Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Virus. Windows recovery Windows Risk


  • This topic is locked This topic is locked

#16
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I think they are being generated by the hidden image files on your desktop that I am unable to delete, at the moment



Download Dr Web from here Fill in the small form and download

It will download as an 8 digit file save it to your desktop

Restart in safe mode and run
Accept the enhanced version
Then run the quick scan
About halfway through you will be prompted to buy - just X the box closed
Once finished it will generate a log please attach that
  • 0

Advertisements


#17
Vero_

Vero_

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
ComboFix 11-06-22.02 - Veronica 06/23/2011 16:46:12.3.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.1978.1473 [GMT -4:00]
Running from: c:\users\Veronica\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Security Essentials *Disabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-05-23 to 2011-06-23 )))))))))))))))))))))))))))))))
.
.
2011-06-23 20:53 . 2011-06-23 20:54 -------- d-----w- c:\users\Veronica\AppData\Local\temp
2011-06-23 20:53 . 2011-06-23 20:53 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-06-23 20:53 . 2011-06-23 20:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-22 22:38 . 2011-06-22 22:38 -------- d-----w- C:\_OTL
2011-06-11 21:18 . 2011-06-11 21:18 -------- d-----w- c:\users\Guest\AppData\Local\Western_Digital
2011-06-11 21:18 . 2011-06-11 21:18 -------- d-----w- c:\users\Guest\AppData\Roaming\Western Digital
2011-06-11 21:18 . 2011-06-11 21:18 -------- d-----w- c:\users\Guest\AppData\Local\Western Digital
2011-06-04 00:05 . 2011-06-04 00:05 -------- d-----w- c:\users\Veronica\AppData\Local\Western_Digital
2011-06-01 02:09 . 2011-06-01 02:09 -------- d-----w- c:\users\Veronica\AppData\Roaming\Western Digital
2011-06-01 02:09 . 2011-06-01 02:09 -------- d-----w- c:\programdata\Western Digital
2011-06-01 02:08 . 2011-06-01 02:08 -------- d-----w- c:\program files\Western Digital
2011-06-01 02:07 . 2011-06-01 02:07 -------- d-----w- c:\users\Veronica\AppData\Local\Western Digital
2011-05-31 21:52 . 2011-05-31 21:52 -------- d-----w- c:\users\Guest\AppData\Local\Apple
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-07 15:55 . 2010-11-19 08:15 7074640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-05-29 13:11 . 2011-04-21 01:05 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 13:11 . 2011-04-21 01:05 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-09-30 972080]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"RegistryBooster"="c:\program files\Uniblue\RegistryBooster\launcher.exe" [2011-03-14 67456]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-09-26 2356088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 210216]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-23 149280]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"DLBXCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLBXtime.dll" [2007-02-22 73728]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-02 421160]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-12-16 503808]
.
c:\users\Veronica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-12-16 503808]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-1-21 2057536]
WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2010-1-21 9136960]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R1 MpKsl00608dee;MpKsl00608dee;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5CF1F8BF-D447-47E2-BE96-5C07E270D106}\MpKsl00608dee.sys [x]
R1 MpKsl0909484c;MpKsl0909484c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7AAF77A2-A3C2-46D9-91ED-A856A702EEBE}\MpKsl0909484c.sys [x]
R1 MpKsl0960289c;MpKsl0960289c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{194E9C2A-569A-4BEA-BE6B-D1AFB9F40E1F}\MpKsl0960289c.sys [x]
R1 MpKsl19bbb742;MpKsl19bbb742;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4A0A44BC-031D-427E-89BF-86B61AA7C7EA}\MpKsl19bbb742.sys [x]
R1 MpKsl331eb652;MpKsl331eb652;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F72BFBBD-C39B-40A2-BA7F-2E1F8C63CE95}\MpKsl331eb652.sys [x]
R1 MpKsl39456dc4;MpKsl39456dc4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B204BD14-A422-48A7-9FB0-6116EB3682C4}\MpKsl39456dc4.sys [x]
R1 MpKsl3d441665;MpKsl3d441665;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CD74E0C3-9573-4D85-BB87-F3CE0E907865}\MpKsl3d441665.sys [x]
R1 MpKsl4b2e47a2;MpKsl4b2e47a2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B3A7D507-EB24-4A58-B9BB-67F7C4191FD6}\MpKsl4b2e47a2.sys [x]
R1 MpKsl4e008ecf;MpKsl4e008ecf;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EF8FE95A-6C4D-489E-B16C-155DEE7FEA5C}\MpKsl4e008ecf.sys [x]
R1 MpKsl5f96d20b;MpKsl5f96d20b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{681DF8A2-228F-4958-A112-36CD25BD20AE}\MpKsl5f96d20b.sys [x]
R1 MpKsl70eb86f1;MpKsl70eb86f1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B204BD14-A422-48A7-9FB0-6116EB3682C4}\MpKsl70eb86f1.sys [x]
R1 MpKsl725c43fb;MpKsl725c43fb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4DFF6AE7-34CB-4859-8292-754870B21E0F}\MpKsl725c43fb.sys [x]
R1 MpKsl77c0eb11;MpKsl77c0eb11;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6998CA14-BF33-4E18-A459-8F9D386FADF2}\MpKsl77c0eb11.sys [x]
R1 MpKsl831714da;MpKsl831714da;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{89FB1A7F-D6BE-4AB4-B663-05EC49BF9B22}\MpKsl831714da.sys [x]
R1 MpKsla6e529dd;MpKsla6e529dd;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5F34B971-36AB-4971-B1FD-D6E7F53B5AD5}\MpKsla6e529dd.sys [x]
R1 MpKslb47a9eff;MpKslb47a9eff;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{21C27F91-0AEC-446C-ADA7-B208B26229CD}\MpKslb47a9eff.sys [x]
R1 MpKslbe05309e;MpKslbe05309e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F72BFBBD-C39B-40A2-BA7F-2E1F8C63CE95}\MpKslbe05309e.sys [x]
R1 MpKslc43f7ba2;MpKslc43f7ba2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{681DF8A2-228F-4958-A112-36CD25BD20AE}\MpKslc43f7ba2.sys [x]
R1 MpKslcac93121;MpKslcac93121;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{118DBAFC-2403-4E53-A0E5-66520508A40D}\MpKslcac93121.sys [x]
R1 MpKslce46060e;MpKslce46060e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F72BFBBD-C39B-40A2-BA7F-2E1F8C63CE95}\MpKslce46060e.sys [x]
R1 MpKsld3e85ddc;MpKsld3e85ddc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CD74E0C3-9573-4D85-BB87-F3CE0E907865}\MpKsld3e85ddc.sys [x]
R1 MpKsld45ac79f;MpKsld45ac79f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{00E5D929-C79D-4DB0-A876-59AE00971250}\MpKsld45ac79f.sys [x]
R1 MpKsle07cee06;MpKsle07cee06;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F11AB576-502D-4E1C-B58A-71FA97F9BA76}\MpKsle07cee06.sys [x]
R1 MpKslea860ce8;MpKslea860ce8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C6141F88-2BAF-4A53-B887-48AADFC1705B}\MpKslea860ce8.sys [x]
R1 MpKsleb0e88a5;MpKsleb0e88a5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7AAF77A2-A3C2-46D9-91ED-A856A702EEBE}\MpKsleb0e88a5.sys [x]
R1 MpKsleebcb9ba;MpKsleebcb9ba;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{681DF8A2-228F-4958-A112-36CD25BD20AE}\MpKsleebcb9ba.sys [x]
R1 MpKslf83867e5;MpKslf83867e5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{118DBAFC-2403-4E53-A0E5-66520508A40D}\MpKslf83867e5.sys [x]
R1 MpKslfdf9e547;MpKslfdf9e547;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{47771F47-29C5-40A6-B40D-6838C032C19A}\MpKslfdf9e547.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-10-06 365952]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-01-21 110592]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-29 112128]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-05-29 22712]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-26 42368]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-20 c:\windows\Tasks\HPCeeScheduleForVeronica.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-10-23 18:34]
.
2011-06-23 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2011-03-14 15:31]
.
2011-06-16 c:\windows\Tasks\RegTask.job
- c:\program files\RegTask\RegTask.exe [2011-02-23 17:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Veronica\AppData\Roaming\Mozilla\Firefox\Profiles\m5wjplke.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Move Media Player: [email protected] - c:\users\Veronica\AppData\Roaming\Move Networks
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-23 16:54
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLBXCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\DLBXtime.dll,[email protected]???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-06-23 16:55:21
ComboFix-quarantined-files.txt 2011-06-23 20:55
ComboFix2.txt 2011-06-23 19:11
ComboFix3.txt 2011-06-23 18:46
ComboFix4.txt 2011-06-23 17:36
.
Pre-Run: 79,090,339,840 bytes free
Post-Run: 79,056,764,928 bytes free
.
- - End Of File - - A085FEDF1F82320C10A0C06B8DC44155
  • 0

#18
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Well that killled the rootkit I could see - lets see if Dr Web can find the culprit
  • 0

#19
Vero_

Vero_

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
it says no viruses found. whats next?
  • 0

#20
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets retry combofix to remove the jpg's - If combofix asks to update please allow it to

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\Users\Veronica\Desktop\IMG_0578.JPG
C:\Users\Veronica\Desktop\IMG_0576.JPG
C:\Users\Veronica\Desktop\IMG_0577.JPG
C:\Users\Veronica\Desktop\IMG_0575.JPG
C:\Users\Veronica\Desktop\IMG_0574.JPG
C:\Users\Veronica\Desktop\IMG_0571.JPG
C:\Users\Veronica\Desktop\IMG_0572.JPG
C:\Users\Veronica\Desktop\IMG_0573.JPG
C:\Users\Veronica\Desktop\IMG_0570.JPG
C:\Users\Veronica\Desktop\IMG_0568.JPG
C:\Users\Veronica\Desktop\IMG_0569.JPG
C:\Users\Veronica\Desktop\IMG_0566.JPG
C:\Users\Veronica\Desktop\IMG_0567.JPG
C:\Users\Veronica\Desktop\IMG_0580.JPG
C:\Users\Veronica\Desktop\IMG_0579.JPG



Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
  • 0

#21
Vero_

Vero_

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
ok. here it is:
ComboFix 11-06-22.02 - Veronica 06/24/2011 15:00:28.3.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.1978.1127 [GMT -4:00]
Running from: c:\users\Veronica\Desktop\ComboFix.exe
Command switches used :: c:\users\Veronica\Desktop\CFScript.txt,.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Security Essentials *Disabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Veronica\Desktop\IMG_0566.JPG"
"c:\users\Veronica\Desktop\IMG_0567.JPG"
"c:\users\Veronica\Desktop\IMG_0568.JPG"
"c:\users\Veronica\Desktop\IMG_0569.JPG"
"c:\users\Veronica\Desktop\IMG_0570.JPG"
"c:\users\Veronica\Desktop\IMG_0571.JPG"
"c:\users\Veronica\Desktop\IMG_0572.JPG"
"c:\users\Veronica\Desktop\IMG_0573.JPG"
"c:\users\Veronica\Desktop\IMG_0574.JPG"
"c:\users\Veronica\Desktop\IMG_0575.JPG"
"c:\users\Veronica\Desktop\IMG_0576.JPG"
"c:\users\Veronica\Desktop\IMG_0577.JPG"
"c:\users\Veronica\Desktop\IMG_0578.JPG"
"c:\users\Veronica\Desktop\IMG_0579.JPG"
"c:\users\Veronica\Desktop\IMG_0580.JPG"
.
.
((((((((((((((((((((((((( Files Created from 2011-05-24 to 2011-06-24 )))))))))))))))))))))))))))))))
.
.
2011-06-24 19:07 . 2011-06-24 19:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-24 19:07 . 2011-06-24 19:07 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-06-24 18:56 . 2011-06-24 18:57 -------- d-----w- C:\32788R22FWJFW
2011-06-24 17:50 . 2011-06-24 17:50 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FDC58F4F-97EE-484C-B13F-ABD35B5F6F8B}\MpKsl8db17a9e.sys
2011-06-24 17:50 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FDC58F4F-97EE-484C-B13F-ABD35B5F6F8B}\mpengine.dll
2011-06-23 21:20 . 2011-06-23 21:20 -------- d-----w- c:\users\Veronica\DoctorWeb
2011-06-23 20:55 . 2011-06-24 19:08 -------- d-----w- c:\users\Veronica\AppData\Local\temp
2011-06-22 22:38 . 2011-06-22 22:38 -------- d-----w- C:\_OTL
2011-06-11 21:18 . 2011-06-11 21:18 -------- d-----w- c:\users\Guest\AppData\Local\Western_Digital
2011-06-11 21:18 . 2011-06-11 21:18 -------- d-----w- c:\users\Guest\AppData\Roaming\Western Digital
2011-06-11 21:18 . 2011-06-11 21:18 -------- d-----w- c:\users\Guest\AppData\Local\Western Digital
2011-06-04 00:05 . 2011-06-04 00:05 -------- d-----w- c:\users\Veronica\AppData\Local\Western_Digital
2011-06-01 02:09 . 2011-06-01 02:09 -------- d-----w- c:\users\Veronica\AppData\Roaming\Western Digital
2011-06-01 02:09 . 2011-06-01 02:09 -------- d-----w- c:\programdata\Western Digital
2011-06-01 02:08 . 2011-06-01 02:08 -------- d-----w- c:\program files\Western Digital
2011-06-01 02:07 . 2011-06-01 02:07 -------- d-----w- c:\users\Veronica\AppData\Local\Western Digital
2011-05-31 21:52 . 2011-05-31 21:52 -------- d-----w- c:\users\Guest\AppData\Local\Apple
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-07 15:55 . 2010-11-19 08:15 7074640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-05-29 13:11 . 2011-04-21 01:05 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 13:11 . 2011-04-21 01:05 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-09-30 972080]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"RegistryBooster"="c:\program files\Uniblue\RegistryBooster\launcher.exe" [2011-03-14 67456]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-09-26 2356088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 210216]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-23 149280]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"DLBXCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLBXtime.dll" [2007-02-22 73728]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-02 421160]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-12-16 503808]
.
c:\users\Veronica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-12-16 503808]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-1-21 2057536]
WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2010-1-21 9136960]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R1 MpKsl00608dee;MpKsl00608dee;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5CF1F8BF-D447-47E2-BE96-5C07E270D106}\MpKsl00608dee.sys [x]
R1 MpKsl0909484c;MpKsl0909484c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7AAF77A2-A3C2-46D9-91ED-A856A702EEBE}\MpKsl0909484c.sys [x]
R1 MpKsl0960289c;MpKsl0960289c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{194E9C2A-569A-4BEA-BE6B-D1AFB9F40E1F}\MpKsl0960289c.sys [x]
R1 MpKsl19bbb742;MpKsl19bbb742;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4A0A44BC-031D-427E-89BF-86B61AA7C7EA}\MpKsl19bbb742.sys [x]
R1 MpKsl331eb652;MpKsl331eb652;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F72BFBBD-C39B-40A2-BA7F-2E1F8C63CE95}\MpKsl331eb652.sys [x]
R1 MpKsl39456dc4;MpKsl39456dc4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B204BD14-A422-48A7-9FB0-6116EB3682C4}\MpKsl39456dc4.sys [x]
R1 MpKsl3d441665;MpKsl3d441665;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CD74E0C3-9573-4D85-BB87-F3CE0E907865}\MpKsl3d441665.sys [x]
R1 MpKsl4b2e47a2;MpKsl4b2e47a2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B3A7D507-EB24-4A58-B9BB-67F7C4191FD6}\MpKsl4b2e47a2.sys [x]
R1 MpKsl4e008ecf;MpKsl4e008ecf;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EF8FE95A-6C4D-489E-B16C-155DEE7FEA5C}\MpKsl4e008ecf.sys [x]
R1 MpKsl5f96d20b;MpKsl5f96d20b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{681DF8A2-228F-4958-A112-36CD25BD20AE}\MpKsl5f96d20b.sys [x]
R1 MpKsl70eb86f1;MpKsl70eb86f1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B204BD14-A422-48A7-9FB0-6116EB3682C4}\MpKsl70eb86f1.sys [x]
R1 MpKsl725c43fb;MpKsl725c43fb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4DFF6AE7-34CB-4859-8292-754870B21E0F}\MpKsl725c43fb.sys [x]
R1 MpKsl77c0eb11;MpKsl77c0eb11;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6998CA14-BF33-4E18-A459-8F9D386FADF2}\MpKsl77c0eb11.sys [x]
R1 MpKsl831714da;MpKsl831714da;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{89FB1A7F-D6BE-4AB4-B663-05EC49BF9B22}\MpKsl831714da.sys [x]
R1 MpKsla6e529dd;MpKsla6e529dd;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5F34B971-36AB-4971-B1FD-D6E7F53B5AD5}\MpKsla6e529dd.sys [x]
R1 MpKslb47a9eff;MpKslb47a9eff;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{21C27F91-0AEC-446C-ADA7-B208B26229CD}\MpKslb47a9eff.sys [x]
R1 MpKslbe05309e;MpKslbe05309e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F72BFBBD-C39B-40A2-BA7F-2E1F8C63CE95}\MpKslbe05309e.sys [x]
R1 MpKslc43f7ba2;MpKslc43f7ba2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{681DF8A2-228F-4958-A112-36CD25BD20AE}\MpKslc43f7ba2.sys [x]
R1 MpKslcac93121;MpKslcac93121;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{118DBAFC-2403-4E53-A0E5-66520508A40D}\MpKslcac93121.sys [x]
R1 MpKslce46060e;MpKslce46060e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F72BFBBD-C39B-40A2-BA7F-2E1F8C63CE95}\MpKslce46060e.sys [x]
R1 MpKsld3e85ddc;MpKsld3e85ddc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CD74E0C3-9573-4D85-BB87-F3CE0E907865}\MpKsld3e85ddc.sys [x]
R1 MpKsld45ac79f;MpKsld45ac79f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{00E5D929-C79D-4DB0-A876-59AE00971250}\MpKsld45ac79f.sys [x]
R1 MpKsle07cee06;MpKsle07cee06;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F11AB576-502D-4E1C-B58A-71FA97F9BA76}\MpKsle07cee06.sys [x]
R1 MpKslea860ce8;MpKslea860ce8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C6141F88-2BAF-4A53-B887-48AADFC1705B}\MpKslea860ce8.sys [x]
R1 MpKsleb0e88a5;MpKsleb0e88a5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7AAF77A2-A3C2-46D9-91ED-A856A702EEBE}\MpKsleb0e88a5.sys [x]
R1 MpKsleebcb9ba;MpKsleebcb9ba;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{681DF8A2-228F-4958-A112-36CD25BD20AE}\MpKsleebcb9ba.sys [x]
R1 MpKslf83867e5;MpKslf83867e5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{118DBAFC-2403-4E53-A0E5-66520508A40D}\MpKslf83867e5.sys [x]
R1 MpKslfdf9e547;MpKslfdf9e547;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{47771F47-29C5-40A6-B40D-6838C032C19A}\MpKslfdf9e547.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-10-06 365952]
S2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-01-21 110592]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-29 112128]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-05-29 22712]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-26 42368]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - DWPROT
*NewlyCreated* - MPKSL6A43D330
*NewlyCreated* - MPKSL8DB17A9E
*Deregistered* - Dwsh00007E95
*Deregistered* - MpKsl6a43d330
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-20 c:\windows\Tasks\HPCeeScheduleForVeronica.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-10-23 18:34]
.
2011-06-24 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2011-03-14 15:31]
.
2011-06-16 c:\windows\Tasks\RegTask.job
- c:\program files\RegTask\RegTask.exe [2011-02-23 17:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Veronica\AppData\Roaming\Mozilla\Firefox\Profiles\m5wjplke.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Move Media Player: [email protected] - c:\users\Veronica\AppData\Roaming\Move Networks
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-24 15:08
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLBXCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\DLBXtime.dll,[email protected]???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-06-24 15:09:45
ComboFix-quarantined-files.txt 2011-06-24 19:09
ComboFix2.txt 2011-06-23 20:55
ComboFix3.txt 2011-06-23 19:11
ComboFix4.txt 2011-06-23 18:46
ComboFix5.txt 2011-06-24 18:57
.
Pre-Run: 77,033,865,216 bytes free
Post-Run: 77,165,461,504 bytes free
.
- - End Of File - - 559A111C37E0078E68938C369BA83B6E
  • 0

#22
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Are you still getting the Ads ?
  • 0

#23
Vero_

Vero_

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Yes still getting them. Why??
  • 0

#24
Vero_

Vero_

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Another thing called RegTask comes up. What is that?
  • 0

#25
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Did you not install that ?

Go to programs and features in control panel and uninstall RegTask

Also are the ads specific with reference to websites/products
  • 0

Advertisements


#26
Vero_

Vero_

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Ads on my screen rite now are: Dove, pink letter b, I think maybe bingo. Deer crossing, even deer knows safety comes first, cat prays to fridge, robbery referral, plan b one step emergency contraception, ketchup robots. There are so many. And they change every 10 seconds
  • 0

#27
Vero_

Vero_

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
It's blinkxs player 4.3.324
  • 0

#28
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Within programmes and features do you have anything like this “blinkx beat” as it has set itself up as your screen saver

control panel->personalization->screen saver - set to none
  • 0

#29
Vero_

Vero_

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
ok did that. is my laptop clean now?
  • 0

#30
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Have the ads disappeared ?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP