We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
The Forum now has a brand new text editor, adding a bunch of handy features to use when creating posts. Read more in our how-to guide
virus/malware help!
Comments
-
Sorry for the delay, took me ages to find my xp cds for the file check bit....!
Here is combofix log -
ComboFix 09-12-21.04 - mer 22/12/2009 11:36:06.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1567 [GMT 0:00]
Running from: d:\documents and settings\mer\My Documents\QWERTY.exe
AV: avast! antivirus 4.8.1368 [VPS 091222-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ActiveArmor Firewall *enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
d:\program files\SGPSA
d:\program files\WinPCap
d:\program files\WinPCap\daemon_mgm.exe
d:\program files\WinPCap\npf_mgm.exe
d:\program files\WinPCap\rpcapd.exe
d:\windows.0\COUPON~1.OCX
d:\windows.0\CouponPrinter.ocx
d:\windows.0\system32\drivers\npf.sys
d:\windows.0\system32\Packet.dll
d:\windows.0\system32\pthreadVC.dll
d:\windows.0\system32\sysinfo.exe
d:\windows.0\system32\WanPacket.dll
d:\windows.0\system32\wpcap.dll
.
original MBR restored successfully !
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
\Legacy_NPF
\Service_NPF
((((((((((((((((((((((((( Files Created from 2009-11-22 to 2009-12-22 )))))))))))))))))))))))))))))))
.
2009-12-22 10:54 . 2007-11-30 15:15 11935 -c--a-w- d:\windows.0\system32\dllcache\wadv11nt.sys
2009-12-22 10:53 . 2001-08-17 22:36 106584 -c--a-w- d:\windows.0\system32\dllcache\spdports.dll
2009-12-22 10:52 . 2001-08-17 13:51 19584 -c--a-w- d:\windows.0\system32\dllcache\rasirda.sys
2009-12-22 10:51 . 2001-08-17 22:36 60480 -c--a-w- d:\windows.0\system32\dllcache\neo20xx.dll
2009-12-22 10:50 . 2007-12-01 00:25 48640 -c--a-w- d:\windows.0\system32\dllcache\kdsui.dll
2009-12-22 10:49 . 2001-08-17 13:28 289887 -c--a-w- d:\windows.0\system32\dllcache\hsf_fall.sys
2009-12-22 10:48 . 2001-08-17 12:10 55999 -c--a-w- d:\windows.0\system32\dllcache\el556nd5.sys
2009-12-22 10:47 . 2007-12-01 00:25 15423 -c--a-w- d:\windows.0\system32\dllcache\ch7xxnt5.dll
2009-12-22 10:46 . 2001-08-17 14:55 96128 -c--a-w- d:\windows.0\system32\dllcache\ati.dll
2009-12-22 10:45 . 2001-08-17 14:56 66048 -c--a-w- d:\windows.0\system32\dllcache\s3legacy.dll
2009-12-22 10:06 . 2009-12-22 10:06
d
w- d:\documents and settings\mer\Application Data\GlarySoft
2009-12-22 10:03 . 2009-12-22 10:04
d
w- d:\program files\Glary Utilities
2009-12-22 09:53 . 2009-12-22 09:53
d
w- d:\program files\CCleaner
2009-12-21 17:57 . 2009-12-21 17:57 388096 ----a-r- d:\documents and settings\mer\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2009-12-21 17:57 . 2009-12-21 17:57
d
w- d:\program files\TrendMicro
2009-12-21 12:20 . 2009-12-21 12:20
d
w- d:\documents and settings\HelpAssistant\Tracing
2009-12-19 21:11 . 2009-06-30 09:37 28552 ----a-w- d:\windows.0\system32\drivers\pavboot.sys
2009-12-19 21:05 . 2009-12-19 21:05
d
w- d:\program files\MSXML 4.0
2009-12-19 21:05 . 2009-12-19 21:05
d
w- d:\documents and settings\mer\Application Data\PCPitstop
2009-12-19 20:51 . 2009-12-19 20:51
d--h--w- d:\documents and settings\Default User.WINDOWS
2009-12-19 20:51 . 2009-12-19 20:51
d
w- d:\documents and settings\All Users.WINDOWS
2009-12-19 20:34 . 2005-02-22 07:56 339968 ----a-r- d:\windows.0\system32\drivers\MRV8335.sys
2009-12-18 11:46 . 2009-12-22 09:54
d
w- d:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-18 11:46 . 2009-12-19 21:04
d
w- d:\program files\Spybot - Search & Destroy
2009-12-18 09:37 . 2009-12-18 09:45
d
w- d:\documents and settings\All Users\Application Data\PCPitstop
2009-12-17 22:49 . 2009-12-17 22:49
d
w- d:\windows.0\system32\wbem\Repository
2009-12-17 20:39 . 2009-12-17 20:39
d
w- d:\program files\Panda Security
2009-12-13 17:22 . 2009-12-13 17:22 79488 ----a-w- d:\documents and settings\mer\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-29 21:52 . 2009-11-29 21:52
d
w- d:\program files\Microsoft Silverlight
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-22 11:45 . 2009-09-15 08:21
d
w- d:\program files\SPAMfighter
2009-12-21 14:18 . 2009-08-30 21:27
d
w- d:\program files\Malwarebytes' Anti-Malware
2009-12-20 15:29 . 2009-03-07 21:09
d
w- d:\program files\Google
2009-12-20 09:46 . 2009-05-30 21:53
d
w- d:\documents and settings\mer\Application Data\DNA
2009-12-20 09:37 . 2009-05-30 21:53
d
w- d:\program files\DNA
2009-12-18 09:43 . 2009-03-29 15:26
d
w- d:\program files\PCPitstop
2009-12-14 23:31 . 2009-06-15 12:35
d
w- d:\documents and settings\mer\Application Data\Spotify
2009-12-11 09:31 . 2009-04-07 14:20
d
w- d:\documents and settings\All Users\Application Data\Microsoft Help
2009-12-03 16:14 . 2009-08-30 21:27 38224 ----a-w- d:\windows.0\system32\drivers\mbamswissarmy.sys
2009-12-03 16:13 . 2009-08-30 21:27 19160 ----a-w- d:\windows.0\system32\drivers\mbam.sys
2009-11-24 23:54 . 2009-03-08 13:04 1280480 ----a-w- d:\windows.0\system32\aswBoot.exe
2009-11-24 23:51 . 2009-03-08 13:05 93424 ----a-w- d:\windows.0\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2009-03-08 13:05 94160 ----a-w- d:\windows.0\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2009-03-08 13:05 114768 ----a-w- d:\windows.0\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2009-03-08 13:05 20560 ----a-w- d:\windows.0\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2009-03-08 13:05 48560 ----a-w- d:\windows.0\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-03-08 13:05 23120 ----a-w- d:\windows.0\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-03-08 13:05 27408 ----a-w- d:\windows.0\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-03-08 13:05 97480 ----a-w- d:\windows.0\system32\AvastSS.scr
2009-11-16 09:24 . 2009-10-02 19:17
d
w- d:\program files\Swag_Bucks
2009-11-07 14:57 . 2009-11-07 14:57
d
w- d:\program files\DivX
2009-11-07 14:57 . 2009-11-07 14:57
d
w- d:\program files\Common Files\DivX Shared
2009-11-05 08:49 . 2009-11-05 08:49 152576 ----a-w- d:\documents and settings\mer\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-04 15:39 . 2009-09-11 13:56
d
w- d:\program files\Coupon Printer
2009-10-29 07:46 . 2007-12-29 14:04 832512 ----a-w- d:\windows.0\system32\wininet.dll
2009-10-29 07:46 . 2007-12-29 14:02 78336 ----a-w- d:\windows.0\system32\ieencode.dll
2009-10-29 07:46 . 2007-12-29 14:01 17408 ----a-w- d:\windows.0\system32\corpol.dll
2009-10-21 05:38 . 2007-11-30 23:26 75776 ----a-w- d:\windows.0\system32\strmfilt.dll
2009-10-21 05:38 . 2007-11-30 23:25 25088 ----a-w- d:\windows.0\system32\httpapi.dll
2009-10-20 16:20 . 2007-11-30 16:45 265728 ----a-w- d:\windows.0\system32\drivers\http.sys
2009-10-13 10:30 . 2007-11-30 23:25 270336 ----a-w- d:\windows.0\system32\oakley.dll
2009-10-12 13:38 . 2007-11-30 23:25 149504 ----a-w- d:\windows.0\system32\rastls.dll
2009-10-12 13:38 . 2007-11-30 23:25 79872 ----a-w- d:\windows.0\system32\raschap.dll
2009-04-07 14:06 . 2009-04-07 14:06 366552 ----a-w- d:\program files\X12-30263-gb-DLM.exe
2009-04-07 09:49 . 2009-04-07 09:49 1234120 ----a-w- d:\program files\wrar380.exe
2009-04-05 11:21 . 2009-04-05 11:21 435712 ----a-w- d:\program files\shellstyle.dll
.
Sigcheck
[-] 2007-12-29 . 6EB0FCD71AAB8E5378321475AE8DB732 . 1613824 . . [5.1.2600.3264] . . d:\windows.0\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igndlm.exe"="d:\program files\Download Manager\DLM.exe" [2009-05-15 1103216]
"SpybotSD TeaTimer"="d:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-03-26 16859136]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"PC Pitstop Optimize Scheduler"="d:\program files\PCPitstop\Optimize\PCPOptimize.exe" [2008-03-26 2577120]
"IntelliPoint"="d:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-06-01 1468296]
"SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"SPAMfighter Agent"="d:\program files\SPAMfighter\SFAgent.exe" [2009-08-27 336520]
"StartCCC"="d:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-13 98304]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="d:\windows.0\system32\ctfmon.exe" [2007-11-30 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2009-10-29 124928]
d:\documents and settings\mer\Start Menu\Programs\Startup\
DeskPins.lnk - d:\program files\DeskPins\DeskPins.exe [2004-5-2 62464]
Picture Motion Browser Media Check Tool.lnk - d:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2009-9-1 344064]
d:\documents and settings\All Users\Start Menu\Programs\Startup\
WA-T2(3).lnk - C:\Mrv8000x.exe [2009-3-7 630784]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, credssp.dll, msnsspc.dll
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wireless Manager
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-11-13 09:05 323392 ----a-w- d:\program files\DNA\btdna.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\lotro\\lotroclient.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Program Files\\DNA\\btdna.exe"=
"d:\\Program Files\\BitTorrent\\bittorrent.exe"=
"d:\\Program Files\\Spotify\\spotify.exe"=
"d:\\Program Files\\Sony\\Media Manager for WALKMAN\\MediaManager.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Program Files\\Messenger\\msmsgs.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"3246:TCP"= 3246:TCP:Services
"2479:TCP"= 2479:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop
"4554:TCP"= 4554:TCP:Services
R0 pavboot;pavboot;d:\windows.0\system32\drivers\pavboot.sys [19/12/2009 21:11 28552]
R1 aswSP;avast! Self Protection;d:\windows.0\system32\drivers\aswSP.sys [08/03/2009 13:05 114768]
R2 aswFsBlk;aswFsBlk;d:\windows.0\system32\drivers\aswFsBlk.sys [08/03/2009 13:05 20560]
R2 SPAMfighter Update Service;SPAMfighter Update Service;d:\program files\SPAMfighter\sfus.exe [27/08/2009 08:24 189064]
S2 gupdate1c9a618d4a6f14a;Google Update Service (gupdate1c9a618d4a6f14a);d:\program files\Google\Update\GoogleUpdate.exe [16/03/2009 09:23 133104]
S3 Ambfilt;Ambfilt;d:\windows.0\system32\drivers\Ambfilt.sys [08/03/2009 09:51 1684736]
S3 epmntdrv;epmntdrv;d:\windows.0\system32\epmntdrv.sys [11/03/2009 10:03 8704]
S3 EuGdiDrv;EuGdiDrv;d:\windows.0\system32\EuGdiDrv.sys [11/03/2009 10:03 3072]
S4 PCPitstop Scheduling;PCPitstop Scheduling;d:\program files\PCPitstop\PCPitstopScheduleService.exe [18/12/2009 09:37 85504]
.
Supplementary Scan
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.co.uk/
mLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.msn.com
IE: Add to Google Photos Screensa&ver - d:\windows.0\system32\GPhotos.scr/200
IE: Customize Menu - [URL]file://d:\program[/URL] files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Fill Forms - [URL]file://d:\program[/URL] files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Google Sidewiki... - d:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: RoboForm Toolbar - [URL]file://d:\program[/URL] files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - [URL]file://d:\program[/URL] files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll
DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll
DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstopAntiVirus.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-22 11:45
Windows 5.1.2600 Service Pack 3, v.5857 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
DLLs Loaded Under Running Processes
- - - - - - - > 'winlogon.exe'(876)
d:\windows.0\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(2104)
d:\windows.0\system32\WININET.dll
d:\windows.0\system32\ieframe.dll
d:\windows.0\system32\WPDShServiceObj.dll
d:\windows.0\system32\PortableDeviceTypes.dll
d:\windows.0\system32\PortableDeviceApi.dll
.
Other Running Processes
.
d:\windows.0\system32\Ati2evxx.exe
d:\windows.0\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
d:\program files\Virgin Broadband Wireless\AffinegyService.exe
d:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
d:\program files\Java\jre6\bin\jqs.exe
d:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
d:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
d:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
d:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
d:\windows.0\RTHDCPL.EXE
d:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
d:\windows.0\system32\msiexec.exe
d:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
d:\windows.0\system32\wscntfy.exe
d:\\?\d:\windows.0\system32\WBEM\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2009-12-22 11:47:53 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-22 11:47
Pre-Run: 5,208,756,224 bytes free
Post-Run: 7,330,914,304 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS.0
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS.0="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect
- - End Of File - - EA2AA560C73E16BD119CCB779C40E3BC0 -
Just an update, i can now stay connected (well hasn't gone down yet) and if i open an internet site through say a link in an email, works fine and i can go on to search with no problems.
Only problem i seem to have now is that i can't open ie by itself from its shortcut just does nothing and not responding comes up.
Thanks loads for all the help, would have been rubbish to not be able to say hi to people at christmas (suppose i could just go back to the phone........!).0 -
Can you open up IE any other way?
Open notepad and copy/paste the text in RED below
File::
d:\program files\X12-30263-gb-DLM.exe
d:\program files\wrar380.exe
d:\windows.0\system32\sfcfiles.dll
Save this as "CFScript" (FULL file will be 'CFScript.txt')
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply
Combofix should never take more that 30 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.:idea:0 -
hey alienrick - this is my new log, if you are ever in norfolk i owe you at least one drink!! cheers,
ComboFix 09-12-21.08 - mer 22/12/2009 20:03:00.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1537 [GMT 0:00]
Running from: d:\documents and settings\mer\My Documents\QWERTY.exe
AV: avast! antivirus 4.8.1368 [VPS 091222-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ActiveArmor Firewall *enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
.
((((((((((((((((((((((((( Files Created from 2009-11-22 to 2009-12-22 )))))))))))))))))))))))))))))))
.
2009-12-22 10:54 . 2007-11-30 15:15 11935 -c--a-w- d:\windows.0\system32\dllcache\wadv11nt.sys
2009-12-22 10:53 . 2001-08-17 22:36 106584 -c--a-w- d:\windows.0\system32\dllcache\spdports.dll
2009-12-22 10:52 . 2001-08-17 13:51 19584 -c--a-w- d:\windows.0\system32\dllcache\rasirda.sys
2009-12-22 10:51 . 2001-08-17 22:36 60480 -c--a-w- d:\windows.0\system32\dllcache\neo20xx.dll
2009-12-22 10:50 . 2007-12-01 00:25 48640 -c--a-w- d:\windows.0\system32\dllcache\kdsui.dll
2009-12-22 10:49 . 2001-08-17 13:28 289887 -c--a-w- d:\windows.0\system32\dllcache\hsf_fall.sys
2009-12-22 10:48 . 2001-08-17 12:10 55999 -c--a-w- d:\windows.0\system32\dllcache\el556nd5.sys
2009-12-22 10:47 . 2007-12-01 00:25 15423 -c--a-w- d:\windows.0\system32\dllcache\ch7xxnt5.dll
2009-12-22 10:46 . 2001-08-17 14:55 96128 -c--a-w- d:\windows.0\system32\dllcache\ati.dll
2009-12-22 10:45 . 2001-08-17 14:56 66048 -c--a-w- d:\windows.0\system32\dllcache\s3legacy.dll
2009-12-22 10:06 . 2009-12-22 10:06
d
w- d:\documents and settings\mer\Application Data\GlarySoft
2009-12-22 10:03 . 2009-12-22 10:04
d
w- d:\program files\Glary Utilities
2009-12-22 09:53 . 2009-12-22 09:53
d
w- d:\program files\CCleaner
2009-12-21 17:57 . 2009-12-21 17:57 388096 ----a-r- d:\documents and settings\mer\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2009-12-21 17:57 . 2009-12-21 17:57
d
w- d:\program files\TrendMicro
2009-12-21 12:20 . 2009-12-21 12:20
d
w- d:\documents and settings\HelpAssistant\Tracing
2009-12-19 21:11 . 2009-06-30 09:37 28552 ----a-w- d:\windows.0\system32\drivers\pavboot.sys
2009-12-19 21:05 . 2009-12-19 21:05
d
w- d:\program files\MSXML 4.0
2009-12-19 21:05 . 2009-12-19 21:05
d
w- d:\documents and settings\mer\Application Data\PCPitstop
2009-12-19 20:51 . 2009-12-19 20:51
d--h--w- d:\documents and settings\Default User.WINDOWS
2009-12-19 20:51 . 2009-12-19 20:51
d
w- d:\documents and settings\All Users.WINDOWS
2009-12-19 20:34 . 2005-02-22 07:56 339968 ----a-r- d:\windows.0\system32\drivers\MRV8335.sys
2009-12-18 11:46 . 2009-12-22 09:54
d
w- d:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-18 11:46 . 2009-12-19 21:04
d
w- d:\program files\Spybot - Search & Destroy
2009-12-18 09:37 . 2009-12-18 09:45
d
w- d:\documents and settings\All Users\Application Data\PCPitstop
2009-12-17 22:49 . 2009-12-17 22:49
d
w- d:\windows.0\system32\wbem\Repository
2009-12-17 20:39 . 2009-12-17 20:39
d
w- d:\program files\Panda Security
2009-12-13 17:22 . 2009-12-13 17:22 79488 ----a-w- d:\documents and settings\mer\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-29 21:52 . 2009-11-29 21:52
d
w- d:\program files\Microsoft Silverlight
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-22 19:34 . 2009-09-15 08:21
d
w- d:\program files\SPAMfighter
2009-12-22 15:39 . 2009-06-15 12:35
d
w- d:\documents and settings\mer\Application Data\Spotify
2009-12-21 14:18 . 2009-08-30 21:27
d
w- d:\program files\Malwarebytes' Anti-Malware
2009-12-20 15:29 . 2009-03-07 21:09
d
w- d:\program files\Google
2009-12-20 09:46 . 2009-05-30 21:53
d
w- d:\documents and settings\mer\Application Data\DNA
2009-12-20 09:37 . 2009-05-30 21:53
d
w- d:\program files\DNA
2009-12-18 09:43 . 2009-03-29 15:26
d
w- d:\program files\PCPitstop
2009-12-11 09:31 . 2009-04-07 14:20
d
w- d:\documents and settings\All Users\Application Data\Microsoft Help
2009-12-03 16:14 . 2009-08-30 21:27 38224 ----a-w- d:\windows.0\system32\drivers\mbamswissarmy.sys
2009-12-03 16:13 . 2009-08-30 21:27 19160 ----a-w- d:\windows.0\system32\drivers\mbam.sys
2009-11-24 23:54 . 2009-03-08 13:04 1280480 ----a-w- d:\windows.0\system32\aswBoot.exe
2009-11-24 23:51 . 2009-03-08 13:05 93424 ----a-w- d:\windows.0\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2009-03-08 13:05 94160 ----a-w- d:\windows.0\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2009-03-08 13:05 114768 ----a-w- d:\windows.0\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2009-03-08 13:05 20560 ----a-w- d:\windows.0\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2009-03-08 13:05 48560 ----a-w- d:\windows.0\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-03-08 13:05 23120 ----a-w- d:\windows.0\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-03-08 13:05 27408 ----a-w- d:\windows.0\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-03-08 13:05 97480 ----a-w- d:\windows.0\system32\AvastSS.scr
2009-11-16 09:24 . 2009-10-02 19:17
d
w- d:\program files\Swag_Bucks
2009-11-07 14:57 . 2009-11-07 14:57
d
w- d:\program files\DivX
2009-11-07 14:57 . 2009-11-07 14:57
d
w- d:\program files\Common Files\DivX Shared
2009-11-05 08:49 . 2009-11-05 08:49 152576 ----a-w- d:\documents and settings\mer\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-04 15:39 . 2009-09-11 13:56
d
w- d:\program files\Coupon Printer
2009-10-29 07:46 . 2007-12-29 14:04 832512
w- d:\windows.0\system32\wininet.dll
2009-10-29 07:46 . 2007-12-29 14:02 78336 ----a-w- d:\windows.0\system32\ieencode.dll
2009-10-29 07:46 . 2007-12-29 14:01 17408 ----a-w- d:\windows.0\system32\corpol.dll
2009-10-21 05:38 . 2007-11-30 23:26 75776 ----a-w- d:\windows.0\system32\strmfilt.dll
2009-10-21 05:38 . 2007-11-30 23:25 25088 ----a-w- d:\windows.0\system32\httpapi.dll
2009-10-20 16:20 . 2007-11-30 16:45 265728 ----a-w- d:\windows.0\system32\drivers\http.sys
2009-10-13 10:30 . 2007-11-30 23:25 270336 ----a-w- d:\windows.0\system32\oakley.dll
2009-10-12 13:38 . 2007-11-30 23:25 149504 ----a-w- d:\windows.0\system32\rastls.dll
2009-10-12 13:38 . 2007-11-30 23:25 79872 ----a-w- d:\windows.0\system32\raschap.dll
2009-04-05 11:21 . 2009-04-05 11:21 435712 ----a-w- d:\program files\shellstyle.dll
.
((((((((((((((((((((((((((((( [EMAIL="SnapShot@2009-12-22_11.44.56"]SnapShot@2009-12-22_11.44.56[/EMAIL] )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-22 19:31 . 2009-12-22 19:31 16384 d:\windows.0\Temp\Perflib_Perfdata_79c.dat
+ 2009-12-22 19:31 . 2009-12-22 19:31 16384 d:\windows.0\Temp\Perflib_Perfdata_508.dat
+ 2004-08-04 11:00 . 2009-12-22 19:35 59440 d:\windows.0\system32\perfc009.dat
- 2004-08-04 11:00 . 2009-12-22 11:40 59440 d:\windows.0\system32\perfc009.dat
+ 2004-08-04 11:00 . 2009-12-22 19:35 393902 d:\windows.0\system32\perfh009.dat
- 2004-08-04 11:00 . 2009-12-22 11:40 393902 d:\windows.0\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igndlm.exe"="d:\program files\Download Manager\DLM.exe" [2009-05-15 1103216]
"SpybotSD TeaTimer"="d:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-03-26 16859136]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"PC Pitstop Optimize Scheduler"="d:\program files\PCPitstop\Optimize\PCPOptimize.exe" [2008-03-26 2577120]
"SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"SPAMfighter Agent"="d:\program files\SPAMfighter\SFAgent.exe" [2009-08-27 336520]
"StartCCC"="d:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-13 98304]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="d:\windows.0\system32\ctfmon.exe" [2007-11-30 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2009-10-29 124928]
d:\documents and settings\mer\Start Menu\Programs\Startup\
DeskPins.lnk - d:\program files\DeskPins\DeskPins.exe [2004-5-2 62464]
Picture Motion Browser Media Check Tool.lnk - d:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2009-9-1 344064]
d:\documents and settings\All Users\Start Menu\Programs\Startup\
WA-T2(3).lnk - C:\Mrv8000x.exe [2009-3-7 630784]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, credssp.dll, msnsspc.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-11-13 09:05 323392 ----a-w- d:\program files\DNA\btdna.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2009-06-01 12:51 1468296 ----a-w- d:\program files\Microsoft IntelliPoint\ipoint.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\lotro\\lotroclient.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Program Files\\DNA\\btdna.exe"=
"d:\\Program Files\\BitTorrent\\bittorrent.exe"=
"d:\\Program Files\\Spotify\\spotify.exe"=
"d:\\Program Files\\Sony\\Media Manager for WALKMAN\\MediaManager.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Program Files\\Messenger\\msmsgs.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"3246:TCP"= 3246:TCP:Services
"2479:TCP"= 2479:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop
"4554:TCP"= 4554:TCP:Services
R0 pavboot;pavboot;d:\windows.0\system32\drivers\pavboot.sys [19/12/2009 21:11 28552]
R1 aswSP;avast! Self Protection;d:\windows.0\system32\drivers\aswSP.sys [08/03/2009 13:05 114768]
R2 aswFsBlk;aswFsBlk;d:\windows.0\system32\drivers\aswFsBlk.sys [08/03/2009 13:05 20560]
R2 SPAMfighter Update Service;SPAMfighter Update Service;d:\program files\SPAMfighter\sfus.exe [27/08/2009 08:24 189064]
S2 gupdate1c9a618d4a6f14a;Google Update Service (gupdate1c9a618d4a6f14a);d:\program files\Google\Update\GoogleUpdate.exe [16/03/2009 09:23 133104]
S3 Ambfilt;Ambfilt;d:\windows.0\system32\drivers\Ambfilt.sys [08/03/2009 09:51 1684736]
S3 epmntdrv;epmntdrv;d:\windows.0\system32\epmntdrv.sys [11/03/2009 10:03 8704]
S3 EuGdiDrv;EuGdiDrv;d:\windows.0\system32\EuGdiDrv.sys [11/03/2009 10:03 3072]
S4 PCPitstop Scheduling;PCPitstop Scheduling;d:\program files\PCPitstop\PCPitstopScheduleService.exe [18/12/2009 09:37 85504]
.
Supplementary Scan
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.co.uk/
mLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.msn.com
IE: Add to Google Photos Screensa&ver - d:\windows.0\system32\GPhotos.scr/200
IE: Customize Menu - [URL]file://d:\program[/URL] files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Fill Forms - [URL]file://d:\program[/URL] files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Google Sidewiki... - d:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: RoboForm Toolbar - [URL]file://d:\program[/URL] files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - [URL]file://d:\program[/URL] files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll
DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll
DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstopAntiVirus.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-22 20:07
Windows 5.1.2600 Service Pack 3, v.5857 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
DLLs Loaded Under Running Processes
- - - - - - - > 'winlogon.exe'(872)
d:\windows.0\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(1992)
d:\windows.0\system32\WININET.dll
d:\windows.0\system32\ieframe.dll
d:\windows.0\system32\WPDShServiceObj.dll
d:\windows.0\system32\PortableDeviceTypes.dll
d:\windows.0\system32\PortableDeviceApi.dll
.
Completion time: 2009-12-22 20:08:54
ComboFix-quarantined-files.txt 2009-12-22 20:08
ComboFix2.txt 2009-12-22 18:55
ComboFix3.txt 2009-12-22 11:47
Pre-Run: 7,264,903,168 bytes free
Post-Run: 7,238,459,392 bytes free
- - End Of File - - 4FC1569D89FF4F3921150B20208A83F80 -
No, you did something wrong there. Create the notepad file and call it as I asked and DRAG it ONTO the combfix.exe icon:idea:0
-
Hello,
sorry looks like i missed the t off the end off the name, hopefully this should be ok?
ComboFix 09-12-21.08 - mer 22/12/2009 20:54:02.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1521 [GMT 0:00]
Running from: d:\documents and settings\mer\My Documents\QWERTY.exe
Command switches used :: d:\documents and settings\mer\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 091222-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ActiveArmor Firewall *enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
FILE ::
"d:\program files\wrar380.exe"
"d:\program files\X12-30263-gb-DLM.exe"
"d:\windows.0\system32\sfcfiles.dll"
.
((((((((((((((((((((((((( Files Created from 2009-11-22 to 2009-12-22 )))))))))))))))))))))))))))))))
.
2009-12-22 20:02 . 2009-12-22 20:08
d
w-
\QWERTY
2009-12-22 10:54 . 2007-11-30 15:15 11935 -c--a-w- d:\windows.0\system32\dllcache\wadv11nt.sys
2009-12-22 10:53 . 2001-08-17 22:36 106584 -c--a-w- d:\windows.0\system32\dllcache\spdports.dll
2009-12-22 10:52 . 2001-08-17 13:51 19584 -c--a-w- d:\windows.0\system32\dllcache\rasirda.sys
2009-12-22 10:51 . 2001-08-17 22:36 60480 -c--a-w- d:\windows.0\system32\dllcache\neo20xx.dll
2009-12-22 10:50 . 2007-12-01 00:25 48640 -c--a-w- d:\windows.0\system32\dllcache\kdsui.dll
2009-12-22 10:49 . 2001-08-17 13:28 289887 -c--a-w- d:\windows.0\system32\dllcache\hsf_fall.sys
2009-12-22 10:48 . 2001-08-17 12:10 55999 -c--a-w- d:\windows.0\system32\dllcache\el556nd5.sys
2009-12-22 10:47 . 2007-12-01 00:25 15423 -c--a-w- d:\windows.0\system32\dllcache\ch7xxnt5.dll
2009-12-22 10:46 . 2001-08-17 14:55 96128 -c--a-w- d:\windows.0\system32\dllcache\ati.dll
2009-12-22 10:45 . 2001-08-17 14:56 66048 -c--a-w- d:\windows.0\system32\dllcache\s3legacy.dll
2009-12-22 10:06 . 2009-12-22 10:06
d
w- d:\documents and settings\mer\Application Data\GlarySoft
2009-12-22 10:03 . 2009-12-22 10:04
d
w- d:\program files\Glary Utilities
2009-12-22 09:53 . 2009-12-22 09:53
d
w- d:\program files\CCleaner
2009-12-21 17:57 . 2009-12-21 17:57 388096 ----a-r- d:\documents and settings\mer\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2009-12-21 17:57 . 2009-12-21 17:57
d
w- d:\program files\TrendMicro
2009-12-21 12:20 . 2009-12-21 12:20
d
w- d:\documents and settings\HelpAssistant\Tracing
2009-12-19 21:11 . 2009-06-30 09:37 28552 ----a-w- d:\windows.0\system32\drivers\pavboot.sys
2009-12-19 21:05 . 2009-12-19 21:05
d
w- d:\program files\MSXML 4.0
2009-12-19 21:05 . 2009-12-19 21:05
d
w- d:\documents and settings\mer\Application Data\PCPitstop
2009-12-19 20:51 . 2009-12-19 20:51
d--h--w- d:\documents and settings\Default User.WINDOWS
2009-12-19 20:51 . 2009-12-19 20:51
d
w- d:\documents and settings\All Users.WINDOWS
2009-12-19 20:34 . 2005-02-22 07:56 339968 ----a-r- d:\windows.0\system32\drivers\MRV8335.sys
2009-12-18 11:46 . 2009-12-22 09:54
d
w- d:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-18 11:46 . 2009-12-19 21:04
d
w- d:\program files\Spybot - Search & Destroy
2009-12-18 09:37 . 2009-12-18 09:45
d
w- d:\documents and settings\All Users\Application Data\PCPitstop
2009-12-17 22:49 . 2009-12-17 22:49
d
w- d:\windows.0\system32\wbem\Repository
2009-12-17 20:39 . 2009-12-17 20:39
d
w- d:\program files\Panda Security
2009-12-13 17:22 . 2009-12-13 17:22 79488 ----a-w- d:\documents and settings\mer\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-29 21:52 . 2009-11-29 21:52
d
w- d:\program files\Microsoft Silverlight
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-22 19:34 . 2009-09-15 08:21
d
w- d:\program files\SPAMfighter
2009-12-22 15:39 . 2009-06-15 12:35
d
w- d:\documents and settings\mer\Application Data\Spotify
2009-12-21 14:18 . 2009-08-30 21:27
d
w- d:\program files\Malwarebytes' Anti-Malware
2009-12-20 15:29 . 2009-03-07 21:09
d
w- d:\program files\Google
2009-12-20 09:46 . 2009-05-30 21:53
d
w- d:\documents and settings\mer\Application Data\DNA
2009-12-20 09:37 . 2009-05-30 21:53
d
w- d:\program files\DNA
2009-12-18 09:43 . 2009-03-29 15:26
d
w- d:\program files\PCPitstop
2009-12-11 09:31 . 2009-04-07 14:20
d
w- d:\documents and settings\All Users\Application Data\Microsoft Help
2009-12-03 16:14 . 2009-08-30 21:27 38224 ----a-w- d:\windows.0\system32\drivers\mbamswissarmy.sys
2009-12-03 16:13 . 2009-08-30 21:27 19160 ----a-w- d:\windows.0\system32\drivers\mbam.sys
2009-11-24 23:54 . 2009-03-08 13:04 1280480 ----a-w- d:\windows.0\system32\aswBoot.exe
2009-11-24 23:51 . 2009-03-08 13:05 93424 ----a-w- d:\windows.0\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2009-03-08 13:05 94160 ----a-w- d:\windows.0\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2009-03-08 13:05 114768 ----a-w- d:\windows.0\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2009-03-08 13:05 20560 ----a-w- d:\windows.0\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2009-03-08 13:05 48560 ----a-w- d:\windows.0\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-03-08 13:05 23120 ----a-w- d:\windows.0\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-03-08 13:05 27408 ----a-w- d:\windows.0\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-03-08 13:05 97480 ----a-w- d:\windows.0\system32\AvastSS.scr
2009-11-16 09:24 . 2009-10-02 19:17
d
w- d:\program files\Swag_Bucks
2009-11-07 14:57 . 2009-11-07 14:57
d
w- d:\program files\DivX
2009-11-07 14:57 . 2009-11-07 14:57
d
w- d:\program files\Common Files\DivX Shared
2009-11-05 08:49 . 2009-11-05 08:49 152576 ----a-w- d:\documents and settings\mer\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-04 15:39 . 2009-09-11 13:56
d
w- d:\program files\Coupon Printer
2009-10-29 07:46 . 2007-12-29 14:04 832512
w- d:\windows.0\system32\wininet.dll
2009-10-29 07:46 . 2007-12-29 14:02 78336 ----a-w- d:\windows.0\system32\ieencode.dll
2009-10-29 07:46 . 2007-12-29 14:01 17408 ----a-w- d:\windows.0\system32\corpol.dll
2009-10-21 05:38 . 2007-11-30 23:26 75776 ----a-w- d:\windows.0\system32\strmfilt.dll
2009-10-21 05:38 . 2007-11-30 23:25 25088 ----a-w- d:\windows.0\system32\httpapi.dll
2009-10-20 16:20 . 2007-11-30 16:45 265728 ----a-w- d:\windows.0\system32\drivers\http.sys
2009-10-13 10:30 . 2007-11-30 23:25 270336 ----a-w- d:\windows.0\system32\oakley.dll
2009-10-12 13:38 . 2007-11-30 23:25 149504 ----a-w- d:\windows.0\system32\rastls.dll
2009-10-12 13:38 . 2007-11-30 23:25 79872 ----a-w- d:\windows.0\system32\raschap.dll
2009-04-05 11:21 . 2009-04-05 11:21 435712 ----a-w- d:\program files\shellstyle.dll
.
((((((((((((((((((((((((((((( [EMAIL="SnapShot@2009-12-22_11.44.56"]SnapShot@2009-12-22_11.44.56[/EMAIL] )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-22 19:31 . 2009-12-22 19:31 16384 d:\windows.0\Temp\Perflib_Perfdata_79c.dat
+ 2009-12-22 19:31 . 2009-12-22 19:31 16384 d:\windows.0\Temp\Perflib_Perfdata_508.dat
+ 2004-08-04 11:00 . 2009-12-22 19:35 59440 d:\windows.0\system32\perfc009.dat
- 2004-08-04 11:00 . 2009-12-22 11:40 59440 d:\windows.0\system32\perfc009.dat
+ 2004-08-04 11:00 . 2009-12-22 19:35 393902 d:\windows.0\system32\perfh009.dat
- 2004-08-04 11:00 . 2009-12-22 11:40 393902 d:\windows.0\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igndlm.exe"="d:\program files\Download Manager\DLM.exe" [2009-05-15 1103216]
"SpybotSD TeaTimer"="d:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-03-26 16859136]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"PC Pitstop Optimize Scheduler"="d:\program files\PCPitstop\Optimize\PCPOptimize.exe" [2008-03-26 2577120]
"SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"SPAMfighter Agent"="d:\program files\SPAMfighter\SFAgent.exe" [2009-08-27 336520]
"StartCCC"="d:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-13 98304]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="d:\windows.0\system32\ctfmon.exe" [2007-11-30 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2009-10-29 124928]
d:\documents and settings\mer\Start Menu\Programs\Startup\
DeskPins.lnk - d:\program files\DeskPins\DeskPins.exe [2004-5-2 62464]
Picture Motion Browser Media Check Tool.lnk - d:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2009-9-1 344064]
d:\documents and settings\All Users\Start Menu\Programs\Startup\
WA-T2(3).lnk - C:\Mrv8000x.exe [2009-3-7 630784]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, credssp.dll, msnsspc.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-11-13 09:05 323392 ----a-w- d:\program files\DNA\btdna.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2009-06-01 12:51 1468296 ----a-w- d:\program files\Microsoft IntelliPoint\ipoint.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\lotro\\lotroclient.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Program Files\\DNA\\btdna.exe"=
"d:\\Program Files\\BitTorrent\\bittorrent.exe"=
"d:\\Program Files\\Spotify\\spotify.exe"=
"d:\\Program Files\\Sony\\Media Manager for WALKMAN\\MediaManager.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Program Files\\Messenger\\msmsgs.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"3246:TCP"= 3246:TCP:Services
"2479:TCP"= 2479:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop
"4554:TCP"= 4554:TCP:Services
R0 pavboot;pavboot;d:\windows.0\system32\drivers\pavboot.sys [19/12/2009 21:11 28552]
R1 aswSP;avast! Self Protection;d:\windows.0\system32\drivers\aswSP.sys [08/03/2009 13:05 114768]
R2 aswFsBlk;aswFsBlk;d:\windows.0\system32\drivers\aswFsBlk.sys [08/03/2009 13:05 20560]
R2 SPAMfighter Update Service;SPAMfighter Update Service;d:\program files\SPAMfighter\sfus.exe [27/08/2009 08:24 189064]
S2 gupdate1c9a618d4a6f14a;Google Update Service (gupdate1c9a618d4a6f14a);d:\program files\Google\Update\GoogleUpdate.exe [16/03/2009 09:23 133104]
S3 Ambfilt;Ambfilt;d:\windows.0\system32\drivers\Ambfilt.sys [08/03/2009 09:51 1684736]
S3 epmntdrv;epmntdrv;d:\windows.0\system32\epmntdrv.sys [11/03/2009 10:03 8704]
S3 EuGdiDrv;EuGdiDrv;d:\windows.0\system32\EuGdiDrv.sys [11/03/2009 10:03 3072]
S4 PCPitstop Scheduling;PCPitstop Scheduling;d:\program files\PCPitstop\PCPitstopScheduleService.exe [18/12/2009 09:37 85504]
.
Supplementary Scan
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.co.uk/
mLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.msn.com
IE: Add to Google Photos Screensa&ver - d:\windows.0\system32\GPhotos.scr/200
IE: Customize Menu - [URL]file://d:\program[/URL] files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Fill Forms - [URL]file://d:\program[/URL] files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Google Sidewiki... - d:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: RoboForm Toolbar - [URL]file://d:\program[/URL] files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - [URL]file://d:\program[/URL] files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll
DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll
DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstopAntiVirus.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-22 20:57
Windows 5.1.2600 Service Pack 3, v.5857 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
DLLs Loaded Under Running Processes
- - - - - - - > 'winlogon.exe'(872)
d:\windows.0\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(1020)
d:\windows.0\system32\WININET.dll
d:\windows.0\system32\ieframe.dll
d:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
d:\windows.0\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll
d:\windows.0\system32\WPDShServiceObj.dll
d:\windows.0\system32\PortableDeviceTypes.dll
d:\windows.0\system32\PortableDeviceApi.dll
.
Completion time: 2009-12-22 20:58:07
ComboFix-quarantined-files.txt 2009-12-22 20:58
ComboFix2.txt 2009-12-22 20:08
ComboFix3.txt 2009-12-22 18:55
ComboFix4.txt 2009-12-22 11:47
Pre-Run: 7,232,516,096 bytes free
Post-Run: 7,229,296,640 bytes free
- - End Of File - - 2E1DF21A17E72FBE84313C6B7D5D9C990 -
Looks like this little blighter is hanging on in there....
2009-11-16 09:24 . 2009-10-02 19:17
d
w- d:\program files\Swag_Bucks......Gettin' There, Wherever There is......
I have a dodgy "i" key, so ignore spelling errors due to "i" issues, ...I blame Apple
0 -
Download and run the FREE version of DR WEB
http://www.freedrweb.com/download+cureit/gr/
Turn your anti virus OFF
It will auto QUICK scan
After that set to scan the WHOLE computer and press the 'play' icon
***DO NOT UPGRADE TO FULL VERSION***:idea:0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 353.5K Banking & Borrowing
- 254.2K Reduce Debt & Boost Income
- 455.1K Spending & Discounts
- 246.6K Work, Benefits & Business
- 603K Mortgages, Homes & Bills
- 178.1K Life & Family
- 260.6K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards