We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
The Forum now has a brand new text editor, adding a bunch of handy features to use when creating posts. Read more in our how-to guide
Hijack This Help
Comments
-
Click on the Save button, and when it asks you where to save it, make sure you save it directly to your Windows Desktop0
-
I tried to save it to their the first time but it wouldn't let me. That's when I tried C: I get the same message both times.
Any suggestions?Never look down on anybody unless you are helping them up.0 -
Download Firefox
http://www.mozilla-europe.org/en/firefox/
Goto TOOLS........OPTIONS......and set to SAVE FILES to (Browse for DESKTOP), apply and save it
Try using firefox to save combofix (This is to determine if its a browser specific problem):idea:0 -
The firefox download let me download combofix. Ran as administrator and it seemed to be doing whatever it is that it does! The box was telling me it was in the process of deleting files and then I got the BSOD before it shut down.
Will attempt another run later on today.Never look down on anybody unless you are helping them up.0 -
Have a look in C directory for COMBOFIX.TXT first
Post that (If it exists), then/or run combofix again (Mcrapee must be switched off):idea:0 -
ComboFix 10-09-04.05 - AliJ 05/09/2010 7:16:29.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2039.1110 [GMT 1:00]
Running from: C:\Users\AliJ\Desktop\ComboFix.exe
AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
Will run again.Never look down on anybody unless you are helping them up.0 -
ComboFix 10-09-04.06 - AliJ 05/09/2010 18:02:32.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2039.1124 [GMT 1:00]
Running from: c:\users\AliJ\Desktop\ComboFix.exe
AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run
.
c:\users\AliJ\AppData\Roaming\Microsoft\Windows\Recent\pal.sys
c:\users\AliJ\AppData\Roaming\Microsoft\Windows\Recent\sld.dll
c:\users\AliJ\AppData\Roaming\Microsoft\Windows\Recent\SM.drv
c:\users\AliJ\AppData\Roaming\Microsoft\Windows\Recent\tjd.sys
.
((((((((((((((((((((((((( Files Created from 2010-08-05 to 2010-09-05 )))))))))))))))))))))))))))))))
.
2010-09-05 17:12 . 2010-09-05 17:12
d
w- c:\users\AliJ\AppData\Local\temp
2010-09-05 17:12 . 2010-09-05 17:12
d
w- c:\users\Default\AppData\Local\temp
2010-09-05 06:02 . 2010-09-05 06:07
d
w- C:\32788R22FWJFW.1.tmp
2010-09-05 05:56 . 2010-08-30 13:33 43008 ----a-w- c:\users\AliJ\AppData\Roaming\Mozilla\Firefox\Profiles\fxyr9hov.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-09-05 05:56 . 2010-08-30 13:33 338944 ----a-w- c:\users\AliJ\AppData\Roaming\Mozilla\Firefox\Profiles\fxyr9hov.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-09-05 05:56 . 2010-08-30 13:33 346112 ----a-w- c:\users\AliJ\AppData\Roaming\Mozilla\Firefox\Profiles\fxyr9hov.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-09-05 05:56 . 2010-08-30 13:34 1496064 ----a-w- c:\users\AliJ\AppData\Roaming\Mozilla\Firefox\Profiles\fxyr9hov.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-09-04 11:39 . 2010-09-04 11:39 388096 ----a-r- c:\users\AliJ\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-04 11:39 . 2010-09-04 11:39
d
w- C:\HijackThis
2010-09-03 19:26 . 2009-06-30 08:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-09-03 19:26 . 2010-09-03 19:26
d
w- c:\program files\Panda Security
2010-09-03 18:50 . 2010-08-12 12:15 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-09-03 17:35 . 2010-08-12 12:15 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-09-03 17:34 . 2010-09-03 17:34
d
w- c:\users\AliJ\AppData\Local\Sunbelt Software
2010-09-03 17:34 . 2010-09-03 17:34
dc-h--w- c:\programdata\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2010-09-03 17:34 . 2010-08-12 12:16 2979848 -c--a-w- c:\programdata\{ECC164E0-3133-4C70-A831-F08DB2940F70}\Ad-AwareInstall.exe
2010-09-03 17:33 . 2010-09-03 17:35
d
w- c:\programdata\Lavasoft
2010-09-03 17:33 . 2010-09-03 17:33
d
w- c:\program files\Lavasoft
2010-09-02 20:57 . 2010-09-04 12:01
d
w- c:\programdata\Spybot - Search & Destroy
2010-09-02 20:57 . 2010-09-02 20:58
d
w- c:\program files\Spybot - Search & Destroy
2010-09-02 20:50 . 2010-09-02 20:51
d
w- c:\program files\CCleaner
2010-08-31 21:10 . 2010-08-31 21:10
d
w- c:\users\AliJ\AppData\Roaming\Uniblue
2010-08-30 13:26 . 2010-08-30 13:26
d
w- c:\users\AliJ\AppData\Local\Threat Expert
2010-08-30 12:48 . 2010-08-30 21:21
d
w- c:\program files\QuickTime
2010-08-29 17:02 . 2010-08-29 17:02
d
w- c:\users\AliJ\AppData\Roaming\Malwarebytes
2010-08-29 17:02 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-29 17:02 . 2010-08-29 17:02
d
w- c:\program files\Malwarebytes' Anti-Malware
2010-08-29 17:02 . 2010-08-29 17:02
d
w- c:\programdata\Malwarebytes
2010-08-29 17:02 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-29 16:30 . 2010-08-29 16:31
d
w- c:\windows\95431C66CF9A4913BFFF6050785AFB65.TMP
2010-08-29 16:30 . 2010-08-29 16:30
d
w- c:\program files\Common Files\Wise Installation Wizard
2010-08-29 16:20 . 2010-01-27 12:51 767952 ----a-w- c:\windows\BDTSupport.dll
2010-08-29 16:20 . 2010-01-22 07:56 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-08-29 16:20 . 2010-01-22 07:56 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-08-29 16:20 . 2010-01-22 07:56 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-08-29 16:20 . 2009-10-27 23:36 1152444 ----a-w- c:\windows\UDB.zip
2010-08-29 16:20 . 2008-11-26 10:08 131 ----a-w- c:\windows\IDB.zip
2010-08-29 16:17 . 2010-02-05 08:18 100136 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2010-08-29 16:17 . 2010-02-05 08:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-08-29 16:17 . 2010-03-29 09:06 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-08-29 16:17 . 2009-11-23 12:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-08-29 16:16 . 2010-04-08 13:29 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-08-29 16:16 . 2010-08-29 16:42
d
w- c:\program files\Spyware Doctor
2010-08-29 16:16 . 2010-08-29 16:17
d
w- c:\program files\Common Files\PC Tools
2010-08-29 16:16 . 2010-08-29 16:16
d
w- c:\users\AliJ\AppData\Roaming\PC Tools
2010-08-29 16:16 . 2010-08-29 16:16
d
w- c:\programdata\PC Tools
2010-08-29 15:47 . 2010-08-29 15:53
d
w- c:\program files\Windows Live Safety Center
2010-08-29 12:20 . 2010-08-29 12:20
d-sh--w- c:\programdata\MSKNKFWQS
2010-08-29 12:20 . 2010-08-29 17:15
d-sh--w- c:\programdata\a4c484e
2010-08-15 09:45 . 2010-08-15 09:45
d
w- c:\users\AliJ\New Folder
2010-08-11 16:49 . 2010-05-27 20:08 81920 ----a-w- c:\windows\system32\iccvid.dll
2010-08-11 16:49 . 2010-06-29 15:47 834048 ----a-w- c:\windows\system32\wininet.dll
2010-08-11 16:49 . 2010-06-28 16:13 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-08-11 16:49 . 2010-06-11 16:16 274944 ----a-w- c:\windows\system32\schannel.dll
2010-08-11 16:48 . 2010-06-21 13:37 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-08-11 16:48 . 2010-06-18 17:31 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-08-11 16:48 . 2010-06-08 17:35 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-11 16:48 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-11 16:48 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-08-11 16:48 . 2010-06-18 15:04 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-11 16:48 . 2010-06-18 15:04 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-11 16:48 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-08 12:29 . 2010-08-08 13:06
d
w- c:\program files\Audacity
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-05 17:13 . 2008-02-17 10:39
d
w- c:\programdata\Kontiki
2010-08-25 16:21 . 2007-05-30 08:24
d
w- c:\program files\Common Files\Java
2010-08-25 16:21 . 2007-05-30 08:24
d
w- c:\program files\Java
2010-08-24 21:25 . 2009-07-11 16:51
d
w- c:\users\AliJ\AppData\Roaming\Spotify
2010-08-13 17:31 . 2009-08-29 20:18
d
w- c:\program files\Lame for Audacity
2010-08-11 18:59 . 2006-11-02 11:18
d
w- c:\program files\Windows Mail
2010-07-26 16:18 . 2009-02-09 11:13
d
w- c:\program files\iTunes
2010-07-26 16:17 . 2010-07-26 16:17
d
w- c:\program files\iPod
2010-07-26 16:17 . 2007-08-27 18:58
d
w- c:\program files\Common Files\Apple
2010-07-26 16:12 . 2010-07-26 16:12 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-07-23 16:13 . 2008-10-20 16:35
d
w- c:\program files\McAfee
2010-07-18 19:00 . 2009-08-21 18:53
d
w- c:\users\AliJ\AppData\Roaming\Audacity
2010-07-17 04:00 . 2010-06-23 19:31 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-16 17:01 . 2009-11-30 15:56 1 ----a-w- c:\users\AliJ\AppData\Roaming\StarOffice\9\user\uno_packages\cache\stamp.sys
2010-07-15 14:18 . 2008-10-20 16:53 130424 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2010-06-11 19:18 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2007-05-21 433840]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-09 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"NSLauncher"="c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2006-11-28 2658304]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 2 (0x2)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan.lnk
backup=c:\windows\pss\McAfee Security Scan.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^AliJ^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^StarOffice 9.lnk]
path=c:\users\AliJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StarOffice 9.lnk
backup=c:\windows\pss\StarOffice 9.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 22:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-04-21 15:51 133104 ----atw- c:\users\AliJ\AppData\Local\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-04-04 13:26 154392 ----a-w- c:\windows\System32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-04-04 13:26 138008 ----a-w- c:\windows\System32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
2010-05-11 10:51 1287120 ----a-w- c:\program files\Spyware Doctor\pctsTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-21 14:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]
2008-01-25 10:08 1032376 ----a-w- c:\program files\Kontiki\KHost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-04-29 14:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
2009-10-29 06:54 1218008 ----a-w- c:\program files\McAfee.com\Agent\mcagent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher]
2006-11-28 00:12 2658304 ----a-w- c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\O2]
2008-03-28 21:47 198184 ----a-w- c:\program files\O2\bin\sprtcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-06-25 14:12 1414144 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-04-04 13:26 133912 ----a-w- c:\windows\System32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-08-10 04:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 10:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-02-09 20:09 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2007-04-13 14:19 861744 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tbbMeter]
2009-11-22 12:07 688648 ----a-w- c:\program files\thinkbroadband.com\tbbMeter\tbbmeter.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-11-30 09:33 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\topi]
2007-04-02 11:48 577536 ----a-w- c:\program files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba Registration]
2007-05-04 11:05 571024 ----a-w- c:\program files\TOSHIBA\Registration\ToshibaRegistration.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):30,19,ef,d9,de,08,cb,01
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-12 136176]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2010-08-12 15008]
R3 MusCAudio;MusCAudio;c:\windows\system32\drivers\MusCAudio.sys [2009-11-19 23096]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-08-12 64288]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-06-30 28552]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-03-29 218592]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-08-12 1355416]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2010-03-26 93320]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 sprtsvc_O2;SupportSoft Sprocket Service (O2);c:\program files\O2\bin\sprtsvc.exe [2007-06-07 202280]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
2010-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-12 17:06]
2010-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-12 17:06]
2010-09-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3153810372-2670517841-3656036660-1000Core.job
- c:\users\AliJ\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-21 15:51]
2010-09-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3153810372-2670517841-3656036660-1000UA.job
- c:\users\AliJ\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-21 15:51]
2008-10-20 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2009-10-21 11:22]
2010-09-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2009-10-21 11:22]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://search.myheritage.com
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89C30F0F8BD011D2.dll/cmsidewiki.html
IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4
IE: {{8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?!!!!!Toshibaukbholink-21&site=home
FF - ProfilePath - c:\users\AliJ\AppData\Roaming\Mozilla\Firefox\Profiles\fxyr9hov.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://search.myheritage.com/
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=mcafee&p=
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\users\AliJ\AppData\Roaming\Mozilla\Firefox\Profiles\fxyr9hov.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\users\AliJ\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - (no file)
HKCU-Run-RegistryBooster - c:\program files\Uniblue\RegistryBooster\launcher.exe
MSConfigStartUp-Family Tree Builder Update - c:\myheritage\Bin\FTBCheckUpdates.exe
MSConfigStartUp-NapsterShell - c:\program files\Napster\napster.exe
MSConfigStartUp-NDSTray - NDSTray.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-05 18:12
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i??????":)QO??X?j???j???j???j?
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-09-05 18:16:20
ComboFix-quarantined-files.txt 2010-09-05 17:16
Pre-Run: 7,396,974,592 bytes free
Post-Run: 7,227,027,456 bytes free
- - End Of File - - 6E1DC6D1CB36F76F40D64F2C3B36A562Never look down on anybody unless you are helping them up.0 -
Hows the redirects?:idea:0
-
So far, so good. Have rerun the scans and they have all been clear. :j
Thank you so much for your help.Never look down on anybody unless you are helping them up.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 353.5K Banking & Borrowing
- 254.1K Reduce Debt & Boost Income
- 455K Spending & Discounts
- 246.6K Work, Benefits & Business
- 602.9K Mortgages, Homes & Bills
- 178.1K Life & Family
- 260.6K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards