We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
PC problem Please Help! (NEW COMBOFIX RESULTS)
Options
Comments
-
Uninstall the EPSON toolbar
TICK and FIX these in hijack ~
R3 - URLSearchHook: (no name) - CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {43F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [aqxzscy] C:\WINDOWS\system32\kwqtjif.exe
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com (file missing)
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePokerMaster\EmpirePoker\RunEPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePokerMaster\EmpirePoker\RunEPoker.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...9/mcinsctl.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_mp3.cab
.............................................................................................
Please run COMBOFIX
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Shut down your anti virus
Follow the simple instructions it gives
Post the COMPLETE log it creates here (Split into sections if need be) ~ if there are loads of 'SNAPSHOT' pages then leave them out
If it comes up with a RENAMING error then RIGHT click the exe file and RENAME and call it QWERTY (Making the complete file name 'QWERTY.exe') Or SAVE as 'QWERTY' on download
(If no log comes up or you lose it, COMBOFIX.TXT can be found in C drive):idea:0 -
Thanks guys
Bit of an update
was still having problems and could not connect via Mozilla Firefox so decided to uninstall it
Wow PC is flying never known it move so quick it's a joy to use
Deleted a few other programs i dont use but the Mozilla thing really seemed to make a change.
Strange as i've not had any problems with it before whether it was that or deleting the trojan i don't know but it was still playing up after the trojan had been deleted.
Thanks for your help will look through suggestions and remove what is not needed.
I'm at work at the mo so cannot remember what hijack this looks like how do i tick and fix?
How would i stop Limewire running at startup?0 -
Simply rescan, TICK those that ive highlighted then click to FIX them (So the same as scanning except you also tick and fix JUST those ive highighted):idea:0
-
Thanks Rik
Just looked at the screenshots on Hippo and can see what i need to do
How do i stop Limewire running on startup?
Also going to uninstall Microsoft Essentials and go back to Avast.0 -
Right everything dnoe including the Limewire fix
Combofix scan log
ComboFix 10-08-26.02 - 26/08/2010 20:56:09.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.306 [GMT 1:00]
Running from: c:\documents and settings\\Desktop\QWERTY.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\\Application Data\Install.dat
c:\documents and settings\\Local Settings\Temporary Internet Files\temp1.htm
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\java.exe
c:\windows\wc98pp.dll
((((((((((((((((((((((((( Files Created from 2010-07-26 to 2010-08-26 )))))))))))))))))))))))))))))))
.
2010-08-26 18:21 . 2010-08-26 18:21
d
w- c:\windows\LastGood
2010-08-25 18:37 . 2010-08-25 18:37
d
w- c:\documents and settings\\Application Data\Malwarebytes
2010-08-25 18:35 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-25 18:34 . 2010-08-25 18:34
d
w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-25 18:33 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-25 18:30 . 2010-08-25 20:08
d
w- c:\program files\Malwarebytes' Anti-Malware
2010-08-25 18:06 . 2010-08-25 18:06
d-sh--w- c:\documents and settings\Administrator.\PrivacIE
2010-08-25 18:05 . 2010-08-25 18:05
d
w- c:\documents and settings\Administrator.\Local Settings\Application Data\Mozilla
2010-08-24 19:59 . 2010-06-24 12:21 743424
w- c:\windows\system32\dllcache\iedvtool.dll
2010-08-24 19:32 . 2010-08-24 19:32
d
w- C:\a0b04c15624eeee17f
2010-08-24 19:14 . 2010-08-24 19:14
d
w- c:\windows\system32\wbem\Repository
2010-08-24 19:11 . 2010-08-24 19:11
d
w- c:\windows\system32\QuickTime
2010-08-24 19:09 . 2010-08-24 19:09
d
w- c:\documents and settings\All Users\Application Data\NOS
2010-08-24 19:07 . 2010-08-24 19:07
d
w- c:\program files\Media Player Classic
2010-08-24 19:06 . 2010-08-24 19:06
d
w- c:\program files\Nokia
2010-08-24 19:06 . 2010-08-24 19:06
d
w- c:\program files\Common Files\PCSuite
2010-08-24 19:03 . 2010-08-24 19:13
d
w- c:\program files\Microsoft Silverlight
2010-08-24 19:02 . 2010-08-24 19:02
d
w- c:\program files\Lavasoft
2010-08-23 20:03 . 2010-08-24 19:03
d
w- c:\windows\system32\QuickTime(2)
2010-08-21 18:14 . 2010-08-21 18:14
d
w- c:\documents and settings\All Users\Application Data\Alwil Software
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-26 19:39 . 2005-09-24 18:45
d
w- c:\program files\Common Files\NSV
2010-08-25 21:02 . 2009-02-21 18:32
d
w- c:\program files\Holdem Indicator
2010-08-25 20:57 . 2009-11-08 19:15
d
w- c:\program files\ParadisePoker
2010-08-25 20:54 . 2007-07-14 18:22
d
w- c:\program files\Google
2010-08-25 20:19 . 2005-04-08 18:55
d
w- c:\program files\Trend Micro
2010-08-24 19:11 . 2004-12-30 17:02
d
w- c:\program files\Java
2010-08-24 19:11 . 2004-12-30 17:02
d
w- c:\program files\Common Files\Java
2010-08-24 19:11 . 2010-07-04 15:22
d
w- c:\documents and settings\All Users\Application Data\Apple
2010-08-24 19:11 . 2007-07-14 18:26
d
w- c:\program files\QuickTime Alternative
2010-08-24 19:11 . 2005-12-29 10:53
d
w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-08-24 19:11 . 2005-12-29 10:54
d
w- c:\program files\iTunes
2010-08-24 19:08 . 2006-01-05 20:44
d
w- c:\program files\iPod
2010-08-24 19:02 . 2005-02-02 17:38
d
w- c:\documents and settings\\Application Data\Lavasoft
2010-08-24 19:02 . 2004-12-30 17:02
d--h--w- c:\program files\InstallShield Installation Information
2010-08-24 19:02 . 2006-08-29 21:21
d
w- c:\program files\epson
2010-08-21 18:14 . 2006-08-08 20:31
d
w- c:\program files\Alwil Software
2010-07-04 17:41 . 2005-12-29 10:56
d
w- c:\documents and settings\\Application Data\Apple Computer
2010-07-04 15:27 . 2010-07-04 15:26
d
w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-06-30 23:46 . 2010-06-30 23:46 68136 ----a-w- c:\documents and settings\NetworkService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-30 12:31 . 2004-08-04 05:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2004-08-04 05:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-21 15:27 . 2004-08-04 05:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-08-04 05:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 07:41 . 2004-08-04 05:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-01 17:37 . 2009-11-12 17:11 221568
w- c:\windows\system32\MpSigStub.exe
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-11 290816]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-06-30 1388544]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"EPSON Stylus DX3800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE" [2005-02-08 98304]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\MSMSGS.EXE"=
"c:\\Program Files\\Coolstreaming\\coolstreaming.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\BaDoink\\giFT\\giFTl.exe"=
"c:\\Program Files\\Holdem Indicator\\HoldemIndicator.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
Contents of the 'Scheduled Tasks' folder
2010-08-26 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.sky.com
uInternet Connection Wizard,ShellNext = hxxp://www.ntlworld.com/broadband
uInternet Settings,ProxyOverride = 127.0.0.1;localhost
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?9eedc890b35b45aeb80edf2e415f147f
IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?9eedc890b35b45aeb80edf2e415f147f
Handler: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} -
DPF: Microsoft XML Parser for Java
.
- - - - ORPHANS REMOVED - - - -
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{DAA9F4A6-996D-44D7-AE05-E5449D517DF6} - (no file)
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-26 21:00
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
Completion time: 2010-08-26 21:03:41
ComboFix-quarantined-files.txt 2010-08-26 20:03
Pre-Run: 118,885,867,520 bytes free
Post-Run: 119,237,074,944 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - 3D6656CC940E89016F45B5DAEC7E90DA0 -
Open notepad and copy/paste the text in RED below
File::
c:\windows\system32\dllcache\iedvtool.dll
Save this as "CFScript" (FULL file will be 'CFScript.txt' EXACTLY as shown)
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply
Combofix should never take more that 30 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.:idea:0 -
alienRik
Sorry for delay been away
Heres the latest scan results
ComboFix 10-08-28.02 - 30/08/2010 12:42:21.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.285 [GMT 1:00]
Running from: c:\documents and settings\\Desktop\QWERTY.exe
Command switches used :: c:\documents and settings\\Desktop\CFScript.txt
FILE ::
"c:\windows\system32\dllcache\iedvtool.dll"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\\Application Data\inst.exe
c:\windows\system32\dllcache\iedvtool.dll
.
((((((((((((((((((((((((( Files Created from 2010-07-28 to 2010-08-30 )))))))))))))))))))))))))))))))
.
2010-08-29 16:28 . 2010-08-29 16:28
d
w- c:\documents and settings\All Users\Application Data\vsosdk
2010-08-29 16:06 . 2010-08-30 11:23
d
w- c:\documents and settings\\Application Data\Vso
2010-08-29 16:06 . 2010-08-29 16:06 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-08-29 16:06 . 2010-08-29 16:06 47360 ----a-w- c:\documents and settings\\Application Data\pcouffin.sys
2010-08-29 16:06 . 2010-02-09 15:37 102439 ----a-w- c:\windows\system32\sipr3260.dll
2010-08-29 16:06 . 2010-02-09 15:37 65602 ----a-w- c:\windows\system32\cook3260.dll
2010-08-29 16:06 . 2010-02-09 15:37 217127 ----a-w- c:\windows\system32\drv43260.dll
2010-08-29 16:06 . 2010-02-09 15:37 208935 ----a-w- c:\windows\system32\drv33260.dll
2010-08-29 16:06 . 2010-02-09 15:37 176165 ----a-w- c:\windows\system32\drv23260.dll
2010-08-29 16:06 . 2010-02-09 15:37 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2010-08-29 16:06 . 2010-02-09 15:37 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2010-08-26 20:28 . 2010-08-26 20:28
d
w- c:\documents and settings\\Local Settings\Application Data\Apple
2010-08-26 19:51 . 2010-08-26 20:03
d
w- C:\QWERTY
2010-08-25 18:37 . 2010-08-25 18:37
d
w- c:\documents and settings\\Application Data\Malwarebytes
2010-08-25 18:35 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-25 18:34 . 2010-08-25 18:34
d
w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-25 18:33 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-25 18:30 . 2010-08-25 20:08
d
w- c:\program files\Malwarebytes' Anti-Malware
2010-08-25 18:06 . 2010-08-25 18:06
d-sh--w- c:\documents and settings\Administrator.\PrivacIE
2010-08-25 18:05 . 2010-08-25 18:05
d
w- c:\documents and settings\Administrator.\Local Settings\Application Data\Mozilla
2010-08-24 20:10 . 2010-06-14 14:31 744448
w- c:\windows\system32\dllcache\helpsvc.exe
2010-08-24 19:32 . 2010-08-24 19:32
d
w- C:\a0b04c15624eeee17f
2010-08-24 19:14 . 2010-08-24 19:14
d
w- c:\windows\system32\wbem\Repository
2010-08-24 19:11 . 2010-08-24 19:11
d
w- c:\windows\system32\QuickTime
2010-08-24 19:09 . 2010-08-24 19:09
d
w- c:\documents and settings\All Users\Application Data\NOS
2010-08-24 19:07 . 2010-08-24 19:07
d
w- c:\program files\Media Player Classic
2010-08-24 19:03 . 2010-08-24 19:13
d
w- c:\program files\Microsoft Silverlight
2010-08-24 19:02 . 2010-08-24 19:02
d
w- c:\program files\Lavasoft
2010-08-23 20:03 . 2010-08-24 19:03
d
w- c:\windows\system32\QuickTime(2)
2010-08-21 18:14 . 2010-08-21 18:14
d
w- c:\documents and settings\All Users\Application Data\Alwil Software
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-30 11:22 . 2010-07-04 15:22
d
w- c:\documents and settings\All Users\Application Data\Apple
2010-08-30 11:20 . 2007-07-08 19:54
d
w- c:\program files\Windows Live Toolbar
2010-08-30 10:53 . 2005-12-29 10:53
d
w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-08-29 16:06 . 2005-10-05 20:29
d
w- c:\program files\VSO
2010-08-26 20:29 . 2005-12-29 10:56
d
w- c:\documents and settings\\Application Data\Apple Computer
2010-08-26 19:39 . 2005-09-24 18:45
d
w- c:\program files\Common Files\NSV
2010-08-25 21:02 . 2009-02-21 18:32
d
w- c:\program files\Holdem Indicator
2010-08-25 20:57 . 2009-11-08 19:15
d
w- c:\program files\ParadisePoker
2010-08-25 20:54 . 2007-07-14 18:22
d
w- c:\program files\Google
2010-08-25 20:19 . 2005-04-08 18:55
d
w- c:\program files\Trend Micro
2010-08-24 19:11 . 2004-12-30 17:02
d
w- c:\program files\Java
2010-08-24 19:11 . 2004-12-30 17:02
d
w- c:\program files\Common Files\Java
2010-08-24 19:11 . 2007-07-14 18:26
d
w- c:\program files\QuickTime Alternative
2010-08-24 19:11 . 2005-12-29 10:54
d
w- c:\program files\iTunes
2010-08-24 19:08 . 2006-01-05 20:44
d
w- c:\program files\iPod
2010-08-24 19:02 . 2005-02-02 17:38
d
w- c:\documents and settings\\Application Data\Lavasoft
2010-08-24 19:02 . 2004-12-30 17:02
d--h--w- c:\program files\InstallShield Installation Information
2010-08-24 19:02 . 2006-08-29 21:21
d
w- c:\program files\epson
2010-08-21 18:14 . 2006-08-08 20:31
d
w- c:\program files\Alwil Software
2010-07-04 15:27 . 2010-07-04 15:26
d
w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-06-30 23:46 . 2010-06-30 23:46 68136 ----a-w- c:\documents and settings\NetworkService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-30 12:31 . 2004-08-04 05:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2004-08-04 05:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2004-08-04 05:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-08-04 05:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-08-04 05:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2004-08-04 05:00 744448 ----a-w- c:\windows\PCHEALTH\HELPCTR\BINARIES\helpsvc.exe
2010-06-14 07:41 . 2004-08-04 05:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-01 17:37 . 2009-11-12 17:11 221568
w- c:\windows\system32\MpSigStub.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-08-26_20.00.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-11 23:02 . 2009-07-11 23:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-11 23:05 . 2009-07-11 23:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-11 23:05 . 2009-07-11 23:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2005-01-13 18:32 . 2010-08-26 22:06 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2005-01-13 18:32 . 2010-08-25 22:59 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2005-01-13 18:32 . 2010-08-26 22:06 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2005-01-13 18:32 . 2010-08-25 22:59 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2005-01-13 18:32 . 2010-08-25 22:59 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2005-01-13 18:32 . 2010-08-26 22:06 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2005-01-13 18:32 . 2010-08-26 22:06 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2005-01-13 18:32 . 2010-08-25 22:59 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2005-01-13 18:32 . 2010-08-25 22:59 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2005-01-13 18:32 . 2010-08-26 22:06 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2005-01-13 18:32 . 2010-08-25 22:59 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2005-01-13 18:32 . 2010-08-26 22:06 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2010-08-26 22:05 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB2229593\update\spcustom.dll
+ 2010-08-26 22:05 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB2229593\spmsg.dll
+ 2005-01-13 18:32 . 2010-08-26 22:06 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2005-01-13 18:32 . 2010-08-25 22:59 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-07-11 23:02 . 2009-07-11 23:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-11 23:05 . 2009-07-11 23:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2004-08-10 13:08 . 2010-08-29 13:35 249496 c:\windows\SYSTEM32\FNTCACHE.DAT
- 2004-08-10 13:08 . 2010-08-26 18:13 249496 c:\windows\SYSTEM32\FNTCACHE.DAT
+ 2010-08-26 20:19 . 2010-08-26 20:19 219648 c:\windows\Installer\73b357.msi
- 2005-01-13 18:32 . 2010-08-25 22:59 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2005-01-13 18:32 . 2010-08-26 22:06 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2005-01-13 18:32 . 2010-08-25 22:59 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2005-01-13 18:32 . 2010-08-26 22:06 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2005-01-13 18:32 . 2010-08-26 22:06 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2005-01-13 18:32 . 2010-08-25 22:59 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2005-01-13 18:32 . 2010-08-26 22:06 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2005-01-13 18:32 . 2010-08-25 22:59 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2005-01-13 18:32 . 2010-08-25 22:59 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2005-01-13 18:32 . 2010-08-26 22:06 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2005-01-13 18:32 . 2010-08-26 22:06 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2005-01-13 18:32 . 2010-08-25 22:59 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2010-08-26 22:05 . 2010-02-22 18:53 382840 c:\windows\$NtUninstallKB2229593$\spuninst\updspapi.dll
+ 2010-08-26 22:05 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB2229593$\spuninst\spuninst.exe
+ 2010-08-26 22:05 . 2008-04-14 00:12 744448 c:\windows\$NtUninstallKB2229593$\helpsvc.exe
+ 2010-08-26 22:05 . 2010-02-22 18:53 382840 c:\windows\$hf_mig$\KB2229593\update\updspapi.dll
+ 2010-08-26 22:05 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB2229593\update\update.exe
+ 2010-08-26 22:05 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB2229593\spuninst.exe
+ 2010-08-24 20:10 . 2010-06-14 14:38 744448 c:\windows\$hf_mig$\KB2229593\SP3QFE\helpsvc.exe
+ 2009-07-11 23:02 . 2009-07-11 23:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
+ 2008-10-17 15:57 . 2010-06-23 13:44 1851904 c:\windows\SYSTEM32\DLLCACHE\win32k.sys
- 2010-03-12 11:16 . 2009-10-23 15:28 3558912 c:\windows\SYSTEM32\DLLCACHE\moviemk.exe
+ 2010-03-12 11:16 . 2010-06-18 13:36 3558912 c:\windows\SYSTEM32\DLLCACHE\moviemk.exe
+ 2010-06-28 15:01 . 2010-06-28 15:01 7677952 c:\windows\Installer\d582b4.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-11 290816]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-06-30 1388544]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"EPSON Stylus DX3800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE" [2005-02-08 98304]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\MSMSGS.EXE"=
"c:\\Program Files\\Coolstreaming\\coolstreaming.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\BaDoink\\giFT\\giFTl.exe"=
"c:\\Program Files\\Holdem Indicator\\HoldemIndicator.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
--- Other Services/Drivers In Memory ---
*Deregistered* - avast! Web Scanner
.
.
Supplementary Scan
.
uStart Page = hxxp://www.sky.com
uInternet Connection Wizard,ShellNext = hxxp://www.ntlworld.com/broadband
uInternet Settings,ProxyOverride = 127.0.0.1;localhost
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
Handler: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} -
DPF: Microsoft XML Parser for Java
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-30 12:48
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2010-08-30 12:53:00
ComboFix-quarantined-files.txt 2010-08-30 11:52
ComboFix2.txt 2010-08-26 20:03
Pre-Run: 116,645,146,624 bytes free
Post-Run: 116,641,705,984 bytes free
- - End Of File - - DB811B76571AD115E3B25E5A61F646F50 -
Looks good
Give it a clean next ~
Download CCLEANER
http://www.piriform.com/ccleaner/download/slim
Run the CLEANER scan (UNTICK 'cookies')
Then run the REGISTRY scan (Backup the registry when it asks)
And you should be good to go:idea:0 -
Ok will do
Thanks for all your help0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 350.9K Banking & Borrowing
- 253.1K Reduce Debt & Boost Income
- 453.5K Spending & Discounts
- 243.9K Work, Benefits & Business
- 598.8K Mortgages, Homes & Bills
- 176.9K Life & Family
- 257.2K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards