Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Help Keep Boards Alive. Support us by going ad free today. See here: https://subscriptions.boards.ie/.
If we do not hit our goal we will be forced to close the site.

Current status: https://keepboardsalive.com/

Annual subs are best for most impact. If you are still undecided on going Ad Free - you can also donate using the Paypal Donate option. All contribution helps. Thank you.
https://www.boards.ie/group/1878-subscribers-forum

Private Group for paid up members of Boards.ie. Join the club.

Startdrv

  • 20-07-2010 10:43PM
    #1
    Registered Users, Registered Users 2 Posts: 55 ✭✭


    Hi
    Posted this on an old thread and advised to post up here.

    Though not a teckie, a friend asked me to look at his pc. It was opening with a message about a startdrv problem.
    It kept closing down too. Have tried to load various anti virus malware progs inc superantispyware, avg but encounter probs doing so. Virtual memory keeps coming up low even though adjusted to 1.5 times. I ran combo fix from bleeping computer (yeah i read after not to do this rather post up symptoms first), but dont think its cleared it up, enclose the log report.

    Any pointers much appreciated


Comments

  • Registered Users, Registered Users 2 Posts: 55 ✭✭stomper45


    ComboFix 10-07-19.01 - The Boss 07/20/2010 2:11.1.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.127.51 [GMT 1:00]
    Running from: c:\documents and settings\The Boss\Desktop\ComboFix.exe
    AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\cookies.ini
    c:\windows\Debug\dcpromo.log
    c:\windows\pskt.ini
    c:\windows\system32\0_exception.nls
    c:\windows\system32\adixvuyb.ini
    c:\windows\system32\aowssrbs.ini
    c:\windows\system32\aybeg.bak2
    c:\windows\system32\aybeg.ini2
    c:\windows\system32\aybeg.tmp
    c:\windows\system32\cpidmotg.ini
    c:\windows\system32\dhvyqbiw.ini
    c:\windows\system32\dplxwesv.ini
    c:\windows\system32\dudihfrc.ini
    c:\windows\system32\ekpifxks.ini
    c:\windows\system32\ghddspnk.ini
    c:\windows\system32\gtkklggt.ini
    c:\windows\system32\gwntslhh.ini
    c:\windows\system32\jetagljv.ini
    c:\windows\system32\lebdojnt.ini
    c:\windows\system32\lfteslsv.ini
    c:\windows\system32\llkqvsgw.ini
    c:\windows\system32\mcrh.tmp
    c:\windows\system32\mlhlqnlr.ini
    c:\windows\system32\ovsaiurd.ini
    c:\windows\system32\plrcmjlp.ini
    c:\windows\system32\qoiqgayr.ini
    c:\windows\system32\sjmxreir.ini
    c:\windows\system32\tppsgcne.ini
    c:\windows\system32\vdcsfomk.ini
    c:\windows\system32\wggahcsw.ini
    c:\windows\system32\xiqrjvml.ini

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    \Legacy_RUNTIME
    \Service_runtime


    ((((((((((((((((((((((((( Files Created from 2010-06-20 to 2010-07-20 )))))))))))))))))))))))))))))))
    .

    2010-07-20 00:12 . 2010-02-05 08:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
    2010-07-20 00:12 . 2010-03-29 09:06 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
    2010-07-20 00:12 . 2009-11-23 12:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
    2010-07-20 00:11 . 2010-04-08 13:29 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
    2010-07-20 00:11 . 2010-07-20 00:11
    d
    w- c:\documents and settings\The Boss\Application Data\PC Tools
    2010-07-20 00:11 . 2010-07-20 00:11
    d
    w- c:\documents and settings\All Users.WINDOWS\Application Data\PC Tools
    2010-07-19 13:43 . 2010-07-19 13:43
    d
    w- c:\windows\system32\wbem\Repository
    2010-07-19 12:42 . 2010-07-19 12:42
    d
    w- c:\documents and settings\The Boss\Local Settings\Application Data\PCHealth
    2010-07-19 01:21 . 2010-07-19 01:21
    d
    w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\PCHealth
    2010-07-18 12:03 . 2010-07-19 13:42
    d
    w- c:\program files\Windows Defender
    2010-07-18 11:47 . 2010-07-18 11:49
    d
    w- c:\windows\ShellNew
    2010-07-18 10:49 . 2010-07-18 10:49
    d
    w- c:\documents and settings\The Boss\Local Settings\Application Data\Adobe
    2010-07-18 10:47 . 2010-07-19 13:42
    d
    w- c:\program files\Common Files\Adobe
    2010-07-17 19:00 . 2010-07-17 19:00
    d
    w- c:\documents and settings\All Users.WINDOWS\Application Data\Avg7
    2010-07-17 14:11 . 2010-07-17 14:11
    d
    w- c:\documents and settings\The Boss\Application Data\SUPERAntiSpyware.com
    2010-07-17 14:11 . 2010-07-17 14:11
    d
    w- c:\documents and settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
    2010-07-17 14:10 . 2010-07-17 14:11
    d
    w- c:\program files\SUPERAntiSpyware
    2010-07-17 11:03 . 2010-07-17 11:03
    d
    w- c:\documents and settings\The Boss\Local Settings\Application Data\Threat Expert
    2010-07-17 03:55 . 2010-01-27 12:51 767952 ----a-w- c:\windows\BDTSupport.dll
    2010-07-17 03:55 . 2010-01-22 07:56 149456 ----a-w- c:\windows\SGDetectionTool.dll
    2010-07-17 03:55 . 2008-11-26 10:08 131 ----a-w- c:\windows\IDB.zip
    2010-07-17 03:55 . 2009-10-27 23:36 1152444 ----a-w- c:\windows\UDB.zip
    2010-07-17 03:55 . 2010-01-22 07:56 1652688 ----a-w- c:\windows\PCTBDCore.dll
    2010-07-17 03:55 . 2010-01-22 07:56 165840 ----a-w- c:\windows\PCTBDRes.dll
    2010-07-17 03:35 . 2010-07-20 00:16
    d
    w- c:\program files\Common Files\PC Tools
    2010-07-17 03:35 . 2010-07-20 01:24
    d
    w- c:\program files\Spyware Doctor
    2010-07-17 03:31 . 2010-07-17 03:31
    d
    w- c:\documents and settings\The Boss\Application Data\Uniblue
    2010-07-17 03:30 . 2010-07-17 03:30
    d
    w- c:\program files\Uniblue
    2010-07-17 03:20 . 2010-07-20 01:24
    d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
    2010-07-17 02:18 . 2010-07-17 13:33
    d
    w- c:\program files\Spybot - Search & Destroy
    2010-07-17 02:18 . 2010-07-17 13:31
    d
    w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
    2010-07-17 00:16 . 2010-07-17 00:16
    d
    w- c:\windows\system32\scripting
    2010-07-17 00:16 . 2010-07-17 00:16
    d
    w- c:\windows\l2schemas
    2010-07-17 00:15 . 2010-07-17 00:15
    d
    w- c:\windows\system32\en
    2010-07-16 20:22 . 2010-07-16 20:22 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2010-07-16 20:22 . 2010-07-16 20:22 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2010-07-16 20:05 . 2010-07-16 20:05
    d-sh--w- c:\documents and settings\The Boss\IECompatCache
    2010-07-16 20:03 . 2010-07-16 20:03
    d-sh--w- c:\documents and settings\The Boss\PrivacIE
    2010-07-16 20:01 . 2010-07-16 20:01
    d-sh--w- c:\documents and settings\NetworkService.NT AUTHORITY\IETldCache
    2010-07-16 20:01 . 2010-07-16 20:01
    d-sh--w- c:\documents and settings\The Boss\IETldCache
    2010-07-16 19:46 . 2010-05-06 10:41 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
    2010-07-16 19:46 . 2010-05-06 10:41 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll
    2010-07-16 19:46 . 2010-05-06 10:41 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
    2010-07-16 19:46 . 2010-05-06 10:41 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
    2010-07-16 19:46 . 2010-05-06 10:41 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
    2010-07-16 19:46 . 2010-05-06 10:41 11076096 -c----w- c:\windows\system32\dllcache\ieframe.dll
    2010-07-16 19:46 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
    2010-07-16 19:46 . 2010-07-17 12:03
    d
    w- c:\windows\ie8updates
    2010-07-16 19:45 . 2010-04-16 11:43 41984 -c----w- c:\windows\system32\dllcache\iecompat.dll
    2010-07-16 19:42 . 2010-07-16 19:45
    dc-h--w- c:\windows\ie8
    2010-07-16 18:50 . 2008-04-14 00:12 152064 -c----w- c:\windows\system32\dllcache\shmedia.dll
    2010-07-16 18:49 . 2008-04-14 00:10 4126 -c----w- c:\windows\system32\dllcache\msdxmlc.dll
    2010-07-16 18:48 . 2008-04-14 00:11 159232 -c----w- c:\windows\system32\dllcache\cewmdm.dll
    2010-07-16 18:48 . 2008-04-14 00:11 7168
    w- c:\windows\system32\bitsprx4.dll
    2010-07-16 18:48 . 2008-04-14 00:11 286720 -c----w- c:\windows\system32\dllcache\blackbox.dll
    2010-07-16 18:48 . 2008-04-14 00:11 233472
    w- c:\windows\system32\azroles.dll
    2010-07-16 18:48 . 2008-04-13 17:23 8192 -c----w- c:\windows\system32\dllcache\asferror.dll
    2010-07-16 18:48 . 2008-04-14 00:11 136192
    w- c:\windows\system32\aaclient.dll
    2010-07-16 17:52 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
    2010-07-16 17:52 . 2009-10-15 16:28 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
    2010-07-16 17:52 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
    2010-07-16 17:52 . 2010-02-12 10:03 293376
    w- c:\windows\system32\browserchoice.exe
    2010-07-16 17:52 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
    2010-07-16 17:52 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
    2010-07-16 17:51 . 2009-12-31 16:50 353792 -c----w- c:\windows\system32\dllcache\srv.sys
    2010-07-16 17:51 . 2008-05-01 14:33 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
    2010-07-16 17:51 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
    2010-07-16 17:51 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
    2010-07-16 17:50 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
    2010-07-16 17:49 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
    2010-07-16 17:49 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
    2010-07-16 17:49 . 2009-06-25 08:25 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll
    2010-07-16 17:49 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
    2010-07-16 17:49 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
    2010-07-16 17:49 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
    2010-07-16 17:49 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
    2010-07-16 17:49 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
    2010-07-16 17:49 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
    2010-07-16 17:49 . 2010-02-16 14:08 2146304 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
    2010-07-16 17:49 . 2010-02-17 08:10 2189952 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
    2010-07-16 17:49 . 2010-02-16 13:25 2024448 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
    2010-07-16 17:48 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
    2010-07-16 17:47 . 2009-06-10 08:19 2066432 -c----w- c:\windows\system32\dllcache\mstscax.dll
    2010-07-16 17:46 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
    2010-07-16 17:46 . 2009-07-31 04:35 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
    2010-07-16 17:45 . 2008-05-03 11:55 2560
    w- c:\windows\system32\xpsp4res.dll
    2010-07-16 17:45 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
    2010-07-16 17:37 . 2010-07-17 19:55
    d--h--w- c:\windows\$hf_mig$
    2010-07-16 09:35 . 2010-07-16 09:35
    d
    w- c:\windows\system32\MpEngineStore
    2010-07-16 00:57 . 2010-07-19 23:47 13104 ----a-w- c:\documents and settings\The Boss\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-07-16 00:40 . 2010-07-18 11:49
    d
    w- c:\windows\system32\wbem\AutoRecover
    2010-07-16 00:40 . 2010-07-16 00:40
    d-s---w- c:\windows\system32\Microsoft
    2010-07-15 23:58 . 2010-07-17 00:15
    d
    w- c:\windows\peernet
    2010-07-15 23:57 . 2010-07-15 23:57
    d
    w- c:\windows\provisioning
    2010-07-15 23:54 . 2010-07-16 19:24
    d
    w- c:\windows\ServicePackFiles
    2010-07-15 23:46 . 2009-01-07 17:21 26144 ----a-w- c:\windows\system32\spupdsvc.exe
    2010-07-15 23:39 . 2010-07-16 23:44
    d
    w- c:\windows\EHome
    2010-07-15 22:54 . 2008-04-14 04:42 11264
    w- c:\windows\system32\spnpinst.exe
    2010-07-15 22:54 . 2004-08-02 13:20 4569
    w- c:\windows\system32\secupd.dat
    2010-07-15 22:28 . 2010-07-15 22:28 0 ----a-w- c:\windows\nsreg.dat
    2010-07-15 22:28 . 2010-07-15 22:28
    d
    w- c:\documents and settings\The Boss\Local Settings\Application Data\Mozilla
    2010-07-15 22:06 . 2010-07-17 00:15
    d
    w- c:\windows\system32\bits
    2010-07-15 22:04 . 2009-08-25 09:17 354816 ----a-w- c:\windows\system32\winhttp.dll
    2010-07-15 22:04 . 2008-04-14 00:12 18944 ----a-w- c:\windows\system32\qmgrprxy.dll
    2010-07-15 22:04 . 2008-04-14 00:11 8192
    w- c:\windows\system32\bitsprx2.dll
    2010-07-15 22:04 . 2008-04-14 00:11 7168
    w- c:\windows\system32\bitsprx3.dll
    2010-07-15 22:04 . 2008-04-13 17:39 438784 ----a-w- c:\windows\system32\xpob2res.dll
    2010-07-15 21:47 . 2004-08-04 05:31 20992 ----a-w- c:\windows\system32\drivers\rtl8139.sys
    2010-07-11 12:45 . 2010-07-11 12:45
    d
    w- c:\documents and settings\All Users.WINDOWS\Application Data\MSN6
    2010-07-11 12:45 . 2010-07-16 20:07
    d
    w- c:\documents and settings\The Boss\Application Data\MSN6
    2010-07-08 00:04 . 2008-04-13 18:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-07-19 23:42 . 2010-07-17 14:14 63488 ----a-w- c:\documents and settings\The Boss\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
    2010-07-19 23:42 . 2010-07-17 14:13 117760 ----a-w- c:\documents and settings\The Boss\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    2010-07-17 23:28 . 2010-07-17 23:28 1788 ----a-w- c:\windows\system32\PerfStringBackup.TMP
    2010-07-17 14:13 . 2010-07-17 14:13 52224 ----a-w- c:\documents and settings\The Boss\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
    2010-07-16 09:56 . 2007-10-28 19:06 2560 -c--a-w- c:\windows\load.exe
    2010-05-06 10:41 . 2001-08-18 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-05-02 05:22 . 2001-08-18 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-06-29 2403568]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2010-05-11 1287120]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "antivirusoverride"=dword:00000001
    "firewalldisableoverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    R0 Ljmi50;Ljmi50; [x]
    R2 CSML;Windows Client/Server Management Layer;c:\windows\system32\csml.exe [x]
    S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-03-29 218592]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
    S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-22 112592]
    S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2010-03-11 366840]

    .
    Contents of the 'Scheduled Tasks' folder
    .
    .
    Supplementary Scan
    .
    uStart Page = hxxp://www.bing.com/search?srch=106&FORM=AS6&q=soulsource
    uInternet Connection Wizard,ShellNext = hxxp://www.eircom.net/
    uInternet Settings,ProxyOverride = <local>
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    FF - ProfilePath - c:\documents and settings\The Boss\Application Data\Mozilla\Firefox\Profiles\ctgbbqd6.default\

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .
    - - - - ORPHANS REMOVED - - - -

    HKCU-Run-RegistryBooster - c:\program files\Uniblue\RegistryBooster\launcher.exe
    AddRemove-ShockwaveFlash - c:\windows\System32\Macromed\Flash\FlashUtil9c.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-07-20 02:27
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    DLLs Loaded Under Running Processes

    - - - - - - - > 'winlogon.exe'(492)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll

    - - - - - - - > 'explorer.exe'(612)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    .
    Other Running Processes
    .
    c:\program files\Spyware Doctor\pctsSvc.exe
    c:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Completion time: 2010-07-20 02:39:01 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-07-20 01:38

    Pre-Run: 32,030,609,408 bytes free
    Post-Run: 32,221,679,616 bytes free

    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

    - - End Of File - - 1797020668494D85C505BA55AA6F8D56


  • Site Banned Posts: 1,167 ✭✭✭ASJ112


    • Make sure to use Internet Explorer for this
    • Please go to VirSCAN.org FREE on-line scan service
    • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
      • c:\windows\load.exe
    • Click on the Upload button
    • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
    • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
    • Paste the contents of the Clipboard in your next reply.




    Please download OTM
    • Save it to your desktop.
    • Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
    • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
      :Processes
      
      :Services
      Ljmi50
      CSML
      :Reg
      
      :Files
      c:\windows\system32\csml.exe
      
      :Commands
      [purity]
      [resethosts]
      [emptytemp]
      [CREATERESTOREPOINT]
      [EMPTYFLASH]
      [Reboot]
      
    • Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
    • Click the red Moveit! button.
    • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
    • Close OTM and reboot your PC.
    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Advertisement