We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
The Forum now has a brand new text editor, adding a bunch of handy features to use when creating posts. Read more in our how-to guide
Intervalheheheh - Virus, Please Help
Comments
-
What is the actual problem that is left to resolve? What do you mean by still getting the microsoft security page? Have you tried this f-secure scan?My suggestion and/or advice is my own and it is up to you if you follow it, please check the advice given before acting on it.0
-
What is the actual problem that is left to resolve? What do you mean by still getting the microsoft security page? Have you tried this f-secure scan?
When I log onto Internet Explorer I get a Microsoft Security page trying toi get my to click onto buy their antispyware, however I have been informed by a fellow MSE'r that this is the virus.
I started initially getting a pop up named intervalhehehe but now I don't get that I just get this MS security pag, which haven't clicked anything on it.
On my hosts there is a list but not any of them is named local host.
How do I solve this part by having local host in there??If this has helped you please don't forget to click Thanks, thankyou.0 -
Go to Tools > Options and have a look what Home Page is set too.
Then, copy and past the contents of your HOSTS file here for someone to take a look at.
You're going to waste money taking it to a PC shop to fix. More than likely, they'll just format the computer for you and reinstall Windows and charge you anywhere between £50-£100 for something you can do yourself while you sit and watch telly!0 -
update and run combifix againEx forum ambassador
Long term forum member0 -
A reliable way to locate the hosts file is to install HijackThis. Once you do, click the "Open the Misc Tools section" button on the main interface, then click the "Open hosts file manager" button in the System Tools section. The directory path for your hosts file appears at the top of the editor window.
You have done the difficult bit , getting rid of heheheh
This should be the easy part ..... honest0 -
Please post the log0
-
Hi All,
I dont usually post on forums, but in this case, i hope I can help some people having problems with this awful malware.
I downloaded WinRAR to extract some files this morning from download.com.
Since downloading and installing, firstly I started receiving that pain in the !!! message intervalhehehe. My windows defender picked this up and located a file in the following location:
C:\Windows\System32\
appropriately named: intervalhehehe.rar
deleting this stopped the popups. Phew!
A couple of mins later, I wanted to do a search on google.com and a fake Microsoft site popped up asking me to download some dodgy antivirus software.
At this point I realised the !!!!!!s had changed my host file too. So, popular sites I wanted to visit such as MSN.com, Google, Facebook etc.... The page which would popup would be the dodgy microsoft page.
I run Vista on my laptop, so to XP users and mac I appologise as I dont know how to resolve on these platforms. But if you are on vista, you need to delete all dodgy IP's from this host file. To do this follow this route to your 'hosts' file:
C:\Windows\System32\drivers\etc\
Opening this file with notepad, you will see a list of website addresses and IP addresses too this is what you need to delete as these are the IP addresses your browser defaults to if you type in one of those URL's.
If your pc does not allow you to delete the text in this file and save, this is probably because you need administrator access to the file. To do this, follow the following instruction:
Click: start menu > all programs > accessories > (rightclick) notepad > run as administrator.
Then locate the hosts file again - C:\Windows\System32\drivers\etc\hosts
If no files appear there will be a drop down box, select "All files (*.*)" and 'hosts' will appear in a list.
Open 'hosts' with a double click and you should then be able to delete and save the text in the 'hosts' folder.
Now you should be back to normal!
I dont believe the site to be dodgy, they just want you to spend money to delete something which is as simple to resolve as the above.
Also, If you downloaded this WinRAR version from download.com please leave negative feedback on their site. Hopefully we can educate other users and stop them from experiencing this too.0 -
Reluctant_spender wrote: »Please post the log
This is the log from the san: Part 1 of it
ComboFix 08-12-11.05 - ruth eyre 2008-12-12 12:14:36.2 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.160 [GMT 0:00]
Running from: c:\documents and settings\ruth eyre\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2008-11-12 to 2008-12-12 )))))))))))))))))))))))))))))))
.
2008-12-12 00:15 . 2008-12-12 00:15 <DIR> d
c:\program files\BillP Studios
2008-12-12 00:15 . 2008-12-12 00:15 <DIR> d
c:\documents and settings\ruth eyre\Application Data\WinPatrol
2008-12-10 12:45 . 2008-12-10 12:45 97,928 --a
c:\windows\system32\drivers\avgldx86.sys
2008-12-10 12:45 . 2008-12-10 12:45 76,040 --a
c:\windows\system32\drivers\avgtdix.sys
2008-12-10 12:45 . 2008-12-10 12:45 10,520 --a
c:\windows\system32\avgrsstx.dll
2008-12-10 12:44 . 2008-12-10 12:44 <DIR> d
c:\windows\system32\drivers\Avg
2008-12-10 12:44 . 2008-12-10 12:44 <DIR> d
c:\program files\AVG
2008-12-10 12:44 . 2008-12-10 12:44 <DIR> d
c:\documents and settings\ruth eyre\Application Data\AVGTOOLBAR
2008-12-10 12:44 . 2008-12-10 12:44 <DIR> d
c:\documents and settings\All Users\Application Data\avg8
2008-12-10 00:55 . 2008-12-10 00:55 <DIR> d
c:\documents and settings\ruth eyre\Application Data\Malwarebytes
2008-12-10 00:55 . 2008-12-03 19:53 38,496 --a
c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-10 00:55 . 2008-12-03 19:53 15,504 --a
c:\windows\system32\drivers\mbam.sys
2008-12-10 00:54 . 2008-12-10 00:55 <DIR> d
c:\program files\Malwarebytes' Anti-Malware
2008-12-10 00:54 . 2008-12-10 00:55 <DIR> d
c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-09 22:52 . 2008-12-09 22:52 <DIR> d
c:\program files\EsetOnlineScanner
2008-12-09 22:46 . 2008-12-09 22:46 <DIR> d
C:\HostsXpert
2008-12-09 19:54 . 2008-12-09 19:54 <DIR> d---s---- c:\documents and settings\Administrator\UserData
2008-12-09 19:52 . 2008-12-09 19:52 <DIR> d
c:\documents and settings\Administrator\Application Data\Viewpoint
2008-12-09 19:52 . 2008-12-09 19:52 <DIR> d
c:\documents and settings\Administrator\Application Data\AOL
2008-12-09 19:51 . 2008-12-09 19:51 <DIR> d
c:\documents and settings\Administrator
2008-12-09 01:16 . 2008-12-09 01:16 <DIR> d
c:\documents and settings\ruth eyre\.housecall6.6
2008-12-08 22:15 . 2008-12-08 22:15 <DIR> d--hs---- C:\FOUND.001
2008-11-18 18:35 . 2008-12-12 08:37 54,156 --ah
c:\windows\QTFont.qfn
2008-11-18 18:35 . 2008-11-18 18:35 1,409 --a
c:\windows\QTFont.for
2008-11-14 20:46 . 2008-11-14 20:46 <DIR> d
c:\documents and settings\rebecca eyre\Application Data\Apple Computer
2008-11-14 19:54 . 2008-11-14 19:54 185 --a
c:\windows\wininit.ini
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-30 17:31
d
w c:\documents and settings\rebecca eyre\Application Data\Viewpoint
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:10 453,632
w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 13:01 283,648 ----a-w c:\windows\system32\dllcache\gdi32.dll
2008-10-16 14:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 14:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 14:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 14:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 14:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 14:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 14:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 14:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 14:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-15 17:57 332,800 ----a-w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 09:45 18,432 ----a-w c:\windows\system32\dllcache\iedw.exe
2008-10-03 10:15 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-10-03 10:15 247,326 ----a-w c:\windows\system32\dllcache\strmdll.dll
2008-09-30 16:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 12:57 1,846,016 ----a-w c:\windows\system32\win32k.sys
2008-09-15 12:57 1,846,016 ----a-w c:\windows\system32\dllcache\win32k.sys
2006-10-10 23:14 164 ---ha-w c:\documents and settings\All Users\hpothb07.dat
2006-10-10 23:14 162 ---ha-w c:\documents and settings\ruth eyre\hpothb07.dat
2006-07-03 23:51 90 ----a-w c:\documents and settings\ruth eyre\test.dat
2005-12-27 22:32 185 ---ha-w c:\documents and settings\All Users\Application Data\hpothb07.dat
.
((((((((((((((((((((((((((((( snapshot@2008-12-10_10.59.50.84 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-08-20 06:38:46 1,023,488 ----a-w c:\windows\system32\browseui.dll
+ 2008-10-16 10:37:04 1,023,488 ----a-w c:\windows\system32\browseui.dll
- 2008-08-20 06:38:40 151,040 ----a-w c:\windows\system32\cdfview.dll
+ 2008-10-16 10:37:02 151,040 ----a-w c:\windows\system32\cdfview.dll
- 2008-08-20 06:38:40 1,054,208 ----a-w c:\windows\system32\danim.dll
+ 2008-10-16 10:37:02 1,054,208 ----a-w c:\windows\system32\danim.dll
- 2008-08-20 06:38:46 1,023,488 ----a-w c:\windows\system32\dllcache\browseui.dll
+ 2008-10-16 10:37:04 1,023,488 ----a-w c:\windows\system32\dllcache\browseui.dll
- 2008-08-20 06:38:40 151,040 ----a-w c:\windows\system32\dllcache\cdfview.dll
+ 2008-10-16 10:37:02 151,040 ----a-w c:\windows\system32\dllcache\cdfview.dll
- 2008-08-20 06:38:40 1,054,208 ----a-w c:\windows\system32\dllcache\danim.dll
+ 2008-10-16 10:37:02 1,054,208 ----a-w c:\windows\system32\dllcache\danim.dll
- 2008-08-20 06:38:40 357,888 ----a-w c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-10-16 10:37:02 357,888 ----a-w c:\windows\system32\dllcache\dxtmsft.dll
- 2008-08-20 06:38:40 205,312 ----a-w c:\windows\system32\dllcache\dxtrans.dll
+ 2008-10-16 10:37:02 205,312 ----a-w c:\windows\system32\dllcache\dxtrans.dll
- 2008-08-20 06:38:40 55,808 ----a-w c:\windows\system32\dllcache\extmgr.dll
+ 2008-10-16 10:37:02 55,808 ----a-w c:\windows\system32\dllcache\extmgr.dll
- 2008-08-20 06:38:42 251,392 ----a-w c:\windows\system32\dllcache\iepeers.dll
+ 2008-10-16 10:37:02 251,392 ----a-w c:\windows\system32\dllcache\iepeers.dll
- 2008-08-20 06:38:42 96,256 ----a-w c:\windows\system32\dllcache\inseng.dll
+ 2008-10-16 10:37:02 96,256 ----a-w c:\windows\system32\dllcache\inseng.dll
- 2008-08-20 06:38:44 16,384 ----a-w c:\windows\system32\dllcache\jsproxy.dll
+ 2008-10-16 10:37:04 16,384 ----a-w c:\windows\system32\dllcache\jsproxy.dll
- 2006-10-18 20:03:58 100,864 ----a-w c:\windows\system32\dllcache\logagent.exe
+ 2008-06-18 01:09:22 100,864 ----a-w c:\windows\system32\dllcache\logagent.exe
- 2008-08-20 06:38:48 3,060,224 ----a-w c:\windows\system32\dllcache\mshtml.dll
+ 2008-10-16 10:37:06 3,059,712 ----a-w c:\windows\system32\dllcache\mshtml.dll
- 2008-08-20 06:38:44 449,024 ----a-w c:\windows\system32\dllcache\mshtmled.dll
+ 2008-10-16 10:37:04 449,024 ----a-w c:\windows\system32\dllcache\mshtmled.dll
- 2008-08-20 06:38:42 146,432 ----a-w c:\windows\system32\dllcache\msrating.dll
+ 2008-10-16 10:37:02 146,432 ----a-w c:\windows\system32\dllcache\msrating.dll
- 2008-08-20 06:38:42 532,480 ----a-w c:\windows\system32\dllcache\mstime.dll
+ 2008-10-16 10:37:02 532,480 ----a-w c:\windows\system32\dllcache\mstime.dll
- 2008-08-20 06:38:42 39,424 ----a-w c:\windows\system32\dllcache\pngfilt.dll
+ 2008-10-16 10:37:02 39,424 ----a-w c:\windows\system32\dllcache\pngfilt.dll
- 2008-08-20 06:38:42 1,494,528 ----a-w c:\windows\system32\dllcache\shdocvw.dll
+ 2008-10-16 10:37:04 1,494,528 ----a-w c:\windows\system32\dllcache\shdocvw.dll
- 2008-08-20 06:38:44 474,112 ----a-w c:\windows\system32\dllcache\shlwapi.dll
+ 2008-10-16 10:37:04 474,112 ----a-w c:\windows\system32\dllcache\shlwapi.dll
- 2008-08-20 06:38:46 615,936 ----a-w c:\windows\system32\dllcache\urlmon.dll
+ 2008-10-16 10:37:04 615,936 ----a-w c:\windows\system32\dllcache\urlmon.dll
- 2008-08-20 06:38:44 659,456 ----a-w c:\windows\system32\dllcache\wininet.dll
+ 2008-10-16 10:37:04 659,456 ----a-w c:\windows\system32\dllcache\wininet.dll
- 2006-10-18 21:47:20 937,984 ----a-w c:\windows\system32\dllcache\WMNetMgr.dll
+ 2008-06-18 05:03:08 938,496 ----a-w c:\windows\system32\dllcache\WMNetmgr.dll
- 2006-10-18 21:47:22 2,450,944 ----a-w c:\windows\system32\dllcache\wmvcore.dll
+ 2008-06-18 05:03:14 2,458,112 ----a-w c:\windows\system32\dllcache\WMVCore.dll
- 2007-12-21 13:22:52 26,952 ----a-w c:\windows\system32\drivers\avgmfx86.sys
+ 2008-12-10 12:45:02 26,824 ----a-w c:\windows\system32\drivers\avgmfx86.sys
- 2008-08-20 06:38:40 357,888 ----a-w c:\windows\system32\dxtmsft.dll
+ 2008-10-16 10:37:02 357,888 ----a-w c:\windows\system32\dxtmsft.dll
- 2008-08-20 06:38:40 205,312 ----a-w c:\windows\system32\dxtrans.dll
+ 2008-10-16 10:37:02 205,312 ----a-w c:\windows\system32\dxtrans.dll
- 2008-08-20 06:38:40 55,808 ----a-w c:\windows\system32\extmgr.dll
+ 2008-10-16 10:37:02 55,808 ----a-w c:\windows\system32\extmgr.dll
- 2008-08-20 06:38:42 251,392 ----a-w c:\windows\system32\iepeers.dll
+ 2008-10-16 10:37:02 251,392 ----a-w c:\windows\system32\iepeers.dll
- 2008-08-20 06:38:42 96,256 ----a-w c:\windows\system32\inseng.dll
+ 2008-10-16 10:37:02 96,256 ----a-w c:\windows\system32\inseng.dll
- 2008-08-20 06:38:44 16,384 ----a-w c:\windows\system32\jsproxy.dll
+ 2008-10-16 10:37:04 16,384 ----a-w c:\windows\system32\jsproxy.dll
- 2006-10-18 20:03:58 100,864 ----a-w c:\windows\system32\logagent.exe
+ 2008-06-18 01:09:22 100,864 ----a-w c:\windows\system32\logagent.exe
- 2008-08-20 06:38:48 3,060,224 ----a-w c:\windows\system32\mshtml.dll
+ 2008-10-16 10:37:06 3,059,712 ----a-w c:\windows\system32\mshtml.dll
- 2008-08-20 06:38:44 449,024 ----a-w c:\windows\system32\mshtmled.dll
+ 2008-10-16 10:37:04 449,024 ----a-w c:\windows\system32\mshtmled.dll
- 2008-08-20 06:38:42 146,432 ----a-w c:\windows\system32\msrating.dll
+ 2008-10-16 10:37:02 146,432 ----a-w c:\windows\system32\msrating.dll
- 2008-08-20 06:38:42 532,480 ----a-w c:\windows\system32\mstime.dll
+ 2008-10-16 10:37:02 532,480 ----a-w c:\windows\system32\mstime.dll
- 2008-08-20 06:38:42 39,424 ----a-w c:\windows\system32\pngfilt.dll
+ 2008-10-16 10:37:02 39,424 ----a-w c:\windows\system32\pngfilt.dll
- 2008-08-20 06:38:42 1,494,528 ----a-w c:\windows\system32\shdocvw.dll
+ 2008-10-16 10:37:04 1,494,528 ----a-w c:\windows\system32\shdocvw.dll
- 2008-08-20 06:38:44 474,112 ----a-w c:\windows\system32\shlwapi.dll
+ 2008-10-16 10:37:04 474,112 ----a-w c:\windows\system32\shlwapi.dll
- 2008-07-08 13:02:02 17,272
w c:\windows\system32\spmsg.dll
+ 2007-07-27 09:41:40 16,760
w c:\windows\system32\spmsg.dll
- 2008-07-14 12:09:18 62,976
w c:\windows\system32\tzchange.exe
+ 2008-10-22 09:47:08 62,976
w c:\windows\system32\tzchange.exe
- 2008-08-20 06:38:46 615,936 ----a-w c:\windows\system32\urlmon.dll
+ 2008-10-16 10:37:04 615,936 ----a-w c:\windows\system32\urlmon.dll
- 2008-08-20 06:38:44 659,456 ----a-w c:\windows\system32\wininet.dll
+ 2008-10-16 10:37:04 659,456 ----a-w c:\windows\system32\wininet.dll
- 2006-10-18 21:47:20 937,984 ----a-w c:\windows\system32\WMNetMgr.dll
+ 2008-06-18 05:03:08 938,496 ----a-w c:\windows\system32\WMNetmgr.dll
- 2006-10-18 21:47:22 2,450,944 ----a-w c:\windows\system32\wmvcore.dll
+ 2008-06-18 05:03:14 2,458,112 ----a-w c:\windows\system32\WMVCore.dll
- 2008-08-19 10:20:32 351,744 ----a-w c:\windows\system32\xpsp3res.dll
+ 2008-10-15 14:00:42 351,744 ----a-w c:\windows\system32\xpsp3res.dll
+ 2006-12-01 22:56:00 96,256 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
+ 2006-12-02 00:25:52 1,101,824 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
+ 2006-12-02 00:25:56 1,093,120 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
+ 2006-12-02 00:25:58 69,632 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2006-12-02 00:26:00 57,856 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
+ 2006-12-02 00:08:00 40,960 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2006-12-02 00:08:00 45,056 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2006-12-02 00:08:00 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
+ 2006-12-02 00:08:00 57,344 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2006-12-02 00:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2006-12-02 00:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2006-12-02 00:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2006-12-02 00:08:00 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
+ 2006-12-02 00:08:00 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
+ 2006-12-02 00:46:44 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-03 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"epm-dm"="c:\acer\epm\epm-dm.exe" [2004-07-14 151552]
"BigD!!!03"="c:\windows\VM303_STI.EXE" [2005-10-25 61440]
"HostManager"="c:\program files\Common Files\AOL\1204639167\ee\AOLSoftware.exe" [2006-11-17 50736]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-10 1261336]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2008-10-09 333120]
see next post for rest of logIf this has helped you please don't forget to click Thanks, thankyou.0 -
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Kodak software updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 16423]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 28672]
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 147456]
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2005-11-01 1044480]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-09-03 176128]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.JPEG"= JPEGCODE.DLL
"VIDC.MJPG"= JPEGCODE.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Messenger\\MSMSGS.EXE"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\AOL 9.0 VR\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\1204639167\\EE\\aolsoftware.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-12-10 97928]
R1 SMBHC;Microsoft SM Bus Host Controller Driver;c:\windows\system32\DRIVERS\SMBHC.sys [2004-08-30 6784]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-12-10 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-10 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-12-10 76040]
R2 EpmPsd;Acer EPM Power Scheme Driver;\??\c:\windows\system32\drivers\epm-psd.sys [2005-03-30 4096]
R2 EpmShd;Acer EPM System Hardware Driver;\??\c:\windows\system32\drivers\epm-shd.sys [2005-03-30 78208]
R2 osaio;osaio;c:\windows\system32\drivers\osaio.sys [2004-06-01 10594]
R2 osanbm;osanbm;c:\windows\system32\drivers\osanbm.sys [2004-06-01 4054]
R3 IPN2220;acer IPN2220 Wireless LAN Card Driver;c:\windows\system32\DRIVERS\i2220ntx.sys [1980-01-01 140288]
R3 SMBBATT;Microsoft Smart Battery Driver;c:\windows\system32\DRIVERS\SMBBATT.sys [2004-08-30 16128]
S3 DMSKSSRh;DMSKSSRh;\??\c:\docume~1\RUTHEY~1\LOCALS~1\Temp\DMSKSSRh.sys []
.
Contents of the 'Scheduled Tasks' folder
2008-12-12 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SMARTD~1\MESSAGES\SDNotify.exe [2007-09-26 09:53]
.
.
Supplementary Scan
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.msn.com
uInternet Connection Wizard,ShellNext = hxxp://amch.questionmarket.com/adscgen/invite.php?survey_num=201335&site=10&code=202554&pic=gif&creativename=AOL-200x200-1l-eng-nul&secs_up=60
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: &Search
IE: Add to AMV Converter... - c:\program files\MP3 Player Utilities 4.18\AMVConverter\grab.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
O16 -: Yahoo! Chat - hxxp://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
c:\windows\Downloaded Program Files\Yahoo! Chat.osd
c:\windows\Downloaded Program Files\MJPEGRender.ocx - O16 -: !!96816368-C1E3-414D-A193-63C3CC921990}
hxxp://gretnaweddings-anvilhall.remotemanager.co.uk/common/activex/MJPEGRender.ocx
FF - ProfilePath - c:\documents and settings\ruth eyre\Application Data\Mozilla\Firefox\Profiles\9pe3cmnz.default\
FF - plugin: c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF - plugin: c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJPI150_05.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPOJI610.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-12 12:17:42
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigD!!!03 = c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)????????????????0?????????@??????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
DLLs Loaded Under Running Processes
- - - - - - - > 'winlogon.exe'(888)
c:\windows\system32\avgrsstx.dll
- - - - - - - > 'lsass.exe'(952)
c:\windows\system32\avgrsstx.dll
.
Completion time: 2008-12-12 12:18:41
ComboFix-quarantined-files.txt 2008-12-12 12:18:40
ComboFix2.txt 2008-12-10 11:00:30
Pre-Run: 11,117,232,128 bytes free
Post-Run: 11,149,672,448 bytes free
302 --- E O F --- 2008-12-11 01:07:41
What does it mean?If this has helped you please don't forget to click Thanks, thankyou.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 354.3K Banking & Borrowing
- 254.4K Reduce Debt & Boost Income
- 455.4K Spending & Discounts
- 247.2K Work, Benefits & Business
- 603.9K Mortgages, Homes & Bills
- 178.4K Life & Family
- 261.4K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.7K Read-Only Boards