Newbie
Hello, have been trying to follow other threads first to try and sort out the problem i woke to this morning. I cannit run spybot, IE, or Firefox properly. Anything i try and download like you have recommended does not run like Hijackthis or combofix. Please help. Plus vista keeps getting the dredded blue screen.
Senior Member
How are you posting then?I cannit run spybot, IE, or Firefox properly
Newbie
IE wont run, or spybot but firefox will run on certain pages and then shuts down sometimes or i get a page load error.Originally Posted by broni
Senior Member
I just PMed you.
Senior Member
BTW, delete Combofix file, you already downloaded before.
Newbie
This is what came up.
ComboFix 09-07-12.03 - Neil 13/07/2009 18:18.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.1915.976 [GMT 1:00]
Running from: c:\tools-av\8940\8940.exe
AV: PCguard Anti-Virus *On-access scanning disabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
FW: PCguard Firewall *disabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}
SP: PCguard Anti-Spyware *enabled* (Updated) {307352C6-1CBD-11DB-8AF6-B622A1EF5492}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Installer\14af0.msi
c:\windows\system32\drivers\MSIVXtvsodjwpjricxwphx cpircnritynfipq.sys
c:\windows\system32\inform.dat
c:\windows\system32\MSIVXbrsimyxfaimekxpkthliugtav scxxnnb.dll
c:\windows\system32\MSIVXcount
c:\windows\system32\MSIVXiiyplbasofrrbhufvfobpsipj stqbreq.dll
c:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_MSIVXserv.sys
((((((((((((((((((((((((( Files Created from 2009-06-13 to 2009-07-13 )))))))))))))))))))))))))))))))
.
2009-07-13 17:24 . 2009-07-13 17:24 -------- d-----w- c:\users\Neil\AppData\Local\temp
2009-07-13 13:08 . 2009-07-13 13:08 -------- d-----w- c:\program files\Trend Micro
2009-07-13 12:49 . 2009-07-13 12:52 -------- d-----w- c:\users\Neil\.housecall6.6
2009-07-13 07:50 . 2009-07-13 07:50 1 ----a-w- c:\windows\system32\q1.dat
2009-07-13 07:50 . 2009-07-13 07:50 1 ----a-w- c:\windows\system32\idm.dat
2009-07-13 07:50 . 2009-07-13 07:50 1 ----a-w- c:\windows\system32\ck.dat
2009-07-13 07:50 . 2009-07-13 07:50 1 ----a-w- c:\windows\system32\c2d.dat
2009-07-13 07:44 . 2009-07-13 07:44 -------- d-----w- c:\windows\Sun
2009-07-12 22:05 . 2009-07-12 22:05 42496 ----a-w- c:\windows\system32\locsock32.dll
2009-07-11 10:27 . 2009-07-11 11:00 -------- d-----w- c:\users\Neil\AppData\Local\Ahead
2009-07-11 09:46 . 2009-07-11 09:47 -------- d-----w- c:\users\Neil\AppData\Roaming\Ahead
2009-07-11 09:41 . 2009-07-11 09:41 -------- d-----w- c:\programdata\Nero
2009-07-11 09:41 . 2009-07-11 10:27 -------- d-----w- c:\program files\Common Files\Ahead
2009-07-11 09:41 . 2009-07-11 09:41 -------- d-----w- c:\program files\Nero
2009-07-10 16:26 . 2009-07-10 16:26 -------- d-----w- c:\programdata\LightScribe
2009-07-10 15:41 . 2009-07-10 15:41 -------- d-----w- c:\program files\Common Files\LightScribe
2009-07-10 13:19 . 2009-07-10 13:19 -------- d-----w- c:\users\Neil\AppData\Roaming\WtmCopyProtect
2009-07-10 13:18 . 2009-07-10 13:35 -------- d-----w- c:\program files\Wtm Copy Protection
2009-07-08 18:28 . 2009-07-08 18:28 -------- d-----w- c:\users\Neil\AppData\Local\MicroVision Applications
2009-07-08 18:28 . 2006-09-21 06:42 487424 ----a-w- c:\windows\system32\msvcp70.dll
2009-07-08 18:28 . 2006-09-21 06:42 344064 ----a-w- c:\windows\system32\msvcr70.dll
2009-07-08 18:28 . 2009-07-08 18:28 -------- d-----w- c:\program files\Common Files\SureThing Shared
2009-07-08 18:28 . 2009-07-08 18:29 -------- d-----w- c:\program files\SureThing CD Labeler 5
2009-07-08 16:30 . 2009-07-08 16:30 -------- d-----w- c:\program files\LightScribe
2009-06-29 02:04 . 2009-06-29 02:04 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-06-29 02:01 . 2009-06-29 02:01 -------- d-sh--w- c:\windows\system32\%APPDATA%
2009-06-28 13:24 . 2009-06-28 13:24 -------- d-----w- c:\program files\Microsoft Small Business
2009-06-28 13:17 . 2009-06-29 08:56 -------- d-----w- c:\program files\Microsoft SQL Server
2009-06-28 12:50 . 2009-06-28 12:50 -------- d-----w- c:\windows\PCHEALTH
2009-06-28 12:50 . 2009-06-28 13:19 -------- d-----w- c:\program files\Microsoft.NET
2009-06-28 12:47 . 2009-06-28 13:03 -------- d-----w- c:\users\Neil\AppData\Local\Microsoft Help
2009-06-28 12:46 . 2009-06-28 12:46 -------- d--h--r- C:\MSOCache
2009-06-28 11:40 . 2009-06-28 13:26 -------- d-----w- c:\users\Neil\AppData\Roaming\GetRightToGo
2009-06-28 08:14 . 2009-06-28 08:14 368640 ----a-w- c:\programdata\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en-GB_344187C3421752FB.dll
2009-06-26 13:50 . 2009-06-29 16:39 -------- d-----w- c:\users\Neil\AppData\Roaming\DVD Flick
2009-06-26 11:41 . 2003-01-26 11:41 40960 ----a-w- c:\windows\system32\ssubtmr6.dll
2009-06-26 11:41 . 2009-06-26 11:41 -------- d-----w- c:\program files\DVD Flick
2009-06-25 19:21 . 2009-06-25 19:21 -------- d-----w- c:\programdata\WindowsSearch
2009-06-25 03:01 . 2009-06-25 03:01 -------- d-----w- c:\users\Neil\AppData\Roaming\DivX
2009-06-24 10:35 . 2009-06-24 10:35 -------- d-----w- c:\program files\uTorrent
2009-06-24 10:35 . 2009-07-13 16:58 -------- d-----w- c:\users\Neil\AppData\Roaming\uTorrent
2009-06-24 10:27 . 2009-06-24 10:27 -------- d-----w- c:\users\Neil\AppData\Roaming\DriverCure
2009-06-24 10:27 . 2009-06-24 12:10 -------- d-----w- c:\programdata\DriverCure
2009-06-24 10:27 . 2009-06-24 10:27 -------- d-----w- c:\programdata\ParetoLogic
2009-06-24 09:37 . 2009-07-11 09:32 -------- d-----w- C:\Temp
2009-06-24 09:37 . 2009-07-11 01:31 -------- d-----w- c:\temp\installtemped
2009-06-18 12:02 . 2009-07-03 14:23 -------- d-----w- c:\users\Neil\AppData\Roaming\CD Box Labeler Pro
2009-06-18 12:02 . 2009-06-18 12:02 -------- d-----w- c:\program files\Green Point Software
2009-06-15 17:12 . 2009-06-15 17:12 -------- d-----w- c:\programdata\Trusteer
2009-06-14 23:20 . 2009-06-27 09:12 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-06-14 23:07 . 2009-04-30 12:37 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-06-14 23:06 . 2009-04-30 12:37 293376 ----a-w- c:\windows\system32\psisdecd.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-07-13 15:10 . 2009-07-13 15:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-13 15:10 . 2009-07-13 15:10 -------- d-----w- c:\programdata\Malwarebytes
2009-07-13 14:30 . 2009-07-13 14:30 0 ----a-w- c:\users\Neil\AppData\Roaming\wklnhst.dat
2009-07-13 10:04 . 2009-05-14 12:32 1 ----a-w- c:\users\Neil\AppData\Roaming\OpenOffice.org\3\use r\uno_packages\cache\stamp.sys
2009-07-05 09:37 . 2009-05-20 12:20 -------- d-----w- c:\programdata\Apple
2009-06-29 09:00 . 2008-08-07 16:58 -------- d-----w- c:\programdata\Microsoft Help
2009-06-29 02:06 . 2008-08-07 17:00 -------- d-----w- c:\program files\Microsoft Works
2009-06-28 13:12 . 2009-05-13 12:55 118576 ----a-w- c:\users\Neil\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-24 10:30 . 2008-08-07 16:54 -------- d-----w- c:\program files\Google
2009-06-17 10:27 . 2009-07-13 15:10 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 10:27 . 2009-07-13 15:10 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-12 10:21 . 2009-06-12 10:20 -------- d-----w- c:\program files\iTunes
2009-06-12 10:20 . 2009-06-12 10:20 -------- d-----w- c:\program files\iPod
2009-06-12 10:20 . 2009-05-20 12:20 -------- d-----w- c:\program files\Common Files\Apple
2009-06-12 10:17 . 2009-06-12 10:17 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-12 10:16 . 2009-05-20 12:44 -------- d-----w- c:\program files\Safari
2009-06-12 10:09 . 2009-06-12 10:08 -------- d-----w- c:\program files\QuickTime
2009-06-10 18:20 . 2009-05-20 12:24 -------- d-----w- c:\users\Neil\AppData\Roaming\Apple Computer
2009-06-08 14:44 . 2008-08-07 16:47 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-05 10:42 . 2009-06-05 10:42 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-05 10:42 . 2009-06-05 10:42 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-05-26 13:18 . 2009-05-26 13:18 -------- d-----w- c:\program files\Pod to PC
2009-05-26 13:07 . 2009-05-26 13:07 -------- d-----w- c:\program files\iPodRobot
2009-05-26 12:58 . 2009-05-26 12:58 -------- d-----w- c:\program files\Common Files\eSellerate
2009-05-26 12:51 . 2009-05-26 12:18 -------- d-----w- c:\programdata\WindSolutions
2009-05-26 12:19 . 2009-05-26 12:19 -------- d-----w- c:\users\Neil\AppData\Roaming\CopyTrans
2009-05-26 12:18 . 2009-05-26 12:18 -------- d-----w- c:\program files\WindSolutions
2009-05-26 12:18 . 2009-05-26 12:18 -------- d-----w- c:\users\Neil\AppData\Roaming\WindSolutions
2009-05-24 09:49 . 2009-05-24 09:49 -------- d--h--w- c:\programdata\CanonBJ
2009-05-20 12:41 . 2009-05-20 12:41 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-20 12:31 . 2009-05-20 12:31 -------- d-----w- c:\program files\Bonjour
2009-05-20 12:26 . 2009-05-20 12:26 -------- d-----w- c:\program files\Apple Software Update
2009-05-20 12:23 . 2009-05-20 12:22 -------- d-----w- c:\programdata\Apple Computer
2009-05-18 12:21 . 2009-05-18 10:21 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-05-18 10:52 . 2009-05-18 10:21 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-05-16 10:14 . 2009-05-16 10:14 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_ 00_00.Wdf
2009-05-13 15:52 . 2009-05-13 15:52 782664 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlig ht\MCESpotlight\SpotlightResources.dll
2009-05-13 14:34 . 2009-05-13 14:34 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-13 14:32 . 2009-05-13 14:17 53192 ----a-w- c:\windows\system32\drivers\rp_skt32.sys
2009-05-13 12:38 . 2009-05-13 12:38 319456 ----a-w- c:\windows\DIFxAPI.dll
2009-05-13 12:38 . 2009-05-13 12:38 315392 ----a-w- c:\windows\HideWin.exe
2009-05-09 05:50 . 2009-06-10 18:30 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-09 05:34 . 2009-06-10 18:30 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-04-23 12:43 . 2009-06-10 18:31 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-23 12:42 . 2009-06-10 18:31 636928 ----a-w- c:\windows\system32\localspl.dll
2009-04-21 11:55 . 2009-06-10 18:31 2033152 ----a-w- c:\windows\system32\win32k.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-06-24 287536]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2008-08-07 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-21 2153472]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunOnce]
"IndexCleaner"="c:\program files\Virgin Broadband\PCguard\IdxClnR.exe" [2007-09-05 61168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-13 148888]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-07 29744]
"Google EULA Launcher"="c:\program files\Google\Google EULA\GoogleEULALauncher.exe" [2008-05-28 20480]
"Toshiba TEMPO"="c:\program files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe" [2008-04-24 103824]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.ex e" [2008-06-25 145944]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-10-31 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-06-24 509816]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-05-09 716800]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe " [2008-01-11 574864]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-09-26 417792]
"Broadbandadvisor.exe"="c:\program files\Virgin Broadband\advisor\Broadbandadvisor.exe" [2009-01-29 2303216]
"PCguard"="c:\program files\Virgin Broadband\PCguard\Rps.exe" [2007-09-05 310000]
"-FreedomNeedsReboot"="c:\program files\Virgin Broadband\PCguard\ZkRunOnceR.exe" [2007-09-05 13552]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-13 177472]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"NDSTray.exe"="NDSTray.exe" [BU]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-04-08 6037504]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-11-20 1826816]
c:\users\Neil\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleD esktopNetwork3.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{43597A08-21ED-471C-AE18-6998A0F6D651}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{3BA6AD5F-B5C4-4A70-9B1E-DA764E2474B9}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{CBE1A082-D610-4818-ABCB-6BA03721BAE1}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{CBA870D2-A54D-4C8D-98F7-C444E333C32E}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{9D82A143-B4C3-482D-8ABC-B3E15ED19EB9}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{133815ED-2101-4602-B91D-965F1EFA0FFE}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"{A17EDC79-BD13-4C4A-A3D9-22D85EE1EEA5}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{A6EBB8D5-B3E7-45EA-8B0F-10F597BD16B0}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{5C92934B-0941-4569-9C59-D6AB29823690}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{642B6D7A-FD80-4F9F-B163-D82DDF64C161}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{FC67EE35-E387-41AF-AD78-B5BF228292F9}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{4ECD070B-9DF1-4F24-9DA9-D7834B4BB798}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"{268D18AB-8761-46B6-88AC-EEC57FCC2ED5}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\System32\drivers\jswpslwf.sys [13/05/2009 13:59 20384]
R1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [13/05/2009 14:46 57320]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [13/05/2009 14:46 239080]
R2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [17/04/2008 00:19 40960]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [24/11/2008 22:31 29263712]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [15/06/2009 18:11 664808]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [18/05/2009 11:21 1153368]
R2 TempoMonitoringService;Notebook Performance Tuning Service ;c:\program files\Toshiba TEMPRO\TempoSVC.exe [24/04/2008 10:21 99720]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [06/02/2008 14:12 126976]
R3 FwLnk;FwLnk Driver;c:\windows\System32\drivers\FwLnk.sys [07/08/2008 17:24 7168]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [25/08/2008 09:58 77824]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [07/08/2008 17:54 29744]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [13/05/2009 13:59 954368]
S3 Radialpoint Security Services;Virgin Broadband PCguard;c:\windows\System32\dllhost.exe [02/11/2006 09:50 7168]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSe tup SIGNUP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{544735C9-AE13-4721-9DE7-D529BE675038}]
rundll32 locsock32.dll,laspi
.
Contents of the 'Scheduled Tasks' folder
2009-07-12 c:\windows\Tasks\User_Feed_Synchronization-{0C101944-2F0E-44AE-9523-315724FE4094}.job
- c:\windows\system32\msfeedssync.exe [2009-05-16 11:31]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-ProtoWall - c:\program files\Dudez\ProtoWall\ProtoWall.exe
HKLM-Run-jswtrayutil - c:\program files\Jumpstart\jswtrayutil.exe
HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel
IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - eBay - The UK's Online Marketplace
IE: {{8A918C1D-E123-4E36-B562-5C1519E434CE} - Amazon.co.uk: low prices in Electronics, Books, Music, DVDs & more
FF - ProfilePath - c:\users\Neil\AppData\Roaming\Mozilla\Firefox\Prof iles\cvxnuul3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q=
FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GBfficial
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=18&tid={E55D7A73-C893-598F-5AC7-E0C14C8468CD}&q=
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Virgin Broadband\advisor\nprpspa.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_sett ing", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-07-13 18:24
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i???????5`?u??P?#?x?#???#???#??
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2009-07-13 18:26
ComboFix-quarantined-files.txt 2009-07-13 17:26
Pre-Run: 37,726,969,856 bytes free
Post-Run: 37,977,464,832 bytes free
318 --- E O F --- 2009-07-09 16:34
Newbie
I think it may have solved things. Spybot and firefox home page come up ok now.
Senior Member
Slow down. We just removed main culprits. The cleaning is not done, yet.
1. Please open Notepad
- Click Start , then Run
- Type notepad .exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:File:: c:\windows\system32\q1.dat c:\windows\system32\idm.dat c:\windows\system32\ck.dat c:\windows\system32\c2d.dat c:\windows\system32\locsock32.dll c:\users\Neil\AppData\Roaming\wklnhst.dat c:\windows\HideWin.exe Folder:: Driver:: Registry:: RegLockDel::
3. Save the above as CFScript.txt
4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
- Combofix.txt
- A new HijackThis log.
PLEASE, DO NOT RUN ANY OTHER TOOLS UNLESS I TELL YOU SO.
Newbie
Hello, i have the CFScript on the desktop. But there is no sign of Combofix anywhere?
Senior Member
c:\tools-av\8940\8940.exe
8940.exe is your Combofix.
