We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Virus doing my head in help plz!!
Comments
-
Open notepad and copy/paste the text in RED below
File::
c:\windows\SET189.tmp
c:\windows\SET17D.tmp
c:\windows\SET17A.tmp
Save this as "CFScript"
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply
Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
:idea:0 -
here comes the second combofix log ....0
-
ComboFix 11-02-28.02 - Nicola 28/02/2011 23:45:49.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.1278.765 [GMT 0:00]
Running from: c:\documents and settings\Nicola\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Nicola\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FILE ::
"c:\windows\SET17A.tmp"
"c:\windows\SET17D.tmp"
"c:\windows\SET189.tmp"
.
(((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))
.
c:\windows\SET17A.tmp
c:\windows\SET17D.tmp
c:\windows\SET189.tmp
c:\windows\system32\USP10(3).DLL
.
(((((((((((((((((( Files Created from 2011-02-01 to 2011-03-01 )))))))))))))))))))))))
.
2011-02-28 22:40 . 2011-02-28 22:40
d
w- c:\windows\LastGood
2011-02-28 15:28 . 2011-02-23 14:54 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-02-28 15:28 . 2011-02-23 14:56 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-28 15:28 . 2011-02-23 14:55 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-28 15:28 . 2011-02-23 14:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-02-28 15:28 . 2011-02-23 14:55 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-02-28 15:28 . 2011-02-23 14:55 102232 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-02-28 15:28 . 2011-02-23 14:55 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-02-28 15:28 . 2011-02-23 14:54 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-02-28 15:28 . 2011-02-23 15:04 40648 ----a-w- c:\windows\avastSS.scr
2011-02-28 15:28 . 2011-02-23 15:04 190016 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-28 15:27 . 2011-02-28 15:27
d
w- c:\program files\AVAST Software
2011-02-28 15:27 . 2011-02-28 15:27
d
w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-02-28 15:11 . 2011-02-28 15:11
d
w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2011-02-28 14:10 . 2011-02-28 14:10
d
w- c:\documents and settings\Nicola\Local Settings\Application Data\Secunia PSI
2011-02-28 12:29 . 2011-02-28 12:29
d
w- c:\documents and settings\Nicola\Application Data\Trusteer
2011-02-28 12:28 . 2011-02-28 12:28
d
w- c:\program files\Trusteer
2011-02-28 12:24 . 2011-02-28 12:24
d
w- c:\documents and settings\All Users\Application Data\Trusteer
2011-02-28 12:17 . 2011-02-28 12:17
d
w- c:\program files\Secunia
2011-02-27 12:10 . 2011-02-27 12:11
d
w- c:\documents and settings\Nicola\Local Settings\Application Data\Deployment
2011-02-27 10:47 . 2011-02-27 10:47
d
w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-02-27 10:45 . 2011-02-27 10:45
d
w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2011-02-27 10:40 . 2005-09-20 09:31 135168 ----a-w- c:\windows\system32\igfxres.dll
2011-02-27 10:28 . 2004-08-12 14:03 6144 -c--a-w- c:\windows\system32\dllcache\pmxgl.dll
2011-02-27 10:27 . 2004-08-12 13:57 72192 -c--a-w- c:\windows\system32\dllcache\fxscom.dll
2011-02-27 10:24 . 2004-08-12 13:58 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2011-02-27 10:24 . 2004-08-12 13:58 16384 ----a-w- c:\program files\Internet Explorer\Connection Wizard\isignup.exe
2011-02-27 10:06 . 2004-08-12 14:06 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2011-02-27 10:06 . 2004-08-12 14:06 24661 ----a-w- c:\windows\system32\spxcoins.dll
2011-02-27 10:06 . 2004-08-12 13:58 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2011-02-27 10:06 . 2004-08-12 13:58 13312 ----a-w- c:\windows\system32\irclass.dll
2011-02-27 09:52 . 2011-02-27 09:52
d
w- c:\windows\dell
2011-02-27 08:25 . 2011-02-27 11:38
d
w- c:\documents and settings\All Users\Application Data\pOeFdPa06300
2011-02-10 16:15 . 2011-02-10 16:15 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
.
(((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))
.
2010-12-20 18:09 . 2008-09-30 06:48 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 18:08 . 2008-09-30 06:49 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
2011-02-23 15:04 814160 ----a-w- c:\program files\AVAST Software\Avast\aswWebRepIE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}"= "c:\program files\AVAST Software\Avast\aswWebRepIE.dll" [2011-02-23 814160]
[HKEY_CLASSES_ROOT\clsid\{8e5e2654-ad2d-48bf-ac2d-d17f00898d06}]
[HKEY_CLASSES_ROOT\Avast.WrcBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{CD3AF781-AF1F-4400-9A30-15470BE43AD9}]
[HKEY_CLASSES_ROOT\Avast.WrcBar]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 44032]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-31 385024]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-12 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Nokia Ovi Suite.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Nokia Ovi Suite.lnk
backup=c:\windows\pss\Nokia Ovi Suite.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Secunia PSI Tray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
backup=c:\windows\pss\Secunia PSI Tray.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Nicola^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Nicola\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2007-02-28 22:06 2321600 ----a-w- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-27 18:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
2009-08-31 11:25 623960 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2004-08-12 13:55 110592 ----a-w- c:\windows\SYSTEM32\bthprops.cpl
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-12 13:56 15360 ----a-w- c:\windows\SYSTEM32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-09-20 09:35 94208 ----a-w- c:\windows\SYSTEM32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-02-19 13:10 267048 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
2006-06-27 15:21 1449984 ----a-w- c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-01-31 23:13 385024 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2004-10-25 14:23 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
2010-08-29 18:41 160328 ----a-w- c:\program files\Siber Systems\AI RoboForm\robotaskbaricon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-02-22 03:25 144784 ----a-w- c:\program files\Java\jre1.6.0_05\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2009-09-04 13:49 1994480 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2009-11-13 11:31 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2006-06-21 17:14 35328 ----a-w- c:\program files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Messenger\\MSMSGS.EXE"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\StubInstaller.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\SYSTEM32\\dlbtcoms.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\WINDOWS\\PCHEALTH\\HELPCTR\\BINARIES\\helpctr.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"22694:TCP"= 22694:TCP:BitComet 22694 TCP
"22694:UDP"= 22694:UDP:BitComet 22694 UDP
"25584:TCP"= 25584:TCP:BitComet 25584 TCP
"25584:UDP"= 25584:UDP:BitComet 25584 UDP
R0 RapportKELL;RapportKELL;c:\windows\SYSTEM32\DRIVERS\RapportKELL.sys [10/02/2011 16:15 53816]
R1 aswSnx;aswSnx;c:\windows\SYSTEM32\DRIVERS\aswSnx.sys [28/02/2011 15:28 371544]
R1 aswSP;aswSP;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [28/02/2011 15:28 301528]
R1 RapportCerberus_23775;RapportCerberus_23775;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus_23775.sys [10/02/2011 16:22 54072]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [10/02/2011 16:15 63160]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [10/02/2011 16:15 156344]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [04/09/2009 13:50 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [04/09/2009 13:49 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [28/02/2011 15:28 19544]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [10/02/2011 16:15 821048]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [10/01/2011 14:24 993848]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [10/01/2011 14:24 399416]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [13/11/2009 11:31 92008]
R3 PSI;PSI;c:\windows\SYSTEM32\DRIVERS\psi_mf.sys [01/09/2010 08:30 15544]
S0 gptbzgd;gptbzgd; [x]
S0 sptd;sptd;c:\windows\SYSTEM32\DRIVERS\sptd.sys [27/09/2009 22:08 722416]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [27/07/2010 19:56 136176]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\SYSTEM32\DRIVERS\nmwcdnsu.sys [23/04/2008 21:32 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\SYSTEM32\DRIVERS\nmwcdnsuc.sys [23/04/2008 21:32 8320]
S3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso.sys [10/02/2011 16:22 18872]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [04/09/2009 13:50 7408]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
2011-02-28 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-12 22:00]
2011-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-27 19:56]
2011-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-27 19:56]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.yahoo.co.uk/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: &eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} - hxxp://www.mypixmania.com/uk/uk/importer/MypixUploader.cab
DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} - hxxp://sell.autotrader.co.uk/uk-ola/common/TraderMediaX.cab
DPF: {9C88EF87-3AA0-40AE-890C-4F260E8C3ABB} - file://c:\williamhillinstallation\WHVHR.ocx
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
FF - ProfilePath - c:\documents and settings\Nicola\Application Data\Mozilla\Firefox\Profiles\adax62ls.default\
FF - prefs.js: browser.search.selectedEngine - Big Snap
FF - prefs.js: browser.startup.homepage - https://www.yahoo.co.uk
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: AI Roboform Toolbar for Firefox: {22119944-ED35-4ab1-910B-E619EA06A115} - c:\program files\Siber Systems\AI RoboForm\Firefox
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-01 00:01
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
DLLs Loaded Under Running Processes
- - - - - - - > 'winlogon.exe'(788)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2011-03-01 00:09:11
ComboFix-quarantined-files.txt 2011-03-01 00:09
ComboFix2.txt 2011-02-28 22:49
Pre-Run: 28,519,755,776 bytes free
Post-Run: 28,493,574,144 bytes free
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 43AD04510A700161AFACE215DDB971CB0 -
Set to show hidden files and folders -
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/hiddenfiles.mspx
Follow this path and let me know if there are any files in the folder pOeFdPa06300
c:\documents and settings\All Users\Application Data\pOeFdPa06300:idea:0 -
there is one file in that folder also called pOeFdPa063000
-
When I open the folder this is what's inside
0 -
Open malwarebytes
Goto MORE TOOLS
then RUN TOOL
find and destroy that file:idea:0 -
Thanks that has been deleted
Do I need to do anything else?0 -
Hopefully your ok now
Id suggest a clean up then you should be good to go
Download CCLEANER
http://www.piriform.com/ccleaner/download/slim
Run the CLEANER scan (UNTICK 'cookies')
Then run the REGISTRY scan (Backup the registry when it asks):idea:0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351.7K Banking & Borrowing
- 253.4K Reduce Debt & Boost Income
- 454K Spending & Discounts
- 244.7K Work, Benefits & Business
- 600.1K Mortgages, Homes & Bills
- 177.3K Life & Family
- 258.4K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.2K Discuss & Feedback
- 37.6K Read-Only Boards