Computer acting on it's own accord

[muppet rebecca]

Okies so I've already posted a thread in the forum about the computers problems. Now I've been told via Plastic Nev post a hijack this log hre in this thread. Basically they think there might still be malware or something on the computer because the firewall wont enable.

My other thread is here :http://extremetechsupport.com/forum/windows-2000-and-xp/8643-keyboard-problems-and-few-others.html

The log is here:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:34:54, on 09/12/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16915)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\brsvc01a.exe

C:\WINDOWS\system32\brss01a.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe

C:\Program Files\ThreatFire\TFTray.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Belkin\F6D4050\v1\BelkinWCUI.exe

C:\Program Files\F-Secure Anti-Virus\fswsclds.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\st121g.exe

C:\Program Files\PC Tools Firewall Plus\FWService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\ThreatFire\TFService.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\PROGRA~1\THOMSO~1\SPEEDT~1\PRISMSVR.EXE

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Avira\AntiVir Desktop\avscan.exe

C:\Program Files\Avira\AntiVir Desktop\avnotify.exe

C:\Program Files\Avira\AntiVir Desktop\avnotify.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R3 - URLSearchHook: (no name) - - (no file)

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {A4318DD3-42AD-5A40-75BE-82E3A65C9F0F} - (no file)

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [install5G] E:\Install.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')

O4 - Global Startup: Belkin Wireless Networking Utility.lnk = ?

O4 - Global Startup: SpeedTouch 121g Wireless USB Monitor.lnk = C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\st121g.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe

O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\F-Secure Anti-Virus\fswsclds.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Print Spooler Service (odui7gxa) - Unknown owner - C:\WINDOWS\system32\z.exe (file missing)

O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe

O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe

 

--

End of file - 7859 bytes

Any help would be greatly appreciated (darn that phrase is so over used) :eek:

[Tootech]

You have PC Tools Firewall + Threatfire, F-Secure and Avira processes runnning.

 

I recommend you decide which of the antivirus tools you want to keep and remove the others as a starter.

 

Personally I would dump the F-Secure and PC Tools progs and see how your PC is running, then post a log for Chiaz to look at.

[muppet rebecca]

It's not my computer It's my step brother to be and F-secure doesn't come up in programs....Any ideas on how to get rid of a program that doesn't appear anywhere like a normal program?

[chiaz]

I do see some indication of malware in your log.

 

A few things before we start....

1. Please Read All Instructions Carefully.

2. If you don't understand something, stop and ask! Don't keep going on.

3. Please do not run any other tools or scans whilst I am helping you.

4. If you have to go away for an extended period of time, let me know.

5. Please continue to respond until I give you the "All Clear".

(Just because you can't see a problem doesn't mean it isn't there)

 

Please download Malwarebytes' Anti-Malware by clicking the link below:

Malwarebytes Anti-Malware - Reviews and free Malwarebytes Anti-Malware downloads at Download.com

 

Double Click mbam-setup.exe to install the application.

 

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

* If an update is found, it will download and install the latest version.

* Once the program has loaded, select "Perform Quick Scan", then click Scan.

* The scan may take some time to finish,so please be patient.

* When the scan is complete, click OK, then Show Results to view the results.

* Make sure that everything is checked, and click Remove Selected.

* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)

* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

* You'll be required to post the contents of this log later.

 

Please Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

 

 

 

Next let's have you download ComboFix.exe. Please visit this webpage for downloading and instructions for running the tool:

 

Go here ======> A guide and tutorial on using ComboFix <====== Go here

 

Please ensure you read this guide carefully and install the Recovery Console first.This applies to XP Pro and XP Home users only.If you have SP3 installed you will need to use the download meant for SP2.

 

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

 

Once installed, you should get a prompt that says:

 

The Recovery Console was successfully installed.

 

Please continue as follows:

 

(1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

(2) Click Yes to allow ComboFix to continue scanning for malware.

 

When the tool is finished, it will produce a report for you.

 

 

Please include the MBAM log, C:\ComboFix.txt as well as a new HijackThis log for further review, so that we may continue cleansing the system.

 

 

Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Misuse can cause serious computer problems.

[muppet rebecca]

Okies sorry for the late response but I've done as you've told me to do. The combofix log is as follows:

 

ComboFix 09-12-11.05 - Darren 13/12/2009 18:43:55.1.1 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.255.24 [GMT 0:00]

Running from: E:\ComboFix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

FW: PC Tools Firewall Plus *disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

D:\Autorun.inf

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_NNSERV

 

 

((((((((((((((((((((((((( Files Created from 2009-11-13 to 2009-12-13 )))))))))))))))))))))))))))))))

.

 

2009-12-13 18:34 . 2009-12-13 18:34 -------- d-----w- c:\program files\VIA Technologies, INC

2009-12-13 18:33 . 2009-12-13 18:33 -------- d-----w- c:\program files\Browser Mouse

2009-12-13 18:32 . 2009-12-13 18:32 -------- d-----w- c:\program files\HotKeys

2009-12-13 18:27 . 2009-12-13 18:27 -------- d--h--w- c:\windows\system32\GroupPolicy

2009-12-13 18:12 . 2009-12-13 18:12 -------- dc----w- c:\documents and settings\All Users\Application Data\PC Tools

2009-12-09 20:33 . 2009-12-09 20:33 -------- d-----w- c:\program files\Trend Micro

2009-12-01 22:01 . 2009-07-28 15:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-12-01 22:01 . 2009-03-30 09:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys

2009-12-01 22:01 . 2009-02-13 11:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2009-12-01 22:01 . 2009-02-13 11:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2009-12-01 22:01 . 2009-12-01 22:01 -------- d-----w- c:\program files\Avira

2009-12-01 22:01 . 2009-12-01 22:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2009-12-01 01:26 . 2009-12-01 01:26 -------- d-----w- c:\documents and settings\Darren\Application Data\Auslogics

2009-12-01 01:25 . 2009-12-01 01:25 -------- d-----w- c:\program files\Auslogics

2009-11-29 10:50 . 2009-12-01 10:04 117760 ----a-w- c:\documents and settings\Darren\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2009-11-29 10:49 . 2009-11-29 10:49 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2009-11-29 10:49 . 2009-11-29 10:49 65024 ----a-r- c:\documents and settings\Darren\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe

2009-11-29 10:49 . 2009-11-29 10:49 5120 ----a-r- c:\documents and settings\Darren\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe

2009-11-29 10:49 . 2009-11-29 10:49 18944 ----a-r- c:\documents and settings\Darren\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe

2009-11-29 10:49 . 2009-11-29 10:49 -------- d-----w- c:\program files\SUPERAntiSpyware

2009-11-29 10:49 . 2009-11-29 10:49 -------- d-----w- c:\documents and settings\Darren\Application Data\SUPERAntiSpyware.com

2009-11-28 19:00 . 2009-11-28 19:01 -------- d-----w- c:\documents and settings\Darren\Application Data\PCToolsFirewallPlus

2009-11-28 18:53 . 2009-11-10 17:11 70408 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys

2009-11-28 18:53 . 2009-11-28 18:53 -------- d-----w- c:\program files\Common Files\PC Tools

2009-11-28 18:53 . 2009-11-04 14:21 55208 ----a-w- c:\windows\system32\drivers\pctNdis.sys

2009-11-28 18:53 . 2009-08-14 13:44 32552 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys

2009-11-28 18:53 . 2009-10-16 16:55 115216 ----a-w- c:\windows\system32\drivers\pctplfw.sys

2009-11-28 18:53 . 2009-11-28 19:00 -------- d-----w- c:\program files\PC Tools Firewall Plus

2009-11-28 18:52 . 2009-11-28 18:52 -------- d-----w- c:\documents and settings\Darren\Application Data\Malwarebytes

2009-11-28 18:52 . 2009-09-10 14:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-11-28 18:51 . 2009-11-28 18:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-11-28 18:51 . 2009-09-10 14:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-11-28 18:51 . 2009-11-28 18:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-11-27 15:58 . 2009-11-27 16:02 -------- d-----w- c:\program files\TweakNow PowerPack 2009

2009-11-27 15:58 . 2009-11-27 15:58 -------- d-----w- c:\documents and settings\Darren\Application Data\TweakNow PowerPack 2009

2009-11-27 15:55 . 2009-11-27 15:55 -------- d-sh--w- c:\windows\ftpcache

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-12-13 18:56 . 2007-11-04 14:31 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2009-12-13 17:22 . 2006-11-06 20:22 17134 ----a-w- c:\windows\system32\PCANDIS5.sys

2009-12-13 17:22 . 2006-11-06 20:22 81920 ----a-w- c:\windows\system32\W32N50.dll

2009-12-04 17:42 . 2005-04-03 14:33 1744 ----a-w- c:\windows\system32\d3d9caps.dat

2009-12-01 21:11 . 2009-10-31 21:54 -------- d-----w- c:\program files\iTunes

2009-11-29 16:36 . 2008-01-08 10:21 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2009-11-11 13:40 . 2008-02-03 12:41 -------- d-----w- c:\documents and settings\Darren\Application Data\LimeWire

2009-11-08 15:20 . 2009-11-02 19:49 55228 ---ha-w- c:\windows\system32\mlfcache.dat

2009-11-07 00:33 . 2008-02-03 12:41 -------- d-----w- c:\program files\LimeWire

2009-11-06 20:18 . 2007-12-27 14:09 -------- d-----w- c:\program files\Windows Live

2009-11-06 19:27 . 2008-01-08 09:19 -------- d-----w- c:\program files\Common Files\Ahead

2009-11-06 17:07 . 2009-11-06 17:07 -------- d-----w- c:\program files\Microsoft

2009-11-06 16:43 . 2004-09-05 00:48 70896 ----a-w- c:\documents and settings\Darren\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-11-06 15:35 . 2005-03-26 17:46 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-11-06 15:11 . 2009-11-06 15:11 -------- d-----w- c:\program files\Common Files\Windows Live

2009-11-01 00:54 . 2006-10-17 19:42 -------- d-----w- c:\documents and settings\Darren\Application Data\Apple Computer

2009-10-31 21:58 . 2009-10-31 21:54 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

2009-10-31 21:55 . 2009-10-31 21:55 -------- d-----w- c:\program files\iPod

2009-10-31 21:55 . 2008-01-25 20:51 -------- d-----w- c:\program files\Common Files\Apple

2009-10-31 21:47 . 2009-10-31 21:39 -------- d-----w- c:\program files\QuickTime

2009-10-31 20:57 . 2009-10-31 20:57 79144 -c--a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe

2009-10-31 20:35 . 2007-12-25 16:26 -------- d-----w- c:\program files\Apple Software Update

2009-10-31 20:16 . 2007-12-25 16:27 -------- d-----w- c:\program files\LETTS

2009-10-23 13:34 . 2008-08-16 19:33 -------- d-----w- c:\program files\Common Files\Teleca Shared

2009-10-20 14:20 . 2009-10-20 13:21 761856 ----a-w- c:\documents and settings\All Users\Application Data\save time iso data\remote five.exe

2009-10-20 13:21 . 2009-08-01 10:10 -------- d-----w- c:\documents and settings\All Users\Application Data\save time iso data

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-11-23 2001648]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]

"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2009-11-11 2971608]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"iKeyWorks"="c:\progra~1\HotKeys\Ikeymain.exe" [2001-09-12 49152]

"LWBMOUSE"="c:\program files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe" [2001-03-26 429568]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]

 

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Belkin Wireless Networking Utility.lnk - c:\program files\Belkin\F6D4050\v1\BelkinWCUI.exe [2009-7-7 1077248]

SpeedTouch 121g Wireless USB Monitor.lnk - c:\program files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\st121g.exe [2004-9-23 303104]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]

c:\windows\system32\dumprep 0 -u [X]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2009-10-28 20:21 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRISMSVR.EXE]

2004-07-02 15:27 295001 ----a-w- c:\program files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\PRISMSVR.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-09-05 01:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"Fswsclds"=2 (0x2)

"Brother XP spl Service"=2 (0x2)

"MDM"=2 (0x2)

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\rtcshare.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\MSN Messenger\\msgr.exe"=

"c:\\Program Files\\NetMeeting\\conf.exe"=

"c:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpctr.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

 

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/11/2009 08:43 9968]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23/11/2009 08:43 74480]

R2 Fswsclds;F-Secure Windows Security Center Legacy Detection Service;c:\program files\F-Secure Anti-Virus\fswsclds.exe [05/09/2004 14:11 40960]

R3 PCTFW-DNS;PCTools Firewall - DNS driver;c:\windows\system32\drivers\pctNdis-DNS.sys [28/11/2009 18:53 32552]

R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [28/11/2009 18:53 70408]

R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [28/11/2009 18:53 55208]

R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23/11/2009 08:43 7408]

S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]

S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]

S2 odui7gxa;Print Spooler Service;c:\windows\system32\z.exe /service --> c:\windows\system32\z.exe [?]

S3 BT4501G;SpeedTouch 121g Wireless USB Adapter Driver;c:\windows\system32\drivers\BT4501G.sys [31/03/2007 17:58 349824]

S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [07/07/2009 18:14 637952]

S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]

S4 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [01/12/2009 22:01 108289]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.co.uk/

uLocal Page =

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mLocal Page =

uInternet Settings,ProxyOverride = localhost

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

.

- - - - ORPHANS REMOVED - - - -

 

BHO-{A4318DD3-42AD-5A40-75BE-82E3A65C9F0F} - (no file)

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

 

 

 

**************************************************************************

 

disk not found C:\

 

please note that you need administrator rights to perform deep scan

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files:

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'winlogon.exe'(600)

c:\program files\SUPERAntiSpyware\SASWINLO.dll

c:\windows\system32\WININET.dll

c:\windows\system32\CLBCATQ.DLL

 

- - - - - - - > 'explorer.exe'(2180)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\mshtml.dll

c:\windows\IME\SPGRMR.DLL

c:\program files\Common Files\Microsoft Shared\INK\SKCHUI.DLL

c:\program files\Browser Mouse\Browser Mouse\1.0\MOUSEDLL.DLL

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\brss01a.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files\PC Tools Firewall Plus\FWService.exe

c:\windows\system32\wdfmgr.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\WgaTray.exe

c:\progra~1\THOMSO~1\SPEEDT~1\PRISMSVR.EXE

.

**************************************************************************

.

Completion time: 2009-12-13 19:01:19 - machine was rebooted

ComboFix-quarantined-files.txt 2009-12-13 19:01

 

Pre-Run: 1,224,462,336 bytes free

Post-Run: 1,358,503,936 bytes free

 

- - End Of File - - 6B2AC04CE11F08130059C2FC97CF56FB

 

The malware log is as follows:

 

Malwarebytes' Anti-Malware 1.41

Database version: 3181

Windows 5.1.2600 Service Pack 2

 

13/12/2009 19:37:40

mbam-log-2009-12-13 (19-37-40).txt

 

Scan type: Full Scan (C:\|D:\|)

Objects scanned: 160728

Time elapsed: 29 minute(s), 17 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Hope you can see something that I can't on this computer. The keyboard has started to show up in hardware again so I'm not concerned about that anymore. Also thanks for your help chiaz. The hijack this will be underneath this because I can't fit it all on one thread.

[muppet rebecca]

Here's the second hijack log for you to look at chiaz:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:04:11, on 13/12/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16915)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\brss01a.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\F-Secure Anti-Virus\fswsclds.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\PC Tools Firewall Plus\FWService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\WgaTray.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\PROGRA~1\HotKeys\Ikeymain.exe

C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Belkin\F6D4050\v1\BelkinWCUI.exe

C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\st121g.exe

C:\PROGRA~1\THOMSO~1\SPEEDT~1\PRISMSVR.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R3 - URLSearchHook: (no name) - - (no file)

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\HotKeys\Ikeymain.exe

O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')

O4 - Global Startup: Belkin Wireless Networking Utility.lnk = ?

O4 - Global Startup: SpeedTouch 121g Wireless USB Monitor.lnk = C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\st121g.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe

O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\F-Secure Anti-Virus\fswsclds.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Print Spooler Service (odui7gxa) - Unknown owner - C:\WINDOWS\system32\z.exe (file missing)

O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe

 

--

End of file - 6786 bytes

[chiaz]

Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

 

It's IMPORTANT to carry out the instructions in the sequence listed below.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

 

Open *notepad* and copy/paste the red text in the quotebox below into it:

 

[color="Red"]KILLALL::

Folder::
c:\documents and settings\All Users\Application Data\save time iso data\

Driver::
odui7gxa[/color]

 

Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.

 

 

http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif

 

Refering to the picture above, drag CFScript.txt into ComboFix.exe

 

 

When finished, it shall produce a log for you at C:\ComboFix.txt

 

Please copy and paste the ComboFix.txt in your new reply, as well as a new HijackThis log.

 

*Note:

Do not mouseclick combofix's window whilst it's running. That may cause it to stall. Altering this script in any way could damage your computer.*

[muppet rebecca]

Okies I've done what you've told me to do. the combo log is as follows:

 

ComboFix 09-12-11.05 - Darren 14/12/2009 17:57:40.2.1 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.255.112 [GMT 0:00]

Running from: E:\ComboFix.exe

Command switches used :: c:\documents and settings\Darren\Desktop\CFScript.txt.lnk

AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

FW: PC Tools Firewall Plus *disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((( Files Created from 2009-11-14 to 2009-12-14 )))))))))))))))))))))))))))))))

.

 

2009-12-13 18:34 . 2009-12-13 18:34 -------- d-----w- c:\program files\VIA Technologies, INC

2009-12-13 18:33 . 2009-12-13 18:33 -------- d-----w- c:\program files\Browser Mouse

2009-12-13 18:32 . 2009-12-13 18:32 -------- d-----w- c:\program files\HotKeys

2009-12-13 18:27 . 2009-12-13 18:27 -------- d--h--w- c:\windows\system32\GroupPolicy

2009-12-13 18:12 . 2009-12-13 18:12 -------- dc----w- c:\documents and settings\All Users\Application Data\PC Tools

2009-12-09 20:33 . 2009-12-09 20:33 -------- d-----w- c:\program files\Trend Micro

2009-12-01 22:01 . 2009-07-28 15:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-12-01 22:01 . 2009-03-30 09:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys

2009-12-01 22:01 . 2009-02-13 11:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2009-12-01 22:01 . 2009-02-13 11:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2009-12-01 22:01 . 2009-12-01 22:01 -------- d-----w- c:\program files\Avira

2009-12-01 22:01 . 2009-12-01 22:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2009-12-01 01:26 . 2009-12-01 01:26 -------- d-----w- c:\documents and settings\Darren\Application Data\Auslogics

2009-12-01 01:25 . 2009-12-01 01:25 -------- d-----w- c:\program files\Auslogics

2009-11-29 10:50 . 2009-12-01 10:04 117760 ----a-w- c:\documents and settings\Darren\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2009-11-29 10:49 . 2009-11-29 10:49 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2009-11-29 10:49 . 2009-11-29 10:49 65024 ----a-r- c:\documents and settings\Darren\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe

2009-11-29 10:49 . 2009-11-29 10:49 5120 ----a-r- c:\documents and settings\Darren\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe

2009-11-29 10:49 . 2009-11-29 10:49 18944 ----a-r- c:\documents and settings\Darren\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe

2009-11-29 10:49 . 2009-11-29 10:49 -------- d-----w- c:\program files\SUPERAntiSpyware

2009-11-29 10:49 . 2009-11-29 10:49 -------- d-----w- c:\documents and settings\Darren\Application Data\SUPERAntiSpyware.com

2009-11-28 19:00 . 2009-11-28 19:01 -------- d-----w- c:\documents and settings\Darren\Application Data\PCToolsFirewallPlus

2009-11-28 18:53 . 2009-11-10 17:11 70408 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys

2009-11-28 18:53 . 2009-11-28 18:53 -------- d-----w- c:\program files\Common Files\PC Tools

2009-11-28 18:53 . 2009-11-04 14:21 55208 ----a-w- c:\windows\system32\drivers\pctNdis.sys

2009-11-28 18:53 . 2009-08-14 13:44 32552 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys

2009-11-28 18:53 . 2009-10-16 16:55 115216 ----a-w- c:\windows\system32\drivers\pctplfw.sys

2009-11-28 18:53 . 2009-11-28 19:00 -------- d-----w- c:\program files\PC Tools Firewall Plus

2009-11-28 18:52 . 2009-11-28 18:52 -------- d-----w- c:\documents and settings\Darren\Application Data\Malwarebytes

2009-11-28 18:52 . 2009-09-10 14:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-11-28 18:51 . 2009-11-28 18:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-11-28 18:51 . 2009-09-10 14:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-11-28 18:51 . 2009-11-28 18:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-11-27 15:58 . 2009-11-27 16:02 -------- d-----w- c:\program files\TweakNow PowerPack 2009

2009-11-27 15:58 . 2009-11-27 15:58 -------- d-----w- c:\documents and settings\Darren\Application Data\TweakNow PowerPack 2009

2009-11-27 15:55 . 2009-11-27 15:55 -------- d-sh--w- c:\windows\ftpcache

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-12-14 17:53 . 2007-11-04 14:31 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2009-12-13 17:22 . 2006-11-06 20:22 17134 ----a-w- c:\windows\system32\PCANDIS5.sys

2009-12-13 17:22 . 2006-11-06 20:22 81920 ----a-w- c:\windows\system32\W32N50.dll

2009-12-04 17:42 . 2005-04-03 14:33 1744 ----a-w- c:\windows\system32\d3d9caps.dat

2009-12-01 21:11 . 2009-10-31 21:54 -------- d-----w- c:\program files\iTunes

2009-11-29 16:36 . 2008-01-08 10:21 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2009-11-11 13:40 . 2008-02-03 12:41 -------- d-----w- c:\documents and settings\Darren\Application Data\LimeWire

2009-11-08 15:20 . 2009-11-02 19:49 55228 ---ha-w- c:\windows\system32\mlfcache.dat

2009-11-07 00:33 . 2008-02-03 12:41 -------- d-----w- c:\program files\LimeWire

2009-11-06 20:18 . 2007-12-27 14:09 -------- d-----w- c:\program files\Windows Live

2009-11-06 19:27 . 2008-01-08 09:19 -------- d-----w- c:\program files\Common Files\Ahead

2009-11-06 17:07 . 2009-11-06 17:07 -------- d-----w- c:\program files\Microsoft

2009-11-06 16:43 . 2004-09-05 00:48 70896 ----a-w- c:\documents and settings\Darren\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-11-06 15:35 . 2005-03-26 17:46 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-11-06 15:11 . 2009-11-06 15:11 -------- d-----w- c:\program files\Common Files\Windows Live

2009-11-01 00:54 . 2006-10-17 19:42 -------- d-----w- c:\documents and settings\Darren\Application Data\Apple Computer

2009-10-31 21:58 . 2009-10-31 21:54 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

2009-10-31 21:55 . 2009-10-31 21:55 -------- d-----w- c:\program files\iPod

2009-10-31 21:55 . 2008-01-25 20:51 -------- d-----w- c:\program files\Common Files\Apple

2009-10-31 21:47 . 2009-10-31 21:39 -------- d-----w- c:\program files\QuickTime

2009-10-31 20:57 . 2009-10-31 20:57 79144 -c--a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe

2009-10-31 20:35 . 2007-12-25 16:26 -------- d-----w- c:\program files\Apple Software Update

2009-10-31 20:16 . 2007-12-25 16:27 -------- d-----w- c:\program files\LETTS

2009-10-23 13:34 . 2008-08-16 19:33 -------- d-----w- c:\program files\Common Files\Teleca Shared

2009-10-20 14:20 . 2009-10-20 13:21 761856 ----a-w- c:\documents and settings\All Users\Application Data\save time iso data\remote five.exe

2009-10-20 13:21 . 2009-08-01 10:10 -------- d-----w- c:\documents and settings\All Users\Application Data\save time iso data

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-11-23 2001648]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]

"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2009-11-11 2971608]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"iKeyWorks"="c:\progra~1\HotKeys\Ikeymain.exe" [2001-09-12 49152]

"LWBMOUSE"="c:\program files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe" [2001-03-26 429568]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]

 

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Belkin Wireless Networking Utility.lnk - c:\program files\Belkin\F6D4050\v1\BelkinWCUI.exe [2009-7-7 1077248]

SpeedTouch 121g Wireless USB Monitor.lnk - c:\program files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\st121g.exe [2004-9-23 303104]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]

c:\windows\system32\dumprep 0 -u [X]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2009-10-28 20:21 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRISMSVR.EXE]

2004-07-02 15:27 295001 ----a-w- c:\program files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\PRISMSVR.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-09-05 01:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"Fswsclds"=2 (0x2)

"Brother XP spl Service"=2 (0x2)

"MDM"=2 (0x2)

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\rtcshare.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\MSN Messenger\\msgr.exe"=

"c:\\Program Files\\NetMeeting\\conf.exe"=

"c:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpctr.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

 

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/11/2009 08:43 9968]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23/11/2009 08:43 74480]

R2 Fswsclds;F-Secure Windows Security Center Legacy Detection Service;c:\program files\F-Secure Anti-Virus\fswsclds.exe [05/09/2004 14:11 40960]

R3 PCTFW-DNS;PCTools Firewall - DNS driver;c:\windows\system32\drivers\pctNdis-DNS.sys [28/11/2009 18:53 32552]

R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [28/11/2009 18:53 70408]

R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [28/11/2009 18:53 55208]

R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23/11/2009 08:43 7408]

S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]

S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]

S2 odui7gxa;Print Spooler Service;c:\windows\system32\z.exe /service --> c:\windows\system32\z.exe [?]

S3 BT4501G;SpeedTouch 121g Wireless USB Adapter Driver;c:\windows\system32\drivers\BT4501G.sys [31/03/2007 17:58 349824]

S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [07/07/2009 18:14 637952]

S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]

S4 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [01/12/2009 22:01 108289]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.co.uk/

uLocal Page =

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mLocal Page =

uInternet Settings,ProxyOverride = localhost

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

.

 

**************************************************************************

 

disk not found C:\

 

please note that you need administrator rights to perform deep scan

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files:

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'winlogon.exe'(600)

c:\program files\SUPERAntiSpyware\SASWINLO.dll

c:\windows\system32\WININET.dll

 

- - - - - - - > 'explorer.exe'(3488)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\mshtml.dll

c:\windows\IME\SPGRMR.DLL

c:\program files\Common Files\Microsoft Shared\INK\SKCHUI.DLL

c:\program files\Browser Mouse\Browser Mouse\1.0\MOUSEDLL.DLL

.

Completion time: 2009-12-14 18:08:06

ComboFix-quarantined-files.txt 2009-12-14 18:08

ComboFix2.txt 2009-12-13 19:01

 

Pre-Run: 1,355,378,688 bytes free

Post-Run: 1,328,230,400 bytes free

 

- - End Of File - - 9BBBE37B3B6B049927207E7092E920CA

 

Thanks for the help as always. Does that come up with anything? Also the hijack this log will be on the post below because it's too big to fit in here with the combo one.

[muppet rebecca]

The second hijackthis log is as follows:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:10:18, on 14/12/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16915)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\brss01a.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\F-Secure Anti-Virus\fswsclds.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\PC Tools Firewall Plus\FWService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\WgaTray.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe

C:\Program Files\Belkin\F6D4050\v1\BelkinWCUI.exe

C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\st121g.exe

C:\PROGRA~1\THOMSO~1\SPEEDT~1\PRISMSVR.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R3 - URLSearchHook: (no name) - - (no file)

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\HotKeys\Ikeymain.exe

O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')

O4 - Global Startup: Belkin Wireless Networking Utility.lnk = ?

O4 - Global Startup: SpeedTouch 121g Wireless USB Monitor.lnk = C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\st121g.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe

O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\F-Secure Anti-Virus\fswsclds.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Print Spooler Service (odui7gxa) - Unknown owner - C:\WINDOWS\system32\z.exe (file missing)

O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe

 

--

End of file - 6752 bytes

[chiaz]

Did you follow my instructions to the letter here?

http://extremetechsupport.com/forum/malware-infection-removal/8714-computer-acting-its-own-accord.html#post60470

 

For clarity's sake, this is the text you have to copy in:

 

 

KILLALL::

 

Folder::

c:\documents and settings\All Users\Application Data\save time iso data\

 

Driver::

odui7gxa

[muppet rebecca]

Yes I copied and pasted that to an icon on the desktop then dragged it into the combofix icon.....It then run a scan and gave me the log you see.

[chiaz]

You have to save ComboFix to your desktop. Right now it seems to be running from a separate drive altogether.

 

Also you did not install the Recovery Console.

 

You are reminded that that this guide should be followed to the letter.

A guide and tutorial on using ComboFix

 

 

Thanks.

[RandyL]

I see what chiaz means.

 

You must have had combofix on external media such as a CD or external drive. Then you opened it and ran it from there.

 

I think he needs you to put it on your C drive, it appears to have been run from your E drive.

 

Post 8.

Running from: E:\ComboFix.exe

 

Copy ComboFix.exe to the C drive if that's the drive Windows is on.

Then run ComboFix.exe from there.

 

As for the recovery console the guide says that with an active internet connection combofix should download and install it if you don't already have it.

 

bleepingcomputer and the guide they have on combofix is definitive.

 

Just trying to help clarify chiaz.

Carry on.

[chiaz]

Thanks Randy.

[muppet rebecca]

I've got windows xp recovery console on disk already....the computer can't access the internet because It's been uninstalled off the computer and the disks too scratch to install it back on...Also I'll have a look at the combofix again and post another log for it....the latest it will be posted will be Sunday...sorry for the delay guys but my sister has decided to land on us and with Christmas round the corner...along with numerous other things it's a bit hectic here....I don't what it's like where you guys live...

[chiaz]

Don't worry, I'm always here...take your time.

[muppet rebecca]

Thankyou but in the end your help wasn't needed....the computer got smashed up in the week between christmas and new year...It wasn't very well made anyways I mean the ports in the back were all lose...the usb ports on the front were diagonal.....Another thing the fan always sounded as if it was going to overheat...I think that was due to the power supply being the bare minimum needed so it was just under getting overheated...

I would say if anyone was to get someone to make a computer up for them be careful....You might end up with a computer thats not that much cop....