We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
The Forum now has a brand new text editor, adding a bunch of handy features to use when creating posts. Read more in our how-to guide
Avira AntiVir - got a problem with laptop
Comments
-
Once its finished it will produce a log. So I need to see that log (found in C/COMBOFIX.TXT):idea:0
-
Its preparing the log at the moment, just wondering how I get a copy of the log to you for you to see?0
-
You may need to split it into sections
HIGHLIGHT the log and select COPY then onto here and PASTE:idea:0 -
Here goes:
ComboFix 09-11-17.01 - Katie 17/11/2009 12:54.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2046.1197 [GMT 0:00]
Running from: c:\users\Katie\Downloads\qwerty.exe
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-3346466653-958817362-2568422298-1002
c:\$recycle.bin\S-1-5-21-3346466653-958817362-2568422298-500
c:\$recycle.bin\S-1-5-21-457827337-3201200255-3369882175-500
c:\windows\COUPON~1.OCX
c:\windows\CouponPrinter.ocx
.
((((((((((((((((((((((((( Files Created from 2009-10-17 to 2009-11-17 )))))))))))))))))))))))))))))))
.
2009-11-17 13:04 . 2009-11-17 13:09
d
w- c:\users\Katie\AppData\Local\temp
2009-11-17 13:04 . 2009-11-17 13:04
d
w- c:\users\Katie_2\AppData\Local\temp
2009-11-17 13:04 . 2009-11-17 13:04
d
w- c:\users\Default\AppData\Local\temp
2009-11-16 21:17 . 2009-11-16 21:17
d
w- c:\program files\Trend Micro
2009-11-16 16:21 . 2009-11-16 16:21
d
w- c:\users\Katie\AppData\Roaming\Malwarebytes
2009-11-16 16:21 . 2009-09-10 14:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-16 16:21 . 2009-11-16 16:21 4096 d
w- c:\program files\Malwarebytes' Anti-Malware
2009-11-16 16:21 . 2009-11-16 16:21
d
w- c:\programdata\Malwarebytes
2009-11-16 16:21 . 2009-09-10 14:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-16 12:25 . 2009-11-16 12:26
d
w- c:\windows\system32\ca-ES
2009-11-16 12:25 . 2009-11-16 12:26
d
w- c:\windows\system32\eu-ES
2009-11-16 12:25 . 2009-11-16 12:26
d
w- c:\windows\system32\vi-VN
2009-11-16 12:08 . 2009-11-16 12:08
d
w- c:\windows\system32\EventProviders
2009-11-11 17:48 . 2009-08-14 13:27 2036736 ----a-w- c:\windows\system32\win32k.sys
2009-11-11 17:48 . 2009-08-10 12:35 355328 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-07 20:50 . 2009-11-07 20:50
d
w- c:\programdata\Electronic Arts
2009-11-07 20:47 . 2009-11-07 20:47 10134 ----a-r- c:\users\Katie\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-11-07 20:47 . 2009-11-07 20:47
d
w- c:\program files\Microsoft WSE
2009-11-07 20:47 . 2006-09-28 16:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2009-11-07 20:26 . 2009-11-07 20:48
d
w- c:\program files\Electronic Arts
2009-10-28 17:55 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-28 17:55 . 2009-09-10 14:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-25 13:04 . 2009-03-08 11:32 72704 ----a-w- c:\windows\system32\admparse.dll
2009-10-25 08:57 . 2009-10-25 08:57
d
w- c:\program files\SystemRequirementsLab
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-17 13:05 . 2007-09-06 12:19 12 ----a-w- c:\windows\bthservsdp.dat
2009-11-17 11:50 . 2009-05-23 16:14 56511 ----a-w- c:\programdata\nvModes.dat
2009-11-16 12:39 . 2008-02-14 16:01 680 ----a-w- c:\users\Katie\AppData\Local\d3d9caps.dat
2009-11-16 12:26 . 2006-11-02 12:37
d
w- c:\program files\Windows Calendar
2009-11-16 12:26 . 2006-11-02 11:18 4096 d
w- c:\program files\Windows Mail
2009-11-16 12:26 . 2006-11-02 12:37 4096 d
w- c:\program files\Windows Sidebar
2009-11-16 12:26 . 2006-11-02 12:37 4096 d
w- c:\program files\Windows Collaboration
2009-11-16 12:26 . 2006-11-02 12:37 4096 d
w- c:\program files\Windows Journal
2009-11-16 12:26 . 2006-11-02 12:37 4096 d
w- c:\program files\Windows Photo Gallery
2009-11-16 12:26 . 2006-11-02 12:37 4096 d
w- c:\program files\Windows Defender
2009-11-16 12:25 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-16 12:24 . 2009-05-23 16:14
d
w- c:\programdata\NVIDIA
2009-11-12 18:53 . 2007-05-17 08:24 8192 d
w- c:\programdata\Microsoft Help
2009-11-07 20:26 . 2007-05-17 07:47 8192 d--h--w- c:\program files\InstallShield Installation Information
2009-11-02 20:42 . 2009-10-02 18:30 195456
w- c:\windows\system32\MpSigStub.exe
2009-10-15 06:51 . 2007-05-17 08:23 24576 d
w- c:\program files\Microsoft Works
2009-10-04 17:08 . 2009-10-04 17:07
d
w- c:\users\Katie_2\AppData\Roaming\HpUpdate
2009-10-04 11:50 . 2009-10-04 11:49 4096 d
w- c:\users\Katie\AppData\Roaming\HpUpdate
2009-09-28 17:35 . 2009-09-16 15:47 4096 d
w- c:\program files\Microsoft Silverlight
2009-09-26 22:34 . 2007-12-26 16:23 7592 ----a-w- c:\users\Katie_2\AppData\Local\d3d9caps.dat
2009-09-16 15:37 . 2007-12-22 11:37 87320 ----a-w- c:\users\Katie\AppData\Local\GDIPFONTCACHEV1.DAT
2009-09-14 09:29 . 2009-10-14 17:15 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-09-10 16:48 . 2009-10-14 17:34 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 11:41 . 2009-10-14 17:21 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 00:27 . 2009-09-27 11:05 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-27 11:05 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-27 05:22 . 2009-10-25 13:05 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17 . 2009-10-25 13:05 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17 . 2009-10-25 13:05 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42 . 2009-10-25 13:05 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-05-23 14:34 . 2009-05-23 14:34 22 --sha-w- c:\windows\SMINST\HPCD.sys
.0 -
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-09-03 3342336]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-06-20 1316136]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 81920]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 178712]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-19 468264]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-01-14 4874240]
c:\users\Katie_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
c:\users\Katie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Exif Launcher 2.lnk - c:\program files\FinePixViewer\QuickDCF2.exe [2008-2-2 294912]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):d9,39,36,51,b9,66,ca,010 -
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [24/05/2009 10:51 21504]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [24/05/2009 10:51 21504]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [17/11/2008 14:40 3668480]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [16/09/2009 15:47 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 21:48 704864]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder
2009-11-17 c:\windows\Tasks\User_Feed_Synchronization-{2AAA5B3B-E0DB-4CDE-986D-C74190CCFE77}.job
- c:\windows\system32\msfeedssync.exe [2009-10-25 03:41]
.
.
Supplementary Scan
.
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=73&bd=Pavilion&pf=laptop
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\wpclsp.dll
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe0 -
**************************************************************************
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
DLLs Loaded Under Running Processes
- - - - - - - > 'Explorer.exe'(2556)
c:\windows\system32\APSHook.dll
.
Other Running Processes
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\program files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
c:\program files\Sony\SonicStage\SSAAD.exe
c:\windows\System32\rundll32.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
.
**************************************************************************
.
Completion time: 2009-11-17 13:19 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-17 13:19
Pre-Run: 102,136,217,600 bytes free
Post-Run: 104,003,276,800 bytes free
- - End Of File - - 6D6BB949900844BF25888903AC5FD6E80 -
Think this is it, hope you have got it all.0
-
Combofix has removed these ~
c:\$recycle.bin\S-1-5-21-3346466653-958817362-2568422298-1002
c:\$recycle.bin\S-1-5-21-3346466653-958817362-2568422298-500
c:\$recycle.bin\S-1-5-21-457827337-3201200255-3369882175-500
c:\windows\COUPON~1.OCX
c:\windows\CouponPrinter.ocx
and youll be happy to know I cant see anything else lurking in there
:idea:0 -
Thank you, even though I don`t know what that means. could you tell me what they are? were they bad?
Do I now need to install Avira again as I have removed it from the laptop.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 354.2K Banking & Borrowing
- 254.3K Reduce Debt & Boost Income
- 455.3K Spending & Discounts
- 247.2K Work, Benefits & Business
- 603.8K Mortgages, Homes & Bills
- 178.4K Life & Family
- 261.3K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.7K Read-Only Boards