highjack this please

crystal9 · 16 March 2010 at 10:00AM

aliEnRIK wrote: »

Have you deleted a malwarebytes log? The one that found everything is quite a bit out of date ~
Malwarebytes' Anti-Malware 1.44
Database version: 3760
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
15/03/2010 16:29:19
mbam-log-2010-03-15 (16-29-19).txt

were currently on 3872 ~ have you definitely run an up to date scan?

anyways..............
Open malwarebytes
Goto MORE TOOLS
then RUN TOOL

find and kill both these files using the malwarebytes tool ~
c:\documents and settings\tina deacon\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad3 91-407b58ff-n\decora-d3d.dll
c:\documents and settings\tina deacon\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad3 91-407b58ff-n\decora-sse.dll

morning rik and thanks for helping,
yes i have got the newest version on board now. i have opened more tools but not sure where these files are?

aliEnRIK · 16 March 2010 at 1:53PM

crystal9 wrote: »

morning rik and thanks for helping,
yes i have got the newest version on board now. i have opened more tools but not sure where these files are?

follow the line along ~
c:\documents and settings\tina deacon\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad3 91-407b58ff-n\decora-d3d.dll

so open C drive
Open DOCUMENTS AND SETINGS FOLDER
open TINA DEACON etc

crystal9 · 16 March 2010 at 2:24PM

im sorry rik ive done as you say and i get to my documents but just cant see it there maybe its been deleted already??

aliEnRIK · 16 March 2010 at 2:27PM

First up, show HIDDEN FILES AND FOLDERS ~
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/hiddenfiles.mspx

Then try again

If still no good ~

Open notepad and copy/paste the text in RED below

File::
c:\documents and settings\tina deacon\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad3 91-407b58ff-n\decora-d3d.dll
c:\documents and settings\tina deacon\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad3 91-407b58ff-n\decora-sse.dll

Save this as "CFScript" (FULL file will be 'CFScript.txt' EXACTLY as shown)

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply

Combofix should never take more that 30 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.

crystal9 · 16 March 2010 at 3:15PM

right i had to copy red text and paste as still couldnt find. here's the log file

ComboFix 10-03-15.05 - tina deacon 16/03/2010 13:59:39.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.488.177 [GMT 0:00]
Running from: c:\documents and settings\tina deacon\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\tina deacon\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: PC Tools Firewall Plus *enabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
FILE ::
"c:\documents and settings\tina deacon\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad3 91-407b58ff-n\decora-d3d.dll"
"c:\documents and settings\tina deacon\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad3 91-407b58ff-n\decora-sse.dll"
.
((((((((((((((((((((((((( Files Created from 2010-02-16 to 2010-03-16 )))))))))))))))))))))))))))))))
.
2010-03-15 20:50 . 2010-03-15 20:50

d

w- c:\program files\Codemasters
2010-03-14 12:30 . 2010-03-14 12:30

d

w- c:\program files\Common Files\PersonSecurityUninstall
2010-03-14 12:29 . 2010-03-14 13:25

d

w- c:\program files\PersonSecurity
2010-03-14 09:29 . 2010-03-14 09:29

d

w- c:\documents and settings\tina deacon\Local Settings\Application Data\Temp
2010-03-14 09:29 . 2010-03-14 09:29

d

w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-03-12 12:08 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-02-25 23:00 . 2010-02-12 10:03 293376

w- c:\windows\system32\browserchoice.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-16 08:46 . 2007-05-14 12:40

d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-03-16 08:43 . 2009-09-07 15:21 720 ----a-w- c:\documents and settings\All Users\Application Data\ArcSoft\kodak-printcreations-22-080812-oem\acforall.dll
2010-03-15 20:59 . 2009-05-03 13:23

d

w- c:\program files\Malwarebytes' Anti-Malware
2010-03-15 20:59 . 2009-08-10 19:40 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-03-15 20:51 . 2007-05-01 10:06

d--h--w- c:\program files\InstallShield Installation Information
2010-03-15 15:40 . 2008-07-04 10:42

d

w- c:\program files\Coupon Printer
2010-03-15 15:02 . 2010-01-19 20:59

d

w- c:\program files\NCH Software
2010-03-14 12:55 . 2009-02-14 09:26

d

w- c:\program files\Creative
2010-03-14 09:24 . 2007-05-01 10:02

d

w- c:\program files\Google
2010-03-10 12:33 . 2010-03-10 12:31 20887024 ----a-w- c:\documents and settings\tina deacon\Application Data\Real\Update\setup3.10\rp\RealPlayerSPGold.exe
2010-03-10 12:31 . 2010-03-10 12:31 8405312 ----a-w- c:\documents and settings\tina deacon\Application Data\Real\Update\setup3.10\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
2010-03-10 12:30 . 2010-03-10 12:30 149000 ----a-w- c:\documents and settings\tina deacon\Application Data\Real\Update\setup3.10\chr_helper\LaunchHelper.exe
2010-03-10 12:30 . 2010-03-10 12:30 10309448 ----a-w- c:\documents and settings\tina deacon\Application Data\Real\Update\setup3.10\chr\ChromeInstaller.exe
2010-03-10 12:29 . 2010-03-10 12:29 79368 ----a-w- c:\documents and settings\tina deacon\Application Data\Real\Update\setup3.10\RUP\vista.exe
2010-03-10 12:29 . 2010-03-10 12:29 64000 ----a-w- c:\documents and settings\tina deacon\Application Data\Real\Update\setup3.10\RUP\inst_config\gcapi_dll.dll
2010-03-10 12:29 . 2010-03-10 12:29 52288 ----a-w- c:\documents and settings\tina deacon\Application Data\Real\Update\setup3.10\RUP\inst_config\gtapi.dll
2010-03-10 12:29 . 2010-03-10 12:29 50688 ----a-w- c:\documents and settings\tina deacon\Application Data\Real\Update\setup3.10\RUP\inst_config\fftbapi.dll
2010-03-10 12:29 . 2010-03-10 12:29 49152 ----a-w- c:\documents and settings\tina deacon\Application Data\Real\Update\setup3.10\RUP\inst_config\CarboniteCompatibility.dll
2010-03-10 12:29 . 2010-03-10 12:29 118784 ----a-w- c:\documents and settings\tina deacon\Application Data\Real\Update\setup3.10\RUP\inst_config\compat.dll
2010-03-09 11:24 . 2010-02-04 09:19 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-03-09 11:24 . 2010-02-04 09:19 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-03-09 11:12 . 2010-02-04 09:19 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-03-09 11:12 . 2010-02-04 09:19 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-03-09 11:09 . 2010-02-04 09:19 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-03-09 11:08 . 2010-02-04 09:19 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-03-09 11:08 . 2010-02-04 09:19 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-03-09 11:08 . 2010-02-04 09:19 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-03-09 11:08 . 2010-02-04 09:19 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-03-07 11:49 . 2010-03-07 11:49 439816 ----a-w- c:\documents and settings\tina deacon\Application Data\Real\Update\setup3.10\setup.exe
2010-02-24 09:16 . 2009-10-03 08:58 181632

w- c:\windows\system32\MpSigStub.exe
2010-02-22 21:59 . 2008-11-06 22:33

d

w- c:\program files\SUPERAntiSpyware
2010-02-05 14:27 . 2010-02-05 14:27

d

w- c:\program files\Defraggler
2010-02-04 09:19 . 2010-02-04 09:19

d

w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-02-04 09:19 . 2008-11-25 22:30

d

w- c:\program files\Alwil Software
2010-02-04 09:03 . 2008-11-26 12:15

d

w- c:\program files\Spybot - Search & Destroy
2010-02-03 14:11 . 2010-02-03 14:11

d

w- c:\documents and settings\tina deacon\Application Data\GlarySoft
2010-02-03 10:03 . 2008-11-26 12:15

d

w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-02-02 15:53 . 2008-11-08 10:53 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-02-01 19:02 . 2010-02-01 19:02

d

w- c:\documents and settings\tina deacon\Application Data\ieSpell
2010-01-31 10:18 . 2010-01-31 10:18

d

w- c:\program files\Avanquest update
2010-01-30 22:05 . 2010-01-21 13:23

d

w- c:\documents and settings\tina deacon\Application Data\Orbit
2010-01-28 10:31 . 2010-01-28 10:31 348160 ----a-w- c:\documents and settings\tina deacon\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-627ee399-n\msvcr71.dll
2010-01-28 10:31 . 2010-01-28 10:31 503808 ----a-w- c:\documents and settings\tina deacon\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-627ee399-n\msvcp71.dll
2010-01-28 10:31 . 2010-01-28 10:31 499712 ----a-w- c:\documents and settings\tina deacon\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-627ee399-n\jmc.dll
2010-01-28 10:31 . 2010-01-28 10:31 61440 ----a-w- c:\documents and settings\tina deacon\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-407b58ff-n\decora-sse.dll
2010-01-28 10:31 . 2010-01-28 10:31 12800 ----a-w- c:\documents and settings\tina deacon\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-407b58ff-n\decora-d3d.dll
2010-01-27 09:27 . 2005-04-25 23:48

d

w- c:\program files\Common Files\Java
2010-01-27 09:26 . 2005-04-25 23:48

d

w- c:\program files\Java
2010-01-24 12:45 . 2010-01-23 22:48

d

w- c:\program files\Microsoft Silverlight
2010-01-23 22:50 . 2007-05-01 14:52 57096 ----a-w- c:\documents and settings\tina deacon\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-23 22:47 . 2008-04-14 19:59

d

w- c:\program files\Windows Live
2010-01-23 22:44 . 2010-01-23 22:44

d

w- c:\program files\Microsoft SQL Server Compact Edition
2010-01-23 22:38 . 2010-01-23 22:38

d

w- c:\program files\Microsoft
2010-01-23 22:38 . 2010-01-23 22:38

d

w- c:\program files\Windows Live SkyDrive
2010-01-23 22:27 . 2010-01-23 22:27

d

w- c:\program files\Common Files\Windows Live
2010-01-21 13:23 . 2010-01-21 13:23

d

w- c:\documents and settings\tina deacon\Application Data\GrabPro
2010-01-19 21:00 . 2010-01-19 21:00

d

w- c:\documents and settings\All Users\Application Data\NCH Software
2010-01-18 21:01 . 2008-06-04 10:19

d

w- c:\program files\Common Files\Adobe
2010-01-17 21:33 . 2010-01-17 21:32

d

w- c:\program files\Common Files\Real
2010-01-17 21:33 . 2010-01-17 21:33

d

w- c:\program files\Common Files\xing shared
2010-01-17 21:32 . 2010-01-17 21:32

d

w- c:\program files\Real
2010-01-07 16:07 . 2009-05-03 13:23 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 16:07 . 2009-05-03 13:23 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-31 16:50 . 2007-05-01 16:34 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-22 15:05 . 2009-12-22 15:05 52224 ----a-w- c:\documents and settings\tina deacon\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2009-12-22 15:05 . 2009-05-05 08:44 117760 ----a-w- c:\documents and settings\tina deacon\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-21 19:14 . 2007-05-01 16:34 916480

w- c:\windows\system32\wininet.dll
2009-12-17 17:14 . 2008-11-03 22:40 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-16 18:43 . 2007-05-01 16:33 343040 ----a-w- c:\windows\system32\mspaint.exe
2010-03-03 20:46 . 2010-03-03 20:46 151392 ----a-w- c:\program files\mozilla firefox\components\FFConnectorLauncher.dll
2010-03-03 20:46 . 2010-03-03 20:46 297312 ----a-w- c:\program files\mozilla firefox\components\FFSource.dll
2006-06-15 20:33 . 2009-02-14 09:33 233472 ----a-w- c:\program files\mozilla firefox\plugins\CrazyTalk4Native.dll
2006-05-25 18:43 . 2009-02-14 09:33 204895 ----a-w- c:\program files\mozilla firefox\plugins\ctdomemhelper.dll
2005-09-29 14:41 . 2009-02-14 09:33 77824 ----a-w- c:\program files\mozilla firefox\plugins\ctframeplayerobject.dll
2006-06-19 13:10 . 2009-02-14 09:33 426081 ----a-w- c:\program files\mozilla firefox\plugins\ctplayerobject.dll
2005-02-02 12:19 . 2009-02-14 09:32 458752 ----a-w- c:\program files\mozilla firefox\plugins\imagickrt.dll
2006-04-10 18:35 . 2009-02-14 09:33 139264 ----a-w- c:\program files\mozilla firefox\plugins\rlcontentclass.dll
2005-11-09 11:10 . 2009-02-14 09:32 204800 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicPacker.dll
2005-11-09 11:42 . 2009-02-14 09:32 106496 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicUnpacker.dll
2006-01-04 11:22 . 2009-02-14 09:32 212992 ----a-w- c:\program files\mozilla firefox\plugins\RLVoicePacker.dll
2006-01-04 11:21 . 2009-02-14 09:32 167936 ----a-w- c:\program files\mozilla firefox\plugins\RLVoiceUnpacker.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-03-07 160328]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-05 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2009-02-24 2652056]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 53248]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-25 114688]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-22 14854144]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-03-09 2769336]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Install Pending Files.LNK]
backup=c:\windows\pss\Install Pending Files.LNKCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 15:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 01:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2009-10-10 12:32 203264 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
2005-05-03 13:02 543232 ----a-w- c:\windows\zHotkey.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Live! Cam Manager]
2007-06-07 14:01 155648

w- c:\program files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360

w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-01-31 23:13 385024 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
2005-03-15 17:04 966656 ----a-w- c:\windows\creator\remind_xp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 19:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM]
2004-11-15 14:04 135168 ----a-w- c:\program files\Digital Media Reader\shwiconEM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-01-17 21:32 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [04/02/2010 09:19 162640]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [29/01/2009 20:19 159600]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [28/04/2009 10:33 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [28/04/2009 10:33 66632]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [04/02/2010 09:19 19024]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [29/01/2009 20:19 73840]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [29/01/2009 20:18 95640]
S2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [04/04/2009 13:03 266240]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [14/03/2010 09:24 135664]
S3 iadusb;MT882;c:\windows\system32\DRIVERS\glauiad.sys --> c:\windows\system32\DRIVERS\glauiad.sys [?]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [10/08/2009 00:14 86696]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [10/08/2009 00:15 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [10/08/2009 00:15 114472]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [10/08/2009 00:17 108328]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [10/08/2009 12:37 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [10/08/2009 00:15 104616]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [10/08/2009 12:35 109736]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [28/04/2009 10:33 12872]
.
Contents of the 'Scheduled Tasks' folder
2010-03-16 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-05 18:31]
2010-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-14 09:24]
2010-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-14 09:24]
2010-03-16 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
.

Supplementary Scan

.
uStart Page = hxxp://forums.moneysavingexpert.com/forumdisplay.html?f=37
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: Customize Menu - [URL]file://c:\program[/URL] files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - [URL]file://c:\program[/URL] files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Lookup on Merriam Webster - [URL]file://c:\program[/URL] files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - [URL]file://c:\program[/URL] files\ieSpell\wikipedia.HTM
IE: RoboForm Toolbar - [URL]file://c:\program[/URL] files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - [URL]file://c:\program[/URL] files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
FF - ProfilePath - c:\documents and settings\tina deacon\Application Data\Mozilla\Firefox\Profiles\i1mfh43p.default\
FF - prefs.js: browser.startup.homepage - www.sky.com
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-16 14:06
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.

DLLs Loaded Under Running Processes

- - - - - - - > 'winlogon.exe'(940)
c:\windows\system32\igfxdev.dll
- - - - - - - > 'explorer.exe'(14428)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-03-16 14:13:12
ComboFix-quarantined-files.txt 2010-03-16 14:13
ComboFix2.txt 2010-03-15 22:35
ComboFix3.txt 2010-02-01 18:31
ComboFix4.txt 2009-05-04 14:18
Pre-Run: 178,344,448,000 bytes free
Post-Run: 178,307,244,032 bytes free
- - End Of File - - 5299F5C22A9110E9BA6A6E4C656788E1

aliEnRIK · 16 March 2010 at 3:57PM

Sorry ~ my bad (well, the sites)

This site randomly inserts spaces into some addresses (And it annoys the hell outta me)

Open notepad and copy/paste the text in RED below

File::
c:\documents and settings\tina deacon\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-407b58ff-n\decora-d3d.dll
c:\documents and settings\tina deacon\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-407b58ff-n\decora-sse.dll

****MAKE SURE THERE ARE NO SPACES BETWEEN THE 3 AND THE 9 WHEN YOU RUN IT **** (I cant post it exactly as it should be

)

Save this as "CFScript" (FULL file will be 'CFScript.txt' EXACTLY as shown)

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply

Combofix should never take more that 30 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.

crystal9 · 16 March 2010 at 5:42PM

sorry for delay i tried doing combofix again like you said but after it did scan it left blank desktop so had to restart it again so here it is
ComboFix 10-03-15.06 - tina deacon 16/03/2010 16:10:21.6.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.488.194 [GMT 0:00]
Running from: c:\documents and settings\tina deacon\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\tina deacon\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: PC Tools Firewall Plus *enabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
FILE ::
"c:\documents and settings\tina deacon\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-407b58ff-n\decora-d3d.dll"
"c:\documents and settings\tina deacon\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-407b58ff-n\decora-sse.dll"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run

.
c:\documents and settings\tina deacon\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-407b58ff-n\decora-d3d.dll
c:\documents and settings\tina deacon\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-407b58ff-n\decora-sse.dll
.
((((((((((((((((((((((((( Files Created from 2010-02-16 to 2010-03-16 )))))))))))))))))))))))))))))))
.
2010-03-15 20:50 . 2010-03-15 20:50

d

w- c:\program files\Codemasters
2010-03-14 12:30 . 2010-03-14 12:30

d

w- c:\program files\Common Files\PersonSecurityUninstall
2010-03-14 12:29 . 2010-03-14 13:25

d

w- c:\program files\PersonSecurity
2010-03-14 09:29 . 2010-03-14 09:29

d

w- c:\documents and settings\tina deacon\Local Settings\Application Data\Temp
2010-03-14 09:29 . 2010-03-14 09:29

d

w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-03-12 12:08 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-02-25 23:00 . 2010-02-12 10:03 293376

w- c:\windows\system32\browserchoice.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-16 15:51 . 2007-05-14 12:40

d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-03-16 15:51 . 2009-09-07 15:21 720 ----a-w- c:\documents and settings\All Users\Application Data\ArcSoft\kodak-printcreations-22-080812-oem\acforall.dll
2010-03-15 20:59 . 2009-05-03 13:23

d

w- c:\program files\Malwarebytes' Anti-Malware
2010-03-15 20:59 . 2009-08-10 19:40 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-03-15 20:51 . 2007-05-01 10:06

d--h--w- c:\program files\InstallShield Installation Information
2010-03-15 15:40 . 2008-07-04 10:42

d

w- c:\program files\Coupon Printer
2010-03-15 15:02 . 2010-01-19 20:59

d

w- c:\program files\NCH Software
2010-03-14 12:55 . 2009-02-14 09:26

d

w- c:\program files\Creative
2010-03-14 09:24 . 2007-05-01 10:02

d

w- c:\program files\Google
2010-03-10 12:33 . 2010-03-10 12:31 20887024 ----a-w- c:\documents and settings\tina deacon\Application Data\Real\Update\setup3.10\rp\RealPlayerSPGold.exe
2010-03-10 12:31 . 2010-03-10 12:31 8405312 ----a-w- c:\documents and settings\tina deacon\Application Data\Real\Update\setup3.10\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
2010-03-10 12:30 . 2010-03-10 12:30 149000 ----a-w- c:\documents and settings\tina deacon\Application Data\Real\Update\setup3.10\chr_helper\LaunchHelper.exe
2010-03-10 12:30 . 2010-03-10 12:30 10309448 ----a-w- c:\documents and settings\tina deacon\Application Data\Real\Update\setup3.10\chr\ChromeInstaller.exe
2010-03-10 12:29 . 2010-03-10 12:29 79368 ----a-w- c:\documents and settings\tina deacon\Application Data\Real\Update\setup3.10\RUP\vista.exe
2010-03-10 12:29 . 2010-03-10 12:29 64000 ----a-w- c:\documents and settings\tina deacon\Application Data\Real\Update\setup3.10\RUP\inst_config\gcapi_dll.dll
2010-03-10 12:29 . 2010-03-10 12:29 52288 ----a-w- c:\documents and settings\tina deacon\Application Data\Real\Update\setup3.10\RUP\inst_config\gtapi.dll
2010-03-10 12:29 . 2010-03-10 12:29 50688 ----a-w- c:\documents and settings\tina deacon\Application Data\Real\Update\setup3.10\RUP\inst_config\fftbapi.dll
2010-03-10 12:29 . 2010-03-10 12:29 49152 ----a-w- c:\documents and settings\tina deacon\Application Data\Real\Update\setup3.10\RUP\inst_config\CarboniteCompatibility.dll
2010-03-10 12:29 . 2010-03-10 12:29 118784 ----a-w- c:\documents and settings\tina deacon\Application Data\Real\Update\setup3.10\RUP\inst_config\compat.dll
2010-03-09 11:24 . 2010-02-04 09:19 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-03-09 11:24 . 2010-02-04 09:19 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-03-09 11:12 . 2010-02-04 09:19 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-03-09 11:12 . 2010-02-04 09:19 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-03-09 11:09 . 2010-02-04 09:19 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-03-09 11:08 . 2010-02-04 09:19 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-03-09 11:08 . 2010-02-04 09:19 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-03-09 11:08 . 2010-02-04 09:19 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-03-09 11:08 . 2010-02-04 09:19 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-03-07 11:49 . 2010-03-07 11:49 439816 ----a-w- c:\documents and settings\tina deacon\Application Data\Real\Update\setup3.10\setup.exe
2010-02-24 09:16 . 2009-10-03 08:58 181632

w- c:\windows\system32\MpSigStub.exe
2010-02-22 21:59 . 2008-11-06 22:33

d

w- c:\program files\SUPERAntiSpyware
2010-02-05 14:27 . 2010-02-05 14:27

d

w- c:\program files\Defraggler
2010-02-04 09:19 . 2010-02-04 09:19

d

w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-02-04 09:19 . 2008-11-25 22:30

d

w- c:\program files\Alwil Software
2010-02-04 09:03 . 2008-11-26 12:15

d

w- c:\program files\Spybot - Search & Destroy
2010-02-03 14:11 . 2010-02-03 14:11

d

w- c:\documents and settings\tina deacon\Application Data\GlarySoft
2010-02-03 10:03 . 2008-11-26 12:15

d

w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-02-02 15:53 . 2008-11-08 10:53 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-02-01 19:02 . 2010-02-01 19:02

d

w- c:\documents and settings\tina deacon\Application Data\ieSpell
2010-01-31 10:18 . 2010-01-31 10:18

d

w- c:\program files\Avanquest update
2010-01-30 22:05 . 2010-01-21 13:23

d

w- c:\documents and settings\tina deacon\Application Data\Orbit
2010-01-28 10:31 . 2010-01-28 10:31 348160 ----a-w- c:\documents and settings\tina deacon\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-627ee399-n\msvcr71.dll
2010-01-28 10:31 . 2010-01-28 10:31 503808 ----a-w- c:\documents and settings\tina deacon\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-627ee399-n\msvcp71.dll
2010-01-28 10:31 . 2010-01-28 10:31 499712 ----a-w- c:\documents and settings\tina deacon\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-627ee399-n\jmc.dll
2010-01-27 09:27 . 2005-04-25 23:48

d

w- c:\program files\Common Files\Java
2010-01-27 09:26 . 2005-04-25 23:48

d

w- c:\program files\Java
2010-01-24 12:45 . 2010-01-23 22:48

d

w- c:\program files\Microsoft Silverlight
2010-01-23 22:50 . 2007-05-01 14:52 57096 ----a-w- c:\documents and settings\tina deacon\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-23 22:47 . 2008-04-14 19:59

d

w- c:\program files\Windows Live
2010-01-23 22:44 . 2010-01-23 22:44

d

w- c:\program files\Microsoft SQL Server Compact Edition
2010-01-23 22:38 . 2010-01-23 22:38

d

w- c:\program files\Microsoft
2010-01-23 22:38 . 2010-01-23 22:38

d

w- c:\program files\Windows Live SkyDrive
2010-01-23 22:27 . 2010-01-23 22:27

d

w- c:\program files\Common Files\Windows Live
2010-01-21 13:23 . 2010-01-21 13:23

d

w- c:\documents and settings\tina deacon\Application Data\GrabPro
2010-01-19 21:00 . 2010-01-19 21:00

d

w- c:\documents and settings\All Users\Application Data\NCH Software
2010-01-18 21:01 . 2008-06-04 10:19

d

w- c:\program files\Common Files\Adobe
2010-01-17 21:33 . 2010-01-17 21:32

d

w- c:\program files\Common Files\Real
2010-01-17 21:33 . 2010-01-17 21:33

d

w- c:\program files\Common Files\xing shared
2010-01-17 21:32 . 2010-01-17 21:32

d

w- c:\program files\Real
2010-01-07 16:07 . 2009-05-03 13:23 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 16:07 . 2009-05-03 13:23 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-31 16:50 . 2007-05-01 16:34 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-22 15:05 . 2009-12-22 15:05 52224 ----a-w- c:\documents and settings\tina deacon\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2009-12-22 15:05 . 2009-05-05 08:44 117760 ----a-w- c:\documents and settings\tina deacon\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-21 19:14 . 2007-05-01 16:34 916480

w- c:\windows\system32\wininet.dll
2009-12-17 17:14 . 2008-11-03 22:40 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-16 18:43 . 2007-05-01 16:33 343040 ----a-w- c:\windows\system32\mspaint.exe
2010-03-03 20:46 . 2010-03-03 20:46 151392 ----a-w- c:\program files\mozilla firefox\components\FFConnectorLauncher.dll
2010-03-03 20:46 . 2010-03-03 20:46 297312 ----a-w- c:\program files\mozilla firefox\components\FFSource.dll
2006-06-15 20:33 . 2009-02-14 09:33 233472 ----a-w- c:\program files\mozilla firefox\plugins\CrazyTalk4Native.dll
2006-05-25 18:43 . 2009-02-14 09:33 204895 ----a-w- c:\program files\mozilla firefox\plugins\ctdomemhelper.dll
2005-09-29 14:41 . 2009-02-14 09:33 77824 ----a-w- c:\program files\mozilla firefox\plugins\ctframeplayerobject.dll
2006-06-19 13:10 . 2009-02-14 09:33 426081 ----a-w- c:\program files\mozilla firefox\plugins\ctplayerobject.dll
2005-02-02 12:19 . 2009-02-14 09:32 458752 ----a-w- c:\program files\mozilla firefox\plugins\imagickrt.dll
2006-04-10 18:35 . 2009-02-14 09:33 139264 ----a-w- c:\program files\mozilla firefox\plugins\rlcontentclass.dll
2005-11-09 11:10 . 2009-02-14 09:32 204800 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicPacker.dll
2005-11-09 11:42 . 2009-02-14 09:32 106496 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicUnpacker.dll
2006-01-04 11:22 . 2009-02-14 09:32 212992 ----a-w- c:\program files\mozilla firefox\plugins\RLVoicePacker.dll
2006-01-04 11:21 . 2009-02-14 09:32 167936 ----a-w- c:\program files\mozilla firefox\plugins\RLVoiceUnpacker.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-03-07 160328]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-05 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2009-02-24 2652056]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 53248]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-25 114688]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-22 14854144]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-03-09 2769336]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Install Pending Files.LNK]
backup=c:\windows\pss\Install Pending Files.LNKCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 15:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 01:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2009-10-10 12:32 203264 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
2005-05-03 13:02 543232 ----a-w- c:\windows\zHotkey.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Live! Cam Manager]
2007-06-07 14:01 155648

w- c:\program files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360

w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-01-31 23:13 385024 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
2005-03-15 17:04 966656 ----a-w- c:\windows\creator\remind_xp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 19:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM]
2004-11-15 14:04 135168 ----a-w- c:\program files\Digital Media Reader\shwiconEM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-01-17 21:32 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [04/02/2010 09:19 162640]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [29/01/2009 20:19 159600]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [28/04/2009 10:33 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [28/04/2009 10:33 66632]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [04/02/2010 09:19 19024]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [29/01/2009 20:19 73840]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [29/01/2009 20:18 95640]
S2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [04/04/2009 13:03 266240]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [14/03/2010 09:24 135664]
S3 iadusb;MT882;c:\windows\system32\DRIVERS\glauiad.sys --> c:\windows\system32\DRIVERS\glauiad.sys [?]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [10/08/2009 00:14 86696]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [10/08/2009 00:15 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [10/08/2009 00:15 114472]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [10/08/2009 00:17 108328]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [10/08/2009 12:37 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [10/08/2009 00:15 104616]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [10/08/2009 12:35 109736]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [28/04/2009 10:33 12872]
.
Contents of the 'Scheduled Tasks' folder
2010-03-16 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-05 18:31]
2010-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-14 09:24]
2010-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-14 09:24]
2010-03-16 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
.

Supplementary Scan

.
uStart Page = hxxp://forums.moneysavingexpert.com/forumdisplay.html?f=37
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: Customize Menu - [URL]file://c:\program[/URL] files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - [URL]file://c:\program[/URL] files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Lookup on Merriam Webster - [URL]file://c:\program[/URL] files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - [URL]file://c:\program[/URL] files\ieSpell\wikipedia.HTM
IE: RoboForm Toolbar - [URL]file://c:\program[/URL] files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - [URL]file://c:\program[/URL] files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
FF - ProfilePath - c:\documents and settings\tina deacon\Application Data\Mozilla\Firefox\Profiles\i1mfh43p.default\
FF - prefs.js: browser.startup.homepage - www.sky.com
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-16 16:17
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.

DLLs Loaded Under Running Processes

- - - - - - - > 'explorer.exe'(15744)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-03-16 16:23:15
ComboFix-quarantined-files.txt 2010-03-16 16:23
ComboFix2.txt 2010-03-16 14:13
ComboFix3.txt 2010-03-15 22:35
ComboFix4.txt 2010-02-01 18:31
ComboFix5.txt 2010-03-16 15:24
Pre-Run: 178,314,076,160 bytes free
Post-Run: 178,267,508,736 bytes free
- - End Of File - - 7477B684A423B02C1A50C3489203A496

aliEnRIK · 16 March 2010 at 7:15PM

Your good to go (Again

)

crystal9 · 16 March 2010 at 7:20PM

aliEnRIK wrote: »

Your good to go (Again )

oh thank you rik AGAIN lol

1 more thing that person sercurity as it was called is still on my windows menu the bit in all programs its at the top with microsoft update,windows update etc how can i get rid as theres no delete option

also was this a very bad virus? it seemed it as it blocked every site i went on and wanted 59.00 dollars for registeration

dogmaryxx · 16 March 2010 at 7:48PM

more thing that person sercurity as it was called is still on my windows menu the bit in all programs its at the top with microsoft update,windows update etc how can i get rid as theres no delete option

[

Drag and Drop in Recycle bin

highjack this please

Comments

Confirm your email address to Create Threads and Reply

🚀 Getting Started

Categories

Is this how you want to be seen?

Get our FREE Weekly email full of deals & guides - and it’s spam-free