Hi again
You're dead right, if I'd followed your instructions I'd have got it right first time ! The ones in the ComboFix guidance document are subtly different. Learnt my lesson ! Was also a bit unprepared for the reboot in the middle of Combofix. This (a) gave me a bit of a dilemma in that - despite the "don't touch anything" instruction, I had to actually log into my account (4 user accounts on the PC) and (b) I think my AV & Firewall restarted automatically at the reboot. Don't know whether any of that affected the results; logs follow:
JavaRaJavaRa 1.10 Removal Log.
Report follows after line.
------------------------------------
The JavaRa removal process was started on Sat Aug 16 09:52:52 2008
Found and removed: C:\Windows\System32\jpicpl32.cpl
Found and removed: C:\Windows\Installer\{7148F0A8-6813-11D6-A77B-00B0D0142030}
Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.4
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7148F0A8-6813-11D6-A77B-00B0D0142030}
------------------------------------
Finished reporting.
CombofixComboFix 08-08-14.05 - Colin 2008-08-16 11:31:29.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.210 [GMT 1:00]
Running from: C:\Documents and Settings\Colin\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Colin\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Colin\Cookies\colin@a.hotelnet.co[1].txt
C:\Documents and Settings\Colin\Cookies\colin@a.macworld[2].txt
C:\Documents and Settings\Colin\Cookies\colin@a.norwichunion[2].txt
C:\Documents and Settings\Colin\Cookies\colin@a.playlistmag[2].txt
C:\Documents and Settings\Colin\Cookies\colin@a.telegraph.co[2].txt
C:\Documents and Settings\Colin\Cookies\colin@ads.revsci[1].txt
C:\Documents and Settings\Colin\Cookies\colin@afy11[2].txt
C:\Documents and Settings\Colin\Cookies\colin@ebay.co[1].txt
C:\Documents and Settings\Colin\Cookies\colin@ehg-capitalgroup.hitbox[2].txt
C:\Documents and Settings\Colin\Cookies\colin@ehg-reed.hitbox[2].txt
C:\Documents and Settings\Colin\Cookies\colin@ehg-space.hitbox[2].txt
C:\Documents and Settings\Colin\Cookies\colin@ehg-thenationaltrust.hitbox[2].txt
C:\Documents and Settings\Colin\Cookies\colin@ehg.fedex[2].txt
C:\Documents and Settings\Colin\Cookies\colin@esearchvision[1].txt
C:\Documents and Settings\Colin\Cookies\colin@experts-exchange[1].txt
C:\Documents and Settings\Colin\Cookies\colin@fiction.fodors[2].txt
C:\Documents and Settings\Colin\Cookies\colin@fiction.randomhouse[1].txt
C:\Documents and Settings\Colin\Cookies\colin@findarticles[1].txt
C:\Documents and Settings\Colin\Cookies\colin@h.which.co[1].txt
C:\Documents and Settings\Colin\Cookies\colin@hb.pcworld[2].txt
C:\Documents and Settings\Colin\Cookies\colin@hbx.rbs[2].txt
C:\Documents and Settings\Colin\Cookies\colin@hypertracker[2].txt
C:\Documents and Settings\Colin\Cookies\colin@ichotelsgroup[2].txt
C:\Documents and Settings\Colin\Cookies\colin@info.moneyweek[2].txt
C:\Documents and Settings\Colin\Cookies\colin@info.newscientist[2].txt
C:\Documents and Settings\Colin\Cookies\colin@metacafe[1].txt
C:\Documents and Settings\Colin\Cookies\colin@metrics.adobe[1].txt
C:\Documents and Settings\Colin\Cookies\colin@metrixlab58.customers.luna[1].txt
C:\Documents and Settings\Colin\Cookies\colin@metrixlablw.customers.luna[2].txt
C:\Documents and Settings\Colin\Cookies\colin@nytimes[1].txt
C:\Documents and Settings\Colin\Cookies\colin@peach.bskyb[1].txt
C:\Documents and Settings\Colin\Cookies\colin@revsci[2].txt
C:\Documents and Settings\Colin\Cookies\colin@stl.p.a1.traceworks[1].txt
C:\Documents and Settings\Colin\Cookies\colin@superstats[2].txt
C:\Documents and Settings\Colin\Cookies\colin@support.microsoft[2].txt
C:\Documents and Settings\Colin\Cookies\colin@tgd.timesonline.co[2].txt
C:\Documents and Settings\Colin\Cookies\colin@uk.ebayrtm[2].txt
C:\Documents and Settings\Colin\Cookies\colin@visit.kodak[1].txt
C:\Documents and Settings\Colin\Cookies\colin@wa.mastercard[2].txt
C:\Documents and Settings\Colin\Cookies\colin@web.checkm8[2].txt
C:\Documents and Settings\Colin\Cookies\colin@web2.checkm8[2].txt
C:\Documents and Settings\Colin\Cookies\colin@whsmith.co[2].txt
C:\Documents and Settings\Colin\Cookies\colin@ww0.timeout[1].txt
C:\Documents and Settings\Colin\Cookies\colin@www.ac.vic.gov[1].txt
C:\Documents and Settings\Colin\Cookies\colin@www.biblegateway[2].txt
C:\Documents and Settings\Colin\Cookies\colin@www.dgm2[1].txt
C:\Documents and Settings\Colin\Cookies\colin@www.pixmania.co[3].txt
C:\Documents and Settings\Colin\Cookies\colin@www.skatehut.co[2].txt
C:\Documents and Settings\Colin\Cookies\colin@www.spain-holiday[1].txt
C:\Documents and Settings\Colin\Cookies\colin@www.speeding.co[2].txt
C:\Documents and Settings\Emily\Application Data\macromedia\Flash Player\#SharedObjects\6VZ7HZ8R\interclick.com
C:\Documents and Settings\Emily\Application Data\macromedia\Flash Player\#SharedObjects\6VZ7HZ8R\interclick.com\ud.sol
C:\Documents and Settings\Emily\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Emily\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Emily\Cookies\emily@a.playlistmag[1].txt
C:\Documents and Settings\Emily\Cookies\emily@ad.yieldmanager[2].txt
C:\Documents and Settings\Emily\Cookies\emily@adopt.euroclick[1].txt
C:\Documents and Settings\Emily\Cookies\emily@ads.pointroll[1].txt
C:\Documents and Settings\Emily\Cookies\emily@ads.revsci[1].txt
C:\Documents and Settings\Emily\Cookies\emily@advertising[2].txt
C:\Documents and Settings\Emily\Cookies\emily@afy11[1].txt
C:\Documents and Settings\Emily\Cookies\emily@arstechnica[1].txt
C:\Documents and Settings\Emily\Cookies\emily@atomfilms[1].txt
C:\Documents and Settings\Emily\Cookies\emily@beyondhollywood[2].txt
C:\Documents and Settings\Emily\Cookies\emily@cubics[1].txt
C:\Documents and Settings\Emily\Cookies\emily@ebay.co[2].txt
C:\Documents and Settings\Emily\Cookies\emily@egears.co[2].txt
C:\Documents and Settings\Emily\Cookies\emily@ehg-rodale.hitbox[2].txt
C:\Documents and Settings\Emily\Cookies\emily@fiction.randomhouse[1].txt
C:\Documents and Settings\Emily\Cookies\emily@h.which.co[2].txt
C:\Documents and Settings\Emily\Cookies\emily@hits.gureport.co[1].txt
C:\Documents and Settings\Emily\Cookies\emily@insightexpressai[2].txt
C:\Documents and Settings\Emily\Cookies\emily@metrixlab58.customers.luna[1].txt
C:\Documents and Settings\Emily\Cookies\emily@metrixlab61.customers.luna[1].txt
C:\Documents and Settings\Emily\Cookies\emily@metrixlablw.customers.luna[2].txt
C:\Documents and Settings\Emily\Cookies\emily@movieweb[2].txt
C:\Documents and Settings\Emily\Cookies\emily@myheritage[2].txt
C:\Documents and Settings\Emily\Cookies\emily@mypersonalexpression[1].txt
C:\Documents and Settings\Emily\Cookies\emily@myspace[1].txt
C:\Documents and Settings\Emily\Cookies\emily@neoseeker[2].txt
C:\Documents and Settings\Emily\Cookies\emily@news.uk.msn[2].txt
C:\Documents and Settings\Emily\Cookies\emily@ngd.thesun.co[2].txt
C:\Documents and Settings\Emily\Cookies\emily@revsci[2].txt
C:\Documents and Settings\Emily\Cookies\emily@rhapsody[1].txt
C:\Documents and Settings\Emily\Cookies\emily@runningonempty-matty.blogspot[1].txt
C:\Documents and Settings\Emily\Cookies\emily@S148884[2].txt
C:\Documents and Settings\Emily\Cookies\emily@S149247[2].txt
C:\Documents and Settings\Emily\Cookies\emily@S151261[2].txt
C:\Documents and Settings\Emily\Cookies\emily@serving-sys[2].txt
C:\Documents and Settings\Emily\Cookies\emily@tgd.timesonline.co[2].txt
C:\Documents and Settings\Emily\Cookies\emily@thesuperficial[1].txt
C:\Documents and Settings\Emily\Cookies\emily@tvguide[2].txt
C:\Documents and Settings\Emily\Cookies\emily@uk.ebayrtm[1].txt
C:\Documents and Settings\Emily\Cookies\emily@web.checkm8[1].txt
C:\Documents and Settings\Emily\Cookies\emily@whitesmoke[2].txt
C:\Documents and Settings\Emily\Cookies\emily@www.buycostumes[2].txt
C:\Documents and Settings\Emily\Cookies\emily@www.dgm2[2].txt
C:\Documents and Settings\Emily\Cookies\emily@www.lyricsdownload[1].txt
C:\Documents and Settings\Emily\Cookies\emily@www.midaddle[2].txt
C:\Documents and Settings\Linda\Application Data\macromedia\Flash Player\#SharedObjects\8PU6W9CY\interclick.com
C:\Documents and Settings\Linda\Application Data\macromedia\Flash Player\#SharedObjects\8PU6W9CY\interclick.com\ud.sol
C:\Documents and Settings\Linda\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Linda\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Linda\Cookies\linda@2o7[2].txt
C:\Documents and Settings\Linda\Cookies\linda@a.findarticles[1].txt
C:\Documents and Settings\Linda\Cookies\linda@a.precor[2].txt
C:\Documents and Settings\Linda\Cookies\linda@about[1].txt
C:\Documents and Settings\Linda\Cookies\linda@ad.yieldmanager[1].txt
C:\Documents and Settings\Linda\Cookies\linda@ads.revsci[1].txt
C:\Documents and Settings\Linda\Cookies\linda@advertising[2].txt
C:\Documents and Settings\Linda\Cookies\linda@aggregateknowledge[1].txt
C:\Documents and Settings\Linda\Cookies\linda@almanac[2].txt
C:\Documents and Settings\Linda\Cookies\linda@barnesandnoble[1].txt
C:\Documents and Settings\Linda\Cookies\linda@blackhypnotize.blogspot[1].txt
C:\Documents and Settings\Linda\Cookies\linda@ehg-debenhams.hitbox[1].txt
C:\Documents and Settings\Linda\Cookies\linda@ehg-dig.hitbox[2].txt
C:\Documents and Settings\Linda\Cookies\linda@findarticles[1].txt
C:\Documents and Settings\Linda\Cookies\linda@friday-ad.co[2].txt
C:\Documents and Settings\Linda\Cookies\linda@gayot[2].txt
C:\Documents and Settings\Linda\Cookies\linda@globalis.gvu.unu[2].txt
C:\Documents and Settings\Linda\Cookies\linda@hits.gureport.co[1].txt
C:\Documents and Settings\Linda\Cookies\linda@info.timeout[1].txt
C:\Documents and Settings\Linda\Cookies\linda@metacafe[1].txt
C:\Documents and Settings\Linda\Cookies\linda@metrixlablw.customers.luna[2].txt
C:\Documents and Settings\Linda\Cookies\linda@ngd.thesun.co[1].txt
C:\Documents and Settings\Linda\Cookies\linda@nytimes[1].txt
C:\Documents and Settings\Linda\Cookies\linda@olx[1].txt
C:\Documents and Settings\Linda\Cookies\linda@receptional[1].txt
C:\Documents and Settings\Linda\Cookies\linda@revsci[2].txt
C:\Documents and Settings\Linda\Cookies\linda@serving-sys[1].txt
C:\Documents and Settings\Linda\Cookies\linda@set.scotland.gov[1].txt
C:\Documents and Settings\Linda\Cookies\linda@shopzilla.co[2].txt
C:\Documents and Settings\Linda\Cookies\linda@specificclick[2].txt
C:\Documents and Settings\Linda\Cookies\linda@statcounter[1].txt
C:\Documents and Settings\Linda\Cookies\linda@topix[1].txt
C:\Documents and Settings\Linda\Cookies\linda@tracking.foxnews[1].txt
C:\Documents and Settings\Linda\Cookies\linda@uk.ebayrtm[2].txt
C:\Documents and Settings\Linda\Cookies\linda@wct.ordnancesurvey.co[1].txt
C:\Documents and Settings\Linda\Cookies\linda@web.checkm8[2].txt
C:\Documents and Settings\Linda\Cookies\linda@wt.aafp[2].txt
C:\Documents and Settings\Linda\Cookies\linda@ww0.timeout[2].txt
C:\Documents and Settings\Linda\Cookies\linda@www.ac.vic.gov[1].txt
C:\Documents and Settings\Linda\Cookies\linda@www.premium-photo[2].txt
C:\Documents and Settings\Linda\Cookies\linda@www.sierratradingpost[1].txt
C:\Documents and Settings\Tom\Application Data\macromedia\Flash Player\#SharedObjects\UY6MRR6N\interclick.com
C:\Documents and Settings\Tom\Application Data\macromedia\Flash Player\#SharedObjects\UY6MRR6N\interclick.com\ud.sol
C:\Documents and Settings\Tom\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Tom\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Tom\Cookies\tom@ad.yieldmanager[1].txt
C:\Documents and Settings\Tom\Cookies\tom@adultadworld[2].txt
C:\Documents and Settings\Tom\Cookies\tom@cmt.us.playstation[2].txt
C:\Documents and Settings\Tom\Cookies\tom@crazydumper[2].txt
C:\Documents and Settings\Tom\Cookies\tom@hotbar[1].txt
C:\Documents and Settings\Tom\Cookies\tom@metacafe[1].txt
C:\Documents and Settings\Tom\Cookies\tom@ngd.thesun.co[2].txt
C:\Documents and Settings\Tom\Cookies\tom@revsci[1].txt
C:\Documents and Settings\Tom\Cookies\tom@server.cpmstar[2].txt
C:\Documents and Settings\Tom\Cookies\tom@serving-sys[1].txt
C:\Documents and Settings\Tom\Cookies\tom@sexintheuk[2].txt
C:\Documents and Settings\Tom\Cookies\tom@wa.upperdeck[1].txt
C:\Documents and Settings\Tom\Cookies\tom@www.crazydumper[1].txt
C:\Documents and Settings\Tom\Cookies\tom@www.tshirttrauma[2].txt
.
((((((((((((((((((((((((( Files Created from 2008-07-16 to 2008-08-16 )))))))))))))))))))))))))))))))
.
2008-08-16 10:01 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\SYSTEM32\javacpl.cpl
2008-08-14 12:08 . 2008-05-01 15:30 331,776 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\msadce.dll
2008-08-12 18:43 . 2008-08-12 18:43 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-10 23:33 . 2008-08-10 23:33 <DIR> d-------- C:\Documents and Settings\Tom\Application Data\Malwarebytes
2008-08-10 22:41 . 2008-08-10 22:41 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-10 22:41 . 2008-08-10 22:41 <DIR> d-------- C:\Documents and Settings\Colin\Application Data\Malwarebytes
2008-08-10 22:41 . 2008-08-10 22:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-10 22:41 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys
2008-08-10 22:41 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys
2008-08-10 19:26 . 2008-08-10 19:27 <DIR> d-------- C:\Program Files\Windows Live Safety Center
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-16 09:01 --------- d-----w C:\Program Files\Java
2008-08-14 14:47 --------- d-----w C:\Documents and Settings\Colin\Application Data\ArcSoft
2008-07-10 21:12 --------- d-----w C:\Program Files\Unity
2008-07-01 21:20 --------- d-----w C:\Documents and Settings\Emily\Application Data\ScanSoft
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-18 20:22 --------- d-----w C:\Documents and Settings\Emily\Application Data\Canon
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-11-03 14:46 4800512]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 21:15 290816]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 21:12 221184]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-08-23 19:19 57344]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2004-11-23 18:05 26112]
"AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-02-16 15:04 147456]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-13 02:05 122939]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 02:01 110592]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 11:38 866816]
"TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2006-05-17 19:52 1106344]
"AcronisTimounterMonitor"="C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe" [2006-05-17 12:06 1848150]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [2006-05-17 12:00 126976]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-02 16:24 257088]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 13:16 185896]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 12:45 75304]
"ActivControl"="C:\Program Files\ACTIV Software\ACTIVdriver\ActivControl2.exe" [2006-11-08 10:52 843776]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 11:56 286720]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 06:00 15360]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 19:29 39264]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 02:17 443968]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\MSMSGS.EXE"=
"C:\\Program Files\\Dell Computer\\Dell Picture Studio v2.0\\launch.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
R3 ActivHIDSerMini;Promethean Serial Board Driver;C:\WINDOWS\system32\DRIVERS\activhidsermini.sys [2006-10-04 17:14]
R3 prmvmouse;Promethean HID Mouse Service;C:\WINDOWS\system32\DRIVERS\activmouse.sys [2006-10-04 17:14]
.
Contents of the 'Scheduled Tasks' folder
2008-07-10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 15:57]
2008-07-24 C:\WINDOWS\Tasks\EasyShare Registration Task.job
- C:\WINDOWS\system32\RUNDLL32.EXE [2004-08-04 06:00]
2008-06-15 C:\WINDOWS\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
2008-06-01 C:\WINDOWS\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page =
hxxp://www.google.co.uk/R0 -: HKCU-Main,SearchMigratedDefaultURL =
hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 -: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 -: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 -: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 -: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-08-16 11:47:20
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\WINDOWS\SYSTEM32\nvsvc32.exe
C:\WINDOWS\SYSTEM32\UStorSrv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\MSC\mcuimgr.exe
C:\WINDOWS\SYSTEM32\verclsid.exe
.
**************************************************************************
.
Completion time: 2008-08-16 11:54:45 - machine was rebooted [Colin]
ComboFix-quarantined-files.txt 2008-08-16 10:54:38
Pre-Run: 119,451,639,808 bytes free
Post-Run: 121,206,489,088 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
311 --- E O F --- 2008-08-15 22:46:15
New HJT scanLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:59:00, on 16/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\ACTIV Software\ACTIVdriver\ActivControl2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Trend Micro\HijackThis\scanner.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.co.uk/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [ActivControl] C:\Program Files\ACTIV Software\ACTIVdriver\ActivControl2.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List -
res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print -
res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview -
res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print -
res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk/
O15 - Trusted Zone:
http://*.update.microsoft.com O15 - Trusted Zone:
http://download.windowsupdate.comO16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -
http://cdn.scan.onecare.live.com/resour ... se5036.cabO16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) -
http://www.amiuptodate.com/vsc/bin/1,0, ... Portal.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftup ... 1112586796O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) -
http://www.crucial.com/controls/cpcScanner.cabO23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
--
End of file - 10435 bytes