We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
The Forum now has a brand new text editor, adding a bunch of handy features to use when creating posts. Read more in our how-to guide
Ran malware bytes. trojan.dropper found - shall i delete?
Sunshine12
Posts: 4,304 Forumite
in Techie Stuff
Following on from thread this morning (thread pasted below), no more blue screen but continual crashing. ran malwarebytes and this is the log file. Shall i delete the trojan.dropper file. Not sure if that has anything to do with it..... started new thread as dont know if these are connected so didnt want to confuse matters.
http://forums.moneysavingexpert.com/showthread.html?t=2374407
Malwarebytes' Anti-Malware 1.44
Database version: 3608
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882
31/03/2010 17:52:26
mbam-log-2010-03-31 (17-52-15).txt
Scan type: Quick Scan
Objects scanned: 97447
Time elapsed: 4 minute(s), 44 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Windows\temp\TMP00000003B2F7DF12F71A5A52 (Trojan.Dropper) -> No action taken.
http://forums.moneysavingexpert.com/showthread.html?t=2374407
Malwarebytes' Anti-Malware 1.44
Database version: 3608
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882
31/03/2010 17:52:26
mbam-log-2010-03-31 (17-52-15).txt
Scan type: Quick Scan
Objects scanned: 97447
Time elapsed: 4 minute(s), 44 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Windows\temp\TMP00000003B2F7DF12F71A5A52 (Trojan.Dropper) -> No action taken.
:smileyhea
0
Comments
-
Also did a hijack this scan (although not sure if I did it right) Here are details
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 18:23:36, on 31/03/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\sdclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: TellJack.lnk = C:\Program Files\TellJack\TellJack.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: PHOTOfunSTUDIO HD Edition.lnk = C:\Program Files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\Windows\System32\bgsvcgen.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 6948 bytes:smileyhea0 -
You definitely should delete it
But you also need to UPDATE malwarebytes (its WAY out of date, may need to update twice in fact)
Then run a FULL scan and remove EVERYTHING it finds:idea:0 -
Thanks Rik
I tried to run it but it crashed and came up with blue screen again as soon as it crashed.
Photo of what it said below. I tried to reboot and it crashed then just keep beeping constantly. There is 1 important update that it says it needs in windows upgrade but it wont let me upgrade. Just says it failed.
:smileyhea0 -
Quite possible you have 2 different problems
Reboot and keep pressing F8 to get into SAFE MODE WITH NETWORKING
Attempt to update malwarebytes from there and just run a QUICK scan to start with:idea:0 -
Hi Rik
Upgraded it and ran quick scan. Think its ok. Here is log
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Database version: 3945
Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18882
02/04/2010 09:33:10
mbam-log-2010-04-02 (09-33-10).txt
Scan type: Quick scan
Objects scanned: 101177
Time elapsed: 4 minute(s), 12 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Tried to run the full one in safe mode with networking but it stopped after about 40 minutes so I had to shut down again.:smileyhea0 -
Please run COMBOFIX
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Shut down your anti virus
Follow the simple instructions it gives
Post the COMPLETE log it creates here (Split into sections if need be) ~ if there are loads of 'SNAPSHOT' pages then leave them out
If it comes up with a RENAMING error then RIGHT click the exe file and RENAME and call it QWERTY (Making the complete file name 'QWERTY.exe') Or SAVE as 'QWERTY' on download:idea:0 -
Hey Rik
Here it is. When I restarted it said it had to do a CHKDSK. not sure if that relevant or not....
ComboFix 10-04-01.02 - Claire 02/04/2010 11:46:47.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2037.979 [GMT 1:00]
Running from: c:\users\Claire\Documents\qwerty.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Files Created from 2010-03-02 to 2010-04-02 )))))))))))))))))))))))))))))))
.
2010-04-02 10:54 . 2010-04-02 10:54
d
w- c:\users\Claire\AppData\Local\temp
2010-04-02 10:54 . 2010-04-02 10:54
d
w- c:\users\Public\AppData\Local\temp
2010-04-02 10:54 . 2010-04-02 10:54
d
w- c:\users\Default\AppData\Local\temp
2010-03-31 21:56 . 2010-03-31 21:56 5918776 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-03-11 09:37 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-11 09:37 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-11 09:37 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-31 21:56 . 2010-01-21 14:28
d
w- c:\program files\Malwarebytes' Anti-Malware
2010-03-30 17:55 . 2009-10-03 20:50 672 ----a-w- c:\users\Claire\AppData\Roaming\wklnhst.dat
2010-03-29 23:46 . 2010-01-21 14:28 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 23:45 . 2010-01-21 14:28 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-26 13:23 . 2009-10-03 21:14
d
w- c:\program files\Full Tilt Poker
2010-03-09 11:24 . 2010-01-22 11:07 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-03-09 11:12 . 2010-01-22 11:08 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-03-09 11:12 . 2010-01-22 11:08 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-03-09 11:09 . 2010-01-22 11:08 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-03-09 11:08 . 2010-01-22 11:08 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-03-09 11:08 . 2010-01-22 11:08 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-03-02 11:03 . 2009-10-04 08:07
d
w- c:\program files\Common Files\ArcSoft
2010-03-02 11:03 . 2009-10-04 08:06
d
w- c:\program files\ArcSoft
2010-03-02 11:03 . 2008-04-09 01:39
d--h--w- c:\program files\InstallShield Installation Information
2010-03-02 11:00 . 2008-04-09 01:49
d
w- c:\program files\Google
2010-03-02 10:59 . 2010-02-07 15:46
d
w- c:\program files\Coupon Printer
2010-02-24 10:16 . 2009-10-04 08:24 181632
w- c:\windows\system32\MpSigStub.exe
2010-02-20 09:08 . 2010-02-20 09:08
d
w- c:\users\Claire\AppData\Roaming\TellJack.ECEEB4FB867C407E2A221A102A5A5A4FE268EE6C.1
2010-02-20 09:08 . 2010-02-20 09:08
d
w- c:\program files\Common Files\Adobe AIR
2010-02-20 09:07 . 2010-02-20 09:08 38784 ----a-w- c:\users\Claire\AppData\Roaming\Macromedia\Flash Player\https://www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-20 09:07 . 2010-02-20 09:08 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\https://www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-12 10:32 . 2010-03-02 12:03 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-02-11 18:53 . 2010-01-22 11:07 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-02-07 15:46 . 2010-02-07 15:46 31 ---ha-w- c:\windows\UKCpInfo.sys
2010-02-06 20:58 . 2009-12-01 11:37
d
w- c:\program files\iTunes
2010-02-06 20:58 . 2010-02-06 20:58
d
w- c:\program files\iPod
2010-02-06 20:58 . 2009-12-01 11:30
d
w- c:\program files\Common Files\Apple
2010-02-06 20:53 . 2010-02-06 20:53 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-01-23 09:26 . 2010-02-24 10:01 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-21 15:03 . 2010-01-21 15:03 388096 ----a-r- c:\users\Claire\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2008-04-09 09:23 . 2008-04-09 09:05 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-01-18 17920]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-07 159744]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-08-28 36864]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-06 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-06 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-06 133656]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-12 3444736]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-02-13 16384]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-11-01 189736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-11-12 405504]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-03-09 2769336]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-22 141608]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-4-9 50688]
PHOTOfunSTUDIO HD Edition.lnk - c:\program files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe [2009-10-4 44176]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-9-7 1180952]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=""
"FirewallOverride"=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):70,57,22,39,14,83,ca,01
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1282973671-518452640-972364111-1000]
"EnableNotificationsRef"=dword:00000001
R0 xrfa;xrfa;c:\windows\System32\drivers\rpru.sys [x]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-11-12 73728]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 135664]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-03-29 38224]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-03-09 51792]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-03-06 111616]
.
Contents of the 'Scheduled Tasks' folder
2010-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 09:12]
2010-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 09:12]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-02 11:54
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\windows\TEMP\TMP0000007502295D873EFCC861 524288 bytes executable
scan completed successfully
hidden files: 1
**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-04-02 11:57:54
ComboFix-quarantined-files.txt 2010-04-02 10:57
ComboFix2.txt 2010-01-23 03:21
ComboFix3.txt 2010-01-22 10:59
Pre-Run: 58,617,774,080 bytes free
Post-Run: 58,391,019,520 bytes free
- - End Of File - - 517FE7BEA45E66557FE57AEA9ABBB244:smileyhea0 -
Logs all look fine
Either you have a hardware fault or maybe a driver fault
First thing id try is updating the graphics card driver and (assuming its a desktop) open up the computer and make sure everythings securely clipped in:idea:0 -
Hi Rik
Thanks for all your help again.
Its a laptop. Whats a graphics card driver?:smileyhea0 -
It wont be that then (unless its got corrupted which is doubtful)
In which case im afraid im all out of ideas. All I can suggest is uninstalling things to see if it makes any difference (AVAST for example)
Maybe run a registry cleaner to see if that helps too (especially once something is uninstalled)
Download CCLEANER
http://www.piriform.com/ccleaner/download/slim
Run the CLEANER scan (UNTICK 'cookies')
Then run the REGISTRY scan (Backup the registry when it asks)
reboot
Download GLARY UTILITIES
http://www.glaryutilities.com/download/gusetup_slim.exe
Run the ONE CLICK scan
Goto MODULES / SYSTEM TOOLS / WINDOWS STANDARD TOOLS / then run SYSTEM FILE CHECKER:idea:0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 353.5K Banking & Borrowing
- 254.2K Reduce Debt & Boost Income
- 455.1K Spending & Discounts
- 246.6K Work, Benefits & Business
- 603K Mortgages, Homes & Bills
- 178.1K Life & Family
- 260.6K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards