'(3204)
c:\windows\system32\WININET.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-09-27 0:17
ComboFix-quarantined-files.txt 2009-09-27 23:17
ComboFix2.txt 2009-09-26 11:53
ComboFix3.txt 2009-09-26 10:32
Pre-Run: 52,035,129,344 bytes free
Post-Run: 52,057,993,216 bytes free
213 --- E O F --- 2009-09-25 12:230 -
We're at stage now where its possible the computers beyond hope
If you follow the combofix instructions below its AT YOUR OWN RISK (ID advise backing up anything like photos etc you need first)
Open notepad and copy/paste the text in RED below
File::
C:\q822350.exe
c:\windows\system32\sharedobj.dll
c:\windows\system32\ucrtupd.exe
c:\program files\usbscan.sys
c:\windows\system32\escwiad.dll
c:\windows\system32\E_FLBCDE.DLL
c:\windows\system32\E_FD4BCDE.DLL
c:\windows\system32\OWL250F.DLL
c:\windows\system32\hhupd.exe
c:\windows\system32\dllcache\triedit.dll
c:\program files\deejay_supreme.zip
c:\windows\system32\dadfaaeac5_g.dll
c:\windows\Installer\c33fa.msi
Save this as "CFScript"
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply
Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
Download CCLEANER
http://www.ccleaner.com/download/builds/downloading-slim
Run the CLEANER scan (UNTICK 'cookies')
Then run the REGISTRY scan (Backup the registry when it asks)
then download DR WEB from here ~
http://www.freedrweb.com/
Run it, then once its run select to scan the WHOLE computer and run again:idea:0 -
ComboFix 09-09-25.01 - dad 28/09/2009 7:09.4.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.503.226 [GMT 1:00]
Running from: c:\documents and settings\dad\My Documents\ComboFix.exe
Command switches used :: c:\documents and settings\dad\CFSCRIPT.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
"c:\program files\deejay_supreme.zip"
"c:\program files\usbscan.sys"
"C:\q822350.exe"
"c:\windows\Installer\c33fa.msi"
"c:\windows\system32\dadfaaeac5_g.dll"
"c:\windows\system32\dllcache\triedit.dll"
"c:\windows\system32\E_FD4BCDE.DLL"
"c:\windows\system32\E_FLBCDE.DLL"
"c:\windows\system32\escwiad.dll"
"c:\windows\system32\hhupd.exe"
"c:\windows\system32\OWL250F.DLL"
"c:\windows\system32\sharedobj.dll"
"c:\windows\system32\ucrtupd.exe"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\deejay_supreme.zip
c:\program files\usbscan.sys
C:\q822350.exe
c:\windows\Installer\c33fa.msi
c:\windows\system32\dadfaaeac5_g.dll
c:\windows\system32\dllcache\triedit.dll
c:\windows\system32\E_FD4BCDE.DLL
c:\windows\system32\E_FLBCDE.DLL
c:\windows\system32\escwiad.dll
c:\windows\system32\hhupd.exe
c:\windows\system32\OWL250F.DLL
c:\windows\system32\sharedobj.dll
c:\windows\system32\ucrtupd.exe
.
((((((((((((((((((((((((( Files Created from 2009-08-28 to 2009-09-28 )))))))))))))))))))))))))))))))
.
2009-09-27 03:37 . 2009-09-27 03:37
d
w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-09-27 03:33 . 2009-09-27 03:40
d
w- c:\documents and settings\dad\Local Settings\Application Data\Temp
2009-09-26 20:43 . 2009-09-26 20:52
d
w- c:\documents and settings\dad\.housecall6.6
2009-09-26 20:39 . 2009-09-27 20:06 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-09-26 10:00 . 2009-07-28 15:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-09-26 10:00 . 2009-03-30 09:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-09-26 10:00 . 2009-02-13 11:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-09-26 10:00 . 2009-02-13 11:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-09-26 10:00 . 2009-09-26 10:00
d
w- c:\program files\Avira
2009-09-26 10:00 . 2009-09-26 10:00
d
w- c:\documents and settings\All Users\Application Data\Avira
2009-09-25 23:57 . 2009-09-25 23:57
d
w- c:\program files\Trend Micro
2009-09-25 22:39 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-25 22:39 . 2009-09-25 23:55
d
w- c:\program files\Malwarebytes' Anti-Malware
2009-09-25 22:39 . 2009-09-25 22:39
d
w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-25 22:39 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-25 00:17 . 2009-09-25 00:17
d
w- c:\documents and settings\dad\Local Settings\Application Data\Microsoft Corporation
2009-09-25 00:10 . 2009-09-25 20:16
d
w- c:\program files\Microsoft Small Business
2009-09-25 00:03 . 2009-09-25 00:03
d
w- c:\program files\Microsoft.NET
2009-09-24 23:57 . 2009-09-24 23:57
d
w- c:\program files\MSXML 6.0
2009-09-24 23:52 . 2009-09-25 12:12
d
w- c:\program files\Microsoft SQL Server
2009-09-22 16:25 . 2009-09-22 16:25
d
w- c:\documents and settings\All Users\Application Data\Sage
2009-09-22 07:11 . 2009-09-22 07:11
d
w- c:\documents and settings\Guest\Tracing
2009-09-21 15:05 . 2002-08-28 21:48 14208 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-09-21 15:01 . 2009-09-21 15:01 8556 ----a-w- C:\usbscan.zip
2009-09-21 13:47 . 2009-09-21 13:47
d
w- c:\windows\system32\CatRoot_bak
2009-09-21 13:16 . 2009-09-21 13:16
d
w- c:\windows\system32\New Folder
2009-09-20 20:26 . 2009-09-20 20:44
d
w- c:\program files\EPSON
2009-09-15 15:08 . 2009-09-22 18:31
d
w- c:\documents and settings\dad\Tracing
2009-09-15 14:59 . 2009-09-15 14:59
d
w- c:\program files\Common Files\Windows Live
2009-09-14 20:41 . 2009-09-14 20:41
d
w- c:\documents and settings\All Users\Application Data\CyberLink
2009-09-14 19:55 . 2007-06-15 15:21 26120 ----a-r- c:\windows\system32\drivers\SNTNLUSB.SYS
2009-09-14 19:55 . 2007-06-15 15:21 76288 ----a-w- c:\windows\system32\drivers\SENTINEL.SYS
2009-09-14 19:55 . 2007-06-15 15:21 50176 ----a-w- c:\windows\system32\SNTI386.DLL
2009-09-14 19:55 . 2007-06-15 15:21 18432 ----a-w- c:\windows\system32\RNBOVDD.DLL
2009-09-14 19:55 . 2009-09-14 19:55
d
w- c:\windows\system32\RNBOSENT
2009-09-14 19:54 . 2004-07-14 11:54 676864 ----a-w- c:\windows\system32\drivers\hardlock.sys
2009-09-14 19:53 . 2009-09-14 19:53 383 ----a-w- c:\windows\system32\haspdos.sys
2009-09-14 19:53 . 2009-09-14 19:53 6656 ----a-w- c:\windows\system32\haspvdd.dll
2009-09-14 19:53 . 2009-09-14 19:53 47616 ----a-w- c:\windows\system32\drivers\Haspnt.sys
2009-09-14 19:53 . 1994-02-13 06:21 11111 ----a-w- c:\windows\system32\DELTREE.EXE
2009-09-14 19:53 . 1997-01-16 00:00 1766160 ----a-w- c:\windows\system32\VBA5.DLL
2009-09-14 19:51 . 2009-09-14 20:07
d
w- c:\program files\FlexiSIGN-PRO 7.6v2
2009-09-13 11:20 . 2009-09-28 04:21
d
w- c:\documents and settings\All Users\Application Data\Google Updater
2009-09-12 20:06 . 2009-09-20 20:34
d
w- c:\documents and settings\All Users\Application Data\EPSON
2009-09-12 16:46 . 2009-09-13 09:26
d
w- C:\artcut6
2009-09-12 16:36 . 2009-09-12 16:36
d
w- c:\documents and settings\All Users\Application Data\InstallShield
2009-09-10 21:58 . 2009-09-10 21:58
d
w- c:\documents and settings\All Users\Application Data\Roland DG Corporation
2009-09-10 21:58 . 2009-09-10 21:58
d
w- c:\program files\CutStudio
2009-09-10 21:53 . 2009-09-11 07:42
d
w- c:\documents and settings\dad\Application Data\uTorrent
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-28 06:19 . 2009-05-19 18:15
d
w- c:\program files\SPAMfighter
2009-09-27 12:17 . 2009-09-27 12:17 0 ----a-w- c:\documents and settings\dad\Application Data\wklnhst.dat
2009-09-27 03:33 . 2008-08-08 00:09
d
w- c:\program files\Google
2009-09-26 20:41 . 2009-03-17 10:55
d
w- c:\program files\Java
2009-09-25 20:29 . 2008-07-31 11:39
d--h--w- c:\program files\InstallShield Installation Information
2009-09-25 00:16 . 2008-07-31 12:06 623296 -c--a-w- c:\documents and settings\dad\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-22 16:23 . 2009-09-22 16:23
d
w- c:\program files\Common Files\TAS Software
2009-09-18 08:58 . 2008-07-31 11:36
d
w- c:\program files\Microsoft Money 2005
2009-09-16 02:56 . 2008-08-25 11:13 622512 -c--a-w- c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-31 21:52 . 2008-09-11 11:32
d
w- c:\program files\NavNet
2009-08-20 22:04 . 2009-04-17 15:54
d
w- c:\documents and settings\dad\Application Data\Corel
2009-08-17 23:42 . 2009-08-17 23:42
d
w- c:\program files\Convar
2009-08-17 23:09 . 2009-08-17 23:09
d
w- c:\program files\CardRecovery
2009-08-12 15:53 . 2009-01-27 22:43
d
w- c:\program files\Common Files\Real
2009-08-12 15:52 . 2009-08-12 15:52
d
w- c:\program files\Real
2009-08-11 14:44 . 2009-08-11 14:44
d
w- c:\documents and settings\dad\Application Data\BitZipper
2009-08-11 14:44 . 2009-08-11 14:44
d
w- c:\documents and settings\dad\Application Data\ArcSoft
2009-08-11 14:44 . 2009-08-11 14:44
d
w- c:\documents and settings\dad\Application Data\AdobeUM
2009-08-11 07:22 . 2009-08-11 07:04 34 ----a-w- c:\documents and settings\dad\jagex_runescape_preferences.dat
2009-08-05 09:01 . 2005-04-25 23:05 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-31 14:23 . 2008-12-21 22:24 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-30 23:10 . 2009-07-30 23:10
d
w- c:\program files\Transcendental Technologies
2009-07-17 19:01 . 2005-04-25 23:05 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 22:43 . 2005-04-25 23:06 286208 ----a-w- c:\windows\system32\wmpdxm.dll
.
((((((((((((((((((((((((((((( [EMAIL="SnapShot@2009-09-26_10.29.23"]SnapShot@2009-09-26_10.29.23[/EMAIL] )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-28 06:19 . 2009-09-28 06:19 16384 c:\windows\temp\Perflib_Perfdata_14c.dat
+ 2009-09-26 20:41 . 2009-07-31 14:23 149280 c:\windows\system32\javaws.exe
+ 2009-09-26 20:41 . 2009-07-31 14:23 145184 c:\windows\system32\javaw.exe
+ 2009-09-26 20:41 . 2009-07-31 14:23 145184 c:\windows\system32\java.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7}]
2009-09-22 05:35 573936 ----a-w- c:\program files\Google\Chrome Frame\Application\4.0.211.7\npchrome_tab.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-08 39408]
"Ncr"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-08 39408]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Google Update"="c:\documents and settings\dad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-09-27 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-21 198160]
"SPAMfighter Agent"="c:\program files\SPAMfighter\SFAgent.exe" [2009-03-12 326792]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-05-16 213936]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-06-18 68592]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-31 149280]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\FlexiSIGN-PRO 7.6v2\\Program\\App.exe"=
"c:\\Program Files\\FlexiSIGN-PRO 7.6v2\\Program\\App2.exe"=
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [26/09/2009 11:00 108289]
R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [12/03/2009 10:44 184968]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [27/09/2009 04:32 133104]
S2 ucrtupd;Universal Root Certificates Updates;"c:\windows\system32\ucrtupd.exe" run "632a-webcache.virginmedia.com-e396-dad-YOUR-88235D1B4F" --> c:\windows\system32\ucrtupd.exe [?]
S3 CH341SER;CH341SER;c:\windows\system32\drivers\CH341SER.SYS [16/04/2009 11:44 37488]
S3 hcw95bda;Hauppauge MOD7700 Tuner Driver;c:\windows\system32\drivers\hcw95bda.sys [31/07/2008 13:22 560640]
S3 hcw95rc;Hauppauge MOD7700 IR Driver;c:\windows\system32\drivers\hcw95rc.sys [31/07/2008 13:22 15616]
S4 EPGService;EPGService;c:\progra~1\WinTV\EPG Services\System\EPGService.exe [31/07/2008 13:46 437248]
S4 HauppaugeTVServer;HauppaugeTVServer;c:\progra~1\WinTV\HCWTVS~1.EXE [31/07/2008 13:45 823296]
.
Contents of the 'Scheduled Tasks' folder
2009-09-28 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-08 13:12]
2009-09-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-27 03:32]
2009-09-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-27 03:32]
2009-09-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3620052795-7640031-1459545943-1007Core.job
- c:\documents and settings\dad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-27 03:32]
2009-09-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3620052795-7640031-1459545943-1007UA.job
- c:\documents and settings\dad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-27 03:32]
2009-09-28 c:\windows\Tasks\User_Feed_Synchronization-{ACA74B1A-F24A-4629-B176-1DD3A4316D8D}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 17:36]
2009-09-28 c:\windows\Tasks\User_Feed_Synchronization-{B8F45EB7-32A6-4BC8-9531-8E7AA8359D6A}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 17:36]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyServer = webcache.virginmedia.com:8080
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Handler: cf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\program files\Google\Chrome Frame\Application\4.0.211.7\npchrome_tab.dll
FF - ProfilePath - c:\documents and settings\dad\Application Data\Mozilla\Firefox\Profiles\vz9iybhx.default\
FF - prefs.js: network.proxy.ftp - webcache.virginmedia.com
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - webcache.virginmedia.com
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - webcache.virginmedia.com
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - webcache.virginmedia.com
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - webcache.virginmedia.com
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-28 07:20
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
DLLs Loaded Under Running Processes
- - - - - - - > 'explorer.exe'(1768)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Other Running Processes
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\msiexec.exe
c:\documents and settings\dad\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
.
**************************************************************************
.
Completion time: 2009-09-28 7:25 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-28 06:25
ComboFix2.txt 2009-09-27 23:17
ComboFix3.txt 2009-09-26 11:53
ComboFix4.txt 2009-09-26 10:32
Pre-Run: 52,030,873,600 bytes free
Post-Run: 51,998,728,192 bytes free
244 --- E O F --- 2009-09-25 12:230 -
Can you do a fresh HJT run and post the log ??......Gettin' There, Wherever There is......
I have a dodgy "i" key, so ignore spelling errors due to "i" issues, ...I blame Apple
0 -
I'm not sure if this is right but Dr web has been running for 10 and half hours and still scanning.0
-
If the number of files its scanned are going up? (ie, its not frozen) then its right as it is:idea:0
-
mrmitchell78 wrote: »I heartily recommend Firefox - even when it shuts down it saves your tabs etc
yeah Firefox is good to use and I'm addicted to FF3 with lot of add-ons as needed. :T0 -
If the number of files its scanned are going up? (ie, its not frozen) then its right as it is
Many thanks for having the patience for talking me through this I really appreciate it. It seems to be working faster and not shutting down.
If it does appear again I will re boot the system.Can you do a fresh HJT run and post the log ??
I can do this if you still want me too. I didn't do it before as the scan was taking place.
Once again thanks.:beer:0 -
yes please....best redo HJT once the other scans have finished
......Gettin' There, Wherever There is......
I have a dodgy "i" key, so ignore spelling errors due to "i" issues, ...I blame Apple0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 349.6K Banking & Borrowing
- 252.6K Reduce Debt & Boost Income
- 452.9K Spending & Discounts
- 242.6K Work, Benefits & Business
- 619.3K Mortgages, Homes & Bills
- 176.3K Life & Family
- 255.5K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 15.1K Coronavirus Support Boards