We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Please help! Had Defender virus warning - Now desktop icons have vanished!
Comments
-
Malwarebytes' Anti-Malware 1.31
Database version: 1571
Windows 5.1.2600 Service Pack 3
30/12/2008 20:06:50
mbam-log-2008-12-30 (20-06-45).txt
Scan type: Full Scan (C:\|)
Objects scanned: 107626
Time elapsed: 31 minute(s), 45 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> No action taken.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
That Trojan is still there and when I reboot it does not delete. What can I do?0 -
Ok im not going to make many friends here by saying this but,
After all the time spent reading Hijack logs and Virus eradication on this thread I by now (easiest option) would of backed up any important info to a pen drive and formatted and reinstalled (as long as you know what your doing) then installed any AV, AS, Firewall etc etc and programs you use then AV scan the pendrive that has your important docs on and reload your important Doc's again, this way will make sure you have no nasties.
This is what I would do.
Why? well I could sit down for hours and try eradicatin methods and believe me Im no noob at this but I would still have a niggle in the back of my mind and that niggle would be, Is my PC really clean?
Best of luck anyway
0 -
That sounds good but I DON'T know what I'm doing and these people have been very patient trying to help this idiot. If I knew how to do the other I would but do I need to find my software again for the XP as I probably have lost it too?
If there is a guide as to how to restart the whole thing again I'd appreciate a dummies guide. I'll try anything.
Thanks0 -
Malwarebytes' Anti-Malware 1.31
Database version: 1571
Windows 5.1.2600 Service Pack 3
30/12/2008 20:06:50
mbam-log-2008-12-30 (20-06-45).txt
Scan type: Full Scan (C:\|)
Objects scanned: 107626
Time elapsed: 31 minute(s), 45 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> No action taken.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
That Trojan is still there and when I reboot it does not delete. What can I do?
run quick scan
Make sure that everything is checked, and click Remove Selected
you are ok with the clean, no need to re-install , even hidden rootkits can be safely removed with this or Combifix , ensuring the integrity of the PCEx forum ambassador
Long term forum member0 -
Hello Browntoa
I've done what you said numerous times its is slways checked and I always reboot but it seems to remain no matter what I do. I've done a Combifix also but to no avail. I'm at a total loss but will give this a go again.0 -
Just done a malwarebytes again and tried to remove the trojan rebooted and did another malwarebytes scan and it was still there. Would a combifix be worth doing again as I already did it before and it didn't make any difference?0
-
yes , download a fresh copy
download ComboFix from one of the following URLs: then rescanEx forum ambassador
Long term forum member0 -
ComboFix 08-12-29.02 - Bernardine 2008-12-30 21:45:59.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.176 [GMT 0:00]
Running from: c:\documents and settings\Bernardine\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
FW: PC Tools Firewall Plus *disabled*
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2008-11-28 to 2008-12-30 )))))))))))))))))))))))))))))))
.
2008-12-30 13:56 . 2008-12-30 13:56 <DIR> d--h
C:\$AVG8.VAULT$
2008-12-30 12:00 . 2008-12-30 12:06 <DIR> d
c:\windows\system32\drivers\Avg
2008-12-30 12:00 . 2008-12-30 13:58 <DIR> d
c:\documents and settings\Bernardine\Application Data\AVGTOOLBAR
2008-12-30 12:00 . 2008-12-30 12:00 97,928 --a
c:\windows\system32\drivers\avgldx86.sys
2008-12-30 12:00 . 2008-12-30 12:00 76,040 --a
c:\windows\system32\drivers\avgtdix.sys
2008-12-30 12:00 . 2008-12-30 12:00 10,520 --a
c:\windows\system32\avgrsstx.dll
2008-12-30 11:59 . 2008-12-30 11:59 <DIR> d
c:\program files\AVG
2008-12-30 11:59 . 2008-12-30 11:59 <DIR> d
c:\documents and settings\All Users\Application Data\avg8
2008-12-29 21:37 . 2008-12-01 17:10 98,168 --a
c:\windows\system32\drivers\dwprot.sys
2008-12-29 21:34 . 2008-12-29 23:32 <DIR> d
c:\program files\DrWeb
2008-12-29 21:34 . 2008-12-29 21:34 <DIR> d
c:\documents and settings\All Users\Application Data\Doctor Web
2008-12-29 20:54 . 2008-12-29 21:38 <DIR> d
c:\documents and settings\Bernardine\DoctorWeb
2008-12-19 15:53 . 2008-12-19 15:53 <DIR> d
c:\documents and settings\Patrick\Application Data\PCToolsFirewallPlus
2008-12-16 18:39 . 2008-12-16 22:13 1,393 --a
c:\windows\imsins.BAK
2008-12-14 20:40 . 2008-12-14 20:40 <DIR> d
C:\rsit
2008-12-14 20:33 . 2008-12-14 20:33 <DIR> d
c:\documents and settings\All Users\Application Data\Yahoo! Companion
2008-12-14 20:06 . 2008-12-14 20:06 <DIR> d
c:\program files\Yahoo!
2008-12-14 20:05 . 2008-12-14 20:06 <DIR> d
c:\program files\CCleaner
2008-12-14 11:00 . 2008-12-14 11:00 410,984 --a
c:\windows\system32\deploytk.dll
2008-12-14 11:00 . 2008-12-14 11:00 73,728 --a
c:\windows\system32\javacpl.cpl
2008-12-14 00:37 . 2008-12-14 00:37 <DIR> d
c:\documents and settings\Bernardine\Application Data\PCToolsFirewallPlus
2008-12-14 00:35 . 2008-12-14 00:44 <DIR> d
c:\program files\PC Tools Firewall Plus
2008-12-14 00:35 . 2008-12-14 00:35 <DIR> d
c:\program files\Common Files\PC Tools
2008-12-14 00:35 . 2008-07-28 11:29 160,792 --a
c:\windows\system32\drivers\pctfw2.sys
2008-12-14 00:35 . 2008-07-17 16:53 93,952 --a
c:\windows\system32\drivers\pctfw.sys
2008-12-14 00:35 . 2008-08-05 15:58 58,136 --a
c:\windows\system32\drivers\FWAuthdriver.sys
2008-12-14 00:34 . 2008-12-14 10:57 <DIR> d
c:\program files\ThreatFire
2008-12-14 00:34 . 2008-12-30 21:51 <DIR> d-a
c:\documents and settings\All Users\Application Data\TEMP
2008-12-13 22:56 . 2008-12-13 22:56 <DIR> d
c:\program files\Trend Micro
2008-12-13 21:04 . 2008-12-13 21:04 <DIR> d
c:\program files\SUPERAntiSpyware
2008-12-13 21:04 . 2008-12-13 21:04 <DIR> d
c:\program files\Common Files\Wise Installation Wizard
2008-12-13 21:04 . 2008-12-13 21:04 <DIR> d
c:\documents and settings\Bernardine\Application Data\SUPERAntiSpyware.com
2008-12-13 21:04 . 2008-12-13 21:04 <DIR> d
c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-13 20:29 . 2008-12-13 20:29 <DIR> d
c:\program files\Malwarebytes' Anti-Malware
2008-12-13 20:29 . 2008-12-13 20:29 <DIR> d
c:\documents and settings\Bernardine\Application Data\Malwarebytes
2008-12-13 20:29 . 2008-12-13 20:29 <DIR> d
c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-13 20:29 . 2008-12-03 19:53 38,496 --a
c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-13 20:29 . 2008-12-03 19:53 15,504 --a
c:\windows\system32\drivers\mbam.sys
2008-12-13 18:04 . 2008-12-13 18:04 <DIR> d
c:\windows\SxsCaPendDel
2008-12-11 12:29 . 2008-12-11 12:29 <DIR> d
c:\program files\Windows Defender
2008-12-11 11:08 . 2008-12-11 11:08 <DIR> d
c:\documents and settings\All Users\Application Data\SITEguard
2008-12-11 11:07 . 2008-12-11 11:07 <DIR> d
c:\program files\Common Files\iS3
2008-12-11 11:07 . 2008-12-13 18:03 <DIR> d
c:\documents and settings\All Users\Application Data\STOPzilla!
2008-11-19 19:45 . 2008-11-19 19:53 <DIR> d
c:\documents and settings\Bernardine\Application Data\U3
2008-11-11 18:17 . 2008-10-24 11:21 455,296
c:\windows\system32\dllcache\mrxsmb.sys
2008-11-11 18:15 . 2008-09-04 17:15 1,106,944
c:\windows\system32\dllcache\msxml3.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-14 10:59
d
w c:\program files\Java
2008-12-13 23:43
d
w c:\documents and settings\Patrick\Application Data\Virgin Broadband
2008-12-13 23:43
d
w c:\documents and settings\Cora\Application Data\Virgin Broadband
2008-12-13 23:43
d
w c:\documents and settings\Bernardine\Application Data\Virgin Broadband
2008-12-13 23:43
d
w c:\documents and settings\All Users\Application Data\Virgin Broadband
2008-12-05 21:37
d
w c:\program files\Coupon Printer
.
((((((((((((((((((((((((((((( snapshot_2008-12-17_19.53.37.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-17 02:08:40 3,593,216 -c----w c:\windows\ie7updates\KB960714-IE7\mshtml.dll
+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:47 371,424 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\updspapi.dll
- 2008-10-17 02:08:40 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
+ 2008-12-13 06:40:02 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
+ 2008-12-30 12:00:12 26,824 ----a-w c:\windows\system32\drivers\avgmfx86.sys
- 2008-10-17 02:08:40 3,593,216 ----a-w c:\windows\system32\mshtml.dll
+ 2008-12-13 06:40:02 3,593,216 ----a-w c:\windows\system32\mshtml.dll
- 2008-12-17 15:30:36 54,280 ----a-w c:\windows\system32\perfc009.dat
+ 2008-12-30 21:30:25 54,280 ----a-w c:\windows\system32\perfc009.dat
- 2008-12-17 15:30:36 384,596 ----a-w c:\windows\system32\perfh009.dat
+ 2008-12-30 21:30:25 384,596 ----a-w c:\windows\system32\perfh009.dat
+ 2008-12-30 21:50:16 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_7d4.dat
+ 2006-12-01 22:56:00 96,256 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
+ 2006-12-01 22:54:32 479,232 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
+ 2006-12-01 22:54:34 548,864 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
+ 2006-12-01 22:54:32 626,688 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
+ 2006-12-02 00:25:52 1,101,824 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
+ 2006-12-02 00:25:56 1,093,120 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
+ 2006-12-02 00:25:58 69,632 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2006-12-02 00:26:00 57,856 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
+ 2006-12-02 00:08:00 40,960 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2006-12-02 00:08:00 45,056 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2006-12-02 00:08:00 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
+ 2006-12-02 00:08:00 57,344 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2006-12-02 00:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2006-12-02 00:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2006-12-02 00:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2006-12-02 00:08:00 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
+ 2006-12-02 00:08:00 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
+ 2006-12-02 00:46:44 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-29 339968]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-09-05 26112]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"SpeedTouch USB Diagnostics"="c:\program files\Virgin Net Broadband\Dragdiag.exe" [2004-01-26 866816]
"PCSuiteTrayApplication"="c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2005-12-13 217088]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-25 282624]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-10-30 256576]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2008-08-05 2611096]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-14 136600]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-30 1261336]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 c:\windows\STSYSTRA.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-18 68856]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil9e.exe" [2007-11-21 218496]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-01-01 1183744]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-09-05 24576]
ImageMixer HDD Camera Monitor.lnk - c:\program files\PIXELA\ImageMixer3\HDDCameraMonitor.exe [2008-03-22 2117632]
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2005-10-15 118784]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"!!5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-03 14:56 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ s c e l i
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\QuickTime\\qttask.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
R0 DwProt;DrWeb Protection;c:\windows\system32\drivers\dwprot.sys [2008-12-29 98168]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-12-30 97928]
R1 pctfw2;pctfw2;\??\c:\windows\system32\drivers\pctfw2.sys [2008-12-14 160792]
R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-12-04 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-12-04 55024]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-12-30 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-30 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-12-30 76040]
R2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" [2006-11-03 13592]
R3 FWAuth;FWAuth Driver;\??\c:\windows\system32\drivers\FWAuthDriver.sys [2008-12-14 58136]
S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-04 7408]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\!!85613450-b672-11dd-b6c5-000e509e0b37}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
2008-10-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 17:13]
2008-12-30 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.virginmedia.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
c:\windows\system32\unicows.dll - c:\windows\Downloaded Program Files\ImageUploader4.ocx
O16 -: !!05CDEE1D-D109-4992-B72B-6D4F5E2AB731}
hxxp://static.photobox.co.uk/sg/common/ImageUploader4.cab
c:\windows\Downloaded Program Files\ImageUploader4.inf
c:\windows\system32\atl.dll - c:\windows\Downloaded Program Files\ICSScan.dll
O16 -: !!7F8C8173-AD80-4807-AA75-5672F22B4582}
hxxp://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37370.cab
c:\windows\Downloaded Program Files\ICSScanner.inf
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-30 21:50:43
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
DLLs Loaded Under Running Processes
- - - - - - - > 'winlogon.exe'(1112)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\NTMARTA.DLL
.
Other Running Processes
.
c:\windows\system32\ati2evxx.exe
c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\PC Tools Firewall Plus\FWService.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
.
**************************************************************************
.
Completion time: 2008-12-30 21:53:26 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-30 21:53:22
ComboFix2.txt 2008-12-15 21:29:09
ComboFix3.txt 2008-12-15 20:39:22
ComboFix4.txt 2008-12-15 19:17:59
Pre-Run: 138,225,795,072 bytes free
Post-Run: 138,298,839,040 bytes free
242 --- E O F --- 2008-12-29 20:51:390 -
looking on the malwarebytes forums , this is a new one, no fix as yet
http://www.malwarebytes.org/forums/index.php?showtopic=8894&pid=43553&mode=threaded&start=#entry43553
I'll keep an eye on that thread and post when it shows a cure (or they update the software to remove it)
bear with usEx forum ambassador
Long term forum member0 -
Hi Browntoa
Should I hold off for now and wait further instruction?0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 353.2K Banking & Borrowing
- 254K Reduce Debt & Boost Income
- 454.9K Spending & Discounts
- 246.3K Work, Benefits & Business
- 602.4K Mortgages, Homes & Bills
- 177.9K Life & Family
- 260.2K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards