Search the forums:
Computer Support - FreePCHelp.co.uk
HomeNav Seperator Forum HomeNav Seperator DonateNav Seperator RegisterNav Seperator Members ListNav Seperator SearchNav Seperator Today's PostsNav Seperator Mark Forums ReadNav Seperator Navigation Right



Computer Support & PC Help Forums - Provided By Free PC Help » Computer Security » Malware Removal, AV, Firewalls etc » Completely screwed up pc

Notices

Do you own an IT related business in the UK?

Free PC Help is looking for businesses all over the UK who offer IT services/products to form partnerships with and help increase their business profits. If you are interested please contact us and we will be happy to provide more information.

Reply
Page 3 of 3 < 12 3
LinkBack Thread Tools Search this Thread Display Modes
 
Old 07-07-2008, 09:14 AM   #41 (permalink)
Free PC Help Member
 
Join Date: Mar 2008
Location: Kent
Posts: 34

Default
SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com - AntiAdware, AntiSpyware, AntiMalware!
Generated 07/05/2008 at 02:36 PM
Application Version : 4.15.1000
Core Rules Database Version : 3497
Trace Rules Database Version: 1488
Scan type : Quick Scan
Total Scan Time : 00:11:00
Memory items scanned : 195
Memory threats detected : 1
Registry items scanned : 436
Registry threats detected : 7
File items scanned : 10193
File threats detected : 15
Adware.Vundo Variant/Resident
D:\WINDOWS\SYSTEM32\GEBURJJA.DLL
D:\WINDOWS\SYSTEM32\GEBURJJA.DLL
Trojan.Vundo-Variant/Small-GEN
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{D82AA899-121E-4F7F-9C28-04852CFC696B}
HKCR\CLSID\{D82AA899-121E-4F7F-9C28-04852CFC696B}
HKCR\CLSID\{D82AA899-121E-4F7F-9C28-04852CFC696B}\InprocServer32
HKCR\CLSID\{D82AA899-121E-4F7F-9C28-04852CFC696B}\InprocServer32#ThreadingModel
HKCR\TypeLib\{FFBC50F3-043C-11D1-911D-006097C99383}
Adware.Tracking Cookie
D:\Documents and Settings\IAN\Cookies\ian@ehg-eset.hitbox[1].txt
D:\Documents and Settings\IAN\Cookies\ian@atdmt[2].txt
D:\Documents and Settings\IAN\Cookies\ian@serving-sys[2].txt
D:\Documents and Settings\IAN\Cookies\ian@ad.yieldmanager[1].txt
D:\Documents and Settings\IAN\Cookies\ian@adopt.euroclick[2].txt
D:\Documents and Settings\IAN\Cookies\ian@software-traffic[1].txt
D:\Documents and Settings\IAN\Cookies\ian@tradedoubler[2].txt
D:\Documents and Settings\IAN\Cookies\ian@bs.serving-sys[2].txt
D:\Documents and Settings\IAN\Cookies\ian@rocku.adbureau[2].txt
D:\Documents and Settings\IAN\Cookies\ian@hitbox[2].txt
D:\Documents and Settings\IAN\Cookies\ian@questionmarket[1].txt
D:\Documents and Settings\IAN\Cookies\ian@doubleclick[2].txt
D:\Documents and Settings\IAN\Cookies\ian@scanner.vav-scanner[2].txt
Adware.Vundo Variant/Rel
HKLM\SOFTWARE\Microsoft\FCOVM
HKLM\SOFTWARE\Microsoft\RemoveRP
Adware.Vundo Variant
D:\WINDOWS\SYSTEM32\DFFMPWSI.DLL
Dee_Collins is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Sponsored Links
Old 07-07-2008, 09:17 AM   #42 (permalink)
Free PC Help Member
 
Join Date: Mar 2008
Location: Kent
Posts: 34

Default
Quote:
Originally Posted by Seth View Post
Your HijackThis log doesn't show any sign of infection. However, the HT and MB logs that you posted only show the "D" drive. The default hard drive should be "C". Where is your C drive and what's installed on it?
I dont think there is anything installed on it, basically we just use it as a storage drive for photos. I made sure that both C and D were scanned.
Dee_Collins is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Old 07-07-2008, 10:33 AM   #43 (permalink)
Free PC Help Member
 
Join Date: Mar 2008
Location: Kent
Posts: 34

Default
ESET Results are as follows:

1 threat found
Win32/Adware.Agent.NIY application (unablt to clean - deleted)
D:\Documents and Settings\IAN\Local Settings\Temporary Internet Files\Content.IE5\9ARP6AND\kb111653[1]
Dee_Collins is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Old 07-07-2008, 11:24 AM   #44 (permalink)
Free PC Help Member
 
Join Date: Mar 2008
Location: Kent
Posts: 34

Default
ComboFix 08-07-05.1 - IAN 2008-07-07 12:02:37.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.652 [GMT 1:00]
Running from: D:\Documents and Settings\IAN\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
D:\WINDOWS\BM8b4abea7.txt
D:\WINDOWS\cookies.ini
D:\WINDOWS\pskt.ini
D:\WINDOWS\system32\albcxaag.ini
D:\WINDOWS\system32\artloskh.ini
D:\WINDOWS\system32\ehhgQqss.ini
D:\WINDOWS\system32\ehhgQqss.ini2
D:\WINDOWS\system32\gaaxcbla.dll
D:\WINDOWS\system32\geBuVPjh.dll
D:\WINDOWS\system32\hjPVuBeg.ini
D:\WINDOWS\system32\hjPVuBeg.ini2
D:\WINDOWS\system32\htpqnyas.dll
D:\WINDOWS\system32\hwyqvmjq.dll
D:\WINDOWS\system32\iocydi.dll
D:\WINDOWS\system32\iqbuyz.dll
D:\WINDOWS\system32\ixugjhdp.dll
D:\WINDOWS\system32\lhoskcdj.dll
D:\WINDOWS\system32\licabpel.ini
D:\WINDOWS\system32\lwbyiojh.dll
D:\WINDOWS\system32\mcrh.tmp
D:\WINDOWS\system32\mcxbua.dll
D:\WINDOWS\system32\mjpcytgk.dll
D:\WINDOWS\system32\mnfgqvdg.ini
D:\WINDOWS\system32\MWyGffii.ini
D:\WINDOWS\system32\MWyGffii.ini2
D:\WINDOWS\system32\mxvextio.dll
D:\WINDOWS\system32\necyaq.dll
D:\WINDOWS\system32\resymcem.ini
D:\WINDOWS\system32\rQHaXoPi.dll
D:\WINDOWS\system32\smtdhx.dll
D:\WINDOWS\system32\soltge.dll
D:\WINDOWS\system32\srqdoitv.ini
D:\WINDOWS\system32\SuCIiSBc.ini
D:\WINDOWS\system32\SuCIiSBc.ini2
D:\WINDOWS\system32\tofascwd.dll
D:\WINDOWS\system32\uakuypqu.ini
D:\WINDOWS\system32\uelmsxpm.dll
D:\WINDOWS\system32\xujunn.dll
D:\WINDOWS\system32\yhijidmy.ini
D:\WINDOWS\system32\zbrihi.dll
.
((((((((((((((((((((((((( Files Created from 2008-06-07 to 2008-07-07 )))))))))))))))))))))))))))))))
.
2008-07-02 16:59 . 2008-03-25 02:37 69,632 --a------ D:\WINDOWS\system32\javacpl.cpl
2008-07-02 16:58 . 2008-07-02 16:59 <DIR> d-------- D:\Program Files\Java
2008-07-02 16:57 . 2008-07-02 16:57 <DIR> d-------- D:\Program Files\Common Files\Java
2008-07-02 16:53 . 2008-07-02 16:53 <DIR> d-------- D:\Program Files\SDM20
2008-07-02 12:28 . 2008-07-02 12:54 <DIR> d-------- D:\Documents and Settings\IAN\DoctorWeb
2008-06-30 15:48 . 2008-06-30 15:48 <DIR> d-------- D:\Program Files\Trend Micro
2008-06-29 18:01 . 2008-07-07 10:32 <DIR> d-------- D:\Program Files\EsetOnlineScanner
2008-06-29 14:19 . 2008-06-29 15:06 <DIR> d-------- D:\Program Files\CA Yahoo! Anti-Spy
2008-06-29 12:38 . 2008-06-28 14:16 34,296 --a------ D:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-29 12:38 . 2008-06-28 14:16 17,144 --a------ D:\WINDOWS\system32\drivers\mbam.sys
2008-06-28 00:59 . 2008-07-04 11:02 110,419 --a------ D:\WINDOWS\BM8b4abea7.xml
2008-06-21 22:05 . 2008-06-21 22:05 188 --a------ D:\Documents and Settings\IAN\Application Data\wklnhst.dat
2008-06-11 04:58 . 2008-06-13 14:10 272,128 --------- D:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 04:58 . 2008-06-13 14:10 272,128 -----c--- D:\WINDOWS\system32\dllcache\bthport.sys
2008-06-07 23:22 . 2008-06-07 23:22 <DIR> d-------- D:\Program Files\Common Files\xing shared
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-07-04 09:00 --------- d-----w D:\Program Files\SUPERAntiSpyware
2008-07-04 09:00 --------- d-----w D:\Documents and Settings\IAN\Application Data\SUPERAntiSpyware.com
2008-07-04 08:59 --------- d-----w D:\Program Files\Common Files\Wise Installation Wizard
2008-07-02 15:40 --------- d-----w D:\Program Files\mIRC
2008-06-29 11:38 --------- d-----w D:\Program Files\Malwarebytes' Anti-Malware
2008-06-27 19:56 --------- d-----w D:\Program Files\InterActual
2008-06-21 20:10 --------- d--h--r D:\Documents and Settings\IAN\Application Data\yahoo!
2008-06-21 20:10 --------- d-----w D:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-06-07 22:22 --------- d-----w D:\Program Files\Common Files\Real
2008-06-02 01:19 --------- d-----w D:\Program Files\Picasa2
2008-05-12 07:43 --------- d-----w D:\Documents and Settings\IAN\Application Data\Samsung
2008-05-12 07:42 --------- d--h--w D:\Program Files\InstallShield Installation Information
2008-05-12 07:39 --------- d-----w D:\Program Files\Samsung
2008-05-12 05:42 --------- d-----w D:\Program Files\Passwords Plus
2008-05-10 21:59 --------- d-----w D:\Documents and Settings\IAN\Application Data\U3
2008-05-08 12:28 202,752 ------w D:\WINDOWS\system32\drivers\rmcast.sys
2008-04-12 13:34 744 -c--a-w D:\Documents and Settings\IAN\Application Data\filterclsid.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"swg"="D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-09-10 08:46 68856]
"SUPERAntiSpyware"="D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"AAWTray"="D:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 15:53 88024]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"TkBellExe"="D:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-06-07 23:21 185896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"Picasa Media Detector"="D:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 02:23 443968]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"SetDefaultMidi"="MIDIDEF.EXE" [2002-12-03 23:16 49152 D:\WINDOWS\mididef.exe]
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "D:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.DVSD"= pdvcodec.dll
"msacm.dvacm"= D:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Belkin Wireless USB Utility.lnk]
path=D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin Wireless USB Utility.lnk
backup=D:\WINDOWS\pss\Belkin Wireless USB Utility.lnkCommon Startup
[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Status Monitor.lnk]
path=D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk
backup=D:\WINDOWS\pss\Status Monitor.lnkCommon Startup
[HKLM\~\startupfolder\D:^Documents and Settings^IAN^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=D:\Documents and Settings\IAN\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=D:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AAWTray]
--a------ 2007-08-08 15:53 88024 D:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a--c--- 2008-01-11 23:16 39792 D:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
-ra------ 2007-03-01 11:37 2321600 D:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamMonitor]
--a--c--- 2002-10-07 00:23 90112 D:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0]
--------- 2005-05-17 17:42 933888 D:\Program Files\Brother\ControlCenter2\brctrcen.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
-----c--- 2004-08-03 23:56 15360 D:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a--c--- 2003-05-07 20:56 188416 D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 9.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
--a--c--- 2005-03-17 14:45 40960 D:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
--a--c--- 2005-01-18 17:07 196608 D:\Program Files\Logitech\Video\ManifestEngine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
--a--c--- 2005-01-18 17:47 458752 D:\Program Files\Logitech\Video\ISStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
--a------ 2005-01-18 17:37 217088 D:\Program Files\Logitech\Video\LogiTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2004-10-08 11:52 221184 D:\WINDOWS\system32\LVCOMSX.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 12:34 5724184 D:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--a------ 2001-07-09 02:50 155648 D:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
--a--c--- 2005-03-17 14:25 57393 D:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2008-02-26 02:23 443968 D:\Program Files\Picasa2\PicasaMediaDetector.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
-----c--- 2005-06-10 01:48 98304 D:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
--------- 2005-01-26 18:02 49152 D:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
--a--c--- 2002-04-17 11:42 69632 D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
-ra--c--- 2003-10-14 10:22 155648 D:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2008-05-28 10:33 1506544 D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-09-10 08:46 68856 D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-06-07 23:21 185896 D:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--------- 2003-08-19 01:01 110592 D:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
--a------ 2003-05-28 18:59 28672 D:\WINDOWS\system32\cthelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"D:\\Program Files\\Messenger\\msmsgs.exe"=
"D:\\Documents and Settings\\IAN\\Desktop\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"D:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"D:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*isabled:@xpsp2res.dll,-22009
R1 aswSP;avast! Self Protection;D:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 00:20]
R2 aswFsBlk;aswFsBlk;D:\WINDOWS\system32\DRIVERS\aswF sBlk.sys [2008-05-16 00:16]
R3 hcwPVRP2;Hauppauge WinTV-PVR PCI II (Encoder-16);D:\WINDOWS\system32\DRIVERS\hcwPVRP2.sys [2003-12-02 16:23]
S3 av100s2k;av100s2k;D:\WINDOWS\system32\DRIVERS\av10 0s2k.sys [2003-02-18 20:25]
S3 av100u2k;av100u2k;D:\WINDOWS\system32\DRIVERS\av10 0u2k.sys [2003-03-12 06:05]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);D:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;D:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;D:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{621016f2-c154-11dc-a25f-00173f901d36}]
\Shell\AutoRun\command - K:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
"2008-07-07 08:27:00 D:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- D:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-06-24 16:46:00 D:\WINDOWS\Tasks\HP DArC Task #Hewlett-Packard#240#CN386230RMJ5.job"
- D:\Program Files\HP\hpcoretech\comp\hpdarc.exe#/#Hewlett-Packard#240#CN386230RMJ5
.
- - - - ORPHANS REMOVED - - - -
BHO-{6EA695DA-7CBA-4424-A819-F54B93548890} - D:\WINDOWS\system32\opnnnnND.dll
BHO-{7062A567-23A9-42CC-A94A-1EA27D5D2D3A} - D:\WINDOWS\system32\ssqQghhe.dll
BHO-{8AB5FF87-4173-4FFE-80A7-A512D98A6419} - D:\WINDOWS\system32\iiffGyWM.dll
BHO-{FFBAA195-D7B4-4872-AFAD-73349920EADC} - D:\WINDOWS\system32\cBSiICuS.dll
HKLM-Run-0873b249 - D:\WINDOWS\system32\gaaxcbla.dll
MSConfigStartUp-0873b249 - D:\WINDOWS\system32\hneeqsdk.dll
MSConfigStartUp-BM8b4abea7 - D:\WINDOWS\system32\gbaopiqy.dll
MSConfigStartUp-ImInstaller_IncrediMail - D:\DOCUME~1\IAN\LOCALS~1\Temp\ImInstaller\IncrediM ail\incredimail_install[1].exe
MSConfigStartUp-tbon - D:\Program Files\TBONBin\tbon.exe
MSConfigStartUp-Uniblue RegistryBooster 2 - D:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
MSConfigStartUp-updateMgr - D:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
MSConfigStartUp-VideoCall - D:\Program Files\Logitech\VideoCall\VideoCall.exe

************************************************** ************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-07 12:16:20
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
------------------------ Other Running Processes ------------------------
.
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\brss01a.exe
D:\WINDOWS\system32\imapi.exe
D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
D:\WINDOWS\system32\wdfmgr.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\system32\WgaTray.exe
.
************************************************** ************************
.
Completion time: 2008-07-07 12:22:31 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-07 11:22:26
Pre-Run: 137,730,969,600 bytes free
Post-Run: 139,066,327,040 bytes free
246 --- E O F --- 2008-06-20 02:02:00
Dee_Collins is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Old 07-07-2008, 11:57 AM   #45 (permalink)
Administrator
 
RandyL's Avatar
 
Join Date: Jan 2006
Location: USA, Nebraska
Posts: 1,562

Operating System: Windows Vista - Ultimate
PC Experience: Very Experienced
Default
Dee please wait for our experts on this matter.

In my opinion though your system is a mess. Your Windows installation makes no sense. The hard drive it's installed on etc. For that matter both hard drives.

I don't know who has been screwing around with this or what they have done to your computer, Windows or installation. But is not right.

It seems to me by the information you provided that you do indeeed have a serious infection and a very strange Windows set up that could be complicating clean up measures. I suspect a cross installation infestation.

If it were my computer I would back up all SAFE files (not unsafe programs) and do a total re-install. Granted you would still probably lose a lot including dodgy programs and also infestastions.
__________________
We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.

Get help with computer problems. Join Free PC Help here

Donations are welcome. Read Here
RandyL is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Old 07-07-2008, 01:38 PM   #46 (permalink)
Free PC Help Member
 
Join Date: Mar 2008
Location: Kent
Posts: 34

Default
We bought this pc in 2003 from a major retail store but one thing we didnt get was an XP disc, when the guy fixed it and changed everything over to the D Drive, we have since always on start up got a message that says our windows isnt genuine and we could be a victim of software counterfeiting, we would get a new xp disc but just cant afford one, is this going to be a huge problem?
Dee_Collins is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Old 07-07-2008, 02:03 PM   #47 (permalink)
Advanced Tech, Hardware & Component Specialist
 
Dalo Harkin's Avatar
 
Join Date: May 2008
Location: Stockport near Manchester
Posts: 2,710

Operating System: Windows Vista - Home Premium
PC Experience: Pc Guru
Default
Yes this is a huge problem
We do not/will not provide help for people who are using counterfit software - are you 100% sure there is no recovery partition on the original HDD that the retailer provided.

If not I am afraid we will not be able to provide anymore assistance.

I will leave the thread open for you to reply -
__________________
Intel Q6600 @ 4Ghz (Watercooled)
Asus P5K premium black pearl
2GB OCZ Reaper 8500
260GTX

Join Free PC Help - Register here

Donations are welcome - here

PC Build


We are all members helping other members.
Please return here where you may be able to help someone else.
After all, no one knows everything and you may have the answer that someone needs.
Dalo Harkin is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Old 07-07-2008, 02:48 PM   #48 (permalink)
Administrator
 
Wolfeymole's Avatar
 
Join Date: Nov 2007
Location: Somewhere on the moors
Posts: 5,142

Operating System: Windows Vista - Home Premium
PC Experience: Enough to choke a Mule
Default
It seems to me that some issues occurred on the original installation of XP, you then called someone to fix it and he has installed a pirate version of XP..

Dalo is absolutely correct in his assertion and it would be in your best interests to obtain a new XP disk from a reputable store and if needed we will guide you through the installation.

We cannot offer further advice as your situation currently stands.
__________________
Need help with your computer problems? Then why not join Free PC Help. Register here


If Free PC Help has helped you then please consider a donation. Click here

We are all members helping other members.
Please return here where you may be able to help someone else.
After all, no one knows everything and you may have the answer that someone needs.
Wolfeymole is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Old 08-02-2008, 02:29 PM   #49 (permalink)
Super Moderator
 
Goku's Avatar
 
Join Date: Jun 2008
Location: India
Posts: 1,304

Operating System: Windows XP - Professional
PC Experience: Intermediate
Send a message via Yahoo to Goku
Default
This thread appears to be solved and is now closed

If you are the original poster of this thread and need it re-opened, then please PM (Private Message) an Administrator or Moderator

-- Goku
__________________
Need help with your computer problems? Then why not join Free PC Help. Register here

If you think we have helped you, then please consider a donation by clicking here

We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.
Goku is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply
Page 3 of 3 < 12 3

Tags
computer, experts, illegal, infected, malware, pirated, screwed, solved, spyware, virus
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode





Free PC Help - Archive - Top


Member Login
Forgot Password?

Our Sponsors

Search Engine Optimization Liverpool
SEO Liverpool

Free Computer Support Forums
Free PC Help

Who's Who?

The colour of a username indicates which group a user is allocated to and their role in the community.

Administrators

Super Moderators

Moderators

Donating Users

Long Term Members

Advertisements

RegisterNav Seperator FAQNav Seperator Members ListNav Seperator SearchNav Seperator Today's PostsNav Seperator Navigation Right
Powered by: vBulletin
Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.1.0 © Free PC Help 2008