The same this is happening with my pc that happened with my last one which i had to replace 2 and half years ago.
The fan is going ten to the dozen,pages are not loading or freezing,its taking ages for my pc to start up or even turn off. I really cannot afford to be paying out for another pc..ok so the one i have is not 'high spec' but surely these pc's arent meant to just last 2/3 years..are they?
Reading on another post i decided to download Combofix (i have commodo firewall,anti virusand safe surf already).The commodo does not seem to be doing its job properly (or maybe its me) not sure whether i should delete this programme and try another? On running Combofix the safe surf popped up asking me if i wanted to disable all applications or remove just the ones i add below..i didnt touch it as i havent a clue!
Here is the log,please tell me what to do next and an understanding of my log would be great,is my pc on its way out or is this just a whole load of virus's etc..?
Thankyou in advance
ComboFix 09-10-01.05 - 03/10/2009 23:52.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.445.200 [GMT 1:00]
Running from: c:\documents and settings\Desktop\ComboFix.exe
AV: COMODO Antivirus *On-access scanning disabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\My Documents\My Music\My Music.url
c:\program files\TinyProxy
c:\program files\VirusIsolator
c:\program files\VirusIsolator\vscan.tsi
c:\program files\VirusIsolator\zlib.dll
c:\program files\webmediaviewer
c:\program files\webmediaviewer\hpmom.exe
c:\recycler\S-1-5-21-1533800857-3409057941-3787361992-1003
c:\windows\bemark2.dat
c:\windows\desktop
c:\windows\f49f4daa.dat
c:\windows\fmark2.dat
c:\windows\Installer\2594e63.msp
c:\windows\Installer\2da0e1a.msp
c:\windows\Installer\3223a5.msi
c:\windows\Installer\3304593.msp
c:\windows\Installer\3cd5c0d.msp
c:\windows\Installer\4a2e78e.msp
c:\windows\Installer\4a2e790.msp
c:\windows\Installer\4a2e792.msp
c:\windows\Installer\d25d07.msp
c:\windows\Installer\da366d.msp
c:\windows\Installer\f82321.msp
c:\windows\tmark2.dat
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2009-09-03 to 2009-10-03 )))))))))))))))))))))))))))))))
.
2009-10-03 13:59 . 2009-10-03 14:00 -------- d-----w- c:\documents and settings\Application Data\HpUpdate
2009-09-23 18:01 . 2009-09-23 18:01 -------- d-----w- C:\ConvertTemp
2009-09-09 23:05 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-03 23:07 . 2008-12-30 18:47 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-10-03 23:07 . 2008-12-30 18:47 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2009-10-02 22:59 . 2008-06-19 20:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-09-29 23:18 . 2008-10-28 19:29 -------- d-----w- c:\documents and settings\Application Data\Skype
2009-09-27 19:54 . 2007-01-17 18:38 46234 ----a-w- c:\documents and settings\Application Data\wklnhst.dat
2009-09-10 08:31 . 2009-03-14 16:37 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-03 21:24 . 2009-02-15 01:30 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-03 21:23 . 2009-02-15 01:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-05 17:12 . 2009-01-07 18:10 157508 ----a-w- c:\windows\hpoins29.dat
2009-08-05 09:01 . 2005-04-25 23:05 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:01 . 2005-04-25 23:05 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 22:43 . 2005-04-25 23:06 286208 ----a-w- c:\windows\system32\wmpdxm.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-19 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 1121280]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-11-22 813912]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
"COMODO SafeSurf"="c:\program files\COMODO\SafeSurf\cssurf.exe" [2008-11-18 278264]
"COMODO Internet Security"="c:\program files\Comodo\COMODO Internet Security\cfp.exe" [2008-11-18 1797880]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"KMCONFIG"="c:\program files\Silvercrest MTS2218 driver\StartAutorun.exe" [2008-05-30 212992]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-09 198160]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-12-27 98304]
"CHotkey"="zHotkey.exe" - c:\windows\zHotkey.exe [2004-12-08 550912]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-04-16 16143872]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Install Pending Files.LNK - c:\program files\SIFXINST\SIFXINST.EXE [2006-8-31 729088]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher S.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Exif Launcher S.lnk
backup=c:\windows\pss\Exif Launcher S.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8448:TCP"= 8448:TCP:127.0.0.1/255.255.255.255isabledroxy
"1:TCP"= 1:TCP:
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [18/11/2008 19:22 99856]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [18/11/2008 19:22 31504]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [14/03/2009 17:36 55152]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\Silvercrest MTS2218 driver\KMWDSrv.exe [30/05/2008 01:17 208896]
R2 sprtlisten;SupportSoft Listener Service;c:\program files\Common Files\supportsoft\bin\sprtlisten.exe [15/10/2007 12:26 1213728]
S2 Google Updater Service (gusvc) ;Google Updater Service (gusvc) ;c:\program files\tinyproxy\tinyproxy.exe --> c:\program files\tinyproxy\tinyproxy.exe [?]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 19:08 533360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-10-03 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-03 11:39]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://windiwsfsearch.com/search?q={searchTerms}
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local;<local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
Trusted Zone: facebook.com\www
Trusted Zone: google.ie\www
Trusted Zone: hotmail.com\www
TCP: {9993C0D6-979C-481B-941A-A84154982240} = 213.94.190.194,213.94.190.236
DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} - hxxp://sell.autotrader.co.uk/uk-ola/common/TraderMediaX.cab
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.facebook.com/controls/contactx.dll
.
- - - - ORPHANS REMOVED - - - -
BHO-{3FB1AAE9-EDAB-4953-83E3-61DE0085F150} - c:\windows\system32\ssqOiJdE.dll
BHO-{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - c:\program files\Yontoo Layers Client for Internet Explorer\YontooIEClient.dll
HKCU-Run-gcbmmlcx - c:\windows\system32\enehwvab.exe
HKLM-Run-LogitechVideoRepair - c:\program files\Logitech\Video\ISStart.exe
HKLM-Run-sysberay2 - c:\windows\che6.exe
HKLM-Run-systray - c:\windows\mstre8.exe
HKLM-Explorer_Run-uYUMg0BQYQ - c:\documents and settings\All Users\Application Data\unsvejut\srodqhav.exe
SSODL-vadokmxt-{431C9290-3C70-4C47-BF34-401CCE23A5B3} - c:\windows\vadokmxt.dll
SSODL-wdpoefan-{A0FF7DA4-796E-4CB8-8894-A7F07B420F54} - c:\windows\wdpoefan.dll
Notify-fccDSigg - fccDSigg.dll
AddRemove-Browser Toolbar - c:\program files\WebMediaViewer\browseu.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-04 00:08
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(588)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3624)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Comodo\COMODO Internet Security\cmdagent.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Silvercrest MTS2218 driver\KMCONFIG.exe
c:\program files\Silvercrest MTS2218 driver\KMProcess.exe
c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-10-03 0:16 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-03 23:16
Pre-Run: 54,728,822,784 bytes free
Post-Run: 55,234,109,440 bytes free
223 --- E O F --- 2009-09-10 01:35
The fan is going ten to the dozen,pages are not loading or freezing,its taking ages for my pc to start up or even turn off. I really cannot afford to be paying out for another pc..ok so the one i have is not 'high spec' but surely these pc's arent meant to just last 2/3 years..are they?
Reading on another post i decided to download Combofix (i have commodo firewall,anti virusand safe surf already).The commodo does not seem to be doing its job properly (or maybe its me) not sure whether i should delete this programme and try another? On running Combofix the safe surf popped up asking me if i wanted to disable all applications or remove just the ones i add below..i didnt touch it as i havent a clue!
Here is the log,please tell me what to do next and an understanding of my log would be great,is my pc on its way out or is this just a whole load of virus's etc..?
Thankyou in advance
ComboFix 09-10-01.05 - 03/10/2009 23:52.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.445.200 [GMT 1:00]
Running from: c:\documents and settings\Desktop\ComboFix.exe
AV: COMODO Antivirus *On-access scanning disabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\My Documents\My Music\My Music.url
c:\program files\TinyProxy
c:\program files\VirusIsolator
c:\program files\VirusIsolator\vscan.tsi
c:\program files\VirusIsolator\zlib.dll
c:\program files\webmediaviewer
c:\program files\webmediaviewer\hpmom.exe
c:\recycler\S-1-5-21-1533800857-3409057941-3787361992-1003
c:\windows\bemark2.dat
c:\windows\desktop
c:\windows\f49f4daa.dat
c:\windows\fmark2.dat
c:\windows\Installer\2594e63.msp
c:\windows\Installer\2da0e1a.msp
c:\windows\Installer\3223a5.msi
c:\windows\Installer\3304593.msp
c:\windows\Installer\3cd5c0d.msp
c:\windows\Installer\4a2e78e.msp
c:\windows\Installer\4a2e790.msp
c:\windows\Installer\4a2e792.msp
c:\windows\Installer\d25d07.msp
c:\windows\Installer\da366d.msp
c:\windows\Installer\f82321.msp
c:\windows\tmark2.dat
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2009-09-03 to 2009-10-03 )))))))))))))))))))))))))))))))
.
2009-10-03 13:59 . 2009-10-03 14:00 -------- d-----w- c:\documents and settings\Application Data\HpUpdate
2009-09-23 18:01 . 2009-09-23 18:01 -------- d-----w- C:\ConvertTemp
2009-09-09 23:05 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-03 23:07 . 2008-12-30 18:47 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-10-03 23:07 . 2008-12-30 18:47 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2009-10-02 22:59 . 2008-06-19 20:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-09-29 23:18 . 2008-10-28 19:29 -------- d-----w- c:\documents and settings\Application Data\Skype
2009-09-27 19:54 . 2007-01-17 18:38 46234 ----a-w- c:\documents and settings\Application Data\wklnhst.dat
2009-09-10 08:31 . 2009-03-14 16:37 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-03 21:24 . 2009-02-15 01:30 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-03 21:23 . 2009-02-15 01:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-05 17:12 . 2009-01-07 18:10 157508 ----a-w- c:\windows\hpoins29.dat
2009-08-05 09:01 . 2005-04-25 23:05 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:01 . 2005-04-25 23:05 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 22:43 . 2005-04-25 23:06 286208 ----a-w- c:\windows\system32\wmpdxm.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-19 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 1121280]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-11-22 813912]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
"COMODO SafeSurf"="c:\program files\COMODO\SafeSurf\cssurf.exe" [2008-11-18 278264]
"COMODO Internet Security"="c:\program files\Comodo\COMODO Internet Security\cfp.exe" [2008-11-18 1797880]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"KMCONFIG"="c:\program files\Silvercrest MTS2218 driver\StartAutorun.exe" [2008-05-30 212992]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-09 198160]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-12-27 98304]
"CHotkey"="zHotkey.exe" - c:\windows\zHotkey.exe [2004-12-08 550912]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-04-16 16143872]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Install Pending Files.LNK - c:\program files\SIFXINST\SIFXINST.EXE [2006-8-31 729088]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher S.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Exif Launcher S.lnk
backup=c:\windows\pss\Exif Launcher S.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8448:TCP"= 8448:TCP:127.0.0.1/255.255.255.255isabledroxy
"1:TCP"= 1:TCP:
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [18/11/2008 19:22 99856]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [18/11/2008 19:22 31504]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [14/03/2009 17:36 55152]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\Silvercrest MTS2218 driver\KMWDSrv.exe [30/05/2008 01:17 208896]
R2 sprtlisten;SupportSoft Listener Service;c:\program files\Common Files\supportsoft\bin\sprtlisten.exe [15/10/2007 12:26 1213728]
S2 Google Updater Service (gusvc) ;Google Updater Service (gusvc) ;c:\program files\tinyproxy\tinyproxy.exe --> c:\program files\tinyproxy\tinyproxy.exe [?]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 19:08 533360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-10-03 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-03 11:39]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://windiwsfsearch.com/search?q={searchTerms}
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local;<local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
Trusted Zone: facebook.com\www
Trusted Zone: google.ie\www
Trusted Zone: hotmail.com\www
TCP: {9993C0D6-979C-481B-941A-A84154982240} = 213.94.190.194,213.94.190.236
DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} - hxxp://sell.autotrader.co.uk/uk-ola/common/TraderMediaX.cab
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.facebook.com/controls/contactx.dll
.
- - - - ORPHANS REMOVED - - - -
BHO-{3FB1AAE9-EDAB-4953-83E3-61DE0085F150} - c:\windows\system32\ssqOiJdE.dll
BHO-{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - c:\program files\Yontoo Layers Client for Internet Explorer\YontooIEClient.dll
HKCU-Run-gcbmmlcx - c:\windows\system32\enehwvab.exe
HKLM-Run-LogitechVideoRepair - c:\program files\Logitech\Video\ISStart.exe
HKLM-Run-sysberay2 - c:\windows\che6.exe
HKLM-Run-systray - c:\windows\mstre8.exe
HKLM-Explorer_Run-uYUMg0BQYQ - c:\documents and settings\All Users\Application Data\unsvejut\srodqhav.exe
SSODL-vadokmxt-{431C9290-3C70-4C47-BF34-401CCE23A5B3} - c:\windows\vadokmxt.dll
SSODL-wdpoefan-{A0FF7DA4-796E-4CB8-8894-A7F07B420F54} - c:\windows\wdpoefan.dll
Notify-fccDSigg - fccDSigg.dll
AddRemove-Browser Toolbar - c:\program files\WebMediaViewer\browseu.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-04 00:08
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(588)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3624)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Comodo\COMODO Internet Security\cmdagent.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Silvercrest MTS2218 driver\KMCONFIG.exe
c:\program files\Silvercrest MTS2218 driver\KMProcess.exe
c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-10-03 0:16 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-03 23:16
Pre-Run: 54,728,822,784 bytes free
Post-Run: 55,234,109,440 bytes free
223 --- E O F --- 2009-09-10 01:35