We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Problems with computer - Help needed please
Comments
-
I've managed to run the Nod 32 scan and that didn't find anything so I'll update now. DS closed it when it finished so I didn't see a log.
EDCBiggest win: £10,000 from PepsiFavourite win: Handmade jewellery worth £1000ITV Winners Club Member #1Check out the ITV Winners Club in IWIWIWI shall write in ever decreasing circles until I have nothing left to say0 -
Please run COMBOFIX
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Shut down your anti virus
Follow the simple instructions it gives
Post the COMPLETE log it creates here (Split into sections if need be)
If it comes up with a RENAMING error then RIGHT click the exe file and RENAME and call it QWERTY (Making the complete file name 'QWERTY.exe') Or SAVE as 'QWERTY' on download:idea:0 -
ComboFix 10-02-18.03 - HP_Owner 18/02/2010 20:31:03.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.958.524 [GMT 0:00]
Running from: c:\documents and settings\HP_Owner.YOUR-C94F920E24.000\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\HP_Owner.YOUR-C94F920E24.000\Local Settings\Temporary Internet Files\2m11xAb.jpg
c:\documents and settings\HP_Owner.YOUR-C94F920E24.000\Local Settings\Temporary Internet Files\87l5M.jpg
c:\documents and settings\HP_Owner.YOUR-C94F920E24.000\Local Settings\Temporary Internet Files\mpAYX.jpg
c:\documents and settings\HP_Owner.YOUR-C94F920E24.000\Local Settings\Temporary Internet Files\ylaYMYB.jpg
C:\LOG.TXT
c:\program files\Fast Browser Search
c:\program files\Fast Browser Search\IE\about.html
c:\program files\Fast Browser Search\IE\affid.dat
c:\program files\Fast Browser Search\IE\basis.xml
c:\program files\Fast Browser Search\IE\basis_br.xml
c:\program files\Fast Browser Search\IE\basis_de.xml
c:\program files\Fast Browser Search\IE\basis_en.xml
c:\program files\Fast Browser Search\IE\basis_es.xml
c:\program files\Fast Browser Search\IE\basis_fr.xml
c:\program files\Fast Browser Search\IE\basis_it.xml
c:\program files\Fast Browser Search\IE\basis_nr.xml
c:\program files\Fast Browser Search\IE\basis_pt.xml
c:\program files\Fast Browser Search\IE\basis_ru.xml
c:\program files\Fast Browser Search\IE\basis_tr.xml
c:\program files\Fast Browser Search\IE\BHO.dll
c:\program files\Fast Browser Search\IE\ClearRecycleBin.exe
c:\program files\Fast Browser Search\IE\error.html
c:\program files\Fast Browser Search\IE\fbsProtection.xml
c:\program files\Fast Browser Search\IE\FbsSearchProvider.xml
c:\program files\Fast Browser Search\IE\FbsSearchProvider01.xml
c:\program files\Fast Browser Search\IE\FbsSearchProvider05.xml
c:\program files\Fast Browser Search\IE\FbsSearchProvider08.xml
c:\program files\Fast Browser Search\IE\FbsSearchProvider14.xml
c:\program files\Fast Browser Search\IE\FbsSearchProviderIE8.exe
c:\program files\Fast Browser Search\IE\fbstoolbar.jar
c:\program files\Fast Browser Search\IE\fbstoolbar.manifest
c:\program files\Fast Browser Search\IE\icons.bmp
c:\program files\Fast Browser Search\IE\info.txt
c:\program files\Fast Browser Search\IE\local.xml
c:\program files\Fast Browser Search\IE\logobg.bmp
c:\program files\Fast Browser Search\IE\MTWBtoolbar.html
c:\program files\Fast Browser Search\IE\Provider01.xml
c:\program files\Fast Browser Search\IE\Provider05.xml
c:\program files\Fast Browser Search\IE\Provider08.xml
c:\program files\Fast Browser Search\IE\Provider14.xml
c:\program files\Fast Browser Search\IE\search.bmp
c:\program files\Fast Browser Search\IE\search_br.bmp
c:\program files\Fast Browser Search\IE\search_de.bmp
c:\program files\Fast Browser Search\IE\search_es.bmp
c:\program files\Fast Browser Search\IE\search_fr.bmp
c:\program files\Fast Browser Search\IE\search_it.bmp
c:\program files\Fast Browser Search\IE\search_pt.bmp
c:\program files\Fast Browser Search\IE\search_ru.bmp
c:\program files\Fast Browser Search\IE\SearchAssistant.dll
c:\program files\Fast Browser Search\IE\SearchGuardPlus.exe
c:\program files\Fast Browser Search\IE\SearchGuardPlus.ico
c:\program files\Fast Browser Search\IE\SearchProvider01.xml
c:\program files\Fast Browser Search\IE\SearchProvider05.xml
c:\program files\Fast Browser Search\IE\SearchProvider08.xml
c:\program files\Fast Browser Search\IE\SearchProvider14.xml
c:\program files\Fast Browser Search\IE\SGPU.ico
c:\program files\Fast Browser Search\IE\sgpUpdater.exe
c:\program files\Fast Browser Search\IE\sgpUpdater.xml
c:\program files\Fast Browser Search\IE\SGPUpdaterS.exe
c:\program files\Fast Browser Search\IE\tbhelper.dll
c:\program files\Fast Browser Search\IE\tbs_include_script_003175.js
c:\program files\Fast Browser Search\IE\tbs_include_script_005064.js
c:\program files\Fast Browser Search\IE\tbs_include_script_012817.js
c:\program files\Fast Browser Search\IE\Toolbar Help.htm
c:\program files\Fast Browser Search\IE\update.exe
c:\program files\Fast Browser Search\IE\version.txt
c:\program files\Search Guard Plus
c:\program files\Search Guard Plus\fbsProtection.xml
c:\program files\Search Guard Plus\fbsSearchProvider.xml
c:\program files\Search Guard Plus\FbsSearchProvider01.xml
c:\program files\Search Guard Plus\FbsSearchProvider05.xml
c:\program files\Search Guard Plus\FbsSearchProvider08.xml
c:\program files\Search Guard Plus\FbsSearchProvider14.xml
c:\program files\Search Guard Plus\FbsSearchProviderIE8.exe
c:\program files\Search Guard Plus\Provider01.xml
c:\program files\Search Guard Plus\Provider05.xml
c:\program files\Search Guard Plus\Provider08.xml
c:\program files\Search Guard Plus\Provider14.xml
c:\program files\Search Guard Plus\SearchGuardPlus.exe
c:\program files\Search Guard Plus\SearchGuardPlus.ico
c:\program files\Search Guard Plus\SearchProvider01.xml
c:\program files\Search Guard Plus\SearchProvider05.xml
c:\program files\Search Guard Plus\SearchProvider08.xml
c:\program files\Search Guard Plus\SearchProvider14.xml
c:\program files\Search Guard PlusU
c:\program files\Search Guard PlusU\SGPU.ico
c:\program files\Search Guard PlusU\sgpUpdater.exe
c:\program files\Search Guard PlusU\sgpUpdater.xml
c:\program files\Search Guard PlusU\sgpUpdaters.exe
c:\program files\SGPSA
c:\recycler\S-1-5-21-1663819852-1895559039-1257443372-1008
c:\windows\system32\ps2.bat
.
((((((((((((((((((((((((( Files Created from 2010-01-18 to 2010-02-18 )))))))))))))))))))))))))))))))Biggest win: £10,000 from PepsiFavourite win: Handmade jewellery worth £1000ITV Winners Club Member #1Check out the ITV Winners Club in IWIWIWI shall write in ever decreasing circles until I have nothing left to say0 -
2010-02-18 18:39 . 2010-02-18 18:39
d
w- c:\windows\LastGood
2010-02-18 18:29 . 2010-02-18 18:29
d
w- c:\windows\LastGood.Tmp
2010-02-18 18:24 . 2010-02-18 18:24
d
w- c:\windows\system32\scripting
2010-02-18 18:24 . 2010-02-18 18:24
d
w- c:\windows\system32\en
2010-02-18 18:24 . 2010-02-18 18:24
d
w- c:\windows\system32\bits
2010-02-16 21:31 . 2010-02-16 21:31
d
w- c:\program files\ESET
2010-02-16 15:45 . 2010-02-16 15:45 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-02-16 15:45 . 2010-02-16 15:45
d
w- c:\documents and settings\HP_Owner.YOUR-C94F920E24.000\Application Data\Malwarebytes
2010-02-16 15:45 . 2010-01-07 16:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-16 15:45 . 2010-02-16 15:46
d
w- c:\program files\Malwarebytes' Anti-Malware
2010-02-16 15:45 . 2010-01-07 16:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-16 14:58 . 2010-02-16 14:58
d
w- C:\SystemRoot
2010-02-16 14:49 . 2010-02-16 14:49
d
w- c:\windows\system32\wbem\Repository
2010-02-10 13:56 . 2009-12-31 16:50 353792
w- c:\windows\system32\dllcache\srv.sys
2010-02-10 13:56 . 2009-12-04 18:22 455424
w- c:\windows\system32\dllcache\mrxsmb.sys
2010-02-10 13:55 . 2009-12-08 19:26 2145280
w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-02-10 13:55 . 2009-12-08 19:27 2189184
w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-02-10 13:55 . 2009-12-08 18:43 2023936
w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-02-10 13:55 . 2009-12-08 18:43 2066048
w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-02-07 10:42 . 2009-08-06 19:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-02-07 10:42 . 2009-08-06 19:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-02-06 22:07 . 2010-02-18 18:37
d
w- c:\documents and settings\HP_Owner.YOUR-C94F920E24.000\Tracing
2010-01-31 20:15 . 2010-01-31 20:15 61440 ----a-w- c:\documents and settings\HP_Owner.YOUR-C94F920E24.000\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4e75c8a5-n\decora-sse.dll
2010-01-31 20:15 . 2010-01-31 20:15 503808 ----a-w- c:\documents and settings\HP_Owner.YOUR-C94F920E24.000\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4f534894-n\msvcp71.dll
2010-01-31 20:15 . 2010-01-31 20:15 499712 ----a-w- c:\documents and settings\HP_Owner.YOUR-C94F920E24.000\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4f534894-n\jmc.dll
2010-01-31 20:15 . 2010-01-31 20:15 348160 ----a-w- c:\documents and settings\HP_Owner.YOUR-C94F920E24.000\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4f534894-n\msvcr71.dll
2010-01-31 20:15 . 2010-01-31 20:15 12800 ----a-w- c:\documents and settings\HP_Owner.YOUR-C94F920E24.000\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4e75c8a5-n\decora-d3d.dll
2010-01-31 20:14 . 2010-01-31 20:14 411368 ----a-w- c:\windows\system32\deploytk.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-18 18:27 . 2005-12-05 23:31 82339 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-02-18 18:26 . 2010-02-18 18:26 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2010-02-18 18:26 . 2010-02-18 18:26 44032 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2010-02-18 18:26 . 2010-02-18 18:26 217088 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
2010-02-18 18:26 . 2010-02-18 18:26 61440 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
2010-02-18 18:26 . 2010-02-18 18:26 40960 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
2010-02-18 18:26 . 2010-02-18 18:26 341048 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection3.dll
2010-02-18 18:26 . 2010-02-18 18:26 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
2010-02-18 18:26 . 2010-02-18 18:26 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
2010-02-18 18:26 . 2010-02-18 18:26 163840 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll
2010-02-17 08:59 . 2009-11-29 20:38 768 ----a-w- c:\documents and settings\HP_Owner.YOUR-C94F920E24.000\Application Data\wklnhst.dat
2010-02-06 22:07 . 2009-11-29 13:58 42704 ----a-w- c:\documents and settings\HP_Owner.YOUR-C94F920E24.000\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-31 20:15 . 2006-04-11 12:54
d
w- c:\program files\Common Files\Java
2010-01-31 20:14 . 2006-04-11 12:54
d
w- c:\program files\Java
2010-01-18 17:14 . 2009-03-27 21:13 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-01-17 17:13 . 2008-12-23 14:29
d
w- c:\program files\Avira
2010-01-17 17:13 . 2008-12-23 14:29
d
w- c:\documents and settings\All Users\Application Data\Avira
2010-01-17 17:08 . 2006-04-11 13:39
d
w- c:\program files\Common Files\Symantec Shared
2010-01-17 17:08 . 2006-04-11 13:39
d
w- c:\documents and settings\All Users\Application Data\Symantec
2010-01-17 16:48 . 2010-01-17 16:48
d
w- c:\documents and settings\HP_Owner.YOUR-C94F920E24.000\Application Data\Epson
2010-01-17 16:41 . 2010-01-17 16:32
d
w- c:\documents and settings\All Users\Application Data\EPSON
2010-01-17 16:37 . 2006-12-03 15:42
d
w- c:\documents and settings\All Users\Application Data\UDL
2010-01-17 16:37 . 2010-01-17 16:35
d
w- c:\program files\Epson Software
2010-01-17 16:37 . 2006-04-11 13:03
d--h--w- c:\program files\InstallShield Installation Information
2010-01-17 16:35 . 2010-01-17 16:35
d
w- c:\program files\ABBYY FineReader 6.0 Sprint
2010-01-17 16:34 . 2006-09-29 20:13
d
w- c:\program files\EPSON
2010-01-17 16:33 . 2010-01-17 16:33
d
w- c:\documents and settings\HP_Owner.YOUR-C94F920E24.000\Application Data\InstallShield
2010-01-02 13:30 . 2010-01-02 13:30 33908 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-31 16:50 . 2004-08-04 11:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-26 21:58 . 2009-12-26 21:58
d
w- c:\documents and settings\HP_Owner.YOUR-C94F920E24.000\Application Data\AdobeUM
2009-12-21 19:14 . 2004-08-04 11:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-16 18:43 . 2004-08-04 11:00 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2004-08-04 11:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-13 16:08 . 2009-12-13 16:09 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2009-12-13 16:08 . 2009-12-13 16:09 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
2009-12-13 16:08 . 2009-12-13 16:09 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2009-12-08 19:27 . 2004-08-04 11:00 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2004-08-04 11:00 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2004-08-04 11:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:11 . 2004-08-04 11:00 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 17:11 . 2004-08-04 11:00 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 16:07 . 2004-08-04 11:00 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2004-08-04 11:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2004-08-04 11:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2004-08-04 11:00 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:07 . 2004-08-04 11:00 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-23 07:38 . 2009-03-27 22:07 3320 ----a-w- c:\documents and settings\HP_Owner.YOUR-C94F920E24\Application Data\wklnhst.dat
2009-11-21 15:51 . 2004-08-04 11:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2006-09-30 23:19 . 2006-09-30 15:19 22 --sha-w- c:\windows\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))Biggest win: £10,000 from PepsiFavourite win: Handmade jewellery worth £1000ITV Winners Club Member #1Check out the ITV Winners Club in IWIWIWI shall write in ever decreasing circles until I have nothing left to say0 -
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-12-01 160592]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2009-09-24 434176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ftutil2"="ftutil2.dll" [2004-06-07 106496]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"PCMService"="c:\program files\CyberLink\PowerCinema\PCMService.exe" [2006-02-25 147456]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"PCDrProfiler"="" [BU]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-10 249856]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 49152]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-12-04 665424]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-4-11 27136]
c:\documents and settings\HP_Owner.YOUR-C94F920E24\Start Menu\Programs\Startup\
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2008-11-20 2986320]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2006-9-29 118784]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=
"c:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [1/17/2010 5:13 PM 108289]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [12/13/2009 4:27 PM 27632]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [12/13/2009 4:26 PM 90112]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [12/13/2009 4:09 PM 13224]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [12/13/2009 4:26 PM 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [12/13/2009 4:26 PM 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [12/13/2009 4:26 PM 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [12/13/2009 4:26 PM 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [12/13/2009 4:26 PM 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [12/13/2009 4:26 PM 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [12/13/2009 4:26 PM 109864]
S3 XDva295;XDva295;\??\c:\windows\system32\XDva295.sys --> c:\windows\system32\XDva295.sys [?]
.
Contents of the 'Scheduled Tasks' folder
2010-02-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2010-02-18 c:\windows\Tasks\User_Feed_Synchronization-{A7B2E5C6-B6EB-4185-8D4D-00D198C8CEAB}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 04:31]
.
.
Supplementary Scan
.
uInternet Settings,ProxyOverride = *.local
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: Customize Menu - [URL]file://c:\program[/URL] files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - [URL]file://c:\program[/URL] files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - [URL]file://c:\program[/URL] files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - [URL]file://c:\program[/URL] files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-18 20:44
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
DLLs Loaded Under Running Processes
- - - - - - - > 'winlogon.exe'(664)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-02-18 20:46:41
ComboFix-quarantined-files.txt 2010-02-18 20:46
ComboFix2.txt 2009-10-28 12:22
Pre-Run: 136,040,153,088 bytes free
Post-Run: 137,668,141,056 bytes free
- - End Of File - - 5AF69E8A9C47B27A53A723E247F2360CBiggest win: £10,000 from PepsiFavourite win: Handmade jewellery worth £1000ITV Winners Club Member #1Check out the ITV Winners Club in IWIWIWI shall write in ever decreasing circles until I have nothing left to say0 -
Open notepad and copy/paste the text in RED below
File::
c:\windows\system32\XDva295.sys
Save this as "CFScript"
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply
Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
:idea:0 -
Thanks Rik, I've done that...
ComboFix 10-02-18.05 - HP_Owner 18/02/2010 22:16:54.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.958.492 [GMT 0:00]
Running from: c:\documents and settings\HP_Owner.YOUR-C94F920E24.000\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Owner.YOUR-C94F920E24.000\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
((((((((((((((((((((((((( Files Created from 2010-01-18 to 2010-02-18 )))))))))))))))))))))))))))))))
.
2010-02-18 18:39 . 2010-02-18 18:39
d
w- c:\windows\LastGood
2010-02-18 18:29 . 2010-02-18 18:29
d
w- c:\windows\LastGood.Tmp
2010-02-18 18:24 . 2010-02-18 18:24
d
w- c:\windows\system32\scripting
2010-02-18 18:24 . 2010-02-18 18:24
d
w- c:\windows\system32\en
2010-02-18 18:24 . 2010-02-18 18:24
d
w- c:\windows\system32\bits
2010-02-16 21:31 . 2010-02-16 21:31
d
w- c:\program files\ESET
2010-02-16 15:45 . 2010-02-16 15:45 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-02-16 15:45 . 2010-02-16 15:45
d
w- c:\documents and settings\HP_Owner.YOUR-C94F920E24.000\Application Data\Malwarebytes
2010-02-16 15:45 . 2010-01-07 16:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-16 15:45 . 2010-02-16 15:46
d
w- c:\program files\Malwarebytes' Anti-Malware
2010-02-16 15:45 . 2010-01-07 16:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-16 14:58 . 2010-02-16 14:58
d
w- C:\SystemRoot
2010-02-16 14:49 . 2010-02-16 14:49
d
w- c:\windows\system32\wbem\Repository
2010-02-10 13:56 . 2009-12-31 16:50 353792
w- c:\windows\system32\dllcache\srv.sys
2010-02-10 13:56 . 2009-12-04 18:22 455424
w- c:\windows\system32\dllcache\mrxsmb.sys
2010-02-10 13:55 . 2009-12-08 19:26 2145280
w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-02-10 13:55 . 2009-12-08 19:27 2189184
w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-02-10 13:55 . 2009-12-08 18:43 2023936
w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-02-10 13:55 . 2009-12-08 18:43 2066048
w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-02-07 10:42 . 2009-08-06 19:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-02-07 10:42 . 2009-08-06 19:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-02-06 22:07 . 2010-02-18 18:37
d
w- c:\documents and settings\HP_Owner.YOUR-C94F920E24.000\Tracing
2010-01-31 20:15 . 2010-01-31 20:15 61440 ----a-w- c:\documents and settings\HP_Owner.YOUR-C94F920E24.000\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4e75c8a5-n\decora-sse.dll
2010-01-31 20:15 . 2010-01-31 20:15 503808 ----a-w- c:\documents and settings\HP_Owner.YOUR-C94F920E24.000\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4f534894-n\msvcp71.dll
2010-01-31 20:15 . 2010-01-31 20:15 499712 ----a-w- c:\documents and settings\HP_Owner.YOUR-C94F920E24.000\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4f534894-n\jmc.dll
2010-01-31 20:15 . 2010-01-31 20:15 348160 ----a-w- c:\documents and settings\HP_Owner.YOUR-C94F920E24.000\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4f534894-n\msvcr71.dll
2010-01-31 20:15 . 2010-01-31 20:15 12800 ----a-w- c:\documents and settings\HP_Owner.YOUR-C94F920E24.000\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4e75c8a5-n\decora-d3d.dll
2010-01-31 20:14 . 2010-01-31 20:14 411368 ----a-w- c:\windows\system32\deploytk.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))Biggest win: £10,000 from PepsiFavourite win: Handmade jewellery worth £1000ITV Winners Club Member #1Check out the ITV Winners Club in IWIWIWI shall write in ever decreasing circles until I have nothing left to say0 -
2010-02-18 18:27 . 2005-12-05 23:31 82339 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-02-18 18:26 . 2010-02-18 18:26 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2010-02-18 18:26 . 2010-02-18 18:26 44032 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2010-02-18 18:26 . 2010-02-18 18:26 217088 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
2010-02-18 18:26 . 2010-02-18 18:26 61440 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
2010-02-18 18:26 . 2010-02-18 18:26 40960 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
2010-02-18 18:26 . 2010-02-18 18:26 341048 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection3.dll
2010-02-18 18:26 . 2010-02-18 18:26 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
2010-02-18 18:26 . 2010-02-18 18:26 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
2010-02-18 18:26 . 2010-02-18 18:26 163840 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll
2010-02-17 08:59 . 2009-11-29 20:38 768 ----a-w- c:\documents and settings\HP_Owner.YOUR-C94F920E24.000\Application Data\wklnhst.dat
2010-02-06 22:07 . 2009-11-29 13:58 42704 ----a-w- c:\documents and settings\HP_Owner.YOUR-C94F920E24.000\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-31 20:15 . 2006-04-11 12:54
d
w- c:\program files\Common Files\Java
2010-01-31 20:14 . 2006-04-11 12:54
d
w- c:\program files\Java
2010-01-18 17:14 . 2009-03-27 21:13 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-01-17 17:13 . 2008-12-23 14:29
d
w- c:\program files\Avira
2010-01-17 17:13 . 2008-12-23 14:29
d
w- c:\documents and settings\All Users\Application Data\Avira
2010-01-17 17:08 . 2006-04-11 13:39
d
w- c:\program files\Common Files\Symantec Shared
2010-01-17 17:08 . 2006-04-11 13:39
d
w- c:\documents and settings\All Users\Application Data\Symantec
2010-01-17 16:48 . 2010-01-17 16:48
d
w- c:\documents and settings\HP_Owner.YOUR-C94F920E24.000\Application Data\Epson
2010-01-17 16:41 . 2010-01-17 16:32
d
w- c:\documents and settings\All Users\Application Data\EPSON
2010-01-17 16:37 . 2006-12-03 15:42
d
w- c:\documents and settings\All Users\Application Data\UDL
2010-01-17 16:37 . 2010-01-17 16:35
d
w- c:\program files\Epson Software
2010-01-17 16:37 . 2006-04-11 13:03
d--h--w- c:\program files\InstallShield Installation Information
2010-01-17 16:35 . 2010-01-17 16:35
d
w- c:\program files\ABBYY FineReader 6.0 Sprint
2010-01-17 16:34 . 2006-09-29 20:13
d
w- c:\program files\EPSON
2010-01-17 16:33 . 2010-01-17 16:33
d
w- c:\documents and settings\HP_Owner.YOUR-C94F920E24.000\Application Data\InstallShield
2010-01-02 13:30 . 2010-01-02 13:30 33908 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-31 16:50 . 2004-08-04 11:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-26 21:58 . 2009-12-26 21:58
d
w- c:\documents and settings\HP_Owner.YOUR-C94F920E24.000\Application Data\AdobeUM
2009-12-21 19:14 . 2004-08-04 11:00 916480
w- c:\windows\system32\wininet.dll
2009-12-16 18:43 . 2004-08-04 11:00 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2004-08-04 11:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-13 16:08 . 2009-12-13 16:09 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2009-12-13 16:08 . 2009-12-13 16:09 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
2009-12-13 16:08 . 2009-12-13 16:09 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2009-12-08 19:27 . 2004-08-04 11:00 2189184
w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2004-08-04 11:00 2066048
w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2004-08-04 11:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:11 . 2004-08-04 11:00 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 17:11 . 2004-08-04 11:00 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 16:07 . 2004-08-04 11:00 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2004-08-04 11:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2004-08-04 11:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2004-08-04 11:00 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:07 . 2004-08-04 11:00 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-23 07:38 . 2009-03-27 22:07 3320 ----a-w- c:\documents and settings\HP_Owner.YOUR-C94F920E24\Application Data\wklnhst.dat
2009-11-21 15:51 . 2004-08-04 11:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2006-09-30 23:19 . 2006-09-30 15:19 22 --sha-w- c:\windows\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))Biggest win: £10,000 from PepsiFavourite win: Handmade jewellery worth £1000ITV Winners Club Member #1Check out the ITV Winners Club in IWIWIWI shall write in ever decreasing circles until I have nothing left to say0 -
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-12-01 160592]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2009-09-24 434176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ftutil2"="ftutil2.dll" [2004-06-07 106496]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"PCMService"="c:\program files\CyberLink\PowerCinema\PCMService.exe" [2006-02-25 147456]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"PCDrProfiler"="" [BU]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-10 249856]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 49152]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-12-04 665424]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-4-11 27136]
c:\documents and settings\HP_Owner.YOUR-C94F920E24\Start Menu\Programs\Startup\
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2008-11-20 2986320]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2006-9-29 118784]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=
"c:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [1/17/2010 5:13 PM 108289]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [12/13/2009 4:27 PM 27632]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [12/13/2009 4:26 PM 90112]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [12/13/2009 4:09 PM 13224]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [12/13/2009 4:26 PM 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [12/13/2009 4:26 PM 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [12/13/2009 4:26 PM 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [12/13/2009 4:26 PM 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [12/13/2009 4:26 PM 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [12/13/2009 4:26 PM 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [12/13/2009 4:26 PM 109864]
S3 XDva295;XDva295;\??\c:\windows\system32\XDva295.sys --> c:\windows\system32\XDva295.sys [?]
.
Contents of the 'Scheduled Tasks' folder
2010-02-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2010-02-18 c:\windows\Tasks\User_Feed_Synchronization-{A7B2E5C6-B6EB-4185-8D4D-00D198C8CEAB}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 04:31]
.
.Biggest win: £10,000 from PepsiFavourite win: Handmade jewellery worth £1000ITV Winners Club Member #1Check out the ITV Winners Club in IWIWIWI shall write in ever decreasing circles until I have nothing left to say0 -
Supplementary Scan
.
uInternet Settings,ProxyOverride = *.local
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: Customize Menu - [URL]file://c:\program[/URL] files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - [URL]file://c:\program[/URL] files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - [URL]file://c:\program[/URL] files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - [URL]file://c:\program[/URL] files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-18 22:25
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
DLLs Loaded Under Running Processes
- - - - - - - > 'winlogon.exe'(664)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(1076)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-02-18 22:27:39
ComboFix-quarantined-files.txt 2010-02-18 22:27
ComboFix2.txt 2010-02-18 20:46
ComboFix3.txt 2009-10-28 12:22
Pre-Run: 137,695,469,568 bytes free
Post-Run: 137,674,366,976 bytes free
- - End Of File - - C1D68FE7CFB2042F85F77741BEAE21F2Biggest win: £10,000 from PepsiFavourite win: Handmade jewellery worth £1000ITV Winners Club Member #1Check out the ITV Winners Club in IWIWIWI shall write in ever decreasing circles until I have nothing left to say0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.8K Banking & Borrowing
- 253.9K Reduce Debt & Boost Income
- 454.7K Spending & Discounts
- 245.9K Work, Benefits & Business
- 602K Mortgages, Homes & Bills
- 177.8K Life & Family
- 259.8K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards