We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
My slow computer is driving me mad
Options
Comments
-
There were no faults indicated with combofix, I promise. I've checked C drive. It's fairly quiet in there and uncrowded and I can see nothing which would be a combofix log. Could it be somewhere else/under a different name?
I can always run it again, it's still resident on my system.0 -
combofix logs are usually a notepad file, directly in the C: drive, combofix.txt if I remember rightly..........Gettin' There, Wherever There is......
I have a dodgy "i" key, so ignore spelling errors due to "i" issues, ...I blame Apple
0 -
the only time I've known CF not produce a log is when there is still some form of infection lingering to prevent it.... probably not what you wanted to hear, but...........Gettin' There, Wherever There is......
I have a dodgy "i" key, so ignore spelling errors due to "i" issues, ...I blame Apple0 -
I've run it again:
ComboFix 11-05-30.08 - Glyn 31/05/2011 17:13:48.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2815.2153 [GMT 1:00]
Running from: c:\documents and settings\Glyn\Desktop\ComboFix.exe
AV: Spyware Doctor with AntiVirus *Disabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
((((((((((((
Other Deletions )))))))))))
---- Previous Run
c:\documents and settings\Glyn\Application Data\PriceGong
c:\documents and settings\Glyn\SendTo\RemoveOnReboot.exe
c:\documents and settings\Glyn\WINDOWS
c:\windows\system32\userinit.exe . . . is infected!!
(((((((((( Drivers/Services )))))
\Legacy_MYWEBSEARCHSERVICE
.
.
(((((( Files Created from 2011-04-28 to 2011-05-31 ))))))))))))
.
.
2011-05-30 17:16 . 2011-05-30 17:17
d
w- c:\program files\CCleaner
2011-05-30 14:45 . 2011-05-30 14:45
d
w- c:\documents and settings\Glyn\Local Settings\Application Data\VS Revo Group
2011-05-30 14:45 . 2009-12-30 10:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2011-05-30 14:45 . 2011-05-30 14:45
d
w- c:\program files\VS Revo Group
2011-05-30 08:40 . 2008-07-08 07:45 4984 ----a-w- c:\windows\system32\drivers\nvphy.bin
2011-05-28 15:11 . 2011-05-30 17:18
d
w- c:\documents and settings\Glyn\Application Data\Media Player Classic
2011-05-28 14:50 . 2011-03-14 10:18 389248 ----a-w- C:\AFUWIN.exe
2011-05-28 12:52 . 2011-05-30 17:20
d
w- c:\documents and settings\Glyn\Local Settings\Application Data\eSupport.com
2011-05-28 12:10 . 2011-05-28 12:10
d
w- c:\documents and settings\UpdatusUser
2011-05-28 12:10 . 2011-05-28 12:10
d
w- c:\documents and settings\All Users\Application Data\NVIDIA
2011-05-28 12:09 . 2011-05-28 12:09
d
w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2011-05-28 12:08 . 2011-04-08 05:14 944232 ----a-w- c:\windows\system32\nvdispco3220140.dll
2011-05-28 12:08 . 2011-04-08 05:14 855656 ----a-w- c:\windows\system32\nvgenco322060.dll
2011-05-28 11:46 . 2011-05-28 11:46 388096 ----a-r- c:\documents and settings\Glyn\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-05-28 11:33 . 2011-05-28 11:46
d
w- c:\program files\Trend Micro
2011-05-27 15:25 . 2011-05-27 15:25
d
w- c:\documents and settings\Glyn\Local Settings\Application Data\FixItCenter
2011-05-27 15:20 . 2011-05-27 15:20
d
w- c:\windows\MATS
2011-05-27 15:20 . 2011-05-27 15:20
d
w- c:\program files\Microsoft Fix it Center
2011-05-27 13:35 . 2008-04-14 04:42 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2011-05-27 13:35 . 2008-04-14 04:42 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2011-05-27 13:35 . 2001-08-17 21:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2011-05-27 13:35 . 2001-08-17 21:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2011-05-27 13:35 . 2001-08-17 21:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2011-05-27 13:35 . 2001-08-17 21:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2011-05-27 13:35 . 2001-08-17 11:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2011-05-27 13:35 . 2008-04-13 21:04 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2011-05-27 13:35 . 2008-04-13 21:04 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2011-05-27 13:35 . 2008-04-14 04:42 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2011-05-27 13:33 . 2008-04-13 21:04 11935 -c--a-w- c:\windows\system32\dllcache\wadv11nt.sys
2011-05-27 13:32 . 2001-08-17 12:28 794399 -c--a-w- c:\windows\system32\dllcache\usr1806v.sys
2011-05-27 13:31 . 2001-08-17 11:51 166784 -c--a-w- c:\windows\system32\dllcache\tridxpm.sys
2011-05-27 13:30 . 2001-08-17 11:13 37961 -c--a-w- c:\windows\system32\dllcache\tdk100b.sys
2011-05-27 13:29 . 2001-08-17 12:51 16896 -c--a-w- c:\windows\system32\dllcache\stcusb.sys
2011-05-27 13:28 . 2001-08-17 11:12 25034 -c--a-w- c:\windows\system32\dllcache\smcpwr2n.sys
2011-05-27 13:27 . 2008-04-14 04:42 3901 -c--a-w- c:\windows\system32\dllcache\siint5.dll
2011-05-27 13:26 . 2001-08-17 11:50 77824 -c--a-w- c:\windows\system32\dllcache\s3sav4m.sys
2011-05-27 13:25 . 2008-04-13 22:53 13776 -c--a-w- c:\windows\system32\dllcache\recagent.sys
2011-05-27 13:24 . 2008-04-13 23:11 17664 -c--a-w- c:\windows\system32\dllcache\ppa3.sys
2011-05-27 13:23 . 2001-08-17 21:36 41984 -c--a-w- c:\windows\system32\dllcache\ovui2rc.dll
2011-05-27 13:22 . 2001-08-17 11:49 51552 -c--a-w- c:\windows\system32\dllcache\ntgrip.sys
2011-05-27 13:22 . 2001-08-17 12:47 9344 -c--a-w- c:\windows\system32\dllcache\ntapm.sys
2011-05-27 13:22 . 2001-08-17 12:53 7552 -c--a-w- c:\windows\system32\dllcache\nsmmc.sys
2011-05-27 13:22 . 2008-04-13 23:24 28672 -c--a-w- c:\windows\system32\dllcache\nscirda.sys
2011-05-27 13:22 . 2001-08-17 11:20 87040 -c--a-w- c:\windows\system32\dllcache\nm6wdm.sys
2011-05-27 13:22 . 2001-08-17 11:20 126080 -c--a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2011-05-27 13:22 . 2001-08-17 11:12 32840 -c--a-w- c:\windows\system32\dllcache\ngrpci.sys
2011-05-27 13:22 . 2008-04-13 21:05 132695 -c--a-w- c:\windows\system32\dllcache\netwlan5.sys
2011-05-27 13:20 . 2008-04-13 23:16 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys
2011-05-27 13:20 . 2001-08-17 12:48 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys
2011-05-27 13:20 . 2001-08-17 13:00 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2011-05-27 13:20 . 2008-04-13 23:24 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
2011-05-27 13:20 . 2001-08-17 13:02 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2011-05-27 13:20 . 2001-08-17 12:48 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2011-05-27 13:20 . 2008-04-13 23:16 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2011-05-27 13:20 . 2001-08-17 12:52 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
2011-05-27 13:20 . 2008-04-13 23:16 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2011-05-27 13:20 . 2001-08-17 12:57 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2011-05-27 13:18 . 2001-08-17 11:11 25065 -c--a-w- c:\windows\system32\dllcache\lmndis3.sys
2011-05-27 13:17 . 2001-08-17 12:49 26624 -c--a-w- c:\windows\system32\dllcache\irstusb.sys
2011-05-27 13:16 . 2001-08-17 13:06 154496 -c--a-w- c:\windows\system32\dllcache\icam4usb.sys
2011-05-27 13:15 . 2001-08-17 12:28 50751 -c--a-w- c:\windows\system32\dllcache\hsf_tone.sys
2011-05-27 13:14 . 2008-04-13 23:15 19200 -c--a-w- c:\windows\system32\dllcache\hidir.sys
2011-05-27 13:13 . 2001-08-17 11:10 22090 -c--a-w- c:\windows\system32\dllcache\fem556n5.sys
2011-05-27 13:12 . 2001-08-17 11:11 70174 -c--a-w- c:\windows\system32\dllcache\el98xn5.sys
2011-05-27 13:11 . 2001-08-17 11:17 42432 -c--a-w- c:\windows\system32\dllcache\digirlpt.sys
2011-05-27 13:10 . 2001-08-17 11:11 60970 -c--a-w- c:\windows\system32\dllcache\cpqtrnd5.sys
2011-05-27 13:09 . 2008-04-13 23:16 18944 -c--a-w- c:\windows\system32\dllcache\bthusb.sys
2011-05-27 13:08 . 2001-08-17 11:49 9472 -c--a-w- c:\windows\system32\dllcache\ativmdcd.sys
2011-05-27 13:07 . 2008-04-14 04:41 3647 -c--a-w- c:\windows\system32\dllcache\adv07nt5.dll
2011-05-27 13:06 . 2001-08-17 13:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2011-05-25 13:58 . 2011-05-30 15:02
d
w- C:\UBCD4Win
2011-05-25 12:33 . 2011-05-25 12:33
d
w- c:\program files\MSECache
2011-05-25 07:55 . 2011-05-25 07:55
d
w- c:\documents and settings\Glyn\Local Settings\Application Data\PCHealth
2011-05-23 17:30 . 2011-05-23 17:30
d
w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2011-05-23 09:51 . 2011-05-23 09:52
d
w- c:\documents and settings\Glyn\Application Data\Apple Computer
2011-05-23 09:49 . 2011-05-28 16:23 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2011-05-23 09:49 . 2011-05-28 16:23 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2011-05-23 09:49 . 2011-05-28 16:23 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2011-05-23 09:49 . 2011-05-28 16:23 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2011-05-23 09:49 . 2011-05-28 16:23 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2011-05-23 09:49 . 2011-05-28 16:23 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2011-05-23 09:49 . 2011-05-28 16:23 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2011-05-23 09:49 . 2011-05-23 09:49
d
w- c:\documents and settings\All Users\Application Data\Apple Computer
2011-05-23 09:48 . 2011-05-23 09:48
d
w- c:\program files\Common Files\Apple
2011-05-23 09:48 . 2011-05-23 09:48
d
w- c:\documents and settings\Glyn\Local Settings\Application Data\Apple
2011-05-23 09:48 . 2011-05-23 09:48
d
w- c:\program files\Apple Software Update
2011-05-23 09:48 . 2011-05-23 09:48
d
w- c:\documents and settings\All Users\Application Data\Apple
2011-05-23 09:48 . 2011-05-23 09:48
d
w- c:\documents and settings\Glyn\Local Settings\Application Data\Apple Computer
2011-05-20 16:50 . 2011-05-28 16:12 17480 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-05-20 16:50 . 2011-05-20 17:22
d
w- c:\program files\Hitman Pro 3.5
2011-05-20 16:49 . 2011-05-28 16:12
d
w- c:\documents and settings\All Users\Application Data\Hitman Pro
2011-05-20 10:18 . 2011-05-20 10:18
d
w- c:\documents and settings\Glyn\Application Data\Malwarebytes
2011-05-20 10:17 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-20 10:17 . 2011-05-20 10:17
d
w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-05-20 10:17 . 2011-05-20 10:17
d
w- c:\program files\Malwarebytes' Anti-Malware
2011-05-20 10:17 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-19 11:55 . 2011-05-19 11:55
d
w- c:\documents and settings\Glyn\Application Data\PCTools
2011-05-18 17:52 . 2011-05-30 17:18
d
w- c:\documents and settings\Glyn\Local Settings\Application Data\BearShare
2011-05-18 17:51 . 2011-05-18 17:52
d
w- c:\documents and settings\All Users\Application Data\BearShare
2011-05-18 17:51 . 2011-05-18 17:51
d
w- c:\program files\BearShare Applications
2011-05-18 17:48 . 2011-05-18 17:52
dc-h--w- c:\documents and settings\All Users\Application Data\{BABF6F4E-3651-4AC1-876A-46BE5B95D594}
2011-05-18 17:47 . 2011-05-18 17:47
d
w- c:\documents and settings\Glyn\Local Settings\Application Data\PackageAware
2011-05-18 17:47 . 2011-05-18 17:47
d
w- c:\program files\BitTorrent
2011-05-18 17:46 . 2011-05-30 14:51
d
w- c:\documents and settings\Glyn\Application Data\BitTorrent
2011-05-18 17:45 . 2011-05-18 17:45
d
w- c:\windows\FLV Player
2011-05-18 17:45 . 2011-05-18 17:45
d
w- c:\program files\FLV Player
2011-05-18 17:08 . 2011-05-18 17:45
d
w- c:\program files\DivX
2011-05-18 17:03 . 2011-05-18 17:45
d
w- c:\documents and settings\All Users\Application Data\DivX
2011-05-18 15:24 . 2011-05-18 17:46
d
w- c:\documents and settings\Glyn\New Folder
2011-05-18 15:12 . 2011-01-20 12:27 69392 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2011-05-18 15:12 . 2011-01-20 12:27 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2011-05-18 15:12 . 2011-01-20 12:27 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2011-05-18 13:04 . 2011-05-18 13:04
d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-05-18 12:53 . 2011-05-18 12:55
d
w- c:\documents and settings\Glyn\Application Data\ImgBurn
2011-05-18 12:51 . 2011-05-18 12:51
d
w- c:\program files\ImgBurn
2011-05-18 12:46 . 2011-05-18 12:46
d
w- c:\documents and settings\Glyn\Local Settings\Application Data\WinZip
2011-05-18 12:46 . 2011-05-18 12:46
d
w- c:\documents and settings\All Users\Application Data\WinZip
2011-05-18 12:29 . 2011-05-19 11:51
d
w- c:\documents and settings\Glyn\Application Data\Nero
2011-05-18 12:29 . 2011-05-23 16:43
d
w- c:\documents and settings\Glyn\Local Settings\Application Data\Nero
2011-05-18 12:20 . 2011-05-18 12:22
d
w- c:\program files\Nero
2011-05-18 12:20 . 2011-05-18 12:21
d
w- c:\program files\Common Files\Nero
2011-05-18 12:20 . 2011-05-18 12:22
d
w- c:\documents and settings\All Users\Application Data\Nero
2011-05-18 11:39 . 2011-05-28 17:08
d
w- c:\program files\RapidShareManager
2011-05-18 11:35 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2011-05-18 11:35 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
.
.
((((((((( Find3M Report )))))))))))
.
2011-04-27 14:37 . 2010-10-11 14:05 149456 ----a-w- c:\windows\SGDetectionTool.dll
2011-04-27 14:37 . 2010-10-11 14:05 2074576 ----a-w- c:\windows\PCTBDCore.dll
2011-04-27 14:37 . 2010-10-11 14:05 1533904 ----a-w- c:\windows\PCTBDRes.dll
2011-04-27 14:36 . 2010-10-11 14:05 767952 ----a-w- c:\windows\BDTSupport.dll
2011-04-08 05:14 . 2010-07-10 04:38 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-04-08 05:14 . 2010-07-10 04:38 2770536 ----a-w- c:\windows\system32\nvcuvid.dll
2011-04-08 05:14 . 2010-07-10 04:38 2074216 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-04-08 05:14 . 2010-07-10 04:38 13000704 ----a-w- c:\windows\system32\nvcompiler.dll
2011-04-08 05:14 . 2008-09-17 23:55 5210112 ----a-w- c:\windows\system32\nvcuda.dll
2011-04-08 05:14 . 2006-10-31 06:35 4111232 ----a-w- c:\windows\system32\nv4_disp.dll
2011-04-08 05:14 . 2006-10-31 06:35 2027008 ----a-w- c:\windows\system32\nvapi.dll
2011-04-08 05:14 . 2006-10-31 06:35 14856192 ----a-w- c:\windows\system32\nvoglnt.dll
2011-04-08 05:14 . 2006-10-31 06:35 12501600 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-04-07 21:15 . 2011-04-07 21:15 81920 ----a-w- c:\windows\system32\nvwddi.dll
2011-04-07 21:15 . 2011-04-07 21:15 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-04-07 21:15 . 2011-04-07 21:15 277608 ----a-w- c:\windows\system32\nvmccs.dll
2011-04-07 21:15 . 2011-04-07 21:15 13891176 ----a-w- c:\windows\system32\nvcpl.dll
2011-04-07 21:15 . 2011-04-07 21:15 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-04-07 21:15 . 2011-04-07 21:15 155752 ----a-w- c:\windows\system32\nvsvc32.exe
2011-04-07 21:15 . 2011-04-07 21:15 145000 ----a-w- c:\windows\system32\nvcolor.exe
2011-03-11 14:10 . 2008-04-14 04:41 471552 ----a-w- c:\windows\apppatch\aclayers.dll
2011-03-11 07:06 . 2010-10-11 13:53 160576 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-03-10 09:06 . 2010-10-11 13:53 263888 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-03-07 05:33 . 2009-01-12 10:10 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2008-04-14 04:42 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2008-04-14 00:00 1857920 ----a-w- c:\windows\system32\win32k.sys
.
.
((((( Reg Loading Points )))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-25 16855552]
"PrnStatusMX"="c:\program files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe" [2007-08-29 1077248]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"PCTools FGuard"="c:\program files\Spyware Doctor\BDT\FGuard.exe" [2011-04-27 247760]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-06-12 151552]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"NvMediaCenter"="NvMCTray.dll" [2011-04-07 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-04-07 13891176]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-02-24 1753192]
.
c:\documents and settings\Glyn\Start Menu\Programs\Startup\
Microsoft Office Outlook 2007.lnk - c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\outicon.exe [2009-1-13 845584]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [11/10/2010 14:53 263888]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [17/05/2011 15:29 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [17/05/2011 15:29 656320]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [18/05/2011 16:12 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [18/05/2011 16:12 69392]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [11/10/2010 14:53 251560]
R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [17/05/2011 15:28 233976]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [11/10/2010 15:05 337872]
R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [29/03/2011 15:33 598312]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [28/05/2011 13:09 2218600]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [13/10/2010 13:31 632792]
R3 NeroCd2k;NeroCd2k;c:\windows\system32\drivers\NeroCD2k.sys [16/04/2001 11:54 44227]
S2 AMService;AMService;c:\windows\TEMP\jpbs\setup.exe run --> c:\windows\TEMP\jpbs\setup.exe run [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S3 cpuz134;cpuz134;\??\c:\docume~1\Glyn\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\Glyn\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [16/11/2010 01:10 267568]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [11/10/2010 14:52 70536]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [30/05/2011 15:45 27064]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [17/05/2011 15:28 371472]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [18/05/2011 16:12 33552]
S3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]
S3 UCORESYS;UCORESYS;\??\c:\ucoresys.sys --> c:\UCORESYS.SYS [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [14/04/2008 05:42 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2011-05-31 c:\windows\Tasks\ConfigExec.job
- c:\program files\Microsoft Fix it Center\MatsApi.dll [2010-11-16 00:09]
.
2011-05-31 c:\windows\Tasks\DataUpload.job
- c:\program files\Microsoft Fix it Center\MatsApi.dll [2010-11-16 00:09]
.
2011-05-30 c:\windows\Tasks\RMSchedule.job
- c:\program files\Registry Mechanic\RegMech.exe [2010-10-13 13:14]
.
2011-05-31 c:\windows\Tasks\RMSmartUpdate.job
- c:\program files\Registry Mechanic\Update.exe [2010-10-13 10:26]
.
Supplementary Scan
.
uStart Page = hxxp://www.belfasttelegraph.co.uk/
uInternet Settings,ProxyOverride = *.local
LSP: c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll
Trusted Zone: microsoft.com\v4.windowsupdate
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: microsoft.com%20https\v5.windowsupdate
Trusted Zone: updatexp.com\www
Trusted Zone: windowsupdate.com\download
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Notify-avgrsstarter - avgrsstx.dll
.
.
***************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-31 17:44
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
*******************
.
---- DLLs Loaded Under Running Processes
.
- - - - - - - > 'lsass.exe'(744)
c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll
.
- - - - - - - > 'explorer.exe'(1404)
c:\windows\system32\WININET.dll
c:\program files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\MSVCR80.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Other Running Processes
.
c:\windows\system32\nvsvc32.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Retrospect\Retrospect 7.5\retrorun.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\RTHDCPL.EXE
c:\windows\system32\RunDLL32.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wscntfy.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
.
**************************
.
Completion time: 2011-05-31 17:50:49 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-31 16:50
.
Pre-Run: 438,844,841,984 bytes free
Post-Run: 438,828,912,640 bytes free
.
- - End Of File - - ECE43133D2034468F888C45BEFE4E3DD0 -
Your machine was (And still is, although combofix removed some parts) infected
Open notepad and copy/paste the text in RED below
File::
c:\windows\system32\nvdispco3220140.dll
c:\windows\system32\nvgenco322060.dll
Save this as "CFScript" (FULL file will be 'CFScript.txt' EXACTLY as shown)
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply
(If SNAPSHOT is stupidly large, leave that part out)
Combofix should never take more that 30 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.:idea:0 -
Done exactly as you said. Here is the log. I feel a bit sheepish having missed what you spotted.
ComboFix 11-05-31.02 - Glyn 01/06/2011 10:25:28.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2815.2201 [GMT 1:00]
Running from: c:\documents and settings\Glyn\Desktop\Glyn.exe
Command switches used :: c:\documents and settings\Glyn\Desktop\CFScript.txt
AV: Spyware Doctor with AntiVirus *Disabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
* Created a new restore point
.
.
(((( Files Created from 2011-05-01 to 2011-06-01 ))))
.
.
2011-06-01 09:16 . 2011-06-01 09:17
d
w- C:\Glyn
2011-05-30 17:16 . 2011-05-30 17:17
d
w- c:\program files\CCleaner
2011-05-30 14:45 . 2011-05-30 14:45
d
w- c:\documents and settings\Glyn\Local Settings\Application Data\VS Revo Group
2011-05-30 14:45 . 2009-12-30 10:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2011-05-30 14:45 . 2011-05-30 14:45
d
w- c:\program files\VS Revo Group
2011-05-30 08:40 . 2008-07-08 07:45 4984 ----a-w- c:\windows\system32\drivers\nvphy.bin
2011-05-28 15:11 . 2011-05-30 17:18
d
w- c:\documents and settings\Glyn\Application Data\Media Player Classic
2011-05-28 14:50 . 2011-03-14 10:18 389248 ----a-w- C:\AFUWIN.exe
2011-05-28 12:52 . 2011-05-30 17:20
d
w- c:\documents and settings\Glyn\Local Settings\Application Data\eSupport.com
2011-05-28 12:10 . 2011-05-28 12:10
d
w- c:\documents and settings\UpdatusUser
2011-05-28 12:10 . 2011-05-28 12:10
d
w- c:\documents and settings\All Users\Application Data\NVIDIA
2011-05-28 12:09 . 2011-05-28 12:09
d
w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2011-05-28 12:08 . 2011-04-08 05:14 944232 ----a-w- c:\windows\system32\nvdispco3220140.dll
2011-05-28 12:08 . 2011-04-08 05:14 855656 ----a-w- c:\windows\system32\nvgenco322060.dll
2011-05-28 11:46 . 2011-05-28 11:46 388096 ----a-r- c:\documents and settings\Glyn\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-05-28 11:33 . 2011-05-28 11:46
d
w- c:\program files\Trend Micro
2011-05-27 15:25 . 2011-05-27 15:25
d
w- c:\documents and settings\Glyn\Local Settings\Application Data\FixItCenter
2011-05-27 15:20 . 2011-05-27 15:20
d
w- c:\windows\MATS
2011-05-27 15:20 . 2011-05-27 15:20
d
w- c:\program files\Microsoft Fix it Center
2011-05-27 13:35 . 2008-04-14 04:42 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2011-05-27 13:35 . 2008-04-14 04:42 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2011-05-27 13:35 . 2001-08-17 21:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2011-05-27 13:35 . 2001-08-17 21:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2011-05-27 13:35 . 2001-08-17 21:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2011-05-27 13:35 . 2001-08-17 21:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2011-05-27 13:35 . 2001-08-17 11:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2011-05-27 13:35 . 2008-04-13 21:04 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2011-05-27 13:35 . 2008-04-13 21:04 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2011-05-27 13:35 . 2008-04-14 04:42 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2011-05-27 13:33 . 2008-04-13 21:04 11935 -c--a-w- c:\windows\system32\dllcache\wadv11nt.sys
2011-05-27 13:32 . 2001-08-17 12:28 794399 -c--a-w- c:\windows\system32\dllcache\usr1806v.sys
2011-05-27 13:31 . 2001-08-17 11:51 166784 -c--a-w- c:\windows\system32\dllcache\tridxpm.sys
2011-05-27 13:30 . 2001-08-17 11:13 37961 -c--a-w- c:\windows\system32\dllcache\tdk100b.sys
2011-05-27 13:29 . 2001-08-17 12:51 16896 -c--a-w- c:\windows\system32\dllcache\stcusb.sys
2011-05-27 13:28 . 2001-08-17 11:12 25034 -c--a-w- c:\windows\system32\dllcache\smcpwr2n.sys
2011-05-27 13:27 . 2008-04-14 04:42 3901 -c--a-w- c:\windows\system32\dllcache\siint5.dll
2011-05-27 13:26 . 2001-08-17 11:50 77824 -c--a-w- c:\windows\system32\dllcache\s3sav4m.sys
2011-05-27 13:25 . 2008-04-13 22:53 13776 -c--a-w- c:\windows\system32\dllcache\recagent.sys
2011-05-27 13:24 . 2008-04-13 23:11 17664 -c--a-w- c:\windows\system32\dllcache\ppa3.sys
2011-05-27 13:23 . 2001-08-17 21:36 41984 -c--a-w- c:\windows\system32\dllcache\ovui2rc.dll
2011-05-27 13:22 . 2001-08-17 11:49 51552 -c--a-w- c:\windows\system32\dllcache\ntgrip.sys
2011-05-27 13:22 . 2001-08-17 12:47 9344 -c--a-w- c:\windows\system32\dllcache\ntapm.sys
2011-05-27 13:22 . 2001-08-17 12:53 7552 -c--a-w- c:\windows\system32\dllcache\nsmmc.sys
2011-05-27 13:22 . 2008-04-13 23:24 28672 -c--a-w- c:\windows\system32\dllcache\nscirda.sys
2011-05-27 13:22 . 2001-08-17 11:20 87040 -c--a-w- c:\windows\system32\dllcache\nm6wdm.sys
2011-05-27 13:22 . 2001-08-17 11:20 126080 -c--a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2011-05-27 13:22 . 2001-08-17 11:12 32840 -c--a-w- c:\windows\system32\dllcache\ngrpci.sys
2011-05-27 13:22 . 2008-04-13 21:05 132695 -c--a-w- c:\windows\system32\dllcache\netwlan5.sys
2011-05-27 13:20 . 2008-04-13 23:16 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys
2011-05-27 13:20 . 2001-08-17 12:48 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys
2011-05-27 13:20 . 2001-08-17 13:00 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2011-05-27 13:20 . 2008-04-13 23:24 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
2011-05-27 13:20 . 2001-08-17 13:02 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2011-05-27 13:20 . 2001-08-17 12:48 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2011-05-27 13:20 . 2008-04-13 23:16 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2011-05-27 13:20 . 2001-08-17 12:52 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
2011-05-27 13:20 . 2008-04-13 23:16 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2011-05-27 13:20 . 2001-08-17 12:57 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2011-05-27 13:18 . 2001-08-17 11:11 25065 -c--a-w- c:\windows\system32\dllcache\lmndis3.sys
2011-05-27 13:17 . 2001-08-17 12:49 26624 -c--a-w- c:\windows\system32\dllcache\irstusb.sys
2011-05-27 13:16 . 2001-08-17 13:06 154496 -c--a-w- c:\windows\system32\dllcache\icam4usb.sys
2011-05-27 13:15 . 2001-08-17 12:28 50751 -c--a-w- c:\windows\system32\dllcache\hsf_tone.sys
2011-05-27 13:14 . 2008-04-13 23:15 19200 -c--a-w- c:\windows\system32\dllcache\hidir.sys
2011-05-27 13:13 . 2001-08-17 11:10 22090 -c--a-w- c:\windows\system32\dllcache\fem556n5.sys
2011-05-27 13:12 . 2001-08-17 11:11 70174 -c--a-w- c:\windows\system32\dllcache\el98xn5.sys
2011-05-27 13:11 . 2001-08-17 11:17 42432 -c--a-w- c:\windows\system32\dllcache\digirlpt.sys
2011-05-27 13:10 . 2001-08-17 11:11 60970 -c--a-w- c:\windows\system32\dllcache\cpqtrnd5.sys
2011-05-27 13:09 . 2008-04-13 23:16 18944 -c--a-w- c:\windows\system32\dllcache\bthusb.sys
2011-05-27 13:08 . 2001-08-17 11:49 9472 -c--a-w- c:\windows\system32\dllcache\ativmdcd.sys
2011-05-27 13:07 . 2008-04-14 04:41 3647 -c--a-w- c:\windows\system32\dllcache\adv07nt5.dll
2011-05-27 13:06 . 2001-08-17 13:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2011-05-25 13:58 . 2011-05-30 15:02
d
w- C:\UBCD4Win
2011-05-25 12:33 . 2011-05-25 12:33
d
w- c:\program files\MSECache
2011-05-25 07:55 . 2011-05-25 07:55
d
w- c:\documents and settings\Glyn\Local Settings\Application Data\PCHealth
2011-05-23 17:30 . 2011-05-23 17:30
d
w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2011-05-23 09:51 . 2011-05-23 09:52
d
w- c:\documents and settings\Glyn\Application Data\Apple Computer
2011-05-23 09:49 . 2011-05-28 16:23 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2011-05-23 09:49 . 2011-05-28 16:23 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2011-05-23 09:49 . 2011-05-28 16:23 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2011-05-23 09:49 . 2011-05-28 16:23 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2011-05-23 09:49 . 2011-05-28 16:23 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2011-05-23 09:49 . 2011-05-28 16:23 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2011-05-23 09:49 . 2011-05-28 16:23 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2011-05-23 09:49 . 2011-05-23 09:49
d
w- c:\documents and settings\All Users\Application Data\Apple Computer
2011-05-23 09:48 . 2011-05-23 09:48
d
w- c:\program files\Common Files\Apple
2011-05-23 09:48 . 2011-05-23 09:48
d
w- c:\documents and settings\Glyn\Local Settings\Application Data\Apple
2011-05-23 09:48 . 2011-05-23 09:48
d
w- c:\program files\Apple Software Update
2011-05-23 09:48 . 2011-05-23 09:48
d
w- c:\documents and settings\All Users\Application Data\Apple
2011-05-23 09:48 . 2011-05-23 09:48
d
w- c:\documents and settings\Glyn\Local Settings\Application Data\Apple Computer
2011-05-20 16:50 . 2011-05-28 16:12 17480 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-05-20 16:50 . 2011-05-20 17:22
d
w- c:\program files\Hitman Pro 3.5
2011-05-20 16:49 . 2011-05-28 16:12
d
w- c:\documents and settings\All Users\Application Data\Hitman Pro
2011-05-20 10:18 . 2011-05-20 10:18
d
w- c:\documents and settings\Glyn\Application Data\Malwarebytes
2011-05-20 10:17 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-20 10:17 . 2011-05-20 10:17
d
w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-05-20 10:17 . 2011-05-20 10:17
d
w- c:\program files\Malwarebytes' Anti-Malware
2011-05-20 10:17 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-19 11:55 . 2011-05-19 11:55
d
w- c:\documents and settings\Glyn\Application Data\PCTools
2011-05-18 17:52 . 2011-05-30 17:18
d
w- c:\documents and settings\Glyn\Local Settings\Application Data\BearShare
2011-05-18 17:51 . 2011-05-18 17:52
d
w- c:\documents and settings\All Users\Application Data\BearShare
2011-05-18 17:51 . 2011-05-18 17:51
d
w- c:\program files\BearShare Applications
2011-05-18 17:48 . 2011-05-18 17:52
dc-h--w- c:\documents and settings\All Users\Application Data\{BABF6F4E-3651-4AC1-876A-46BE5B95D594}
2011-05-18 17:47 . 2011-05-18 17:47
d
w- c:\documents and settings\Glyn\Local Settings\Application Data\PackageAware
2011-05-18 17:47 . 2011-05-18 17:47
d
w- c:\program files\BitTorrent
2011-05-18 17:46 . 2011-05-30 14:51
d
w- c:\documents and settings\Glyn\Application Data\BitTorrent
2011-05-18 17:45 . 2011-05-18 17:45
d
w- c:\windows\FLV Player
2011-05-18 17:45 . 2011-05-18 17:45
d
w- c:\program files\FLV Player
2011-05-18 17:08 . 2011-05-18 17:45
d
w- c:\program files\DivX
2011-05-18 17:03 . 2011-05-18 17:45
d
w- c:\documents and settings\All Users\Application Data\DivX
2011-05-18 15:24 . 2011-05-18 17:46
d
w- c:\documents and settings\Glyn\New Folder
2011-05-18 15:12 . 2011-01-20 12:27 69392 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2011-05-18 15:12 . 2011-01-20 12:27 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2011-05-18 15:12 . 2011-01-20 12:27 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2011-05-18 13:04 . 2011-05-18 13:04
d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-05-18 12:53 . 2011-05-18 12:55
d
w- c:\documents and settings\Glyn\Application Data\ImgBurn
2011-05-18 12:51 . 2011-05-18 12:51
d
w- c:\program files\ImgBurn
2011-05-18 12:46 . 2011-05-18 12:46
d
w- c:\documents and settings\Glyn\Local Settings\Application Data\WinZip
2011-05-18 12:46 . 2011-05-18 12:46
d
w- c:\documents and settings\All Users\Application Data\WinZip
2011-05-18 12:29 . 2011-05-19 11:51
d
w- c:\documents and settings\Glyn\Application Data\Nero
2011-05-18 12:29 . 2011-05-23 16:43
d
w- c:\documents and settings\Glyn\Local Settings\Application Data\Nero
2011-05-18 12:20 . 2011-05-18 12:22
d
w- c:\program files\Nero
2011-05-18 12:20 . 2011-05-18 12:21
d
w- c:\program files\Common Files\Nero
2011-05-18 12:20 . 2011-05-18 12:22
d
w- c:\documents and settings\All Users\Application Data\Nero
2011-05-18 11:39 . 2011-05-28 17:08
d
w- c:\program files\RapidShareManager
2011-05-18 11:35 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
.
.
((((( Find3M Report )))))
.
2011-04-27 14:37 . 2010-10-11 14:05 149456 ----a-w- c:\windows\SGDetectionTool.dll
2011-04-27 14:37 . 2010-10-11 14:05 2074576 ----a-w- c:\windows\PCTBDCore.dll
2011-04-27 14:37 . 2010-10-11 14:05 1533904 ----a-w- c:\windows\PCTBDRes.dll
2011-04-27 14:36 . 2010-10-11 14:05 767952 ----a-w- c:\windows\BDTSupport.dll
2011-04-08 05:14 . 2010-07-10 04:38 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-04-08 05:14 . 2010-07-10 04:38 2770536 ----a-w- c:\windows\system32\nvcuvid.dll
2011-04-08 05:14 . 2010-07-10 04:38 2074216 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-04-08 05:14 . 2010-07-10 04:38 13000704 ----a-w- c:\windows\system32\nvcompiler.dll
2011-04-08 05:14 . 2008-09-17 23:55 5210112 ----a-w- c:\windows\system32\nvcuda.dll
2011-04-08 05:14 . 2006-10-31 06:35 4111232 ----a-w- c:\windows\system32\nv4_disp.dll
2011-04-08 05:14 . 2006-10-31 06:35 2027008 ----a-w- c:\windows\system32\nvapi.dll
2011-04-08 05:14 . 2006-10-31 06:35 14856192 ----a-w- c:\windows\system32\nvoglnt.dll
2011-04-08 05:14 . 2006-10-31 06:35 12501600 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-04-07 21:15 . 2011-04-07 21:15 81920 ----a-w- c:\windows\system32\nvwddi.dll
2011-04-07 21:15 . 2011-04-07 21:15 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-04-07 21:15 . 2011-04-07 21:15 277608 ----a-w- c:\windows\system32\nvmccs.dll
2011-04-07 21:15 . 2011-04-07 21:15 13891176 ----a-w- c:\windows\system32\nvcpl.dll
2011-04-07 21:15 . 2011-04-07 21:15 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-04-07 21:15 . 2011-04-07 21:15 155752 ----a-w- c:\windows\system32\nvsvc32.exe
2011-04-07 21:15 . 2011-04-07 21:15 145000 ----a-w- c:\windows\system32\nvcolor.exe
2011-03-11 14:10 . 2008-04-14 04:41 471552 ----a-w- c:\windows\apppatch\aclayers.dll
2011-03-11 07:06 . 2010-10-11 13:53 160576 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-03-10 09:06 . 2010-10-11 13:53 263888 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-03-07 05:33 . 2009-01-12 10:10 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2008-04-14 04:42 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2008-04-14 00:00 1857920 ----a-w- c:\windows\system32\win32k.sys
.
.
((((( [EMAIL="SnapShot@2011-05-31_18.38.55"]SnapShot@2011-05-31_18.38.55[/EMAIL] ))))))
.
+ 2011-06-01 08:57 . 2011-06-01 08:57 16384 c:\windows\Temp\Perflib_Perfdata_74c.dat
- 2011-05-31 18:04 . 2011-05-31 18:04 16384 c:\windows\Temp\Perflib_Perfdata_74c.dat
.
((((( Reg Loading Points )))))).
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-25 16855552]
"PrnStatusMX"="c:\program files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe" [2007-08-29 1077248]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"PCTools FGuard"="c:\program files\Spyware Doctor\BDT\FGuard.exe" [2011-04-27 247760]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-06-12 151552]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"NvMediaCenter"="NvMCTray.dll" [2011-04-07 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-04-07 13891176]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-02-24 1753192]
.
c:\documents and settings\Glyn\Start Menu\Programs\Startup\
Microsoft Office Outlook 2007.lnk - c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\outicon.exe [2009-1-13 845584]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [11/10/2010 14:53 263888]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [17/05/2011 15:29 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [17/05/2011 15:29 656320]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [18/05/2011 16:12 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [18/05/2011 16:12 69392]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [11/10/2010 14:53 251560]
R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [17/05/2011 15:28 233976]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [11/10/2010 15:05 337872]
R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [29/03/2011 15:33 598312]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [28/05/2011 13:09 2218600]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [13/10/2010 13:31 632792]
R3 NeroCd2k;NeroCd2k;c:\windows\system32\drivers\NeroCD2k.sys [16/04/2001 11:54 44227]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [18/05/2011 16:12 33552]
S2 AMService;AMService;c:\windows\TEMP\jpbs\setup.exe run --> c:\windows\TEMP\jpbs\setup.exe run [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S3 cpuz134;cpuz134;\??\c:\docume~1\Glyn\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\Glyn\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [16/11/2010 01:10 267568]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [11/10/2010 14:52 70536]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [30/05/2011 15:45 27064]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [17/05/2011 15:28 371472]
S3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]
S3 UCORESYS;UCORESYS;\??\c:\ucoresys.sys --> c:\UCORESYS.SYS [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [14/04/2008 05:42 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - PCTSDInjDriver32
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2011-06-01 c:\windows\Tasks\ConfigExec.job
- c:\program files\Microsoft Fix it Center\MatsApi.dll [2010-11-16 00:09]
.
2011-05-31 c:\windows\Tasks\DataUpload.job
- c:\program files\Microsoft Fix it Center\MatsApi.dll [2010-11-16 00:09]
.
2011-05-30 c:\windows\Tasks\RMSchedule.job
- c:\program files\Registry Mechanic\RegMech.exe [2010-10-13 13:14]
.
2011-05-31 c:\windows\Tasks\RMSmartUpdate.job
- c:\program files\Registry Mechanic\Update.exe [2010-10-13 10:26]
.
Supplementary Scan
.
uStart Page = hxxp://www.belfasttelegraph.co.uk/
uInternet Settings,ProxyOverride = *.local
LSP: c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll
Trusted Zone: microsoft.com\v4.windowsupdate
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: microsoft.com%20https\v5.windowsupdate
Trusted Zone: updatexp.com\www
Trusted Zone: windowsupdate.com\download
TCP: DhcpNameServer = 192.168.1.1
.
.
*******
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-01 10:38
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
************
.
---- DLLs Loaded Under Running Processes ----.
- - - - - - - > 'lsass.exe'(740)
c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll
.
- - - - - - - > 'explorer.exe'(5720)
c:\windows\system32\WININET.dll
c:\program files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\MSVCR80.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-06-01 10:45:12
ComboFix-quarantined-files.txt 2011-06-01 09:45
ComboFix2.txt 2011-05-31 18:44
ComboFix3.txt 2011-05-31 16:50
.
Pre-Run: 438,788,612,096 bytes free
Post-Run: 438,783,893,504 bytes free
.
- - End Of File - - 9905E980F37AA0CA6438771F29F4BFB40 -
Not worked for some reason
Open malwarebytes
Goto MORE TOOLS
then RUN TOOL
manually destroy these files -
c:\windows\system32\nvdispco3220140.dll
c:\windows\system32\nvgenco322060.dll:idea:0 -
Neither of those two .dll's were locked so they deleted without the tool. I'm running a full scan with MAB anyway - just in case. I've also tracked down some removal instructions for Win32 Murlo and deleted four registry entries for it. Spyware doctor picked it up after combofix was run.
I can't thank you enough for the time you're giving me on this. The last time I had this level of infection was over 6 years ago and a technician charged me £650 for cleaning my PC. I hope anyone else reading this understands and appreciates just how much money you guys are saving them - and me.0 -
Whats the issue with starting the computer etc?:idea:0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351K Banking & Borrowing
- 253.1K Reduce Debt & Boost Income
- 453.6K Spending & Discounts
- 244K Work, Benefits & Business
- 598.9K Mortgages, Homes & Bills
- 176.9K Life & Family
- 257.3K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards