📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

Help with Hijack this.

Options
135

Comments

  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    Run a kaspersky scan ~
    http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/
    :idea:
  • matphil
    matphil Posts: 938 Forumite
    Part of the Furniture 500 Posts Name Dropper I won, I won, I won!
    Google seems to be working now after re-starting the laptop.
    When I click on your link above internet explorer will not open it.
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    matphil wrote: »
    Google seems to be working now after re-starting the laptop.
    When I click on your link above internet explorer will not open it.

    Tried via firefox?

    rebooted after WHAT exactly?

    Can you still not update malwarebytes?
    :idea:
  • matphil
    matphil Posts: 938 Forumite
    Part of the Furniture 500 Posts Name Dropper I won, I won, I won!
    Firefox will not open it either.
    I had a blue screen error so re-started the laptop and google pages are now loading don't really know why. They keep opening in a new window whereas before they opened in the same window.
    Malwarebytes will still not update.
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    Did you scan the WHOLE computer with Dr Web?
    :idea:
  • matphil
    matphil Posts: 938 Forumite
    Part of the Furniture 500 Posts Name Dropper I won, I won, I won!
    I'm sure I did but I will do it again now just in case.
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    Just to remind you

    It auto QUICK scans at first. THEN you need to set a FULL scan
    :idea:
  • matphil
    matphil Posts: 938 Forumite
    Part of the Furniture 500 Posts Name Dropper I won, I won, I won!
    I have finally finished the full scan with Dr. Web. The quick scan took 2 hours and the full scan took 9 hours.
    I still can't use your link for the kaspersky scan and Malwarebytes still won't update.


    4a7d9151.qua\data001;C:\Documents and Settings\My comp\DoctorWeb\Quarantine\4a7d9151.qua;Probably Trojan.Packed.373;;
    4a7d9151.qua;C:\Documents and Settings\My comp\DoctorWeb\Quarantine;Container contains infected objects;Moved.;
    4a849160.qua\data001;C:\Documents and Settings\My comp\DoctorWeb\Quarantine\4a849160.qua;BackDoor.Tdss.153;;
    4a849160.qua;C:\Documents and Settings\My comp\DoctorWeb\Quarantine;Container contains infected objects;Moved.;
    ComboFi0.exe/data003\32788R22FWJFW\psexec.cfexe;C:\Documents and Settings\My comp\DoctorWeb\Quarantine\ComboFi0.exe/data003;Program.PsExec.171;;
    data003;C:\Documents and Settings\My comp\DoctorWeb\Quarantine;Archive contains infected objects;;
    ComboFi0.exe;C:\Documents and Settings\My comp\DoctorWeb\Quarantine;Container contains infected objects;Moved.;
    QWERTY_0.exe/data003\32788R22FWJFW\psexec.cfexe;C:\Documents and Settings\My comp\DoctorWeb\Quarantine\QWERTY_0.exe/data003;Program.PsExec.171;;
    data003;C:\Documents and Settings\My comp\DoctorWeb\Quarantine;Archive contains infected objects;;
    QWERTY_0.exe;C:\Documents and Settings\My comp\DoctorWeb\Quarantine;Container contains infected objects;Moved.;
    WISD084B1A9153B409DAEBFC40FCEF925EA_4_0_25.MSI/stream000\sprtsync.dll;C:\Documents and Settings\My comp\DoctorWeb\Quarantine\WISD084B1A9153B409DAEBFC40FCEF925EA_4_0_25.MSI/stream000;Probably DLOADER.Trojan;;
    WISD084B1A9153B409DAEBFC40FCEF925EA_4_0_25.MSI/stream000\sprtupdate.dll;C:\Documents and Settings\My comp\DoctorWeb\Quarantine\WISD084B1A9153B409DAEBFC40FCEF925EA_4_0_25.MSI/stream000;Probably DLOADER.Trojan;;
    WISD084B1A9153B409DAEBFC40FCEF925EA_4_0_25.MSI/stream000\sprtctlln.dll;C:\Documents and Settings\My comp\DoctorWeb\Quarantine\WISD084B1A9153B409DAEBFC40FCEF925EA_4_0_25.MSI/stream000;Probably DLOADER.Trojan;;
    stream000;C:\Documents and Settings\My comp\DoctorWeb\Quarantine;Archive contains infected objects;;
    WISD084B1A9153B409DAEBFC40FCEF925EA_4_0_25.MSI;C:\Documents and Settings\My comp\DoctorWeb\Quarantine;Archive contains infected objects;Moved.;
    apup.exe;C:\Documents and Settings\My comp\Downloads\apup;Probably BACKDOOR.Trojan;Incurable.Moved.;
    apup.exe;C:\Documents and Settings\My comp\Downloads\apup13\apup;Probably BACKDOOR.Trojan;Incurable.Moved.;
    sprtctlln.dll;C:\Program Files\Common Files\supportsoft\bin;Probably DLOADER.Trojan;Incurable.Moved.;
    sprtupdate.dll;C:\Program Files\TalkTalk\bin;Probably DLOADER.Trojan;Incurable.Moved.;
    psexec.cfexe;C:\QWERTY;Program.PsExec.171;Incurable.Moved.;
    apup.exe;C:\Users\My comp\Downloads\apup;Probably BACKDOOR.Trojan;Invalid path to file ;
    apup.exe;C:\Users\My comp\Downloads\apup13\apup;Probably BACKDOOR.Trojan;Invalid path to file ;
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    Open notepad and copy/paste the text in RED below

    File::
    c:\windows\system32\ff_vfw.dll
    c:\windows\system32\unrar.dll
    c:\windows\system32\CF19648.exe


    Save this as "CFScript"

    Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

    CFScript.gif


    This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply

    Combofix should never take more that 20 minutes including the reboot if malware is detected.
    If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
    :idea:
  • matphil
    matphil Posts: 938 Forumite
    Part of the Furniture 500 Posts Name Dropper I won, I won, I won!
    ComboFix 10-03-10.02 - my comp 10/03/2010 22:08:50.6.2 - x86
    Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.44.1033.18.2037.887 [GMT 0:00]
    Running from: c:\users\my comp\Downloads\Combo.exe
    Command switches used :: c:\users\my comp\Documents\CFScript.txt
    * Created a new restore point

    FILE ::
    "c:\windows\system32\CF19648.exe"
    "c:\windows\system32\ff_vfw.dll"
    "c:\windows\system32\unrar.dll"
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\ff_vfw.dll
    c:\windows\system32\unrar.dll

    .
    ((((((((((((((((((((((((( Files Created from 2010-02-10 to 2010-03-10 )))))))))))))))))))))))))))))))
    .

    2010-03-10 22:18 . 2010-03-10 22:18
    d
    w- c:\users\my comp\AppData\Local\temp
    2010-03-10 22:18 . 2010-03-10 22:18
    d
    w- c:\users\Public\AppData\Local\temp
    2010-03-10 22:18 . 2010-03-10 22:18
    d
    w- c:\users\my comp\AppData\Local\temp
    2010-03-10 22:18 . 2010-03-10 22:18
    d
    w- c:\users\my comp\AppData\Local\temp
    2010-03-10 22:18 . 2010-03-10 22:18
    d
    w- c:\users\Default\AppData\Local\temp
    2010-03-10 21:33 . 2010-03-10 21:34
    d
    w- C:\ComboFi1
    2010-03-10 21:33 . 2010-03-10 21:32 318976 ----a-w- c:\windows\system32\CF12708.exe
    2010-03-08 11:48 . 2007-10-07 14:27 10752 ----a-w- c:\windows\system32\aamd532.dll
    2010-03-08 08:17 . 2010-03-08 08:17
    d
    w- C:\found.010
    2010-03-07 19:06 . 2010-02-11 18:38 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2010-03-07 19:06 . 2010-02-11 18:42 162512 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2010-03-07 19:06 . 2010-02-11 18:42 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2010-03-07 19:06 . 2010-02-11 18:39 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2010-03-07 19:06 . 2010-02-11 18:38 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2010-03-07 19:05 . 2010-02-11 18:53 38848 ----a-w- c:\windows\system32\avastSS.scr
    2010-03-07 19:05 . 2010-02-11 18:53 153184 ----a-w- c:\windows\system32\aswBoot.exe
    2010-03-07 19:05 . 2010-03-07 19:05
    d
    w- c:\program files\Alwil Software
    2010-03-03 22:26 . 2010-03-08 20:13
    d
    w- c:\users\my comp\DoctorWeb
    2010-03-01 20:31 . 2010-03-01 20:31
    d
    w- c:\users\my comp\AppData\Local\Batchwork
    2010-02-26 22:36 . 2010-02-26 22:36
    d
    w- c:\users\my comp\AppData\Roaming\Simple Adblock
    2010-02-15 17:28 . 2010-02-15 17:28 50354 ----a-w- c:\users\my comp\AppData\Roaming\Facebook\uninstall.exe
    2010-02-15 17:28 . 2010-02-15 17:28
    d
    w- c:\users\my comp\AppData\Roaming\Facebook
    2010-02-13 14:18 . 2010-02-13 14:18
    d
    w- c:\users\my comp\AppData\Local\Apple
    2010-02-13 11:43 . 2010-03-10 19:05
    d
    w- C:\QWERTY
    2010-02-10 17:31 . 2010-02-10 17:31
    d
    w- C:\found.009
    2010-02-09 08:25 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll
    2010-02-09 08:25 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
    2010-02-09 08:25 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
    2010-02-09 08:25 . 2010-02-09 08:27
    d
    w- c:\program files\K-Lite Codec Pack

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-03-09 23:40 . 2008-01-17 21:51 2484 ----a-w- c:\windows\bthservsdp.dat
    2010-03-09 19:49 . 2008-06-04 20:19
    d
    w- c:\program files\Common Files\Wise Installation Wizard
    2010-03-08 12:29 . 2008-01-23 17:20
    d
    w- c:\program files\Yahoo!
    2010-03-07 22:33 . 2009-06-10 11:06
    d
    w- c:\program files\DC-Unlocker 627
    2010-03-07 14:31 . 2008-01-17 22:16
    d
    w- c:\program files\Google
    2010-03-04 10:10 . 2009-05-07 07:35 117760 ----a-w- c:\users\my comp\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    2010-03-03 09:02 . 2009-04-22 18:28
    d
    w- c:\program files\Malwarebytes' Anti-Malware
    2010-03-03 08:28 . 2008-01-22 12:38
    d
    w- c:\users\my comp\AppData\Roaming\Azureus
    2010-03-01 20:53 . 2010-03-01 20:48
    d
    w- c:\program files\Docx Converter
    2010-02-26 22:39 . 2008-01-23 00:16 4 ----a-w- c:\users\my comp\AppData\Roaming\wklnhst.dat
    2010-02-26 10:48 . 2009-05-06 19:29
    d
    w- c:\program files\SUPERAntiSpyware
    2010-02-20 10:48 . 2008-01-22 10:07 69016 ----a-w- c:\users\my comp\AppData\Local\GDIPFONTCACHEV1.DAT
    2010-02-20 10:46 . 2008-01-17 22:04
    d--h--w- c:\program files\InstallShield Installation Information
    2010-02-13 12:09 . 2008-01-31 10:48
    d
    w- c:\users\my comp\AppData\Roaming\Vso
    2010-02-07 16:17 . 2010-02-07 16:17
    d
    w- c:\program files\MetaGeek
    2010-02-06 11:58 . 2010-02-06 11:58
    d
    w- c:\users\my comp\AppData\Roaming\Serif
    2010-02-04 17:17 . 2008-01-27 18:04
    d
    w- c:\program files\CCleaner
    2010-02-01 22:04 . 2010-02-01 22:04 847040 ----a-w- c:\users\my comp\AppData\Roaming\Facebook\axfbootloader.dll
    2010-02-01 22:04 . 2010-02-01 22:04 5578752 ----a-w- c:\users\my comp\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
    2010-01-30 09:45 . 2008-02-15 17:16
    d
    w- c:\users\my comp\AppData\Roaming\DVD Flick
    2010-01-23 14:46 . 2010-01-23 14:46
    d
    w- c:\users\my comp\AppData\Roaming\Thunderbird
    2010-01-23 14:46 . 2010-01-23 14:46
    d
    w- c:\program files\Mozilla Thunderbird
    2010-01-21 23:57 . 2008-02-29 15:59
    d
    w- c:\program files\Paint.NET
    2010-01-15 10:47 . 2010-01-15 10:47
    d
    w- c:\users\my comp\AppData\Roaming\Unity
    2010-01-10 10:22 . 2010-01-10 10:14
    d
    w- c:\users\my comp\AppData\Roaming\Crayon Physics Deluxe
    2010-01-07 16:07 . 2010-03-03 09:02 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-01-07 16:07 . 2010-03-03 09:02 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-12-21 14:03 . 2009-04-30 13:09 10686001 ----a-w- c:\users\my comp\AppData\Roaming\Azureus\plugins\azump\mplayer.exe
    2009-12-14 19:15 . 2009-12-14 19:15 2146304 ----a-w- c:\windows\system32\GPhotos.scr
    2008-01-18 05:43 . 2008-01-18 05:31 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25BC7718-0BFA-40EA-B381-4B2D9732D686}]
    2010-03-02 08:04 550200 ----a-w- c:\program files\Yahoo!\Search Protection\ysp.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
    "RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-03-10 160832]
    "YSearchProtection"="c:\program files\Yahoo!\Search Protection\YspService.exe" [2010-03-02 234808]
    "Advanced System Protector"="c:\program files\Systweak\Advanced System Protector\ASP.exe" [2009-11-03 16347368]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [2008-01-17 77824]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-04 857648]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-26 129560]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-26 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-26 154136]
    "SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-13 405504]
    "dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
    "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]
    "Advanced System Protector"="c:\program files\Systweak\Advanced System Protector\ASP.exe" [2009-11-03 16347368]
    "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-02-11 2756488]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-1-17 50688]
    DSLMON.lnk - c:\program files\SAGEM\TalkTalk Broadband\dslmon.exe [2008-2-4 962661]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "mixer4"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0sasnative32

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adiras]
    2004-01-28 14:42 1531904 ----a-w- c:\windows\adiras.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2009-09-04 12:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2009-10-03 04:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\autoclk]
    2003-01-30 06:48 143360 ----a-w- c:\windows\autoclk.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\autodetect]
    2008-08-07 12:49 91648 ----a-w- c:\windows\System32\SupportAppXL\AutoDect.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    2007-06-27 19:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter]
    2009-05-21 09:55 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
    2007-05-25 06:03 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2009-05-30 11:30 292136 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2007-03-01 15:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OlStatusMon]
    2007-06-22 10:24 253952 ----a-w- c:\program files\Olivetti\ANY_WAY\olDvcStatus.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
    2007-11-01 15:39 189736
    w- c:\program files\Dell\MediaDirect\PCMService.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TalkTalk]
    2007-10-12 07:33 202016 ----a-w- c:\program files\TalkTalk\bin\sprtcmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
    2007-05-31 09:21 648072 ----a-w- c:\windows\WindowsMobile\wmdc.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "AntiVirusOverride"=dword:00000001
    "AntiSpywareOverride"=dword:00000001

    R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2009-04-01 266240]
    R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [x]
    R3 BCASPROT;Advanced System Protector;c:\program files\Systweak\Advanced System Protector\sasprot32.sys [2008-08-05 6656]
    R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2008-08-12 7168]
    R3 Ndisprot;ArcNet NDIS Protocol Driver;c:\windows\system32\drivers\Ndisprot.sys [x]
    R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-04-28 7408]
    R4 LMIRfsClientNP;LMIRfsClientNP; [x]
    S1 aswSP;aswSP; [x]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-04-28 9968]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-04-28 72944]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-09-20 73728]
    S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-06-10 108289]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-02-11 51792]
    S2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-07-24 47640]
    S2 lxbc_device;lxbc_device;c:\windows\system32\lxbccoms.exe [2007-03-16 537520]
    S2 olMntrService;Olivetti Monitor Service;c:\program files\Olivetti\ANY_WAY\olMntrService.exe [2007-06-22 126976]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 810320]
    S2 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);c:\program files\TalkTalk\bin\sprtsvc.exe [2007-10-12 202016]
    S2 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);c:\program files\Common Files\Supportsoft\bin\tgsrvc.exe [2007-08-02 148768]


    --- Other Services/Drivers In Memory ---

    *Deregistered* - Dwsh00001F35

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
    bthsvcs REG_MULTI_SZ BthServ
    WindowsMobile REG_MULTI_SZ wcescomm rapimgr
    LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
    .
    Contents of the 'Scheduled Tasks' folder

    2010-03-10 c:\windows\Tasks\User_Feed_Synchronization-{2F85EA71-EF3E-4448-A035-74C3D1C3A9B1}.job
    - c:\windows\system32\msfeedssync.exe [2008-10-01 07:33]
    .
    .
    Supplementary Scan
    .
    uStart Page = https://login.yahoo.com/config/login_verify2?
    uInternet Settings,ProxyOverride = *.local
    IE: {{BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - c:\program files\Yahoo!\Search Protection\ysp.dll
    DPF: {A9CF3378-D60E-40A8-927D-7EA0D5B0AA98} - hxxp://webalbum.bonusprint.com/ukipc01/downloads//ImageUploader6.cab
    FF - ProfilePath - c:\users\my comp\AppData\Roaming\Mozilla\Firefox\Profiles\tcbnefhv.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2040441&SearchSource=3&q=
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: browser.startup.homepage - hxxps://login.yahoo.com/config/login_verify2?&.src=ym
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc8&type=&p=
    FF - component: c:\users\my comp\AppData\Roaming\Mozilla\Firefox\Profiles\tcbnefhv.default\extensions\{22119944-ED35-4ab1-910B-E619EA06A115}\components\rfproxy_27.dll
    FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
    FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: c:\users\my comp\AppData\Local\Yahoo!\BrowserPlus\2.4.17\Plugins\npybrowserplus_2.4.17.dll
    FF - plugin: c:\users\my comp\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-03-10 22:18
    Windows 6.0.6001 Service Pack 1 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    LOCKED REGISTRY KEYS

    [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0014\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0015\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0016\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0017\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0018\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0019\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0020\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0021\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0022\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0023\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2010-03-10 22:22:34
    ComboFix-quarantined-files.txt 2010-03-10 22:22
    ComboFix2.txt 2010-03-10 21:53
    ComboFix3.txt 2010-03-03 20:55
    ComboFix4.txt 2009-05-12 08:08

    Pre-Run: 8,028,745,728 bytes free
    Post-Run: 9,876,680,704 bytes free

    - - End Of File - - D8445DE198261BF03D1EE912EE87DA5A
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 351K Banking & Borrowing
  • 253.1K Reduce Debt & Boost Income
  • 453.6K Spending & Discounts
  • 244.1K Work, Benefits & Business
  • 599K Mortgages, Homes & Bills
  • 177K Life & Family
  • 257.4K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 37.6K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture