Oh whats going on with computer??!!

aliEnRIK · 22 May 2010 at 10:46AM

Continue with the rest of the instructions

rome1067 · 22 May 2010 at 10:54AM

I've done cleaner scan then registry scan theres loads of stuff ticked in the right hand side of it do I tick fix selected issues? It hasnt said backup registry.

aliEnRIK · 22 May 2010 at 10:55AM

Yes, fix them and THEN it will ask to backup

rome1067 · 22 May 2010 at 11:27AM

ComboFix 10-05-21.06 - manager 22/05/2010 11:08:37.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.535 [GMT 1:00]
Running from: c:\documents and settings\manager\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\manager\Desktop\CFScript.txt
AV: Microsoft Security Essentials *On-access scanning disabled* (Outdated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FILE ::
"c:\program files\SweetIM\Messenger\SweetIM.exe"
"c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll"
"c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll"
"C:\spam001.exe"
"C:\spam003.exe"
"C:\troj000.exe"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\SweetIM
c:\program files\SweetIM\Messenger\default.xml
c:\program files\SweetIM\Messenger\mgAdaptersProxy.dll
c:\program files\SweetIM\Messenger\mgAIMAuto.dll
c:\program files\SweetIM\Messenger\mgAIMMessengerAdapter.dll
c:\program files\SweetIM\Messenger\mgArchive.dll
c:\program files\SweetIM\Messenger\mgcommon.dll
c:\program files\SweetIM\Messenger\mgcommunication.dll
c:\program files\SweetIM\Messenger\mgconfig.dll
c:\program files\SweetIM\Messenger\mgFlashPlayer.dll
c:\program files\SweetIM\Messenger\mghooking.dll
c:\program files\SweetIM\Messenger\mgICQAuto.dll
c:\program files\SweetIM\Messenger\mgICQMessengerAdapter.dll
c:\program files\SweetIM\Messenger\mgIEPlayer.dll
c:\program files\SweetIM\Messenger\mglogger.dll
c:\program files\SweetIM\Messenger\mgMediaPlayer.dll
c:\program files\SweetIM\Messenger\mgMsnAuto.dll
c:\program files\SweetIM\Messenger\mgMsnMessengerAdapter.dll
c:\program files\SweetIM\Messenger\mgsimcommon.dll
c:\program files\SweetIM\Messenger\mgSweetIM.dll
c:\program files\SweetIM\Messenger\mgUpdateSupport.dll
c:\program files\SweetIM\Messenger\mgxml_wrapper.dll
c:\program files\SweetIM\Messenger\mgYahooAuto.dll
c:\program files\SweetIM\Messenger\mgYahooMessengerAdapter.dll
c:\program files\SweetIM\Messenger\msvcp71.dll
c:\program files\SweetIM\Messenger\msvcr71.dll
c:\program files\SweetIM\Messenger\resources\images\AudibleButton.png
c:\program files\SweetIM\Messenger\resources\images\DisplayPicturesButton.png
c:\program files\SweetIM\Messenger\resources\images\EmoticonButton.png
c:\program files\SweetIM\Messenger\resources\images\GamesButton.png
c:\program files\SweetIM\Messenger\resources\images\NudgeButton.png
c:\program files\SweetIM\Messenger\resources\images\SoundFxButton.png
c:\program files\SweetIM\Messenger\resources\images\WinksButton.png
c:\program files\SweetIM\Messenger\SweetIM.exe
c:\program files\SweetIM\Toolbars\Internet Explorer\ClearHist.exe
c:\program files\SweetIM\Toolbars\Internet Explorer\conf\logger.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\default.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\mgcommon.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgconfig.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mghooking.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mglogger.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\about.html
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\affid.dat
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\basis.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\bing.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\clear-history.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim-over.gif
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim.gif
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\content-notifier.js
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\dating.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\dictionary.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\e_cards.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\eye_icon.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\eye_icon_over.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\find.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\free_stuff.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\games.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\glitter.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\google.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\help.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\highlight.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\locales.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\logo_16x16.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\logo_21x18.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\logo_32x32.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\logo_about.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\more-search-providers.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\music.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\news.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\options.html
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\photos.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\search-current-site.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\shopping.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\SmileySmile.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\SmileyWink.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\sweetim_text.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\toolbar.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\version.txt
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\video.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\web-search.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\yahoo.png
C:\spam001.exe
C:\spam003.exe
C:\troj000.exe
.
((((((((((((((((((((((((( Files Created from 2010-04-22 to 2010-05-22 )))))))))))))))))))))))))))))))
.
2010-05-22 09:48 . 2010-05-22 09:48

d

w- c:\program files\CCleaner
2010-05-21 08:54 . 2010-05-21 08:54

d

w- c:\documents and settings\NetworkService\Application Data\AdobeUM
2010-05-21 08:53 . 2010-05-21 08:54

d

w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-05-21 07:31 . 2010-05-21 07:31

d

w- c:\windows\system32\wbem\Repository
2010-05-20 20:20 . 2010-05-20 20:20

d

w- c:\windows\system32\config\systemprofile\IECompatCache
2010-04-25 10:59 . 2010-04-25 10:59 46124 ---ha-w- c:\windows\system32\mlfcache.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-22 10:08 . 2008-07-23 13:06

d

w- c:\documents and settings\manager\Application Data\Ucedl
2010-05-22 09:20 . 2008-10-27 18:55

d

w- c:\documents and settings\All Users\Application Data\Google Updater
2010-05-22 08:18 . 2009-04-24 23:28 117760 ----a-w- c:\documents and settings\manager\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-21 19:07 . 2010-03-04 17:12 439816 ----a-w- c:\documents and settings\manager\Application Data\Real\Update\setup3.10\setup.exe
2010-05-21 19:06 . 2007-03-26 19:19

d

w- c:\program files\palmOne
2010-05-21 11:16 . 2010-02-05 17:55 52224 ----a-w- c:\documents and settings\manager\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-05-21 08:36 . 2009-04-24 15:08

d

w- c:\program files\Malwarebytes' Anti-Malware
2010-05-20 22:44 . 2008-12-20 18:30 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-20 22:11 . 2007-03-30 12:42

d

w- c:\program files\BitComet
2010-05-20 20:38 . 2010-05-20 20:38 20 ----a-w- c:\windows\system32\config\systemprofile\Application Data\qvjsge.dat
2010-05-20 19:58 . 2010-05-20 19:57 20 ----a-w- c:\documents and settings\LocalService\Application Data\qvjsge.dat
2010-05-18 01:58 . 2005-12-17 00:49

d

w- c:\program files\Google
2010-05-06 09:36 . 2010-02-17 18:57 221568

w- c:\windows\system32\MpSigStub.exe
2010-04-29 14:39 . 2009-04-24 15:08 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 14:39 . 2009-04-24 15:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-05 14:28 . 2005-12-16 23:03

d

w- c:\program files\Tesconet
2010-04-02 12:59 . 2010-04-02 12:59

d

w- c:\documents and settings\All Users\Application Data\SweetIM
2010-03-29 09:50 . 2010-03-29 09:50 1036288 ----a-w- c:\documents and settings\manager\Application Data\Mozilla\Firefox\Profiles\ksv9zr5c.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
2010-03-18 18:49 . 2005-12-16 22:04 59896 ----a-w- c:\documents and settings\manager\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-11 03:19 . 2010-03-11 03:19 339968 ----a-w- c:\windows\system32\RapportBuka.dll
2010-03-10 06:15 . 2005-11-17 16:54 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-05 01:13 . 2010-03-05 01:13 79368 ----a-w- c:\documents and settings\manager\Application Data\Real\Update\setup3.10\RUP\vista.exe
2010-03-05 01:13 . 2010-03-05 01:13 64000 ----a-w- c:\documents and settings\manager\Application Data\Real\Update\setup3.10\RUP\inst_config\gcapi_dll.dll
2010-03-05 01:13 . 2010-03-05 01:13 52288 ----a-w- c:\documents and settings\manager\Application Data\Real\Update\setup3.10\RUP\inst_config\gtapi.dll
2010-03-05 01:13 . 2010-03-05 01:13 50688 ----a-w- c:\documents and settings\manager\Application Data\Real\Update\setup3.10\RUP\inst_config\fftbapi.dll
2010-03-05 01:13 . 2010-03-05 01:13 49152 ----a-w- c:\documents and settings\manager\Application Data\Real\Update\setup3.10\RUP\inst_config\CarboniteCompatibility.dll
2010-03-05 01:13 . 2010-03-05 01:13 118784 ----a-w- c:\documents and settings\manager\Application Data\Real\Update\setup3.10\RUP\inst_config\compat.dll
2010-02-26 07:45 . 2010-02-26 07:45 390528 ----a-w- c:\windows\system32\drivers\RapportBuka.sys
2010-02-26 07:45 . 2010-02-26 07:45 390528 ----a-w- c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportBukaBroom\13897\RapportBuka.sys
2010-02-26 07:45 . 2010-02-26 07:45 249856 ----a-w- c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportBukaBroom\13897\RapportBukaBroom.dll
2010-02-25 06:24 . 2005-11-17 16:54 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2005-11-17 16:54 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-12 16:33 . 2009-11-12 16:33 294688 ----a-w- c:\program files\iTunesOutlookAddIn.dll
2009-11-12 16:33 . 2009-11-12 16:33 292640 ----a-w- c:\program files\iTunesPhotoProcessor.exe
2009-11-12 16:33 . 2009-11-12 16:33 384800 ----a-w- c:\program files\iTunesAdmin.dll
2009-11-12 16:33 . 2009-11-12 16:33 211232 ----a-w- c:\program files\iTunesHelper.dll
2009-11-12 16:33 . 2009-11-12 16:33 141600 ----a-w- c:\program files\iTunesHelper.exe
2009-11-12 16:33 . 2009-11-12 16:33 124192 ----a-w- c:\program files\iTunesMiniPlayer.dll
2009-11-12 16:33 . 2009-11-12 16:33 10358048 ----a-w- c:\program files\iTunes.exe
2009-11-12 16:33 . 2009-11-12 16:33 722160 ----a-w- c:\program files\CDDBControlApple.dll
2009-11-12 16:33 . 2009-11-12 16:33 648480 ----a-w- c:\program files\iPodUpdaterExt.dll
2009-11-12 16:33 . 2009-11-12 16:33 14769448 ----a-w- c:\program files\iTunes.dll
2009-11-12 16:33 . 2009-11-12 16:33 111912 ----a-w- c:\program files\ITDetector.ocx
2009-11-12 16:32 . 2009-11-12 16:32 59083 ----a-w- c:\program files\Acknowledgements.rtf
2007-08-20 18:52 . 2007-08-20 18:51 942080 ----a-w- c:\program files\chkwin13.exe
2007-08-20 18:15 . 2007-08-20 18:15 160235 ----a-w- c:\program files\AMCheckers.exe
2007-03-30 13:06 . 2007-03-30 13:06 28515

w- c:\program files\[TorrentReactor[1].to] - 24.S06E10.HDTV.XviD-XOR [eztv].torrent
2007-03-30 12:28 . 2007-03-30 12:24 5653833

w- c:\program files\BitComet_0.83_setup.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-05-22_08.02.10 )))))))))))))))))))))))))))))))))))))))))
.
- 2005-11-17 16:54 . 2010-05-22 07:57 538140 c:\windows\system32\perfh009.dat
+ 2005-11-17 16:54 . 2010-05-22 08:21 538140 c:\windows\system32\perfh009.dat
+ 2005-11-17 16:54 . 2010-05-22 08:21 105834 c:\windows\system32\perfc009.dat
- 2005-11-17 16:54 . 2010-05-22 07:57 105834 c:\windows\system32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-25 68856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-03-23 1830128]
"{E7F2EABD-B684-668C-AC66-EB39DC075522}"="c:\documents and settings\manager\Application Data\Nyompe\imuf.exe" [2007-01-14 133693]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-11-18 30192]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-12-17 180269]
"PCSuiteTrayApplication"="c:\documents and settings\manager\Desktop\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360]
"SS_MW"="c:\program files\Radica\Stylin' Studio\SS_MW.exe" [2008-04-25 524288]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]
"Malwarebytes Anti-Malware (rootkit-scan)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\documents and settings\manager\Desktop\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Picture Package Menu.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2006-5-20 151552]
Picture Package VCD Maker.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2006-5-20 106496]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk
backup=c:\windows\pss\Picture Package Menu.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Picture Package VCD Maker.lnk
backup=c:\windows\pss\Picture Package VCD Maker.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^manager^Start Menu^Programs^Startup^HotSync Manager.LNK]
path=c:\documents and settings\manager\Start Menu\Programs\Startup\HotSync Manager.LNK
backup=c:\windows\pss\HotSync Manager.LNKStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 16:43 69632 ----a-w- c:\windows\ALCMTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
2005-09-21 13:32 2807808 ----a-w- c:\windows\ALCWZRD.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360

w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell AIO Printer A920]
2003-06-02 18:25 270336 ----a-w- c:\program files\Dell AIO Printer A920\dlbkbmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX7400 Series]
2007-04-12 06:00 182272 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATICDE.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-11-18 08:25 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
2005-01-07 16:07 61952

w- c:\windows\system32\HdAShCut.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 16:33 141600 ----a-w- c:\program files\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MBBalloon]
2006-12-15 10:45 787096 ----a-w- c:\program files\HOTALBUMMyBOX\MBBalloon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2005-08-31 19:27 1658592 ----a-w- c:\progra~1\MESSEN~1\Msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 23:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer]
2006-11-01 19:07 1003520 ----a-w- c:\program files\Real\RealPlayer\realplay.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2005-09-21 08:24 86016 ----a-w- c:\windows\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
2004-01-26 11:38 866816 ----a-w- c:\program files\Thomson\SpeedTouch USB\dragdiag.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STManager]
2003-10-16 13:25 118784

w- c:\program files\SpeedTouch\Dr SpeedTouch\drst.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2006-02-13 11:53 32881 ----a-w- c:\program files\Java\j2re1.4.2_11\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2005-12-17 00:48 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\Msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\manager\\My Documents\\Update Service\\Update Service.exe"=
"c:\\3D Home Designer\\Program\\ArCon.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\ypager.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10846:TCP"= 10846:TCP:BitComet 10846 TCP
"10846:UDP"= 10846:UDP:BitComet 10846 UDP
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 PzWDM;PzWDM;c:\windows\system32\drivers\PzWDM.sys [15/09/2007 11:23 15172]
R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [26/02/2010 08:45 390528]
R1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [25/02/2010 17:26 58984]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [25/02/2010 17:26 108904]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/03/2009 14:07 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23/03/2009 14:07 72944]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23/03/2009 14:07 7408]
R3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [17/11/2005 18:00 215040]
S2 gupdate1ca1c2af8964122;Google Update Service (gupdate1ca1c2af8964122);c:\program files\Google\Update\GoogleUpdate.exe [13/08/2009 16:29 133104]
S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [25/02/2010 17:25 779496]
S3 bfastfao;bfastfao;\??\c:\docume~1\manager\LOCALS~1\Temp\bfastfao.sys --> c:\docume~1\manager\LOCALS~1\Temp\bfastfao.sys [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [05/04/2008 19:48 13352]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [17/12/2005 01:55 30192]
.
Contents of the 'Scheduled Tasks' folder
2010-05-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2010-05-22 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-27 01:21]
2010-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-13 15:29]
2010-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-13 15:29]
2010-05-22 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-09 18:02]
.
.

rome1067 · 22 May 2010 at 11:28AM

Supplementary Scan

.
uStart Page = hxxp://www.tesco.net/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
Trusted Zone: bitcomet.com\www
Trusted Zone: tesco.net\memberservices
Trusted Zone: tesco.net\register
TCP: {83F1D94A-7D77-4E2C-BD6C-DE06DEDC968F} = 194.168.4.100 194.168.8.100
DPF: NTLSignup - hxxps://register.tesco.net/tesco/NTLSignup.cab
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://homebase.2020.net/Core/Player/2020PlayerAX_Win32.cab
FF - ProfilePath - c:\documents and settings\manager\Application Data\Mozilla\Firefox\Profiles\ksv9zr5c.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - SweetIM Search
FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\j2re1.4.2_11\bin\NPJPI142_11.dll
FF - plugin: c:\program files\Mozilla Plugins\npitunes.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -
Toolbar-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)

**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-22 11:18
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.

DLLs Loaded Under Running Processes

- - - - - - - > 'winlogon.exe'(868)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-05-22 11:23:31
ComboFix-quarantined-files.txt 2010-05-22 10:23
ComboFix2.txt 2010-05-22 08:10
Pre-Run: 181,008,945,152 bytes free
Post-Run: 180,972,716,032 bytes free
- - End Of File - - 7F82E5A9014268208125CF9B8FFBAD37

rome1067 · 22 May 2010 at 3:16PM

Really need to do some online banking, does anyone know if I'm ok to?

aliEnRIK · 22 May 2010 at 4:27PM

rome1067 wrote: »

Really need to do some online banking, does anyone know if I'm ok to?

Ive not had time to run through the log as yet. But I CAN tell you its been seriously infected

I personally wouldnt be running online banking just yet

Download and run the FREE version of DR WEB
http://www.freedrweb.com/download+cureit/gr/
Turn your anti virus OFF
Click CANCEL to the 'Would you like to read purchase terms now?' message
Click START click OK
It will auto QUICK scan
After that set to scan the WHOLE computer and press the 'play' icon

***DO NOT UPGRADE TO FULL VERSION***

rome1067 · 23 May 2010 at 12:50AM

Finally finished! Can't see a log anywhere to show though, what do I do now?!

The_Grandmaster · 23 May 2010 at 1:05AM

I've only used dr web once but it should at least tell you if it found anything or not?
No log if my memory is right...

Just write here how many files were scanned, what was detected (or not) and possibly how long the scan took too?

aliEnRIK · 23 May 2010 at 6:28AM

Log should be in one of these 2 locations ~

C:\Program Files\DrWeb
C:\Users\username\DoctorWeb

Dont post he whole thing (theyre hugh), just scan to the bottom and post anything (IF anything) its removed

Oh whats going on with computer??!!

Comments

Confirm your email address to Create Threads and Reply

🚀 Getting Started

Categories

Is this how you want to be seen?

Get our FREE Weekly email full of deals & guides - and it’s spam-free