We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Laptop infected with Malware and is completely unusable :(
Comments
-
Ex forum ambassador
Long term forum member0 -
Here is the Hijack this log after fixing as suggested:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:58:24, on 22/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\GSICON.EXE
C:\WINDOWS\system32\dslagent.exe
C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Creative\DVB-T Personal Video Recorder\Monitor.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\taskmgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgwb.dat
F:\HJT\HiJackThis.exe
F:\Malwarebytes' Anti-Malware\mbam.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.couchsurfing.com/group.html?gid=1251
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &RoboForm - !!724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [Creative DVB-T PVR Monitor] C:\Program Files\Creative\DVB-T Personal Video Recorder\Monitor.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Mark Southgate\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Fill Forms - !!320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - !!320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - !!320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - !!320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - !!724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - !!724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: !!56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://ca.com/gb/securityadvisor/pestscan/pestscan.cab
O16 - DPF: !!7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://ca.com/gb/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 9458 bytes
Thanks again.
Will try combofix next."The happiest of people don't necessarily have the
best of everything; they just make the best
of everything that comes along their way."
-- Author Unknown --0 -
It isn't. It's not even close to being as this and several dozen other threads have indicated. You'll note they're all AVG users.
What would people recommend in preference to AVG (free or otherwise)?
No point in getting AVG v8 for £40 if there is a better option...
Thanks."The happiest of people don't necessarily have the
best of everything; they just make the best
of everything that comes along their way."
-- Author Unknown --0 -
competitionscafe wrote: »What would people recommend in preference to AVG (free or otherwise)?
No point in getting AVG v8 for £40 if there is a better option...
Thanks.
There is a free version of AVG 8 you do realise?
Anyways, its a bit c*ap. Id recommend AVIRA personally
http://www.download.com/Avira-AntiVir-Personal-Free-Antivirus/3000-2239_4-10322935.html:idea:0 -
Hi,
Apparently the updates for AVG 7.5 will stop at year end, so a new anti-virus will have to be found.
Jo0 -
I also notice ur using sunbelt firewall
Its been tested to have quite a few leaks (ie ~ NOT good as a firewall)
id recommend uninstalling (it MUST be completely gone before installing another)
and installing PCTOOLS FIREWALL
http://www.download.com/PC-Tools-Firewall-Plus-Free-Edition/3000-10435_4-10625321.html
(fastest, one of the safest, easy to use and no known issues)
It also comes with THREATFIRE (Though u dont HAVE to install it), But threatfire will prevent further nasties:idea:0 -
Sorry to go a little o/t here....I also notice ur using sunbelt firewall
Its been tested to have quite a few leaks (ie ~ NOT good as a firewall)
id recommend uninstalling (it MUST be completely gone before installing another)
and installing PCTOOLS FIREWALL
http://www.download.com/PC-Tools-Firewall-Plus-Free-Edition/3000-10435_4-10625321.html
(fastest, one of the safest, easy to use and no known issues)
It also comes with THREATFIRE (Though u dont HAVE to install it), But threatfire will prevent further nasties
but.....
i'am still using Vista's own firewall
However was thinking of giving Comodo a try over the holiday..
Why would you recommend the PC-Tools firewall over the Comodo one
any particular reason?:beer:0 -
mulldoonuk wrote: »Sorry to go a little o/t here....
but.....
i'am still using Vista's own firewall
However was thinking of giving Comodo a try over the holiday..
Why would you recommend the PC-Tools firewall over the Comodo one
any particular reason?:beer:
Well 1st up. Im unsure if its possible to download JUST the firewall now (minus the anti virus package which hasnt yet proved to me that its any good)
but assuming you can ~
It stopped my (and my fathers) lexmark printers from working (A known issue thats on their own forums)
Aside from that, comodos sound. Except its defense mode is REALLY confusing at first. its not the easiest firewall to use
PC Tools is quicker to respond, easier to use and no known issues
As for leakage ~ theyre about the same (But still very good)
PC TOOLs also comes with THREATFIRE (An anti virus 'add on' if you will)
Although its free to download anyways, it seems to be an excellent additon to security from the tests that ive seen.:idea:0 -
Hmm..no can do.
My problems sound identical to the ones posted here:
http://discussions.virtualdr.com/archive/index.php/t-235790.html
and here:
http://forums.superantispyware.com/viewtopic.php?f=2&t=2112&p=11673
I have uninstalled the AVG Anti Virus and Sunbelt firewall and installed Avira anti-virus and PC tools with Threatfire on both the infected laptop and this PC. Laptop is much improved in that it doesn't freeze or reset every 5 to 12 seconds! However I cannot run combofix or malwarebytes or spybot etc from a flash drive even after renaming them.
If I go online and try to download them I just get redirected to various spammy search engine sites and even if I do a search in google for malwarebytes for example when I click on the link it opens a new window with another site. :mad:
I did a complete scan with Avira (log below) and a full scan and Intelli-scan with Threatfire found nothing. The only other prog I can run is crap cleaner but this is out of date and I cannot update it - whatever it finds I remove but it's not finding much.
Avira AntiVir Personal
Report file date: 22 December 2008 17:14
Scanning for 1109734 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: BADGERLAPTOP
Version information:
BUILD.DAT : 8.2.0.337 16934 Bytes 11/18/2008 13:05:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 11/18/2008 09:21:26
AVSCAN.DLL : 8.1.4.0 40705 Bytes 5/26/2008 08:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 6/12/2008 13:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 5/26/2008 08:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 12:30:36
ANTIVIR1.VDF : 7.1.0.197 1170432 Bytes 12/7/2008 17:10:56
ANTIVIR2.VDF : 7.1.0.250 342528 Bytes 12/18/2008 17:11:02
ANTIVIR3.VDF : 7.1.1.20 140288 Bytes 12/22/2008 17:11:07
Engineversion : 8.2.0.45
AEVDF.DLL : 8.1.0.6 102772 Bytes 10/14/2008 11:05:56
AESCRIPT.DLL : 8.1.1.19 336252 Bytes 12/22/2008 17:11:13
AESCN.DLL : 8.1.1.5 123251 Bytes 11/7/2008 16:06:41
AERDL.DLL : 8.1.1.3 438645 Bytes 11/4/2008 14:58:38
AEPACK.DLL : 8.1.3.4 393591 Bytes 11/11/2008 10:41:39
AEOFFICE.DLL : 8.1.0.33 196987 Bytes 12/22/2008 17:11:13
AEHEUR.DLL : 8.1.0.75 1524087 Bytes 12/22/2008 17:11:12
AEHELP.DLL : 8.1.2.0 119159 Bytes 12/22/2008 17:11:11
AEGEN.DLL : 8.1.1.8 323956 Bytes 12/22/2008 17:11:10
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/14/2008 11:05:56
AECORE.DLL : 8.1.5.2 172405 Bytes 12/22/2008 17:11:09
AEBB.DLL : 8.1.0.3 53618 Bytes 10/14/2008 11:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/9/2008 09:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 5/16/2008 10:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 7/31/2008 13:02:15
AVREG.DLL : 8.0.0.1 33537 Bytes 5/9/2008 12:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 09:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 6/12/2008 13:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/22/2008 18:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 6/12/2008 13:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 13:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 6/12/2008 14:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 6/27/2008 14:34:37
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: 22 December 2008 17:14
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'imapi.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'setup.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avnotify.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'taskmgr.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
Scan process 'NicConfigSvc.exe' - '1' Module(s) have been scanned
Scan process 'KService.exe' - '1' Module(s) have been scanned
Scan process 'kpf4ss.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'BCMWLTRY.EXE' - '1' Module(s) have been scanned
Scan process 'WLTRYSVC.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
34 processes with 34 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Starting to scan the registry.
C:\WINDOWS\system32\byXPGXQI.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING] The file could not be deleted!
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] The file was moved to '49a7cb91.qua'!
The registry was scanned ( '75' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\ARK1.tmp
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING] The file could not be deleted!
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] The file was moved to '4b5fc8ac.qua'!
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Mark Southgate\Desktop\scotsmanClarkesofbruntsfield_files\DartIframePage_002.htm
[DETECTION] Contains HEUR/HTML.Malware suspicious code
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '49c1cf9e.qua'!
C:\Documents and Settings\Mark Southgate\Desktop\scotsmanClarkesofbruntsfield_files\DartIframePage_004.htm
[DETECTION] Contains HEUR/HTML.Malware suspicious code
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '49c1cfa6.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP387\A0070460.exe
[DETECTION] Is the TR/Agent.axoc Trojan
[NOTE] The file was moved to '497fda7b.qua'!
C:\WINDOWS\system32\byXOghHW.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49a7e25c.qua'!
C:\WINDOWS\system32\byXOhHaa.dll
[DETECTION] Is the TR/Vundo.GCY Trojan
[NOTE] The file was moved to '49a7e262.qua'!
C:\WINDOWS\system32\geBtSKCs.dll
[DETECTION] Is the TR/Vundo.GCY Trojan
[NOTE] The file was moved to '4991e27f.qua'!
C:\WINDOWS\system32\iifcYQIY.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b5e29a.qua'!
C:\WINDOWS\system32\ssqNExyY.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING] The file could not be deleted!
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] The file was moved to '480bf05b.qua'!
C:\WINDOWS\system32\tyshb36rfjdf.dll
[DETECTION] Is the TR/Dldr.Small.ahmz Trojan
[NOTE] The file was moved to '49c2e338.qua'!
End of the scan: 22 December 2008 19:02
Used time: 1:47:48 Hour(s)
The scan has been done completely.
5443 Scanning directories
195404 Files were scanned
9 viruses and/or unwanted programs were found
2 Files were classified as suspicious:
0 files were deleted
0 files were repaired
11 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
195391 Files not concerned
3227 Archives were scanned
5 Warnings
11 Notes
Thanks again."The happiest of people don't necessarily have the
best of everything; they just make the best
of everything that comes along their way."
-- Author Unknown --0 -
can you not run MALWAREBYTES etc in SAFE MODE WITH NETWORKING now?:idea:0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.3K Banking & Borrowing
- 253.7K Reduce Debt & Boost Income
- 454.4K Spending & Discounts
- 245.3K Work, Benefits & Business
- 601.1K Mortgages, Homes & Bills
- 177.6K Life & Family
- 259.2K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards