Hi Carolyn,
Combofix Report.
ComboFix 09-06-29.07 - Connor 30/06/2009 19:26.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2039.1577 [GMT 1:00]
Running from: c:\documents and settings\Connor\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Connor\Desktop\CFScript.txt
AV: The Shield Deluxe 2009 Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
* Resident AV is active
FILE ::
"c:\swsetup\SP30336\HwIOctl.sys"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_HWIOCTL
-------\Service_HwIOctl
((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-06-30 )))))))))))))))))))))))))))))))
.
2009-06-28 13:44 . 2009-06-28 13:44 314200 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\threatwork.exe
2009-06-28 13:44 . 2009-06-28 13:44 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\savapibridge.dll
2009-06-28 13:44 . 2009-06-28 13:44 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lavamessage.dll
2009-06-28 13:44 . 2009-06-28 13:44 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lsdelete.exe
2009-06-28 13:44 . 2009-06-28 13:44 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lavalicense.dll
2009-06-28 13:44 . 2009-06-28 13:44 296800 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\UpdateManager.dll
2009-06-28 13:44 . 2009-06-28 13:44 83808 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\ShellExt.dll
2009-06-28 13:44 . 2009-06-28 13:44 1630048 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Resources.dll
2009-06-28 13:43 . 2009-06-28 13:43 212848 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\RPAPI.dll
2009-06-28 13:43 . 2009-06-28 13:43 72704 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Drivers\32\AAWDriverTool.exe
2009-06-28 13:43 . 2009-06-28 13:43 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\PrivacyClean.dll
2009-06-28 13:43 . 2009-06-28 13:43 640360 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\CEAPI.dll
2009-06-28 13:43 . 2009-06-28 13:43 561016 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareCommand.exe
2009-06-28 13:43 . 2009-06-28 13:43 565096 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareAdmin.exe
2009-06-28 13:43 . 2009-06-28 13:43 2349384 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-Aware.exe
2009-06-28 13:43 . 2009-06-28 13:43 627536 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWWSC.exe
2009-06-28 13:43 . 2009-06-28 13:43 518488 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWTray.exe
2009-06-28 13:43 . 2009-06-28 13:43 1003344 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWService.exe
2009-06-20 16:40 . 2009-06-20 16:40 -------- d-----w- C:\rsit
2009-06-20 16:38 . 2009-06-17 10:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-20 16:38 . 2009-06-23 07:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-20 16:38 . 2009-06-17 10:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-16 14:30 . 2009-06-16 14:30 -------- d-----w- c:\program files\Trend Micro
2009-06-16 14:28 . 2009-06-16 14:52 -------- d-----w- c:\program files\Spybot - Search & Destroy
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-30 18:34 . 2009-05-09 07:57 81984 ----a-w- c:\windows\system32\bdod.bin
2009-06-28 13:44 . 2009-01-24 16:07 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-26 06:12 . 2009-04-13 17:31 -------- d-----w- c:\program files\Galaxy Online
2009-06-19 16:16 . 2006-12-08 13:47 -------- d-----w- c:\documents and settings\Connor\Application Data\Skype
2009-06-16 12:25 . 2006-05-20 11:14 -------- d-----w- c:\documents and settings\Connor\Application Data\AdobeUM
2009-06-16 10:16 . 2005-05-25 21:08 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-12 15:29 . 2008-07-01 14:33 34 ----a-w- c:\documents and settings\Connor\jagex_runescape_preferences.dat
2009-05-08 16:57 . 2008-09-18 10:12 242184 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
2009-05-08 14:56 . 2009-05-08 14:54 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender
2009-05-08 14:54 . 2009-05-08 14:54 -------- d-----w- c:\documents and settings\Connor\Application Data\BitDefender
2009-05-08 14:54 . 2009-05-08 14:52 -------- d-----w- c:\program files\Common Files\BitDefender
2009-05-08 14:54 . 2009-05-08 14:54 -------- d-----w- c:\program files\PCSecurityShield
2009-05-08 14:48 . 2008-08-07 22:36 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-05-07 15:32 . 2002-08-29 12:00 345600 ------w- c:\windows\system32\localspl.dll
2009-04-29 04:56 . 2005-02-18 15:19 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-04 07:56 78336 ------w- c:\windows\system32\ieencode.dll
2009-04-24 19:17 . 2009-04-24 19:17 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Drivers\32\lbd.sys
2009-04-24 19:17 . 2009-01-24 13:45 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-04-17 12:26 . 2002-08-29 12:00 1847168 ------w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-03-06 02:16 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-03 12:00 . 2009-04-03 12:00 266400 ----a-w- c:\documents and settings\Connor\Application Data\McAfee\Supportability\MVTLogs\Results\detect.dll
.
((((((((((((((((((((((((((((( SnapShot_2009-06-27_14.57.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-05-25 01:29 . 2009-06-28 19:30 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-05-25 01:29 . 2009-05-08 13:52 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2005-05-25 01:29 . 2009-06-28 19:30 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2005-05-25 01:29 . 2009-05-08 13:52 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-21 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-21 126976]
"BDAgent"="c:\program files\PCSecurityShield\BitDefender 2009\bdagent.exe" [2009-05-08 778240]
"BitDefender Antiphishing Helper"="c:\program files\PCSecurityShield\BitDefender 2009\IEShow.exe" [2009-05-08 73728]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [24/01/2009 14:45 64160]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 22:34 1003344]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [18/09/2008 11:09 111112]
S3 Arrakis3;PCSecurityShield Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [17/07/2008 12:06 118784]
S3 hdlSrv;hdlSrv;c:\program files\M-Systems Utility\hdlSrv.exe [19/11/2002 14:26 65536]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Contents of the 'Scheduled Tasks' folder
2009-06-23 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 13:43]
2009-06-30 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://uk.yahoo.com/uSearchURL,(Default) =
hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
DPF: DirectAnimation Java Classes -
file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java -
file://c:\windows\Java\classes\xmldso.cab
DPF: {15589FA1-C456-11CE-BF01-000000000000} -
hxxp://www.errornuker.com/products/errn ... taller.exeDPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} -
hxxp://downloads.ewido.net/ewidoOnlineScan.cab.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-06-30 19:38
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(5604)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
c:\program files\PCSecurityShield\BitDefender 2009\vsserv.exe
c:\program files\Belkin\Belkin Wireless Network Utility\WLService.exe
c:\program files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\program files\PCSecurityShield\BitDefender 2009\seccenter.exe
.
**************************************************************************
.
Completion time: 2009-06-30 19:49 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-30 18:49
ComboFix2.txt 2009-06-27 15:05
ComboFix3.txt 2009-06-23 08:59
Pre-Run: 19,985,526,784 bytes free
Post-Run: 20,089,802,752 bytes free
165 --- E O F --- 2009-06-30 17:58
I have had a play on the internet and everything aapears to woeking fine, my searches are going to the correct websites. The exe's are good and my updates are happening again, so we would appear to have won, still a little worried that Kaspersky beleives that we have a virus.
Look forward to hearing from you on how to wrap things up here.
Regards
Sandy