We’d like to remind Forumites to please avoid political debate on the Forum.

This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.

📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

Advice Please antiviractive

Maxwell
Maxwell Posts: 35 Forumite
in Techie Stuff
my son has got this virus on his Eee pc. it has completely taken over.
all i want to do is a factory reset by f9, but i cann't get this to work it just boots windows up.
it is running windows xp.

any hints and tips please.

Maxwell.
«1

Comments

  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    Download MALWAREBYTES (Make sure you click 'DOWNLOAD LATEST VERSION')
    http://www.filehippo.com/download_malwarebytes_anti_malware/
    Open malwarebytes and goto UPDATE and click 'check for updates'. After its updated goto SCANNER and click PERFORM QUICK SCAN then click SCAN
    Remove everything thats found (needs to be ticked)
    Post the COMPLETE log here AFTER youve deleted everything it finds
    If anything was found then do the exact same but run a FULL scan


    reboot

    Download HIJACK THIS (Make sure you click 'DOWNLOAD LATEST VERSION')
    http://www.filehippo.com/download_hijackthis/
    Click MAIN MENU then DO A SYSTEM SCAN AND SAVE A LOGFILE(Takes seconds) then post the log so we can see whats running
    (do NOT do anything else with Hijack but scan and post the FULL log)
    If you get a message that you cant write to the hosts file then Press the SHIFT key, and whilst holding it RIGHT CLICK and select RUN AS (admin)
    :idea:
  • Maxwell
    Maxwell Posts: 35 Forumite
    i can't get a wi-fi connection now it seems to have taken that over.

    there is nothing important on the netbook thats why i just want a factory reset.

    Maxwell.
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    Go into BIOS and stop the hardrive from booting?
    :idea:
  • Maxwell
    Maxwell Posts: 35 Forumite
    sorry i will instructions for this.

    Maxwell
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    When you said you were trying to press F9 at bootup to get it to factory reset?
    Well there should be another F key to get into BIOS (Should flash onscreen when you boot up)

    Then all you need to do is find the part that sets the BOOT list and remove the hardrive. SAVE the settings and then attempt F9 again
    :idea:
  • Maxwell
    Maxwell Posts: 35 Forumite
    back again with more time and internet connection sorted. i will go the removal virus way please with your help.

    Malwarebytes log

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org
    Database version: 4319
    Windows 5.1.2600 Service Pack 3
    Internet Explorer 6.0.2900.5512
    25/06/2010 15:49:17
    mbam-log-2010-06-25 (15-49-17).txt
    Scan type: Full scan (C:\|D:\|E:\|)
    Objects scanned: 182684
    Time elapsed: 50 minute(s), 24 second(s)
    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 3
    Registry Values Infected: 3
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 4
    Memory Processes Infected:
    (No malicious items detected)
    Memory Modules Infected:
    (No malicious items detected)
    Registry Keys Infected:
    HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\AVSolution (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\AVSolution (Trojan.Agent) -> Quarantined and deleted successfully.
    Registry Values Infected:
    HKEY_CURRENT_USER\Environment\evapp (Rogue.Antivir2010) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Environment\evuninst (Rogue.Antivir2010) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ocjgoopc (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.
    Registry Data Items Infected:
    (No malicious items detected)
    Folders Infected:
    (No malicious items detected)
    Files Infected:
    C:\Documents and Settings\xp\Local Settings\Temp\2D.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
    C:\Documents and Settings\xp\Local Settings\Temp\a364be51.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{70FD1DB3-E30F-48EC-ABEA-2DE81F03A8C6}\RP61\A0054788.exe (Rogue.Installer) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{70FD1DB3-E30F-48EC-ABEA-2DE81F03A8C6}\RP61\A0054789.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

    Maxwell
  • Maxwell
    Maxwell Posts: 35 Forumite
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 16:34:46, on 25/06/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Elantech\ETDCtrl.exe
    C:\Program Files\Elantech\ETDDect.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\EeePC\ACPI\AsTray.exe
    C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\EeePC\ACPI\AsEPCMon.exe
    C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\igfxext.exe
    C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://rm-uha.netsweeper.com:8080/webadmin/clientlogin/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5643
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe
    O4 - HKLM\..\Run: [ETDWareDetect] C:\Program Files\Elantech\ETDDect.exe
    O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe
    O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
    O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: SuperHybridEngine.lnk = ?
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1232971111828
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1232971104562
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    --
    End of file - 8763 bytes
  • Maxwell
    Maxwell Posts: 35 Forumite
    any help with the 2 logs please.

    Maxwell
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    Please run COMBOFIX
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Shut down your anti virus
    Follow the simple instructions it gives
    Post the COMPLETE log it creates here (Split into sections if need be) ~ if there are loads of 'SNAPSHOT' pages then leave them out

    If it comes up with a RENAMING error then RIGHT click the exe file and RENAME and call it QWERTY (Making the complete file name 'QWERTY.exe') Or SAVE as 'QWERTY' on download
    (If no log comes up or you lose it, COMBOFIX.TXT can be found in C drive)
    :idea:
  • Maxwell
    Maxwell Posts: 35 Forumite
    log file


    ComboFix 10-07-15.05 - xp 17/07/2010 15:36:54.1.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.674 [GMT 1:00]
    Running from: c:\documents and settings\xp\Desktop\QWERTY.exe
    AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    c:\program files\Common Files\Uninstall
    c:\windows\system32\Thumbs.db
    Infected copy of c:\windows\system32\drivers\rdpcdd.sys was found and disinfected
    Restored copy from - Kitty had a snack :p
    .
    ((((((((((((((((((((((((( Files Created from 2010-06-17 to 2010-07-17 )))))))))))))))))))))))))))))))
    .
    2010-07-17 14:34 . 2010-07-17 14:34 7935208 ----a-w- c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\tmp\dn_0000041c_00008b57\RapportSetup-Full.exe
    2010-07-01 11:07 . 2010-07-01 11:07 434176 ----a-w- c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\17053\RapportMS.dll
    2010-06-25 15:32 . 2010-06-25 15:32 388096 ----a-r- c:\documents and settings\xp\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2010-06-25 15:32 . 2010-06-25 15:32
    d
    w- c:\program files\Trend Micro
    2010-06-25 12:00 . 2010-06-25 12:00
    d
    w- c:\documents and settings\xp\Application Data\Malwarebytes
    2010-06-25 11:20 . 2010-06-25 11:20
    d
    w- c:\documents and settings\Administrator\Application Data\Malwarebytes
    2010-06-25 11:20 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-06-25 11:20 . 2010-06-25 11:20
    d
    w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-06-25 11:20 . 2010-06-25 11:20
    d
    w- c:\program files\Malwarebytes' Anti-Malware
    2010-06-25 11:20 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-06-25 08:11 . 2007-12-28 07:22 10296 ----a-w- c:\windows\system32\drivers\ASUSHWIO.SYS
    2010-06-23 18:41 . 2010-06-25 11:55
    d
    w- c:\documents and settings\xp\Local Settings\Application Data\msfxmqfag
    2010-06-19 11:33 . 2008-04-13 23:15 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys
    2010-06-19 11:33 . 2008-04-13 23:15 26112 ----a-w- c:\windows\system32\drivers\usbser.sys
    2010-06-19 11:33 . 2008-11-07 17:55 16928
    w- c:\windows\system32\spmsgXP_2k3.dll
    2010-06-19 10:46 . 2010-06-19 11:50
    d
    w- c:\documents and settings\xp\Application Data\Nokia
    2010-06-19 10:46 . 2010-06-19 11:33
    d
    w- c:\documents and settings\xp\Application Data\PC Suite
    2010-06-19 10:46 . 2010-06-19 11:33
    d
    w- c:\documents and settings\All Users\Application Data\PC Suite
    2010-06-19 10:44 . 2010-06-19 10:45
    d
    w- c:\program files\DIFX
    2010-06-19 10:44 . 2008-08-26 09:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
    2010-06-19 10:44 . 2010-06-19 10:44
    d
    w- c:\program files\PC Connectivity Solution
    2010-06-19 10:44 . 2010-02-26 13:32 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
    2010-06-19 10:44 . 2010-02-26 13:32 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
    2010-06-19 10:44 . 2010-02-26 13:32 22528 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
    2010-06-19 10:44 . 2010-02-26 13:32 662016 ----a-w- c:\windows\system32\nmwcdcocls.dll
    2010-06-19 10:44 . 2010-02-26 13:32 18176 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
    2010-06-19 10:44 . 2010-02-26 13:19 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
    2010-06-19 10:44 . 2010-02-26 13:32 92672 ----a-w- c:\windows\system32\nmwcdcls.dll
    2010-06-19 10:44 . 2010-06-19 13:35
    d
    w- c:\program files\Nokia
    2010-06-19 10:43 . 2010-06-19 10:42 35536248 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{18756A46-652E-4ED4-A029-C4940D59F09B}\Nokia_PC_Suite_eng_web.exe
    2010-06-19 10:43 . 2010-06-19 10:43 95232 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{18756A46-652E-4ED4-A029-C4940D59F09B}\Installer\CommonCustomActions\pcswpcsi.exe
    2010-06-19 10:43 . 2010-06-19 10:43 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{18756A46-652E-4ED4-A029-C4940D59F09B}\Installer\CommonCustomActions\UninstCCD.exe
    2010-06-19 10:43 . 2010-06-19 10:43 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{18756A46-652E-4ED4-A029-C4940D59F09B}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
    2010-06-19 10:43 . 2010-06-19 10:43 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{18756A46-652E-4ED4-A029-C4940D59F09B}\Installer\CommonCustomActions\UninstPCS.exe
    2010-06-19 10:42 . 2010-06-19 10:42
    d
    w- c:\documents and settings\All Users\Application Data\Installations
    2010-06-18 19:04 . 2010-06-18 19:04 60116 ---ha-w- c:\windows\system32\mlfcache.dat
    2010-06-18 18:52 . 2010-06-19 14:21
    d
    w- c:\documents and settings\xp\Application Data\Apple Computer
    2010-06-18 18:52 . 2009-05-18 12:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2010-06-18 18:52 . 2008-04-17 11:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
    2010-06-18 18:51 . 2010-06-18 18:51
    d
    w- c:\program files\iPod
    2010-06-18 18:51 . 2010-06-18 18:52
    d
    w- c:\program files\iTunes
    2010-06-18 18:51 . 2010-06-18 18:52
    d
    w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    2010-06-18 18:49 . 2010-06-18 18:51
    d
    w- c:\documents and settings\All Users\Application Data\Apple Computer
    2010-06-18 18:47 . 2010-06-18 18:47
    d
    w- c:\program files\Apple Software Update
    2010-06-18 18:47 . 2010-04-19 19:47 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll
    2010-06-18 18:47 . 2010-04-19 19:47 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
    2010-06-18 18:46 . 2010-06-18 18:46
    d
    w- c:\program files\Bonjour
    2010-06-18 18:46 . 2010-06-18 18:51
    d
    w- c:\program files\Common Files\Apple
    2010-06-18 18:15 . 2010-06-18 18:15
    d
    w- c:\documents and settings\Owner
    2010-06-18 18:09 . 2001-08-17 21:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
    2010-06-18 18:09 . 2008-04-14 04:42 159232 ----a-w- c:\windows\system32\ptpusd.dll
    2010-06-18 18:09 . 2008-04-13 23:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
    2010-06-18 18:09 . 2008-04-13 23:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-06-23 19:36 . 2010-01-26 18:01 1324 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-06-23 19:34 . 2010-06-23 19:33 136 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\fusioncache.dat
    2010-06-22 18:41 . 2009-10-13 01:32
    d
    w- c:\documents and settings\xp\Application Data\Skype
    2010-06-19 11:34 . 2010-06-19 11:34 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
    2010-06-19 11:34 . 2010-06-19 11:34 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_09_00.Wdf
    2010-06-19 11:33 . 2010-06-19 11:33 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
    2010-06-19 11:33 . 2010-06-19 11:33 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
    2010-06-18 18:50 . 2009-01-26 11:56
    d
    w- c:\program files\QuickTime
    2010-06-18 18:47 . 2009-01-26 11:55
    d
    w- c:\documents and settings\All Users\Application Data\Apple
    2010-06-15 19:01 . 2010-06-15 19:01 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
    2010-06-08 16:00 . 2009-01-26 11:52
    d
    w- c:\program files\Microsoft Silverlight
    2010-05-18 15:35 . 2010-05-18 15:35 91424 ----a-w- c:\windows\system32\dnssd.dll
    2010-05-18 15:35 . 2010-05-18 15:35 75040 ----a-w- c:\windows\system32\jdns_sd.dll
    2010-05-18 15:35 . 2010-05-18 15:35 197920 ----a-w- c:\windows\system32\dnssdX.dll
    2010-05-18 15:35 . 2010-05-18 15:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
    2010-05-02 05:22 . 2008-08-09 14:32 1851264 ----a-w- c:\windows\system32\win32k.sys
    2010-04-20 05:30 . 2008-08-09 14:32 285696 ----a-w- c:\windows\system32\atmfd.dll
    2008-05-07 23:34 . 2008-09-11 13:03 15523560 ----a-w- c:\program files\Install AiGuruU1 Skype Phone.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDCPL"="RTHDCPL.EXE" [2008-07-31 16806912]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-20 135168]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-20 159744]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-20 131072]
    "ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2008-09-03 335872]
    "ETDWareDetect"="c:\program files\Elantech\ETDDect.exe" [2008-08-23 204800]
    "AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2008-09-03 106496]
    "AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2008-09-03 593920]
    "AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2008-05-21 94208]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-26 136600]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2008-9-11 311296]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    @="Service"
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2009-12-18 08:58 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    2007-10-18 18:34 5724184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    2008-02-13 03:08 21898024 ----a-r- c:\program files\Skype\Phone\Skype.exe
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [03/03/2010 18:04 390528]
    R1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [01/07/2010 12:07 59240]
    R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [01/07/2010 12:07 166632]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [15/02/2010 19:16 108289]
    R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [01/07/2010 12:07 840936]
    S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [12/09/2008 03:42 625024]
    --- Other Services/Drivers In Memory ---
    *NewlyCreated* - RAPPORTMGMTSERVICE
    .
    Contents of the 'Scheduled Tasks' folder
    2010-06-18 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]
    2010-06-26 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
    - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 18:20]
    .
    .
    Supplementary Scan
    .
    uStart Page = hxxp://www.google.co.uk/
    uInternet Connection Wizard,ShellNext = hxxp://rm-uha.netsweeper.com:8080/webadmin/clientlogin/
    uInternet Settings,ProxyOverride = <local>
    uInternet Settings,ProxyServer = http=127.0.0.1:5643
    IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    .
    - - - - ORPHANS REMOVED - - - -
    SafeBoot-WudfPf
    SafeBoot-WudfRd
    MSConfigStartUp-AV - c:\program files\AV\Antivir.exe

    **************************************************************************
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-07-17 15:45
    Windows 5.1.2600 Service Pack 3 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    **************************************************************************
    .
    Completion time: 2010-07-17 15:47:33
    ComboFix-quarantined-files.txt 2010-07-17 14:47
    Pre-Run: 116,834,254,848 bytes free
    Post-Run: 117,134,999,552 bytes free
    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
    - - End Of File - - D36E2573606C59C85B18AE0A10A41FD4
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 352.5K Banking & Borrowing
  • 253.7K Reduce Debt & Boost Income
  • 454.4K Spending & Discounts
  • 245.5K Work, Benefits & Business
  • 601.4K Mortgages, Homes & Bills
  • 177.6K Life & Family
  • 259.4K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16K Discuss & Feedback
  • 37.7K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture