Jump to content

jimjiber

Members
  • Content Count

    147
  • Joined

  • Last visited

About jimjiber

  • Rank
    Member
  1. The system is pretty low-spec tbh: Pentium M cpu 1.20GHz 504MB of RAM 60GB HDD I deleted the Comodo folders you specified and enabled Windows Firewall. I also stopped some of the startup processes, although there is an awful lot of stuff associated with this being a tablet PC - there is touchscreen support (using a pen) and the keyboard is bluetooth - so I have to be a bit careful if I want it still to function. I just downloaded AVG antivirus and will install that now. I don't really see there is much more we can do, apart from tell my Dad to buy more RAM (if this thing will take it). Thanks for your help - awesome as always! Jim
  2. And here is the MBRCheck log: MBRCheck, version 1.2.3 © 2010, AD Command-line: Windows Version: Windows XP Professional Windows Information: Service Pack 3 (build 2600) Logical Drives Mask: 0x0000000c Kernel Drivers (total 148): 0x804D7000 \WINDOWS\system32\ntkrnlpa.exe 0x806D0000 \WINDOWS\system32\hal.dll 0xF8B35000 \WINDOWS\system32\KDCOM.DLL 0xF8A45000 \WINDOWS\system32\BOOTVID.dll 0xF8506000 ACPI.sys 0xF8B37000 \WINDOWS\system32\DRIVERS\WMILIB.SYS 0xF84F5000 pci.sys 0xF8635000 isapnp.sys 0xF8A49000 compbatt.sys 0xF8A4D000 \WINDOWS\system32\DRIVERS\BATTC.SYS 0xF8BFD000 pciide.sys 0xF88B5000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS 0xF8B39000 intelide.sys 0xF84D7000 pcmcia.sys 0xF8645000 MountMgr.sys 0xF84B8000 ftdisk.sys 0xF8B3B000 dmload.sys 0xF8492000 dmio.sys 0xF88BD000 PartMgr.sys 0xF8655000 VolSnap.sys 0xF847A000 atapi.sys 0xF88C5000 o2sd.sys 0xF8462000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS 0xF88CD000 o2media.sys 0xF8665000 disk.sys 0xF8675000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS 0xF8442000 fltmgr.sys 0xF8430000 sr.sys 0xF8419000 KSecDD.sys 0xF838C000 Ntfs.sys 0xF835F000 NDIS.sys 0xF8685000 sbp2port.sys 0xF8695000 ohci1394.sys 0xF86A5000 \WINDOWS\system32\DRIVERS\1394BUS.SYS 0xF8345000 Mup.sys 0xF8219000 btkrnl.sys 0xF8745000 \SystemRoot\system32\DRIVERS\nic1394.sys 0xF8885000 \SystemRoot\system32\DRIVERS\intelppm.sys 0xF80BF000 \SystemRoot\system32\DRIVERS\ialmnt5.sys 0xF80AB000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS 0xF808A000 \SystemRoot\system32\DRIVERS\b57xp32.sys 0xF895D000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0xF8066000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0xF8965000 \SystemRoot\system32\DRIVERS\usbehci.sys 0xF804F000 \SystemRoot\system32\DRIVERS\ozscr.sys 0xF8AF5000 \SystemRoot\system32\DRIVERS\SMCLIB.SYS 0xF7E31000 \SystemRoot\system32\DRIVERS\w29n51.sys 0xF7DEE000 \SystemRoot\system32\drivers\STAC97.sys 0xF7DCA000 \SystemRoot\system32\drivers\portcls.sys 0xF8895000 \SystemRoot\system32\drivers\drmk.sys 0xF7DA7000 \SystemRoot\system32\drivers\ks.sys 0xF7D92000 \SystemRoot\system32\drivers\dx02.sys 0xF7C86000 \SystemRoot\system32\DRIVERS\AGRSM.sys 0xF896D000 \SystemRoot\System32\Drivers\Modem.SYS 0xF8B01000 \SystemRoot\system32\DRIVERS\Fjbtndrv.sys 0xF88A5000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0xF8975000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0xF86C5000 \SystemRoot\system32\DRIVERS\serial.sys 0xF897D000 \SystemRoot\system32\DRIVERS\hidpen.sys 0xF8B55000 \SystemRoot\System32\Drivers\FUJ02E1.sys 0xF86D5000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0xF8985000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0xF898D000 \SystemRoot\system32\DRIVERS\mouclass.sys 0xF86E5000 \SystemRoot\system32\DRIVERS\smcirda.sys 0xF8B05000 \SystemRoot\system32\DRIVERS\irenum.sys 0xF8B0D000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0xF8995000 \SystemRoot\system32\drivers\btaudio.sys 0xF8CED000 \SystemRoot\system32\DRIVERS\audstub.sys 0xF899D000 \SystemRoot\system32\DRIVERS\rasirda.sys 0xF89AD000 \SystemRoot\system32\DRIVERS\TDI.SYS 0xF86F5000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0xF8B15000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0xF7C18000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0xF8705000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0xF8715000 \SystemRoot\system32\DRIVERS\raspptp.sys 0xF7C07000 \SystemRoot\system32\DRIVERS\psched.sys 0xF8725000 \SystemRoot\system32\DRIVERS\msgpc.sys 0xF89B5000 \SystemRoot\system32\DRIVERS\ptilink.sys 0xF89BD000 \SystemRoot\system32\DRIVERS\raspti.sys 0xF7BEA000 \SystemRoot\system32\DRIVERS\btwdndis.sys 0xF89C5000 \SystemRoot\system32\DRIVERS\btport.sys 0xF7BBA000 \SystemRoot\system32\DRIVERS\rdpdr.sys 0xF8735000 \SystemRoot\system32\DRIVERS\termdd.sys 0xF8B57000 \SystemRoot\system32\DRIVERS\swenum.sys 0xF7ABC000 \SystemRoot\system32\DRIVERS\update.sys 0xF8B2D000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0xF8765000 \SystemRoot\System32\Drivers\NDProxy.SYS 0xF8785000 \SystemRoot\system32\DRIVERS\usbhub.sys 0xF8B59000 \SystemRoot\system32\DRIVERS\USBD.SYS 0xF8AD1000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0xF8AD5000 \SystemRoot\system32\DRIVERS\mouhid.sys 0xF8B5B000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0xF8C4C000 \SystemRoot\System32\Drivers\Null.SYS 0xF8B5D000 \SystemRoot\System32\Drivers\Beep.SYS 0xF89E5000 \SystemRoot\System32\drivers\vga.sys 0xF8B5F000 \SystemRoot\System32\Drivers\mnmdd.SYS 0xF8B61000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0xF89ED000 \SystemRoot\System32\Drivers\Msfs.SYS 0xF89F5000 \SystemRoot\System32\Drivers\Npfs.SYS 0xF8AD9000 \SystemRoot\system32\DRIVERS\rasacd.sys 0xAA73D000 \SystemRoot\system32\DRIVERS\ipsec.sys 0xAA6E4000 \SystemRoot\system32\DRIVERS\tcpip.sys 0xAA6BC000 \SystemRoot\system32\DRIVERS\netbt.sys 0xAA69A000 \SystemRoot\System32\drivers\afd.sys 0xF87C5000 \SystemRoot\system32\DRIVERS\netbios.sys 0xAA678000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 0xF89FD000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 0xAA64D000 \SystemRoot\system32\DRIVERS\rdbss.sys 0xAA5FC000 \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys 0xF87E5000 \??\C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys 0xAA58C000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xF8805000 \SystemRoot\System32\Drivers\Fips.SYS 0xAA566000 \SystemRoot\system32\DRIVERS\ipnat.sys 0xF8815000 \SystemRoot\system32\DRIVERS\wanarp.sys 0xF8825000 \SystemRoot\system32\DRIVERS\arp1394.sys 0xF7C47000 \SystemRoot\system32\DRIVERS\hidusb.sys 0xAA481000 \SystemRoot\System32\Drivers\ATSwpDrv.sys 0xF8845000 \SystemRoot\System32\Drivers\btwusb.sys 0xAA469000 \SystemRoot\System32\Drivers\dump_atapi.sys 0xF8B6D000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS 0xBF800000 \SystemRoot\System32\win32k.sys 0xAA7B4000 \SystemRoot\System32\drivers\Dxapi.sys 0xF8A05000 \SystemRoot\System32\watchdog.sys 0xBF000000 \SystemRoot\System32\drivers\dxg.sys 0xF8D48000 \SystemRoot\System32\drivers\dxgthk.sys 0xBF020000 \SystemRoot\System32\ialmdnt5.dll 0xBF012000 \SystemRoot\System32\ialmrnt5.dll 0xBF041000 \SystemRoot\System32\ialmdev5.DLL 0xBF075000 \SystemRoot\System32\ialmdd5.DLL 0xBFFA0000 \SystemRoot\System32\ATMFD.DLL 0xF8A25000 \SystemRoot\system32\DRIVERS\AegisP.sys 0xAA223000 \SystemRoot\system32\DRIVERS\irda.sys 0xAA355000 \SystemRoot\system32\DRIVERS\s24trans.sys 0xAA2F9000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0xA9E26000 \SystemRoot\system32\drivers\wdmaud.sys 0xA9F5B000 \SystemRoot\system32\drivers\sysaudio.sys 0xA9739000 \SystemRoot\system32\DRIVERS\mrxdav.sys 0xA98D2000 \SystemRoot\System32\Drivers\Aspi32.SYS 0xF8955000 \??\C:\WINDOWS\system32\drivers\btserial.sys 0xA963F000 \??\C:\WINDOWS\system32\drivers\btslbcsp.sys 0xA94F8000 \SystemRoot\system32\DRIVERS\srv.sys 0xA9007000 \SystemRoot\System32\Drivers\HTTP.sys 0xA91DC000 \SystemRoot\system32\DRIVERS\asyncmac.sys 0xF8915000 \??\C:\DOCUME~1\user\LOCALS~1\Temp\catchme.sys 0xF8BCD000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS 0xF894D000 \??\C:\DOCUME~1\user\LOCALS~1\Temp\mbr.sys 0xA8B51000 \SystemRoot\system32\drivers\kmixer.sys 0x7C900000 \WINDOWS\system32\ntdll.dll Processes (total 58): 0 System Idle Process 4 System 496 C:\WINDOWS\system32\smss.exe 552 csrss.exe 576 C:\WINDOWS\system32\winlogon.exe 620 C:\WINDOWS\system32\services.exe 632 C:\WINDOWS\system32\lsass.exe 788 C:\WINDOWS\system32\svchost.exe 848 svchost.exe 940 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe 980 C:\WINDOWS\system32\svchost.exe 1024 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe 1112 C:\Program Files\Common Files\Microsoft Shared\Ink\keyboardsurrogate.exe 1220 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe 1260 svchost.exe 1368 svchost.exe 1640 C:\WINDOWS\system32\spoolsv.exe 1652 C:\WINDOWS\system32\brss01a.exe 1820 scardsvr.exe 428 C:\WINDOWS\system32\wisptis.exe 1100 C:\WINDOWS\system32\tabbtnu.exe 1336 C:\WINDOWS\system32\ctfmon.exe 1700 C:\Program Files\Common Files\Microsoft Shared\Ink\tcserver.exe 1784 C:\WINDOWS\system32\igfxpers.exe 1792 C:\Program Files\Fingerprint Sensor\ATSwpNav.exe 1812 C:\Program Files\Common Files\Microsoft Shared\Ink\tabtip.exe 1836 C:\WINDOWS\system32\igfxsrvc.exe 1868 C:\WINDOWS\AGRSMMSG.exe 1924 C:\Program Files\Fujitsu\Utils\FjDspMon.exe 1944 C:\Program Files\Fujitsu\Utils\FjEvents.exe 2032 C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe 184 C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe 240 C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe 260 C:\WINDOWS\system32\igfxext.exe 392 C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe 596 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe 448 svchost.exe 1032 C:\Program Files\Emsisoft Anti-Malware\a2service.exe 1136 C:\Program Files\Brother\ControlCenter2\brctrcen.exe 1764 C:\Program Files\Fujitsu Siemens\Bluetooth Software\BTTray.exe 2128 C:\WINDOWS\system32\Brmfrmps.exe 2148 C:\Program Files\Fujitsu Siemens\Bluetooth Software\bin\btwdins.exe 2180 C:\WINDOWS\system32\digtizer.exe 2272 C:\Program Files\Java\jre6\bin\jqs.exe 2312 C:\Program Files\Microsoft SQL Server\MSSQL$FACTFIND\Binn\sqlservr.exe 2436 C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe 2664 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe 2712 C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe 2796 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe 2828 C:\WINDOWS\system32\svchost.exe 2844 C:\Program Files\Trigold\Update\TRUService.exe 2884 wdfmgr.exe 3156 C:\WINDOWS\system32\wscntfy.exe 3532 alg.exe 3740 C:\PROGRA~1\FUJITS~1\BLUETO~1\BTSTAC~1.EXE 2524 C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe 12536 C:\WINDOWS\explorer.exe 14100 C:\Documents and Settings\user\Desktop\MBRCheck.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000009`c3dc5600 (NTFS) PhysicalDrive0 Model Number: FUJITSUMHV2060AT, Rev: 000000A0 Size Device Name MBR Status -------------------------------------------- 55 GB \\.\PhysicalDrive0 Windows XP MBR code detected SHA1: 503FD2CC6F3632B90CEC9C763A09B1AF1755FCD5 Done!
  3. Okay, that seemed to run just fine in the end. Here is the ComboFix log: ComboFix 10-08-18.03 - David 21/08/2010 16:38:54.2.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.502.290 [GMT 1:00] Running from: c:\documents and settings\user\Desktop\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2010-07-21 to 2010-08-21 ))))))))))))))))))))))))))))))) . 2010-08-21 15:31 . 2010-08-21 15:32 -------- d-----r- C:\32788R22FWJFW 2010-08-19 14:20 . 2010-08-21 09:19 -------- d-----w- C:\32788R22FWJFW.3.tmp 2010-08-19 14:12 . 2010-08-19 14:20 -------- d-----w- C:\32788R22FWJFW.2.tmp 2010-08-19 14:10 . 2010-08-19 14:12 -------- d-----w- C:\32788R22FWJFW.1.tmp 2010-08-18 14:58 . 2010-08-18 14:58 388096 ----a-r- c:\documents and settings\user\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-08-18 14:58 . 2010-08-18 14:58 -------- d-----w- c:\program files\Trend Micro 2010-08-18 10:37 . 2010-08-18 10:37 -------- d-----w- c:\program files\ESET 2010-08-17 20:19 . 2010-08-17 20:19 503808 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6a67529a-n\msvcp71.dll 2010-08-17 20:19 . 2010-08-17 20:19 499712 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6a67529a-n\jmc.dll 2010-08-17 20:19 . 2010-08-17 20:19 348160 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6a67529a-n\msvcr71.dll 2010-08-17 20:19 . 2010-08-17 20:19 12800 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-4841a0a7-n\decora-d3d.dll 2010-08-17 20:19 . 2010-08-17 20:19 61440 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-4841a0a7-n\decora-sse.dll 2010-08-17 20:19 . 2010-08-17 20:19 -------- d-----w- c:\program files\Common Files\Java 2010-08-17 08:35 . 2010-08-17 08:35 -------- d-----w- C:\VritualRoot 2010-08-16 15:25 . 2010-08-16 21:42 -------- d-----w- c:\program files\Emsisoft Anti-Malware 2010-08-16 12:17 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-08-16 12:17 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-08-15 21:22 . 2010-08-15 21:24 63488 ----a-w- c:\documents and settings\user\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll 2010-08-15 21:22 . 2010-08-15 21:22 52224 ----a-w- c:\documents and settings\user\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll 2010-08-15 21:21 . 2010-08-15 21:24 117760 ----a-w- c:\documents and settings\user\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-08-15 21:21 . 2010-08-15 21:21 -------- d-----w- c:\documents and settings\user\Application Data\SUPERAntiSpyware.com 2010-08-15 21:21 . 2010-08-15 21:21 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2010-08-15 21:20 . 2010-08-15 21:21 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-08-15 17:32 . 2010-08-15 17:32 -------- dc----w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E} 2010-08-15 17:00 . 2010-08-17 08:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo Downloader 2010-08-10 16:58 . 2010-08-10 16:58 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\COMODO . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-21 15:28 . 2010-04-18 12:45 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat 2010-08-17 20:18 . 2010-06-13 16:15 -------- d-----w- c:\program files\Java 2010-08-17 14:53 . 2010-07-11 13:31 1 ----a-w- c:\documents and settings\user\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2010-08-16 12:17 . 2010-06-20 12:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-08-10 17:34 . 2006-10-02 15:46 -------- d-----w- c:\program files\BT Broadband 2010-08-10 17:33 . 2006-10-02 15:46 -------- d-----w- c:\program files\Motive 2010-07-17 04:00 . 2010-06-13 16:16 423656 ----a-w- c:\windows\system32\deployJava1.dll 2010-07-11 14:13 . 2010-07-11 14:13 -------- d-----w- c:\program files\JRE 2010-07-11 14:13 . 2010-07-11 13:26 -------- d-----w- c:\program files\OpenOffice.org 3 2010-07-11 13:30 . 2010-07-11 13:30 -------- d-----w- c:\documents and settings\user\Application Data\OpenOffice.org 2010-07-07 16:09 . 2006-04-28 09:13 -------- d-----w- c:\program files\Microsoft SQL Server 2010-07-06 17:36 . 2010-07-06 17:36 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2 2010-07-04 12:51 . 2009-12-25 14:38 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-07-04 12:35 . 2010-07-04 12:35 -------- d-----w- c:\program files\Microsoft 2010-07-04 12:35 . 2010-07-04 12:34 -------- d-----w- c:\program files\Windows Live 2010-07-04 12:35 . 2010-07-04 12:35 -------- d-----w- c:\program files\Windows Live SkyDrive 2010-07-04 12:30 . 2010-07-04 12:30 -------- d-----w- c:\program files\Common Files\Windows Live 2010-06-30 12:31 . 2004-08-12 11:28 149504 ----a-w- c:\windows\system32\schannel.dll 2010-06-24 12:22 . 2004-08-12 11:28 916480 ----a-w- c:\windows\system32\wininet.dll 2010-06-23 13:44 . 2004-08-12 11:28 1851904 ----a-w- c:\windows\system32\win32k.sys 2010-06-21 15:27 . 2004-08-12 11:28 354304 ----a-w- c:\windows\system32\drivers\srv.sys 2010-06-17 14:03 . 2004-08-12 11:27 80384 ----a-w- c:\windows\system32\iccvid.dll 2010-06-14 14:31 . 2004-08-13 16:00 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe 2010-06-14 07:41 . 2004-08-12 11:27 1172480 ----a-w- c:\windows\system32\msxml3.dll 2010-06-13 16:16 . 2010-06-13 16:16 503808 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-72efaa95-n\msvcp71.dll 2010-06-13 16:16 . 2010-06-13 16:16 12800 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-42edbb39-n\decora-d3d.dll 2010-06-13 16:16 . 2010-06-13 16:16 61440 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-42edbb39-n\decora-sse.dll 2010-06-13 16:16 . 2010-06-13 16:16 499712 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-72efaa95-n\jmc.dll 2010-06-13 16:16 . 2010-06-13 16:16 348160 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-72efaa95-n\msvcr71.dll 2006-02-02 09:28 . 2006-02-02 09:28 0 ---ha-w- c:\program files\AppUpdate.log . ((((((((((((((((((((((((((((( SnapShot@2010-08-21_09.49.20 ))))))))))))))))))))))))))))))))))))))))) . + 2010-08-21 15:29 . 2010-08-21 15:29 16384 c:\windows\temp\Perflib_Perfdata_984.dat + 2010-08-21 15:29 . 2010-08-21 15:29 16384 c:\windows\temp\Perflib_Perfdata_908.dat + 2010-08-21 15:29 . 2010-08-21 15:29 16384 c:\windows\temp\Perflib_Perfdata_8e0.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-19 2403568] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATSwpNav"="c:\program files\Fingerprint Sensor\ATSwpNav -run" [X] "TabletWizard"="c:\windows\help\SplshWrp.exe" [2008-04-14 16384] "TabletTip"="c:\program files\Common Files\microsoft shared\ink\tabtip.exe" [2008-04-14 271872] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-19 114688] "AGRSMMSG"="AGRSMMSG.exe" [2005-06-10 88203] "FjDspMon"="c:\program files\Fujitsu\Utils\FjDspMon.exe" [2005-04-29 20480] "FjEvents"="c:\program files\Fujitsu\Utils\fjevents.exe" [2004-10-14 20480] "Fujitsu Menu"="c:\program files\Fujitsu\Utils\FjMnuIco.exe" [2004-12-16 32768] "IR-KeyboardApp"="c:\program files\Fujitsu\Utils\FjIrKbAp.exe" [2004-11-07 40960] "IndicatorUtility"="c:\program files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2005-08-09 81920] "Snippet"="c:\program files\Microsoft Experience Pack\Snipping Tool\SnippingTool.exe" [2005-02-25 68296] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182] "EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2005-12-28 569413] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648] "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 57393] "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 40960] "SetDefPrt"="c:\program files\Brother\Brmfl04b\BrStDvPt.exe" [2004-05-25 49152] "ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 851968] "RemHelp"="remhelp.exe" [2002-06-27 24576] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ BTTray.lnk - c:\program files\Fujitsu Siemens\Bluetooth Software\BTTray.exe [2004-9-21 557123] Status Monitor.lnk - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [2006-10-4 819200] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist] 2010-03-28 14:01 13672 ----a-w- c:\program files\Citrix\GoToAssist\599\g2awinlogon.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey] 2008-04-14 00:11 47104 ----a-w- c:\program files\Common Files\Microsoft Shared\Ink\loginkey.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL] 2002-08-29 10:41 11776 ----a-w- c:\windows\system32\tabbtnwl.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify] 2008-04-14 00:12 32256 ----a-w- c:\windows\system32\tpgwlnot.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [24/01/2006 22:10 32320] R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [24/01/2006 22:10 23200] R1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [06/12/2009 16:09 58984] R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [06/12/2009 16:09 337000] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 19:25 12872] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 19:41 67656] R2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [16/08/2010 16:25 1935656] R2 MSSQL$FACTFIND;MSSQL$FACTFIND;c:\program files\Microsoft SQL Server\MSSQL$FACTFIND\Binn\sqlservr.exe -sFACTFIND --> c:\program files\Microsoft SQL Server\MSSQL$FACTFIND\Binn\sqlservr.exe -sFACTFIND [?] R2 MSSQL$INERTIA3_SQL2005;SQL Server (INERTIA3_SQL2005);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [27/05/2009 03:27 29262680] R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [06/12/2009 16:09 972008] R2 TRUService;Trigold Update Service;c:\program files\Trigold\Update\TRUService.exe [06/03/2009 14:29 135816] R3 DX02;DX02;c:\windows\system32\drivers\dx02.sys [29/07/2004 14:27 83712] R3 Fjbtndrv;Fujitsu Stylistic ST5000 Button Driver;c:\windows\system32\drivers\FjBtndrv.sys [24/01/2006 22:09 12672] R3 FUJ02E1;%FUJ02E1.DeviceDesc%;c:\windows\system32\drivers\FUJ02E1.sys [13/01/2006 05:13 5632] R3 hidpen;Wacom Serial Pen HID MiniDriver;c:\windows\system32\drivers\hidpen.sys [13/01/2006 05:13 31104] R3 OZSCR;O2Micro SmartCardBus Smartcard Reader;c:\windows\system32\drivers\ozscr.sys [13/01/2006 05:13 92550] S3 a2acc;a2acc;c:\program files\Emsisoft Anti-Malware\a2accx86.sys [16/08/2010 16:25 71008] S3 SQLAgent$FACTFIND;SQLAgent$FACTFIND;c:\program files\Microsoft SQL Server\MSSQL$FACTFIND\Binn\sqlagent.EXE -i FACTFIND --> c:\program files\Microsoft SQL Server\MSSQL$FACTFIND\Binn\sqlagent.EXE -i FACTFIND [?] S3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\drivers\wacompen.sys [13/08/2004 09:54 14208] . . ------- Supplementary Scan ------- . uInternet Connection Wizard,ShellNext = https://extranet.thinkpositive.com/secure/extranet/default.asp DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {500A5CC4-0334-11D5-87AD-0050DAC7511B} - file://c:\psbackup\Exchange XP Install\CAB\GES.CAB DPF: {735932BD-8729-11D5-8F19-0008C7E9C2C6} - file://c:\psbackup\Exchange XP Install\CAB\rimant.cab DPF: {8E95B0CA-EB6F-11D3-979B-00508B64538B} - file://c:\psbackup\Exchange XP Install\CAB\VersionInfo.cab DPF: {A32DBCA3-4BFD-11D3-B9E4-008048FCE443} - file://c:\psbackup\Exchange XP Install\CAB\eXwebCListCtl.cab DPF: {A6339C32-3F93-11D5-8EB7-0008C7E9C2C6} - file://c:\psbackup\Exchange XP Install\CAB\pensions.cab DPF: {A9F86998-BB62-11D2-A988-006097E20477} - file://c:\psbackup\Exchange XP Install\CAB\eXwebUtils.cab DPF: {A9F869B2-BB62-11D2-A988-006097E20477} - file://c:\psbackup\Exchange XP Install\CAB\eXwebOcc.cab DPF: {A9F869C0-BB62-11D2-A988-006097E20477} - file://c:\psbackup\Exchange XP Install\CAB\PHIHelpText.cab DPF: {A9F869CE-BB62-11D2-A988-006097E20477} - file://c:\psbackup\Exchange XP Install\CAB\PHIToolTips.cab DPF: {AB5ED3AE-DE26-11D3-AD7A-0050044495F0} - file://c:\psbackup\Exchange XP Install\CAB\wholelife.cab DPF: {ABF92614-EBA5-11D3-A315-006008134E84} - file://c:\psbackup\Exchange XP Install\CAB\ann_GD.cab DPF: {B539A417-0C5E-11D4-97CF-00508B64538B} - file://c:\psbackup\Exchange XP Install\CAB\Bonds.cab DPF: {B5805B24-2D86-11D0-ADA6-00400520799C} - file://c:\psbackup\Exchange XP Install\CAB\pvcalctl.cab DPF: {BC954BAD-872A-11D5-8F19-0008C7E9C2C6} - file://c:\psbackup\Exchange XP Install\CAB\rima9x.cab DPF: {C2A91890-0BBD-11D4-833E-0008C78A797E} - file://c:\psbackup\Exchange XP Install\CAB\GoalUpdate.CAB DPF: {CC696B63-4159-11D0-BDCB-0020A90B183A} - file://c:\psbackup\Exchange XP Install\CAB\pvdate2.cab DPF: {DB1F08C5-F410-11D3-A316-006008134E84} - file://c:\psbackup\Exchange XP Install\CAB\TermAssurance.cab DPF: {DBA9E4A1-885A-11D3-8919-0050049D81F4} - file://c:\psbackup\Exchange XP Install\CAB\TexPHIDS.cab DPF: {E5CFA957-1CD1-11D2-85AD-006097B42E68} - file://c:\psbackup\Exchange XP Install\CAB\eXwebCList.cab DPF: {E9C9692E-F93C-11D1-ABB0-0040054FC6FB} - file://c:\psbackup\Exchange XP Install\CAB\pvdt70.cab FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\6pxmx9hr.default\ FF - prefs.js: browser.startup.homepage - hxxps://extranet.thinkpositive.com/secure/extranet/default.asp FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-08-21 16:49 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run RemHelp = remhelp.exe??? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(576) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll c:\program files\Citrix\GoToAssist\599\G2AWinLogon.dll - - - - - - - > 'explorer.exe'(12536) c:\windows\system32\WININET.dll c:\program files\windows journal\nbmaptip.dll c:\windows\IME\SPGRMR.DLL c:\windows\system32\webcheck.dll c:\windows\system32\IEFRAME.dll . Completion time: 2010-08-21 16:56:24 ComboFix-quarantined-files.txt 2010-08-21 15:56 ComboFix2.txt 2010-08-21 09:53 Pre-Run: 16,442,343,424 bytes free Post-Run: 16,432,652,288 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - 29426E68B98ACDC991B9246FEC1BBAC3
  4. OMG! This is a strange one... after uninstalling Comodo, I ran Combofix and it came up with an error: "Incompatible OS. Combofix only works for workstations with Windows 2000 and XP" But it is running XP! Also, it has now popped up a dialogue asking if I want to update to a newer version of ComboFix... /// edited to add that ComboFix still appears to be running regardless
  5. I am going to uninstall Comodo, run Combofix again and then run MBRCheck and post the logs. Incidentally, this PC is so sluggish that when I close a browser window, it kind of slides down from the top to the bottom, closing in stages and takes about 5 seconds!
  6. Hi Juliet Here is the Combofix log as requested: ComboFix 10-08-18.03 - David 21/08/2010 10:40:21.1.1 - x86 NETWORK Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.502.338 [GMT 1:00] Running from: c:\documents and settings\user\Desktop\ComboFix.exe AV: COMODO Antivirus *On-access scanning enabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B} FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\user\Local Settings\Temporary Internet Files\webex.ini c:\windows\system32\drivers\FSC__PI__STYLISTIC ST503X__FUJITSU_FJNB1A2__Default System BIOS_FUJ - 1060000_Version 1.06 .MRK c:\windows\system32\install.exe c:\windows\system32\sicry_uk.dll.info c:\windows\system32\Thumbs.db . ((((((((((((((((((((((((( Files Created from 2010-07-21 to 2010-08-21 ))))))))))))))))))))))))))))))) . 2010-08-19 14:20 . 2010-08-21 09:19 -------- d-----w- C:\32788R22FWJFW.3.tmp 2010-08-19 14:12 . 2010-08-19 14:20 -------- d-----w- C:\32788R22FWJFW.2.tmp 2010-08-19 14:10 . 2010-08-19 14:12 -------- d-----w- C:\32788R22FWJFW.1.tmp 2010-08-18 14:58 . 2010-08-18 14:58 388096 ----a-r- c:\documents and settings\user\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-08-18 14:58 . 2010-08-18 14:58 -------- d-----w- c:\program files\Trend Micro 2010-08-18 10:37 . 2010-08-18 10:37 -------- d-----w- c:\program files\ESET 2010-08-17 20:19 . 2010-08-17 20:19 503808 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6a67529a-n\msvcp71.dll 2010-08-17 20:19 . 2010-08-17 20:19 499712 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6a67529a-n\jmc.dll 2010-08-17 20:19 . 2010-08-17 20:19 348160 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6a67529a-n\msvcr71.dll 2010-08-17 20:19 . 2010-08-17 20:19 12800 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-4841a0a7-n\decora-d3d.dll 2010-08-17 20:19 . 2010-08-17 20:19 61440 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-4841a0a7-n\decora-sse.dll 2010-08-17 20:19 . 2010-08-17 20:19 -------- d-----w- c:\program files\Common Files\Java 2010-08-17 08:35 . 2010-08-17 08:35 -------- d-----w- C:\VritualRoot 2010-08-17 08:35 . 2010-08-17 08:36 -------- d-----w- c:\documents and settings\All Users\Application Data\COMODO 2010-08-16 15:25 . 2010-08-16 21:42 -------- d-----w- c:\program files\Emsisoft Anti-Malware 2010-08-16 12:17 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-08-16 12:17 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-08-15 21:22 . 2010-08-15 21:24 63488 ----a-w- c:\documents and settings\user\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll 2010-08-15 21:22 . 2010-08-15 21:22 52224 ----a-w- c:\documents and settings\user\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll 2010-08-15 21:21 . 2010-08-15 21:24 117760 ----a-w- c:\documents and settings\user\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-08-15 21:21 . 2010-08-15 21:21 -------- d-----w- c:\documents and settings\user\Application Data\SUPERAntiSpyware.com 2010-08-15 21:21 . 2010-08-15 21:21 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2010-08-15 21:20 . 2010-08-15 21:21 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-08-15 17:32 . 2010-08-15 17:32 -------- dc----w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E} 2010-08-15 17:00 . 2010-08-17 08:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo Downloader 2010-08-10 16:58 . 2010-08-10 16:58 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\COMODO . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-21 09:21 . 2010-04-18 12:45 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat 2010-08-17 20:18 . 2010-06-13 16:15 -------- d-----w- c:\program files\Java 2010-08-17 14:53 . 2010-07-11 13:31 1 ----a-w- c:\documents and settings\user\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2010-08-17 08:32 . 2010-04-18 12:42 -------- d-----w- c:\program files\COMODO 2010-08-16 12:17 . 2010-06-20 12:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-08-10 17:34 . 2006-10-02 15:46 -------- d-----w- c:\program files\BT Broadband 2010-08-10 17:33 . 2006-10-02 15:46 -------- d-----w- c:\program files\Motive 2010-07-17 04:00 . 2010-06-13 16:16 423656 ----a-w- c:\windows\system32\deployJava1.dll 2010-07-11 14:13 . 2010-07-11 14:13 -------- d-----w- c:\program files\JRE 2010-07-11 14:13 . 2010-07-11 13:26 -------- d-----w- c:\program files\OpenOffice.org 3 2010-07-11 13:30 . 2010-07-11 13:30 -------- d-----w- c:\documents and settings\user\Application Data\OpenOffice.org 2010-07-07 16:09 . 2006-04-28 09:13 -------- d-----w- c:\program files\Microsoft SQL Server 2010-07-06 17:36 . 2010-07-06 17:36 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2 2010-07-04 12:51 . 2009-12-25 14:38 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-07-04 12:35 . 2010-07-04 12:35 -------- d-----w- c:\program files\Microsoft 2010-07-04 12:35 . 2010-07-04 12:34 -------- d-----w- c:\program files\Windows Live 2010-07-04 12:35 . 2010-07-04 12:35 -------- d-----w- c:\program files\Windows Live SkyDrive 2010-07-04 12:30 . 2010-07-04 12:30 -------- d-----w- c:\program files\Common Files\Windows Live 2010-06-30 12:31 . 2004-08-12 11:28 149504 ----a-w- c:\windows\system32\schannel.dll 2010-06-24 12:22 . 2004-08-12 11:28 916480 ----a-w- c:\windows\system32\wininet.dll 2010-06-23 13:44 . 2004-08-12 11:28 1851904 ----a-w- c:\windows\system32\win32k.sys 2010-06-21 15:27 . 2004-08-12 11:28 354304 ----a-w- c:\windows\system32\drivers\srv.sys 2010-06-17 14:03 . 2004-08-12 11:27 80384 ----a-w- c:\windows\system32\iccvid.dll 2010-06-14 14:31 . 2004-08-13 16:00 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe 2010-06-14 07:41 . 2004-08-12 11:27 1172480 ----a-w- c:\windows\system32\msxml3.dll 2010-06-13 16:16 . 2010-06-13 16:16 503808 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-72efaa95-n\msvcp71.dll 2010-06-13 16:16 . 2010-06-13 16:16 12800 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-42edbb39-n\decora-d3d.dll 2010-06-13 16:16 . 2010-06-13 16:16 61440 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-42edbb39-n\decora-sse.dll 2010-06-13 16:16 . 2010-06-13 16:16 499712 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-72efaa95-n\jmc.dll 2010-06-13 16:16 . 2010-06-13 16:16 348160 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-72efaa95-n\msvcr71.dll 2010-06-04 10:55 . 2010-06-04 10:55 229312 ----a-w- c:\windows\system32\drivers\cmdGuard.sys 2010-06-01 18:00 . 2010-06-01 18:00 278288 ----a-w- c:\windows\system32\guard32.dll 2010-06-01 18:00 . 2010-06-01 18:00 87824 ----a-w- c:\windows\system32\drivers\inspect.sys 2010-06-01 18:00 . 2010-06-01 18:00 25240 ----a-w- c:\windows\system32\drivers\cmdhlp.sys 2010-06-01 18:00 . 2010-06-01 18:00 15464 ----a-w- c:\windows\system32\drivers\cmderd.sys 2006-02-02 09:28 . 2006-02-02 09:28 0 ---ha-w- c:\program files\AppUpdate.log . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-19 2403568] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATSwpNav"="c:\program files\Fingerprint Sensor\ATSwpNav -run" [X] "TabletWizard"="c:\windows\help\SplshWrp.exe" [2008-04-14 16384] "TabletTip"="c:\program files\Common Files\microsoft shared\ink\tabtip.exe" [2008-04-14 271872] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-19 114688] "AGRSMMSG"="AGRSMMSG.exe" [2005-06-10 88203] "FjDspMon"="c:\program files\Fujitsu\Utils\FjDspMon.exe" [2005-04-29 20480] "FjEvents"="c:\program files\Fujitsu\Utils\fjevents.exe" [2004-10-14 20480] "Fujitsu Menu"="c:\program files\Fujitsu\Utils\FjMnuIco.exe" [2004-12-16 32768] "IR-KeyboardApp"="c:\program files\Fujitsu\Utils\FjIrKbAp.exe" [2004-11-07 40960] "IndicatorUtility"="c:\program files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2005-08-09 81920] "Snippet"="c:\program files\Microsoft Experience Pack\Snipping Tool\SnippingTool.exe" [2005-02-25 68296] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182] "EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2005-12-28 569413] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648] "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 57393] "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 40960] "SetDefPrt"="c:\program files\Brother\Brmfl04b\BrStDvPt.exe" [2004-05-25 49152] "ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 851968] "RemHelp"="remhelp.exe" [2002-06-27 24576] "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-06-01 2039240] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ BTTray.lnk - c:\program files\Fujitsu Siemens\Bluetooth Software\BTTray.exe [2004-9-21 557123] Status Monitor.lnk - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [2006-10-4 819200] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist] 2010-03-28 14:01 13672 ----a-w- c:\program files\Citrix\GoToAssist\599\g2awinlogon.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey] 2008-04-14 00:11 47104 ----a-w- c:\program files\Common Files\Microsoft Shared\Ink\loginkey.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL] 2002-08-29 10:41 11776 ----a-w- c:\windows\system32\tabbtnwl.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify] 2008-04-14 00:12 32256 ----a-w- c:\windows\system32\tpgwlnot.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\guard32.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [24/01/2006 22:10 32320] R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [24/01/2006 22:10 23200] R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [01/06/2010 19:00 15464] R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [01/06/2010 19:00 25240] R3 Fjbtndrv;Fujitsu Stylistic ST5000 Button Driver;c:\windows\system32\drivers\FjBtndrv.sys [24/01/2006 22:09 12672] R3 FUJ02E1;%FUJ02E1.DeviceDesc%;c:\windows\system32\drivers\FUJ02E1.sys [13/01/2006 05:13 5632] R3 hidpen;Wacom Serial Pen HID MiniDriver;c:\windows\system32\drivers\hidpen.sys [13/01/2006 05:13 31104] S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [04/06/2010 11:55 229312] S1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [06/12/2009 16:09 58984] S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [06/12/2009 16:09 337000] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 19:25 12872] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 19:41 67656] S2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [16/08/2010 16:25 1935656] S2 MSSQL$FACTFIND;MSSQL$FACTFIND;c:\program files\Microsoft SQL Server\MSSQL$FACTFIND\Binn\sqlservr.exe -sFACTFIND --> c:\program files\Microsoft SQL Server\MSSQL$FACTFIND\Binn\sqlservr.exe -sFACTFIND [?] S2 MSSQL$INERTIA3_SQL2005;SQL Server (INERTIA3_SQL2005);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [27/05/2009 03:27 29262680] S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [06/12/2009 16:09 972008] S2 TRUService;Trigold Update Service;c:\program files\Trigold\Update\TRUService.exe [06/03/2009 14:29 135816] S3 a2acc;a2acc;c:\program files\Emsisoft Anti-Malware\a2accx86.sys [16/08/2010 16:25 71008] S3 DX02;DX02;c:\windows\system32\drivers\dx02.sys [29/07/2004 14:27 83712] S3 OZSCR;O2Micro SmartCardBus Smartcard Reader;c:\windows\system32\drivers\ozscr.sys [13/01/2006 05:13 92550] S3 SQLAgent$FACTFIND;SQLAgent$FACTFIND;c:\program files\Microsoft SQL Server\MSSQL$FACTFIND\Binn\sqlagent.EXE -i FACTFIND --> c:\program files\Microsoft SQL Server\MSSQL$FACTFIND\Binn\sqlagent.EXE -i FACTFIND [?] S3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\drivers\wacompen.sys [13/08/2004 09:54 14208] . . ------- Supplementary Scan ------- . uInternet Connection Wizard,ShellNext = https://extranet.thinkpositive.com/secure/extranet/default.asp DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {500A5CC4-0334-11D5-87AD-0050DAC7511B} - file://c:\psbackup\Exchange XP Install\CAB\GES.CAB DPF: {735932BD-8729-11D5-8F19-0008C7E9C2C6} - file://c:\psbackup\Exchange XP Install\CAB\rimant.cab DPF: {8E95B0CA-EB6F-11D3-979B-00508B64538B} - file://c:\psbackup\Exchange XP Install\CAB\VersionInfo.cab DPF: {A32DBCA3-4BFD-11D3-B9E4-008048FCE443} - file://c:\psbackup\Exchange XP Install\CAB\eXwebCListCtl.cab DPF: {A6339C32-3F93-11D5-8EB7-0008C7E9C2C6} - file://c:\psbackup\Exchange XP Install\CAB\pensions.cab DPF: {A9F86998-BB62-11D2-A988-006097E20477} - file://c:\psbackup\Exchange XP Install\CAB\eXwebUtils.cab DPF: {A9F869B2-BB62-11D2-A988-006097E20477} - file://c:\psbackup\Exchange XP Install\CAB\eXwebOcc.cab DPF: {A9F869C0-BB62-11D2-A988-006097E20477} - file://c:\psbackup\Exchange XP Install\CAB\PHIHelpText.cab DPF: {A9F869CE-BB62-11D2-A988-006097E20477} - file://c:\psbackup\Exchange XP Install\CAB\PHIToolTips.cab DPF: {AB5ED3AE-DE26-11D3-AD7A-0050044495F0} - file://c:\psbackup\Exchange XP Install\CAB\wholelife.cab DPF: {ABF92614-EBA5-11D3-A315-006008134E84} - file://c:\psbackup\Exchange XP Install\CAB\ann_GD.cab DPF: {B539A417-0C5E-11D4-97CF-00508B64538B} - file://c:\psbackup\Exchange XP Install\CAB\Bonds.cab DPF: {B5805B24-2D86-11D0-ADA6-00400520799C} - file://c:\psbackup\Exchange XP Install\CAB\pvcalctl.cab DPF: {BC954BAD-872A-11D5-8F19-0008C7E9C2C6} - file://c:\psbackup\Exchange XP Install\CAB\rima9x.cab DPF: {C2A91890-0BBD-11D4-833E-0008C78A797E} - file://c:\psbackup\Exchange XP Install\CAB\GoalUpdate.CAB DPF: {CC696B63-4159-11D0-BDCB-0020A90B183A} - file://c:\psbackup\Exchange XP Install\CAB\pvdate2.cab DPF: {DB1F08C5-F410-11D3-A316-006008134E84} - file://c:\psbackup\Exchange XP Install\CAB\TermAssurance.cab DPF: {DBA9E4A1-885A-11D3-8919-0050049D81F4} - file://c:\psbackup\Exchange XP Install\CAB\TexPHIDS.cab DPF: {E5CFA957-1CD1-11D2-85AD-006097B42E68} - file://c:\psbackup\Exchange XP Install\CAB\eXwebCList.cab DPF: {E9C9692E-F93C-11D1-ABB0-0040054FC6FB} - file://c:\psbackup\Exchange XP Install\CAB\pvdt70.cab FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\6pxmx9hr.default\ FF - prefs.js: browser.startup.homepage - hxxps://extranet.thinkpositive.com/secure/extranet/default.asp FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-08-21 10:49 Windows 5.1.2600 Service Pack 3 NTFS detected NTDLL code modification: ZwClose, ZwOpenFile scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run RemHelp = remhelp.exe??? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(524) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll c:\program files\Citrix\GoToAssist\599\G2AWinLogon.dll . Completion time: 2010-08-21 10:53:14 ComboFix-quarantined-files.txt 2010-08-21 09:53 Pre-Run: 16,559,677,440 bytes free Post-Run: 16,865,087,488 bytes free - - End Of File - - 4186C2751FD5FC54606C09D194E1DD5A
  7. I didn't have any other apps running and closed down Comodo and any malware scanners I had running. So now I am trying in Safe Mode but am having yet more problems. Firstly, Combofix says Comodo is still running, even though there is nothing in the system tray that I can click to shut it down. So I continued regardless, despite the warnings. Now it is trying to download Windows Recovery Console but says I am not connected to the internet - BUT I AM! I started in "Safe Mode with Networking" and I tested the connection by browsing a couple of safe sites. This is so frustrating. The scan appears to be continuing despite not installing Windows Recovery Console...
  8. Hello again I just tried running combofix and I get the following errors: "Installation Failed" [in a small pop up box] "32788R22FWJFW\hidec.exe Not enough quota is available to process this command" [in a larger pop up box behind the other one] HELP!
  9. Running from: C:\Documents and Settings\user\desktop\win32kdiag.exe Log file at : C:\Documents and Settings\user\Desktop\Win32kDiag.txt Removing all found mount points. Attempting to reset file permissions. WARNING: Could not get backup privileges! Searching 'C:\WINDOWS'... Finished! HJT LOG ============== Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:01:01, on 19/08/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Emsisoft Anti-Malware\a2service.exe C:\WINDOWS\system32\Brmfrmps.exe C:\Program Files\Fujitsu Siemens\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\System32\digtizer.exe C:\WINDOWS\SYSTEM32\WISPTIS.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft SQL Server\MSSQL$FACTFIND\Binn\sqlservr.exe C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe C:\WINDOWS\system32\o2flash.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Trigold\Update\TRUService.exe C:\WINDOWS\System32\tabbtnu.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe C:\Program Files\Fingerprint Sensor\ATSwpNav.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Fujitsu\Utils\FjDspMon.exe C:\Program Files\Fujitsu\Utils\fjevents.exe C:\Program Files\Fujitsu\Utils\FjMnuIco.exe C:\Program Files\Fujitsu\Utils\FjIrKbAp.exe C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe C:\WINDOWS\system32\igfxext.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Brother\ControlCenter2\brctrcen.exe C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Fujitsu Siemens\Bluetooth Software\BTTray.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\PROGRA~1\FUJITS~1\BLUETO~1\BTSTAC~1.EXE C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://extranet.thinkpositive.com/secure/extranet/default.asp O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [FjDspMon] C:\Program Files\Fujitsu\Utils\FjDspMon.exe O4 - HKLM\..\Run: [FjEvents] C:\Program Files\Fujitsu\Utils\fjevents.exe O4 - HKLM\..\Run: [Fujitsu Menu] C:\Program Files\Fujitsu\Utils\FjMnuIco.exe O4 - HKLM\..\Run: [iR-KeyboardApp] C:\Program Files\Fujitsu\Utils\FjIrKbAp.exe O4 - HKLM\..\Run: [indicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe O4 - HKLM\..\Run: [snippet] "C:\Program Files\Microsoft Experience Pack\Snipping Tool\SnippingTool.exe" /i O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [setDefPrt] C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun O4 - HKLM\..\Run: [RemHelp] remhelp.exe O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - .DEFAULT User Startup: StarOffice 6.0.lnk = C:\Program Files\StarOffice6.0\program\quickstart.exe (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Fujitsu Siemens\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Fujitsu Siemens\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {500A5CC4-0334-11D5-87AD-0050DAC7511B} (GES.DesSSMain) - file://C:\PSBackup\Exchange XP Install\CAB\GES.CAB O16 - DPF: {735932BD-8729-11D5-8F19-0008C7E9C2C6} (RIMA For Windows NT) - file://C:\PSBackup\Exchange XP Install\CAB\rimant.cab O16 - DPF: {8E95B0CA-EB6F-11D3-979B-00508B64538B} (VersionInfo.clsVersionInfo) - file://C:\PSBackup\Exchange XP Install\CAB\VersionInfo.cab O16 - DPF: {A32DBCA3-4BFD-11D3-B9E4-008048FCE443} (Complist Class) - file://C:\PSBackup\Exchange XP Install\CAB\eXwebCListCtl.cab O16 - DPF: {A6339C32-3F93-11D5-8EB7-0008C7E9C2C6} (Pensions.clsPensionBusinessLogic) - file://C:\PSBackup\Exchange XP Install\CAB\pensions.cab O16 - DPF: {A9F86998-BB62-11D2-A988-006097E20477} (eXwebUtils.clsVersionInfo) - file://C:\PSBackup\Exchange XP Install\CAB\eXwebUtils.cab O16 - DPF: {A9F869B2-BB62-11D2-A988-006097E20477} (eXwebOccList.clsVersionInfo) - file://C:\PSBackup\Exchange XP Install\CAB\eXwebOcc.cab O16 - DPF: {A9F869C0-BB62-11D2-A988-006097E20477} (PHIHelpText.clsVersionInfo) - file://C:\PSBackup\Exchange XP Install\CAB\PHIHelpText.cab O16 - DPF: {A9F869CE-BB62-11D2-A988-006097E20477} (PHIToolTips.clsVersionInfo) - file://C:\PSBackup\Exchange XP Install\CAB\PHIToolTips.cab O16 - DPF: {AB5ED3AE-DE26-11D3-AD7A-0050044495F0} (WholeLife.clsVersionInfo) - file://C:\PSBackup\Exchange XP Install\CAB\wholelife.cab O16 - DPF: {ABF92614-EBA5-11D3-A315-006008134E84} (Annuities.dsrMain) - file://C:\PSBackup\Exchange XP Install\CAB\ann_GD.cab O16 - DPF: {B539A417-0C5E-11D4-97CF-00508B64538B} (Bonds.GLBI030) - file://C:\PSBackup\Exchange XP Install\CAB\Bonds.cab O16 - DPF: {B5805B24-2D86-11D0-ADA6-00400520799C} (ProtoView Calendar Control) - file://C:\PSBackup\Exchange XP Install\CAB\pvcalctl.cab O16 - DPF: {BC954BAD-872A-11D5-8F19-0008C7E9C2C6} (RIMA For Windows 9x) - file://C:\PSBackup\Exchange XP Install\CAB\rima9x.cab O16 - DPF: {C2A91890-0BBD-11D4-833E-0008C78A797E} (CTP Goal Proposal Update) - file://C:\PSBackup\Exchange XP Install\CAB\GoalUpdate.CAB O16 - DPF: {CC696B63-4159-11D0-BDCB-0020A90B183A} (ProtoView Date Control) - file://C:\PSBackup\Exchange XP Install\CAB\pvdate2.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {DB1F08C5-F410-11D3-A316-006008134E84} (CombinedTerm.desUserDefaultsGrid) - file://C:\PSBackup\Exchange XP Install\CAB\TermAssurance.cab O16 - DPF: {DBA9E4A1-885A-11D3-8919-0050049D81F4} (TexPHIDS.dsrPHIInput) - file://C:\PSBackup\Exchange XP Install\CAB\TexPHIDS.cab O16 - DPF: {E5CFA957-1CD1-11D2-85AD-006097B42E68} (TEXCList.ctlCompanyList) - file://C:\PSBackup\Exchange XP Install\CAB\eXwebCList.cab O16 - DPF: {E9C9692E-F93C-11D1-ABB0-0040054FC6FB} (ProtoView DataTable Control 7.0 (OLEDB)) - file://C:\PSBackup\Exchange XP Install\CAB\pvdt70.cab O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\599\G2AWinLogon.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Emsisoft Anti-Malware 5.0 - Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\Emsisoft Anti-Malware\a2service.exe O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Fujitsu Siemens\Bluetooth Software\bin\btwdins.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe O23 - Service: Digitizer Service (Digitizer) - WACOM - C:\WINDOWS\System32\digtizer.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\599\g2aservice.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Trigold Update Service (TRUService) - Trigold - C:\Program Files\Trigold\Update\TRUService.exe O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe (file missing) -- End of file - 12950 bytes The system is still running slowly and the hdd seems to be accessing an awful lot, even when I am not running anything.
  10. Okay so I ran the ESET scan - strangely enough it kept failing when I tried using it the regular way via IE, so I visited the URL in Firefox and downloaded the Smart Installer. It then worked fine. Here is what it found: C:\Documents and Settings\user\Desktop\Software\BTBROADBAND (G)\BTBroadbandHelp\SETUP.EXE probably unknown NewHeur_PE virus deleted - quarantined I then ran a fresh HJT scan: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 16:00:03, on 18/08/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\SYSTEM32\WISPTIS.EXE C:\WINDOWS\System32\tabbtnu.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe C:\Program Files\Fingerprint Sensor\ATSwpNav.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Fujitsu\Utils\FjDspMon.exe C:\Program Files\Fujitsu\Utils\fjevents.exe C:\WINDOWS\system32\igfxext.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Fujitsu\Utils\FjIrKbAp.exe C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe C:\Program Files\Emsisoft Anti-Malware\a2service.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\WINDOWS\system32\Brmfrmps.exe C:\Program Files\Brother\ControlCenter2\brctrcen.exe C:\Program Files\Fujitsu Siemens\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\System32\digtizer.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Fujitsu Siemens\Bluetooth Software\BTTray.exe C:\Program Files\Microsoft SQL Server\MSSQL$FACTFIND\Binn\sqlservr.exe C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe C:\WINDOWS\system32\o2flash.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Trigold\Update\TRUService.exe C:\PROGRA~1\FUJITS~1\BLUETO~1\BTSTAC~1.EXE C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\DOCUME~1\user\LOCALS~1\Temp\FlashPlayerUpdate.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://extranet.thinkpositive.com/secure/extranet/default.asp O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [FjDspMon] C:\Program Files\Fujitsu\Utils\FjDspMon.exe O4 - HKLM\..\Run: [FjEvents] C:\Program Files\Fujitsu\Utils\fjevents.exe O4 - HKLM\..\Run: [Fujitsu Menu] C:\Program Files\Fujitsu\Utils\FjMnuIco.exe O4 - HKLM\..\Run: [iR-KeyboardApp] C:\Program Files\Fujitsu\Utils\FjIrKbAp.exe O4 - HKLM\..\Run: [indicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe O4 - HKLM\..\Run: [snippet] "C:\Program Files\Microsoft Experience Pack\Snipping Tool\SnippingTool.exe" /i O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [setDefPrt] C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun O4 - HKLM\..\Run: [RemHelp] remhelp.exe O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - S-1-5-18 Startup: StarOffice 6.0.lnk = C:\Program Files\StarOffice6.0\program\quickstart.exe (User 'SYSTEM') O4 - .DEFAULT Startup: StarOffice 6.0.lnk = C:\Program Files\StarOffice6.0\program\quickstart.exe (User 'Default user') O4 - .DEFAULT User Startup: StarOffice 6.0.lnk = C:\Program Files\StarOffice6.0\program\quickstart.exe (User 'Default user') O4 - Startup: StarOffice 6.0.lnk = C:\Program Files\StarOffice6.0\program\quickstart.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Fujitsu Siemens\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Fujitsu Siemens\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {500A5CC4-0334-11D5-87AD-0050DAC7511B} (GES.DesSSMain) - file://C:\PSBackup\Exchange XP Install\CAB\GES.CAB O16 - DPF: {735932BD-8729-11D5-8F19-0008C7E9C2C6} (RIMA For Windows NT) - file://C:\PSBackup\Exchange XP Install\CAB\rimant.cab O16 - DPF: {8E95B0CA-EB6F-11D3-979B-00508B64538B} (VersionInfo.clsVersionInfo) - file://C:\PSBackup\Exchange XP Install\CAB\VersionInfo.cab O16 - DPF: {A32DBCA3-4BFD-11D3-B9E4-008048FCE443} (Complist Class) - file://C:\PSBackup\Exchange XP Install\CAB\eXwebCListCtl.cab O16 - DPF: {A6339C32-3F93-11D5-8EB7-0008C7E9C2C6} (Pensions.clsPensionBusinessLogic) - file://C:\PSBackup\Exchange XP Install\CAB\pensions.cab O16 - DPF: {A9F86998-BB62-11D2-A988-006097E20477} (eXwebUtils.clsVersionInfo) - file://C:\PSBackup\Exchange XP Install\CAB\eXwebUtils.cab O16 - DPF: {A9F869B2-BB62-11D2-A988-006097E20477} (eXwebOccList.clsVersionInfo) - file://C:\PSBackup\Exchange XP Install\CAB\eXwebOcc.cab O16 - DPF: {A9F869C0-BB62-11D2-A988-006097E20477} (PHIHelpText.clsVersionInfo) - file://C:\PSBackup\Exchange XP Install\CAB\PHIHelpText.cab O16 - DPF: {A9F869CE-BB62-11D2-A988-006097E20477} (PHIToolTips.clsVersionInfo) - file://C:\PSBackup\Exchange XP Install\CAB\PHIToolTips.cab O16 - DPF: {AB5ED3AE-DE26-11D3-AD7A-0050044495F0} (WholeLife.clsVersionInfo) - file://C:\PSBackup\Exchange XP Install\CAB\wholelife.cab O16 - DPF: {ABF92614-EBA5-11D3-A315-006008134E84} (Annuities.dsrMain) - file://C:\PSBackup\Exchange XP Install\CAB\ann_GD.cab O16 - DPF: {B539A417-0C5E-11D4-97CF-00508B64538B} (Bonds.GLBI030) - file://C:\PSBackup\Exchange XP Install\CAB\Bonds.cab O16 - DPF: {B5805B24-2D86-11D0-ADA6-00400520799C} (ProtoView Calendar Control) - file://C:\PSBackup\Exchange XP Install\CAB\pvcalctl.cab O16 - DPF: {BC954BAD-872A-11D5-8F19-0008C7E9C2C6} (RIMA For Windows 9x) - file://C:\PSBackup\Exchange XP Install\CAB\rima9x.cab O16 - DPF: {C2A91890-0BBD-11D4-833E-0008C78A797E} (CTP Goal Proposal Update) - file://C:\PSBackup\Exchange XP Install\CAB\GoalUpdate.CAB O16 - DPF: {CC696B63-4159-11D0-BDCB-0020A90B183A} (ProtoView Date Control) - file://C:\PSBackup\Exchange XP Install\CAB\pvdate2.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {DB1F08C5-F410-11D3-A316-006008134E84} (CombinedTerm.desUserDefaultsGrid) - file://C:\PSBackup\Exchange XP Install\CAB\TermAssurance.cab O16 - DPF: {DBA9E4A1-885A-11D3-8919-0050049D81F4} (TexPHIDS.dsrPHIInput) - file://C:\PSBackup\Exchange XP Install\CAB\TexPHIDS.cab O16 - DPF: {E5CFA957-1CD1-11D2-85AD-006097B42E68} (TEXCList.ctlCompanyList) - file://C:\PSBackup\Exchange XP Install\CAB\eXwebCList.cab O16 - DPF: {E9C9692E-F93C-11D1-ABB0-0040054FC6FB} (ProtoView DataTable Control 7.0 (OLEDB)) - file://C:\PSBackup\Exchange XP Install\CAB\pvdt70.cab O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\599\G2AWinLogon.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Emsisoft Anti-Malware 5.0 - Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\Emsisoft Anti-Malware\a2service.exe O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Fujitsu Siemens\Bluetooth Software\bin\btwdins.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe O23 - Service: Digitizer Service (Digitizer) - WACOM - C:\WINDOWS\System32\digtizer.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\599\g2aservice.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Trigold Update Service (TRUService) - Trigold - C:\Program Files\Trigold\Update\TRUService.exe O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe (file missing) -- End of file - 13815 bytes
  11. I tried the Kaspersky scan and after taking forever to update the definitions it came up with: 0 [ERROR: Scanning could not be started. [0x80004005]] Any ideas why this might happen?
  12. Hello I am trying to fix my dad's laptop. Originally I couldn't run HJT or install antivirus but I now can thanks to SuperAntiSpyware. Full details so far are in this thread: http://forums.pcpitstop.com/index.php?/topic/190638-cannot-install-antivirus/page__gopid__1695604#entry1695604 As you can see I was advised to post an HJT log in here. I tried running DDS first but after the window pops up and disappears, I waited 15 minutes and there was no log file. So I went ahead and did an HJT scan. Here are the results: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:02:12 PM, on 8/17/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\SYSTEM32\WISPTIS.EXE C:\WINDOWS\System32\tabbtnu.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Emsisoft Anti-Malware\a2service.exe C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe C:\WINDOWS\system32\Brmfrmps.exe C:\Program Files\Fujitsu Siemens\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\System32\digtizer.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Fingerprint Sensor\ATSwpNav.exe C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Microsoft SQL Server\MSSQL$FACTFIND\Binn\sqlservr.exe C:\Program Files\Fujitsu\Utils\FjDspMon.exe C:\Program Files\Fujitsu\Utils\fjevents.exe C:\Program Files\Fujitsu\Utils\FjIrKbAp.exe C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe C:\WINDOWS\system32\igfxext.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe C:\Program Files\Brother\ControlCenter2\brctrcen.exe C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\Program Files\Fujitsu Siemens\Bluetooth Software\BTTray.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\WINDOWS\system32\o2flash.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Trigold\Update\TRUService.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\system32\msiexec.exe C:\Desktop\HJT\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [FjDspMon] C:\Program Files\Fujitsu\Utils\FjDspMon.exe O4 - HKLM\..\Run: [FjEvents] C:\Program Files\Fujitsu\Utils\fjevents.exe O4 - HKLM\..\Run: [Fujitsu Menu] C:\Program Files\Fujitsu\Utils\FjMnuIco.exe O4 - HKLM\..\Run: [iR-KeyboardApp] C:\Program Files\Fujitsu\Utils\FjIrKbAp.exe O4 - HKLM\..\Run: [indicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe O4 - HKLM\..\Run: [snippet] "C:\Program Files\Microsoft Experience Pack\Snipping Tool\SnippingTool.exe" /i O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [setDefPrt] C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun O4 - HKLM\..\Run: [RemHelp] remhelp.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - S-1-5-18 Startup: StarOffice 6.0.lnk = C:\Program Files\StarOffice6.0\program\quickstart.exe (User 'SYSTEM') O4 - .DEFAULT Startup: StarOffice 6.0.lnk = C:\Program Files\StarOffice6.0\program\quickstart.exe (User 'Default user') O4 - .DEFAULT User Startup: StarOffice 6.0.lnk = C:\Program Files\StarOffice6.0\program\quickstart.exe (User 'Default user') O4 - Startup: StarOffice 6.0.lnk = C:\Program Files\StarOffice6.0\program\quickstart.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Fujitsu Siemens\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Fujitsu Siemens\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {500A5CC4-0334-11D5-87AD-0050DAC7511B} (GES.DesSSMain) - file://C:\PSBackup\Exchange XP Install\CAB\GES.CAB O16 - DPF: {735932BD-8729-11D5-8F19-0008C7E9C2C6} (RIMA For Windows NT) - file://C:\PSBackup\Exchange XP Install\CAB\rimant.cab O16 - DPF: {8E95B0CA-EB6F-11D3-979B-00508B64538B} (VersionInfo.clsVersionInfo) - file://C:\PSBackup\Exchange XP Install\CAB\VersionInfo.cab O16 - DPF: {A32DBCA3-4BFD-11D3-B9E4-008048FCE443} (Complist Class) - file://C:\PSBackup\Exchange XP Install\CAB\eXwebCListCtl.cab O16 - DPF: {A6339C32-3F93-11D5-8EB7-0008C7E9C2C6} (Pensions.clsPensionBusinessLogic) - file://C:\PSBackup\Exchange XP Install\CAB\pensions.cab O16 - DPF: {A9F86998-BB62-11D2-A988-006097E20477} (eXwebUtils.clsVersionInfo) - file://C:\PSBackup\Exchange XP Install\CAB\eXwebUtils.cab O16 - DPF: {A9F869B2-BB62-11D2-A988-006097E20477} (eXwebOccList.clsVersionInfo) - file://C:\PSBackup\Exchange XP Install\CAB\eXwebOcc.cab O16 - DPF: {A9F869C0-BB62-11D2-A988-006097E20477} (PHIHelpText.clsVersionInfo) - file://C:\PSBackup\Exchange XP Install\CAB\PHIHelpText.cab O16 - DPF: {A9F869CE-BB62-11D2-A988-006097E20477} (PHIToolTips.clsVersionInfo) - file://C:\PSBackup\Exchange XP Install\CAB\PHIToolTips.cab O16 - DPF: {AB5ED3AE-DE26-11D3-AD7A-0050044495F0} (WholeLife.clsVersionInfo) - file://C:\PSBackup\Exchange XP Install\CAB\wholelife.cab O16 - DPF: {ABF92614-EBA5-11D3-A315-006008134E84} (Annuities.dsrMain) - file://C:\PSBackup\Exchange XP Install\CAB\ann_GD.cab O16 - DPF: {B539A417-0C5E-11D4-97CF-00508B64538B} (Bonds.GLBI030) - file://C:\PSBackup\Exchange XP Install\CAB\Bonds.cab O16 - DPF: {B5805B24-2D86-11D0-ADA6-00400520799C} (ProtoView Calendar Control) - file://C:\PSBackup\Exchange XP Install\CAB\pvcalctl.cab O16 - DPF: {BC954BAD-872A-11D5-8F19-0008C7E9C2C6} (RIMA For Windows 9x) - file://C:\PSBackup\Exchange XP Install\CAB\rima9x.cab O16 - DPF: {C2A91890-0BBD-11D4-833E-0008C78A797E} (CTP Goal Proposal Update) - file://C:\PSBackup\Exchange XP Install\CAB\GoalUpdate.CAB O16 - DPF: {CC696B63-4159-11D0-BDCB-0020A90B183A} (ProtoView Date Control) - file://C:\PSBackup\Exchange XP Install\CAB\pvdate2.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {DB1F08C5-F410-11D3-A316-006008134E84} (CombinedTerm.desUserDefaultsGrid) - file://C:\PSBackup\Exchange XP Install\CAB\TermAssurance.cab O16 - DPF: {DBA9E4A1-885A-11D3-8919-0050049D81F4} (TexPHIDS.dsrPHIInput) - file://C:\PSBackup\Exchange XP Install\CAB\TexPHIDS.cab O16 - DPF: {E5CFA957-1CD1-11D2-85AD-006097B42E68} (TEXCList.ctlCompanyList) - file://C:\PSBackup\Exchange XP Install\CAB\eXwebCList.cab O16 - DPF: {E9C9692E-F93C-11D1-ABB0-0040054FC6FB} (ProtoView DataTable Control 7.0 (OLEDB)) - file://C:\PSBackup\Exchange XP Install\CAB\pvdt70.cab O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\599\G2AWinLogon.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Emsisoft Anti-Malware 5.0 - Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\Emsisoft Anti-Malware\a2service.exe O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Fujitsu Siemens\Bluetooth Software\bin\btwdins.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe O23 - Service: Digitizer Service (Digitizer) - WACOM - C:\WINDOWS\System32\digtizer.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\599\g2aservice.exe O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Trigold Update Service (TRUService) - Trigold - C:\Program Files\Trigold\Update\TRUService.exe O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe (file missing) -- End of file - 12835 bytes Any help with this would be greatly appreciated!
  13. Thanks ever so much for your help Juliet. I have followed all of your advice and will hopefully be free from all bad things for quite some time!
  14. Thanks for your help. While my PC may not break any speed records it doesn't seem like it is going to die at any moment.
×
×
  • Create New...