Tech Support Forum banner
Cancel

Popup and possible Trojan problem

2325 Views 7 Replies 2 Participants Last post by  sjpritch25
A
Hiya! I've been having problems lately which i hope you guys will be able to help me with. Every so often random pop ups will appear and sometimes its redirected from google i think but im not sure. Also not sure if this is related but I often get the "this tab has been recovered message." My computer doesn't seem to be running to slow, but occasionally will have very small bursts where it is very slow..

The problems started when i had a screen saying "this computer has been infected with a virus" and then tried to get me to buy antivirus software. I turned the computer off with the button, and then when it came back on a balloon apeared in the corner saying "your computer might be a risk". I also got an error saying "RUNDLL Error Loading C:\WINDOWS\dsaynere.dll The specified module could not be found." (Actually this error may have occured after I did a scan I can't quite remember, not sure)

I have Mcafee installed I scanned and it said I had the FakeAlert-FakeSpy!env.a Trojan, it deleted most of these and cleaned some files but failed to delete and clean 1 file! So I downloaded Malware Bytes Anti Malfare, that deleted everything it found. I aslo have spybot search and destroy.

Also when I click internet properties and click on programs, then manage add-ons, then Toolbars and extension I have this program runnin "²¥°ÔµçÊÓ" what is that? And a program called "discuss" and one with name "Name {CD67F990-D8E9-11D2-98FE-00C0F0318AFE}" I have no idea what they are used for, but there all disabled.

Also I dont have access the re boot cd.

Thats all the info I have, I'll post the DSS below and attach the other 2 documents, thanks in advance for anyhelp! My computer doesn't seem to be too bad just the occasional pop ups really, but I just want to make sure I have no key stroke virus or anything serious like that!

Also I did have Limewire, uTorrent and sopcast installed but these have all been uninstalled now as the the first steps guide insists upon.



DDS (Ver_10-03-17.01) - NTFSx86
Run by simon o'mara at 18:30:07.95 on 16/07/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.71 [GMT 1:00]

AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\runservice.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\Philips\GoGear SA19xx Device Manager\main.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\simon o'mara\Local Settings\Temporary Internet Files\Content.IE5\4TS3467T\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.mytalktalk.co.uk
uInternet Settings,ProxyServer = http=127.0.0.1:5643
uInternet Settings,ProxyOverride = <local>
mSearchAssistant = hxxp://www.google.com/ie
BHO: WormRadar.com IESiteBlocker.NavFilter: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - AVG Safe Search
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptcl.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [SMSERIAL] sm56hlpr.exe
mRun: [VTTrayp] VTtrayp.exe
mRun: [SsAAD.exe] c:\progra~1\sony\sonics~1\SsAAD.exe
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\philip~1.lnk - c:\program files\philips\gogear sa19xx device manager\main.exe
IE: {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com
IE: {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - c:\microgaming\poker\ladbrokesmpp\MPPoker.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/su/ocx/15030/CTSUEng.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} - hxxp://dl.uc.sina.com/cab/downloader.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - hxxps://flashpoker.ladbrokes.com/ladbrokes/FlashAX.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://driveragent.com/files/driveragent.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/su/ocx/15030/CTPID.cab
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} - hxxp://iptv.zgzcw.com/pCastCtl_1.0.0.89_20080808.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\simono~1\applic~1\mozilla\firefox\profiles\ct2s1b4n.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.mytalktalk.co.uk
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {76F99C96-6D06-4C6D-965C-DBCD166E429D} - c:\documents and settings\simon o'mara\local settings\application data\{76F99C96-6D06-4C6D-965C-DBCD166E429D}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: general.useragent.extra.zencast -
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0

============= SERVICES / DRIVERS ===============

P2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2006-11-30 144960]
R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2006-11-30 31944]
R2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [2006-11-11 2560]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2008-7-26 104000]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2006-11-30 54872]
R3 EKBfltr;ENE Keyboard Controller;c:\windows\system32\drivers\EKBfltr.sys [2006-7-28 5504]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2008-7-26 72264]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2008-7-26 34152]
R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2008-7-26 168776]
S3 WebSTARXP;Scientific Atlanta WebSTAR 100 & 200 series Cable Modem;c:\windows\system32\drivers\SACMXP1.sys [2006-11-22 14336]

=============== Created Last 30 ================

2010-07-16 15:19:43 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-07-16 15:19:43 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-07-16 12:57:28 0 d-----w- c:\docume~1\simono~1\applic~1\Malwarebytes
2010-07-16 12:57:13 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-16 12:57:12 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-07-16 12:57:11 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-16 12:57:11 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-16 01:22:57 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-16 00:45:32 2811 ----a-w- c:\windows\ikolibik.dll
2010-07-16 00:31:25 120 ----a-w- c:\windows\Lkaluqewofehoco.dat
2010-07-16 00:31:25 0 ----a-w- c:\windows\Okajikolakefu.bin
2010-07-14 10:53:30 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-11 11:34:29 0 d-----w- c:\docume~1\simono~1\applic~1\ElevatedDiagnostics
2010-07-11 11:10:35 0 d-----w- c:\docume~1\alluse~1\applic~1\HDBR31
2010-07-11 11:10:11 0 d-----w- c:\program files\Fujitsu Siemens Computers
2010-07-05 16:35:52 0 d-----w- c:\program files\IObit
2010-07-05 16:35:52 0 d-----w- c:\docume~1\simono~1\applic~1\IObit
2010-06-21 16:52:30 0 d-----w- c:\program files\Philips
2010-06-21 16:52:16 0 d-----w- C:\temp

==================== Find3M ====================

2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
2007-11-09 00:27:42 3723256 -c--a-w- c:\program files\channel4_on_demand.exe
2007-09-04 22:19:26 4212917 -c--a-w- c:\program files\Last.fm-1.3.2.9.exe
2007-07-06 19:19:30 1157080 -c--a-w- c:\program files\AudioShell135.exe
2007-07-03 12:31:21 576866 -c--a-w- c:\program files\3_manual_en.zip
2007-05-24 22:00:02 6221304 -c--a-w- c:\program files\winamp535_full_emusic-7plus.exe
2007-05-13 20:44:13 3550028 -c--a-w- c:\program files\IZArc_Setup.exe
2007-05-13 18:01:46 26462 -c--a-w- c:\program files\[isoHunt]_Beatles_-_Sgt_Peppers_Lonely_Hearts.torrent
2007-05-13 17:49:12 384358 -c--a-w- c:\program files\utorrent.lng
2007-02-03 15:59:40 359112 -c--a-w- c:\program files\LimeWireWin.exe
2007-01-20 13:01:03 5917258 -c--a-w- c:\program files\powertab.zip
2006-12-03 14:02:03 14879120 -c--a-w- c:\program files\GoogleEarthWin.exe
2009-01-12 10:33:47 633 -csha-w- c:\windows\system32\mmf(2).sys
2008-07-26 16:33:47 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008072620080727\index.dat

============= FINISH: 18:31:41.71 ===============

Not sure if the attachment has attached properly so i'll try again

Attachments

See less See more
Save
Like
Status
Not open for further replies.
1 - 8 of 8 Posts
sjpritch25
Welcome to TSF :)

Download Combofix from this webpage: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" .
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
See less See more
Save
Like
A
Ok thankyou for replying :) heres the combofix log below.

ComboFix 10-07-18.02 - simon o'mara 19/07/2010 11:41:09.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.116 [GMT 1:00]
Running from: c:\documents and settings\simon o'mara\Desktop\ComboFix.exe
AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\simon o'mara\Application Data\Ulvoyx\tocy.exe
c:\documents and settings\simon o'mara\Local Settings\Application Data\{76F99C96-6D06-4C6D-965C-DBCD166E429D}
c:\documents and settings\simon o'mara\Local Settings\Application Data\{76F99C96-6D06-4C6D-965C-DBCD166E429D}\chrome.manifest
c:\documents and settings\simon o'mara\Local Settings\Application Data\{76F99C96-6D06-4C6D-965C-DBCD166E429D}\chrome\content\_cfg.js
c:\documents and settings\simon o'mara\Local Settings\Application Data\{76F99C96-6D06-4C6D-965C-DBCD166E429D}\chrome\content\overlay.xul
c:\documents and settings\simon o'mara\Local Settings\Application Data\{76F99C96-6D06-4C6D-965C-DBCD166E429D}\install.rdf
c:\windows\ikolibik.dll
c:\windows\system32\AutoRun.inf

Infected copy of c:\windows\system32\drivers\redbook.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Created from 2010-06-19 to 2010-07-19 )))))))))))))))))))))))))))))))
.

2010-07-16 15:19 . 2010-07-19 10:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-16 15:19 . 2010-07-16 15:26 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-07-16 12:57 . 2010-07-16 12:57 -------- d-----w- c:\documents and settings\simon o'mara\Application Data\Malwarebytes
2010-07-16 12:57 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-16 12:57 . 2010-07-16 12:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-16 12:57 . 2010-07-16 12:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-16 12:57 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-16 01:22 . 2010-07-18 23:05 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-16 00:31 . 2010-07-16 13:23 120 ----a-w- c:\windows\Lkaluqewofehoco.dat
2010-07-16 00:31 . 2010-07-16 00:31 0 ----a-w- c:\windows\Okajikolakefu.bin
2010-07-16 00:28 . 2010-07-16 00:48 -------- d-----w- c:\documents and settings\simon o'mara\Local Settings\Application Data\bpidnsdbg
2010-07-14 10:53 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-11 11:34 . 2010-07-11 11:34 -------- d-----w- c:\documents and settings\simon o'mara\Application Data\ElevatedDiagnostics
2010-07-11 11:10 . 2010-07-11 11:10 -------- d-----w- c:\documents and settings\All Users\Application Data\HDBR31
2010-07-11 11:10 . 2010-07-11 11:10 -------- d-----w- c:\program files\Fujitsu Siemens Computers
2010-07-05 16:35 . 2010-07-05 17:12 -------- d-----w- c:\documents and settings\simon o'mara\Application Data\IObit
2010-07-05 16:35 . 2010-07-05 16:35 -------- d-----w- c:\program files\IObit
2010-06-24 15:24 . 2010-06-24 15:24 -------- d-----w- c:\documents and settings\john t o'mara\Local Settings\Application Data\Apple
2010-06-21 16:52 . 2010-06-21 16:52 -------- d-----w- c:\program files\Philips
2010-06-21 16:52 . 2010-06-21 16:52 -------- d-----w- c:\documents and settings\simon o'mara\Application Data\InstallShield
2010-06-21 16:52 . 2010-06-21 16:52 -------- d-----w- C:\temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-19 10:48 . 2009-11-26 11:23 -------- d-----w- c:\documents and settings\simon o'mara\Application Data\Ulvoyx
2010-07-19 10:39 . 2006-11-11 20:28 633 --sha-w- c:\windows\system32\mmf.sys
2010-07-18 23:37 . 2007-05-18 02:23 -------- d-----w- c:\documents and settings\simon o'mara\Application Data\Coaby
2010-07-17 15:58 . 2008-07-28 10:45 -------- d-----w- c:\documents and settings\john m o'mara\Application Data\OpenOffice.org2
2010-07-17 15:51 . 2008-07-30 18:11 -------- d-----w- c:\documents and settings\john t o'mara\Application Data\OpenOffice.org2
2010-07-16 01:30 . 2007-05-13 17:53 -------- d-----w- c:\program files\uTorrent
2010-07-14 12:05 . 2008-07-26 18:50 -------- d-----w- c:\documents and settings\simon o'mara\Application Data\OpenOffice.org2
2010-07-11 21:56 . 2010-07-11 21:56 26682864 ----a-w- c:\documents and settings\simon o'mara\Application Data\Real\Update\setup3.12\rp\RealPlayerSPGold.exe
2010-07-11 21:56 . 2010-07-11 21:56 220272 ----a-w- c:\documents and settings\simon o'mara\Application Data\Real\Update\setup3.12\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
2010-07-11 21:56 . 2010-07-11 21:56 149000 ----a-w- c:\documents and settings\simon o'mara\Application Data\Real\Update\setup3.12\chr_helper\LaunchHelper.exe
2010-07-11 21:56 . 2010-07-11 21:56 13407072 ----a-w- c:\documents and settings\simon o'mara\Application Data\Real\Update\setup3.12\chr\ChromeInstaller.exe
2010-07-11 21:56 . 2010-07-11 21:56 79368 ----a-w- c:\documents and settings\simon o'mara\Application Data\Real\Update\setup3.12\RUP\vista.exe
2010-07-11 21:56 . 2010-07-11 21:56 73344 ----a-w- c:\documents and settings\simon o'mara\Application Data\Real\Update\setup3.12\RUP\inst_config\gtapi_v6.dll
2010-07-11 21:56 . 2010-07-11 21:56 64000 ----a-w- c:\documents and settings\simon o'mara\Application Data\Real\Update\setup3.12\RUP\inst_config\gcapi_dll.dll
2010-07-11 21:56 . 2010-07-11 21:56 52288 ----a-w- c:\documents and settings\simon o'mara\Application Data\Real\Update\setup3.12\RUP\inst_config\gtapi.dll
2010-07-11 21:56 . 2010-07-11 21:56 122880 ----a-w- c:\documents and settings\simon o'mara\Application Data\Real\Update\setup3.12\RUP\inst_config\compat.dll
2010-07-11 13:55 . 2010-07-11 13:55 452104 ----a-w- c:\documents and settings\simon o'mara\Application Data\Real\Update\setup3.12\setup.exe
2010-07-08 15:16 . 2006-07-28 12:38 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-07 18:13 . 2009-11-05 12:32 -------- d-----w- c:\program files\TalkTalk
2010-07-05 17:28 . 2006-11-10 15:04 -------- d-----w- c:\program files\Program Shortcuts
2010-06-14 14:31 . 2006-07-28 10:13 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-13 14:04 . 2009-12-25 19:21 -------- d-----w- c:\program files\iTunes
2010-05-06 10:41 . 2006-07-28 11:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2006-07-28 11:08 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-30 23:22 . 2010-04-30 23:22 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-04-30 23:22 . 2010-04-30 23:22 56766 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-04-30 23:22 . 2010-04-30 23:22 56978 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-04-30 23:21 . 2010-04-30 23:21 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-04-30 23:21 . 2010-04-30 23:21 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-04-30 23:21 . 2010-04-30 23:21 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-04-30 23:21 . 2010-04-30 23:21 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-04-30 23:20 . 2010-04-30 23:20 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-04-30 23:19 . 2010-04-30 23:22 754984 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-04-30 23:19 . 2010-04-30 23:22 1180952 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2007-11-09 00:27 . 2007-11-09 00:27 3723256 -c--a-w- c:\program files\channel4_on_demand.exe
2007-09-04 22:19 . 2007-09-04 22:19 4212917 -c--a-w- c:\program files\Last.fm-1.3.2.9.exe
2007-07-06 19:19 . 2007-07-06 19:19 1157080 -c--a-w- c:\program files\AudioShell135.exe
2007-07-03 12:31 . 2007-07-03 12:31 576866 -c--a-w- c:\program files\3_manual_en.zip
2007-05-24 22:00 . 2007-05-24 22:00 6221304 -c--a-w- c:\program files\winamp535_full_emusic-7plus.exe
2007-05-13 20:44 . 2007-05-13 20:44 3550028 -c--a-w- c:\program files\IZArc_Setup.exe
2007-05-13 18:01 . 2007-05-13 18:01 26462 -c--a-w- c:\program files\[isoHunt]_Beatles_-_Sgt_Peppers_Lonely_Hearts.torrent
2007-05-13 17:49 . 2007-05-13 17:49 384358 -c--a-w- c:\program files\utorrent.lng
2007-02-03 15:59 . 2007-02-03 15:59 359112 -c--a-w- c:\program files\LimeWireWin.exe
2007-01-20 13:01 . 2006-11-25 16:46 5917258 -c--a-w- c:\program files\powertab.zip
2006-12-03 14:02 . 2006-12-03 14:01 14879120 -c--a-w- c:\program files\GoogleEarthWin.exe
2009-01-12 10:33 . 2006-11-11 20:28 633 -csha-w- c:\windows\system32\mmf(2).sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="sm56hlpr.exe" [2005-11-10 557056]
"VTTrayp"="VTtrayp.exe" [2005-11-01 163840]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2005-03-11 81920]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2006-11-30 112216]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-04 185896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

c:\documents and settings\john m o'mara\Start Menu\Programs\Startup\
OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2007-2-2 393216]

c:\documents and settings\john t o'mara\Start Menu\Programs\Startup\
OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2007-2-2 393216]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Philips SA19xx Device Manager.lnk - c:\program files\Philips\GoGear SA19xx Device Manager\main.exe [2010-6-21 124816]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^simon o'mara^Start Menu^Programs^Startup^OpenOffice.org 2.2.lnk]
path=c:\documents and settings\simon o'mara\Start Menu\Programs\Startup\OpenOffice.org 2.2.lnk
backup=c:\windows\pss\OpenOffice.org 2.2.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 00:04 39792 -c--a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
2007-01-10 11:06 71216 -c--a-r- c:\program files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 -c--a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 23:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Creative Service for CDROM Access"=2 (0x2)
"AOL ACS"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=

R3 EKBfltr;ENE Keyboard Controller;c:\windows\system32\drivers\EKBfltr.sys [28/07/2006 12:10 5504]
S2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [11/11/2006 21:28 2560]
S3 WebSTARXP;Scientific Atlanta WebSTAR 100 & 200 series Cable Modem;c:\windows\system32\drivers\SACMXP1.sys [22/11/2006 19:59 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Contents of the 'Scheduled Tasks' folder

2010-07-18 c:\windows\Tasks\Norton Security Scan for simon o'mara.job
- c:\program files\Norton Security Scan\Nss.exe [2008-01-09 03:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.mytalktalk.co.uk
uInternet Settings,ProxyServer = http=127.0.0.1:5643
uInternet Settings,ProxyOverride = <local>
IE: {{022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} - hxxp://dl.uc.sina.com/cab/downloader.cab
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} - hxxp://iptv.zgzcw.com/pCastCtl_1.0.0.89_20080808.cab
FF - ProfilePath - c:\documents and settings\simon o'mara\Application Data\Mozilla\Firefox\Profiles\ct2s1b4n.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.mytalktalk.co.uk
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: general.useragent.extra.zencast -
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
HKCU-Run-{5B6519C0-98AE-5DD7-A28E-217E8825C1E8} - c:\documents and settings\simon o'mara\Application Data\Ulvoyx\tocy.exe
MSConfigStartUp-AAWTray - c:\program files\Lavasoft\Ad-Aware 2007\AAWTray.exe
MSConfigStartUp-CTFMON - (no file)
MSConfigStartUp-MalwareRemovalBot - c:\program files\MalwareRemovalBot\MalwareRemovalBot.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-19 11:48
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&[email protected]^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222]
"1"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,c9,e0,20,43,a1,23,f2,
e3
"2"=hex:d7,7a,ea,31,a0,f7,22,dd,b6,43,6f,32,07,8b,4a,0a,e2,6f,a8,1b,53,71,0d,
78,d5,ad,68,1b,c8,4a,9b,03
"3"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,aa,6b,6f,c8,5d,d1,dd,
70,c8,0c,a2,71,14,a4,b5,05,7d,2c,84,8d,ff,2b,de,6d,f8,f2,70,94,19,43,ce,bd,\

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&[email protected]^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222\48236A7EED3B8895E98434D6DCE253AC]
"1"=hex:08,26,de,b9,bd,1e,cc,2a,55,96,fd,b8,7e,1b,23,82,71,bb,5a,5f,e0,12,25,
42,0c,3f,30,d4,d3,b8,cd,35,d5,a9,6f,e0,2c,05,4e,14
"2"=hex:58,92,5a,34,3f,c6,a5,c5
"3"=hex:81,20,8f,ab,28,6a,52,9c
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:08,26,de,b9,bd,1e,cc,2a,55,96,fd,b8,7e,1b,23,82,71,bb,5a,5f,e0,12,25,
42,0c,3f,30,d4,d3,b8,cd,35,61,5a,c0,6c,22,7e,83,13,6e,44,91,28,69,cc,01,dd
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,73,7e,45,c6,9f,9e,10,
63,a0,2f,06,c2,a3,e9,62,70,d1,3e,e6,57,b7,98,40,c9,e4,cc,88,e6,39,d6,95,f5,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:70,56,26,33,e3,20,f8,ab
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:cf,4c,c7,26,f1,27,01,be
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
.
Completion time: 2010-07-19 11:56:39
ComboFix-quarantined-files.txt 2010-07-19 10:56

Pre-Run: 38,643,367,936 bytes free
Post-Run: 38,825,287,680 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - B3A4367E1CEA51883BFA6B4D09C5D024
See less See more
Save
Like
sjpritch25
how is everything running??
Save
Like
A
Everything seems to be running ok! There are no pop ups anymore, and the computer seems a little quicker aswell...do I need to do anything else?
Save
Like
sjpritch25
Go to Start ---> Run ---> Type ComboFix /uninstall and press Enter.



  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.



===============================================


Here is some useful information on keeping your computer clean:
  1. Most important thing is to make sure Windows is kept up to date with the latest patches and updates from Windows Update

  2. How to update Adobe Acrobat Reader
    1. On your desktop, double-click on your Adobe icon.
    2. Click on Help.
    3. Click on Check for Updates.
    4. Visit my blog Here to view the video.
  3. How to update Jave SE Runtime
    1. Go to Start.
    2. Click on Control Panel
    3. Double-Click on the Java icon.
    4. Click on Update tab
    5. Click on Update Now.
    6. Visit my blog Here to view the video.
  4. Check out Tony Klein's "So how did i get infected in the first place" here
See less See more
Save
Like
A
Ok thanks alot for all your help!
Save
Like
sjpritch25
Your Welcome!!!!
Save
Like
1 - 8 of 8 Posts
Status
Not open for further replies.
Tech Support Forum
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Windows XP Support Windows 7 , Windows Vista Support Motherboards, Bios|UEFI & CPU Networking Support Laptop Support
Top