We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Yet another virus problem!
Comments
-
I don't. NOD32 comes up with a big red box in the middle of the screen when a dodgy website tries to infect my PC and it terminates the connections to that website. Something that non of the free ones do. The paid versions of some of the free ones do this but not the free version.
Just a point of accuracy, Connor - I'm running the free version of avast ... it's online scanning DOES identify when a dodgy website tries to infect the pc, AND gives me the option of terminating that connection before any damage is done. (Avast 4.8 Home Edition)0 -
ComboFix 08-10-27.01 - Mark 2008-10-27 21:30:45.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.174 [GMT 0:00]
Command switches used :: C:\Documents and Settings\Mark\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\IE4 Error Log.txt
.
((((((((((((((((((((((((( Files Created from 2008-09-27 to 2008-10-27 )))))))))))))))))))))))))))))))
.
2008-10-27 11:59 . 2008-10-27 11:59 <DIR> d
C:\WINDOWS\Sun
2008-10-27 11:59 . 2008-10-27 11:58 410,976 --a
C:\WINDOWS\system32\deploytk.dll
2008-10-27 11:59 . 2008-10-27 11:58 73,728 --a
C:\WINDOWS\system32\javacpl.cpl
2008-10-26 18:13 . 2008-10-26 18:13 <DIR> d
C:\Program Files\Malwarebytes' Anti-Malware
2008-10-26 18:13 . 2008-10-26 18:13 <DIR> d
C:\Documents and Settings\Mark\Application Data\Malwarebytes
2008-10-26 18:13 . 2008-10-26 18:13 <DIR> d
C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-26 18:13 . 2008-10-22 16:10 38,496 --a
C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-26 18:13 . 2008-10-22 16:10 15,504 --a
C:\WINDOWS\system32\drivers\mbam.sys
2008-10-24 07:56 . 2008-08-14 10:11 2,189,184
c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-24 07:56 . 2008-08-14 10:09 2,145,280
c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-24 07:56 . 2008-08-14 09:33 2,066,048
c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-24 07:56 . 2008-08-14 09:33 2,023,936
c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-24 07:56 . 2008-09-15 12:12 1,846,400
c--- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-24 07:56 . 2008-09-08 10:41 333,824
c--- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-24 07:55 . 2008-10-15 16:34 337,408
c--- C:\WINDOWS\system32\dllcache\netapi32.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-27 18:53
d
w C:\Program Files\Microsoft AntiSpyware
2008-10-27 11:58
d
w C:\Program Files\Java
2008-10-27 10:01
d
w C:\Documents and Settings\Mark\Application Data\AVG7
2008-10-24 07:55
d
w C:\Documents and Settings\LocalService\Application Data\AVG7
2008-10-19 20:33
d
w C:\Documents and Settings\Mark\Application Data\Skype
2008-09-25 20:25
d
w C:\Documents and Settings\Leslie\Application Data\Skype
2008-09-19 08:38
d
w C:\Program Files\Reference Assemblies
2008-09-19 08:38
d
w C:\Program Files\MSBuild
2008-09-19 08:31 80,520 -c--a-w C:\Documents and Settings\Leslie\Application Data\GDIPFONTCACHEV1.DAT
2008-09-19 08:25
d
w C:\Program Files\MSECache
2008-09-19 08:18
dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-09-19 08:17
d
w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-09-15 12:12 1,846,400 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-26 07:24 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-14 10:11 2,189,184 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 09:33 2,066,048 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2005-09-24 22:09 1,873,302 ----a-w C:\Program Files\New Folder (1).zip
2005-09-24 21:08 12,461 ----a-w C:\Program Files\incomingmessage.mmf
2005-07-15 06:37 120,156 -c--a-w C:\Program Files\barbara.htm
2005-07-15 06:31 120,251 -c--a-w C:\Program Files\madcow.htm
2005-07-15 06:20 4,531 -c--a-w C:\Program Files\let me out of here.mmf
2005-07-15 05:32 6,135 -c--a-w C:\Program Files\barbiegirl.mid
2005-07-15 05:30 7,156 -c--a-w C:\Program Files\Tone-highway to hell.mid
2005-07-14 21:25 4,439 -c--a-w C:\Program Files\020104.jpg
2005-07-14 21:24 2,612 ----a-w C:\Program Files\060048.jpg
2005-07-14 21:23 4,396 -c--a-w C:\Program Files\060040.jpg
2005-07-09 07:48 10,562,512 -c--a-w C:\Program Files\GoogleEarth.exe
2005-06-23 19:35 6,818,440 -c--a-w C:\Program Files\MicrosoftAntiSpywareInstall.exe
2005-05-15 09:25 1,718,938 ----a-w C:\Program Files\BTModemProtection.zip
2005-03-07 19:50 6,494 ----a-w C:\Program Files\netgear.cfg
.
Sigcheck
2005-05-25 19:07 359936 63fdfea54eb53de2d863ee454937ce1e C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
2006-01-13 17:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
2006-04-20 12:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 16:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 10:44 360960 744e57c99232201ae98c49168b918f48 C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 11:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 11:59 361600 ad978a1b783b5719720cff204b666c8e C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2008-06-20 10:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2004-08-04 12:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB893066$\tcpip.sys
2005-05-25 19:04 359808 88763a98a4c26c409741b4aa162720c9 C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys
2006-01-13 02:28 359808 583e063fdc888ca30d05c2724b0d7ef4 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2006-04-20 11:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2008-04-13 19:20 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
2007-10-30 17:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys
2008-04-13 19:20 361344 accf5a9a1ffaa490f33dba1c632b95e1 C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
2008-06-20 11:51 361600 9425b72f40257b45d45d24773273dad0 C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 11:51 361600 9425b72f40257b45d45d24773273dad0 C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"InstantTray"="C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe" [2003-10-22 746496]
"IW_Drop_Icon"="C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe" [2003-11-19 1134080]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2003-11-10 406016]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
"McAfee Guardian"="C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" [2003-11-17 139264]
"EPSON Stylus CX3600 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE" [2004-03-04 98304]
"gcasServ"="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" [2005-06-15 473928]
"DataLayer"="C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe" [2005-06-07 819712]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2005-06-29 176128]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-10-24 590848]
"USBPhone4Skype"="C:\Program Files\MAX-DECT PHONE\USBPhone4Skype.exe" [2006-08-22 208896]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-10-27 136600]
"SoundMan"="SOUNDMAN.EXE" [2004-02-26 C:\WINDOWS\SOUNDMAN.EXE]
"VTTimer"="VTTimer.exe" [2004-01-15 C:\WINDOWS\system32\VTTimer.exe]
"BTModemProtection"="BTModemProtection.lnk" [2005-05-16 C:\WINDOWS\system32\BTModemProtection.lnk]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-29 219136]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3ivx"= C:\PROGRA~1\ACEMEG~1\SystemS\3ivx\3IVXVF~1.DLL
"vidc.3iv0"= C:\PROGRA~1\ACEMEG~1\SystemS\3ivx\3IVXVF~1.DLL
"vidc.3iv1"= C:\PROGRA~1\ACEMEG~1\SystemS\3ivx\3IVXVF~1.DLL
"vidc.3iv2"= C:\PROGRA~1\ACEMEG~1\SystemS\3ivx\3IVXVF~1.DLL
"vidc.3ivd"= C:\PROGRA~1\ACEMEG~1\SystemS\3ivx\3IVXVF~1.DLL
"vidc.yv12"= C:\PROGRA~1\ACEMEG~1\SystemS\ATI\atiyuv12.DLL
"vidc.divx"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivX511.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 VOBID;VOBID;C:\WINDOWS\system32\DRIVERS\vobid.sys [2003-08-01 29239]
R1 vobcom;vobcom;C:\WINDOWS\system32\drivers\vobcom.sys [2001-10-04 9728]
R1 vobiw;vobiw;C:\WINDOWS\system32\drivers\vobiw.sys [2003-08-27 187392]
R2 JavaQuickStarterService;Java Quick Starter;C:\Program Files\Java\jre6\bin\jqs.exe [2008-10-27 152984]
R3 cdrdrv;Cdrdrv;C:\WINDOWS\system32\Drivers\Cdrdrv.sys [2002-12-13 64000]
S2 LIFDHIGW;LIFDHIGW;C:\WINDOWS\system32\lifdhigw.dzq [ ]
S3 ModemProtection;ModemProtection;C:\WINDOWS\System32\ModemProtection.sys [2005-04-25 13157]
S3 MusCDriverV32;MusCDriverV32;C:\WINDOWS\system32\drivers\MusCDriverV32.sys [2007-12-14 513152]
S3 MusCVideo32;MusCVideo32;C:\WINDOWS\system32\DRIVERS\MusCVideo32.sys [2007-12-14 3768]
S3 V0260VID;Live! Cam Vista IM;C:\WINDOWS\system32\DRIVERS\V0260Vid.sys [2006-11-04 178913]
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
2008-03-14 C:\WINDOWS\Tasks\McAfee Privacy Service Anti-Spyware Scan.job
- C:\PROGRA~1\McAfee\MCAFEE~1\swdetect.exe [2004-04-16 05:02]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-McRegWiz - C:\Program Files\McAfee.com\Agent\McRegWiz.exe
SharedTaskScheduler-IPC Configuration Utility - (no file)
.
Supplementary Scan
.
R0 -: HKCU-Main,Start Page = about:blank
R0 -: HKLM-Main,Search Bar = about:blank
R1 -: HKCU-Internet Settings,ProxyOverride = <local>
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 -: Search with Wanadoo - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
O9 -: !!08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com
O9 -: !!08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com -
O16 -: !!55A548B3-AFA8-41E3-8057-FD24931C6388} - hxxp://216.87.37.188/app/FXCtrl.cab
C:\WINDOWS\Downloaded Program Files\FXCtrl.inf
C:\WINDOWS\Downloaded Program Files\FXCtrl.ocx
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-27 21:36:01
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LIFDHIGW]
"ImagePath"="\??\C:\WINDOWS\system32\lifdhigw.dzq"
.
Completion time: 2008-10-27 21:39:11
ComboFix-quarantined-files.txt 2008-10-27 21:39:05
Pre-Run: 57,666,977,792 bytes free
Post-Run: 57,943,191,552 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
190 --- E O F --- 2008-10-24 08:03:390 -
Currently working through the log - what Anti Virus software are you running?
what firewall, antispyware etc...0 -
As I said I'm a bit confused as I don't often use this computer and OH is now at work! I thought it was Avast but that's on my laptop and it's AVG on the desktop. I think he must be using AVG free and AVG anti-spyware and the windows firewall. There has been other stuff on in the past but it's not used now. McAfee apparently came with the system for a year when we bought it and I thought it was long gone!0
-
Still going through the log.
It would appear that there is AVG7 and leftovers of McAffe. I will dig out some of them tools in a minute for you.
Do you have problems updating windows?0 -
do you know what these are;
C:\Program Files\incomingmessage.mmf
C:\Program Files\barbara.htm
C:\Program Files\madcow.htm
C:\Program Files\let me out of here.mmf
C:\Program Files\barbiegirl.mid
C:\Program Files\Tone-highway to hell.mid
C:\Program Files\020104.jpg
C:\Program Files\060048.jpg
C:\Program Files\060040.jpg0 -
Not as far as I know - we've been away for nearly a month and about 13 updates came through at once when we got home last week - I just assumed they'd backed up whilst we'd been away!0
-
Reluctant_spender wrote: »do you know what these are;
C:\Program Files\incomingmessage.mmf
C:\Program Files\barbara.htm
C:\Program Files\madcow.htm
C:\Program Files\let me out of here.mmf
C:\Program Files\barbiegirl.mid
C:\Program Files\Tone-highway to hell.mid
C:\Program Files\020104.jpg
C:\Program Files\060048.jpg
C:\Program Files\060040.jpg
First 6 are ringtone titles and the other 3 are screensavers for the mobile phone0 -
-
can you send this file to jotti
C:\WINDOWS\system32\lifdhigw.dzq
you may have to show hidden files first
Revealing hidden Files
Please set your system to show all files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.1K Banking & Borrowing
- 253.5K Reduce Debt & Boost Income
- 454.2K Spending & Discounts
- 245.1K Work, Benefits & Business
- 600.7K Mortgages, Homes & Bills
- 177.4K Life & Family
- 258.9K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.2K Discuss & Feedback
- 37.6K Read-Only Boards