We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
OMG 334 infected files found
Comments
-
Thanks, will do this when i get home from work tomorow.0
-
Where do you usually download your files to? Surely it will be in this folder?
If you're messing around with .sys files then I think you're trying to open the wrong thing and risk making a complete mess of your PC!
Maybe you'd be better off taking it into a repair shop and letting someone who knows what they're doing have a look at it
“You can please some of the people some of the time, all of the people some of the time, some of the people all of the time, but you can never please all of the people all of the time.”0 -
Thank, getting someone out to do the memory upgrade and he will look at the pc as well. no havent been messing with file if it says cant be opened or any other warnings that comes up leave well alone. i put all the files into my documents then i know where to find then later. thanks steph0
-
Ya, managed to do a combofix. hope everythings ok
ComboFix 09-03-18.01 - Steph 2009-03-20 17:30:26.1 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.191.72 [GMT 0:00]
Running from: d:\documents and settings\Steph\My Documents\ComboFixCAMC1Z4B.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
FW: AVG Firewall *disabled*
FW: PC Tools Firewall Plus *enabled*
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Downloaded Program Files\ODCTOOLS
.
((((((((((((((((((((((((( Files Created from 2009-02-20 to 2009-03-20 )))))))))))))))))))))))))))))))
.
2009-03-18 09:12 . 2008-12-11 08:38 159,600 --a
c:\windows\system32\drivers\pctgntdi.sys
2009-03-18 09:12 . 2008-12-11 12:32 132,976 --a
c:\windows\system32\drivers\PCTCore.sys
2009-03-18 09:12 . 2008-12-11 12:32 73,840 --a
c:\windows\system32\drivers\PCTAppEvent.sys
2009-03-18 09:10 . 2008-12-11 17:01 95,640 --a
c:\windows\system32\drivers\pctplfw.sys
2009-03-16 17:37 . 2009-03-16 17:39 <DIR> d
c:\program files\CCleaner
2009-03-15 21:24 . 2009-03-15 21:28 <DIR> d
C:\rsit
2009-03-15 10:49 . 2009-03-15 10:50 <DIR> d
d:\documents and settings\Steph\Application Data\PCToolsFirewallPlus
2009-03-15 10:35 . 2008-09-22 12:29 97,408 --a
c:\windows\system32\drivers\pctfw.sys
2009-03-15 10:33 . 2009-03-20 17:15 <DIR> d-a
d:\documents and settings\All Users\Application Data\TEMP
2009-03-15 10:33 . 2009-03-18 09:17 <DIR> d
c:\program files\PC Tools Firewall Plus
2009-03-15 10:33 . 2009-03-18 09:16 <DIR> d
c:\program files\Common Files\PC Tools
2009-03-15 10:32 . 2009-03-15 10:32 <DIR> d
d:\documents and settings\All Users\Application Data\PC Tools
2009-03-15 10:32 . 2009-03-15 11:30 <DIR> d
c:\program files\ThreatFire
2009-03-15 10:32 . 2009-03-03 12:19 51,472 --a
c:\windows\system32\drivers\TfFsMon.sys
2009-03-15 10:32 . 2009-03-03 12:19 39,184 --a
c:\windows\system32\drivers\TfSysMon.sys
2009-03-15 10:32 . 2009-03-03 12:19 33,040 --a
c:\windows\system32\drivers\TfNetMon.sys
2009-03-15 10:32 . 2009-03-03 12:19 12,560 --a
c:\windows\system32\drivers\TfKbMon.sys
2009-03-14 21:47 . 2009-03-14 22:40 <DIR> d
d:\documents and settings\Steph\DoctorWeb
2009-03-14 15:14 . 2009-03-14 15:14 <DIR> d
d:\documents and settings\All Users\Application Data\Avira
2009-03-14 15:14 . 2009-03-14 15:14 <DIR> d
c:\program files\Avira
2009-03-12 19:32 . 2009-03-12 19:32 <DIR> d
d:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-03-12 19:31 . 2009-03-12 19:31 <DIR> d
d:\documents and settings\Steph\Application Data\SUPERAntiSpyware.com
2009-03-12 19:31 . 2009-03-12 19:31 <DIR> d
c:\program files\SUPERAntiSpyware
2009-03-12 19:26 . 2009-03-12 19:26 <DIR> d
c:\program files\Common Files\Wise Installation Wizard
2009-03-12 15:21 . 2009-03-12 15:21 <DIR> d
c:\program files\Trend Micro
2009-03-11 23:16 . 2009-03-11 23:16 <DIR> d
d:\documents and settings\Steph\Application Data\Malwarebytes
2009-03-11 23:15 . 2009-03-11 23:15 <DIR> d
d:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-11 23:15 . 2009-03-11 23:16 <DIR> d
c:\program files\Malwarebytes' Anti-Malware
2009-03-11 23:15 . 2009-02-11 10:19 38,496 --a
c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-11 23:15 . 2009-02-11 10:19 15,504 --a
c:\windows\system32\drivers\mbam.sys
2009-03-11 21:43 . 2009-03-11 21:43 260 --a
c:\windows\_delis32.ini
2009-03-10 23:37 . 2009-03-13 18:44 <DIR> d--h
C:\$AVG8.VAULT$
2009-03-10 17:47 . 2009-03-14 15:06 <DIR> d
d:\documents and settings\All Users\Application Data\avg8
2009-03-10 17:47 . 2009-03-10 17:47 <DIR> d
c:\program files\AVG
2009-03-10 17:27 . 2009-03-10 17:27 50,968 --a
c:\windows\system32\avgfwdx.dll
2009-03-08 10:46 . 2009-03-08 10:53 <DIR> d
d:\documents and settings\Steph\.housecall6.6
2009-03-07 18:16 . 2009-03-07 18:16 <DIR> d
d:\documents and settings\All Users\Application Data\Citrix
2009-03-06 19:47 . 2009-03-06 19:47 <DIR> d
c:\windows\_ISTMP1.DIR
2009-03-02 19:25 . 2009-03-02 19:26 <DIR> d
c:\program files\Photo Story 3 for Windows
2009-02-23 09:20 . 2009-02-23 09:17 410,984 --a
c:\windows\system32\deploytk.dll
2009-02-23 09:20 . 2009-02-23 09:17 73,728 --a
c:\windows\system32\javacpl.cpl
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-15 19:15
d
w d:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-15 17:58
d
w c:\program files\Spybot - Search & Destroy
2009-03-15 02:54
d
w c:\program files\Common Files\Motive
2009-03-14 23:19
d
w c:\program files\VoyagerModemDrivers
2009-03-11 21:47
d--h--w c:\program files\InstallShield Installation Information
2009-03-11 21:45
d
w c:\program files\GSP
2009-03-11 21:42
d
w c:\program files\Pony Luv
2009-03-11 21:42
d
w c:\program files\Amazon
2009-03-08 11:02
d
w c:\program files\Hallmark
2009-02-23 09:15
d
w c:\program files\Java
2008-04-15 11:50 4 ----a-w d:\documents and settings\Steph\Application Data\wklnhst.dat
2006-01-07 16:42 0 ----a-w d:\documents and settings\David\Application Data\wklnhst.dat
2008-09-10 02:18 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008091020080911\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-02-14 160592]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-02-17 1830128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-23 136600]
"PCMService"="c:\apps\Powercinema\PCMService.exe" [2005-05-11 127118]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"HostManager"="c:\program files\Common Files\AOL\1137441772\ee\AOLSoftware.exe" [2006-11-17 50736]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2007-12-07 71008]
"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-10-18 79448]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 40960]
"SetDefPrt"="c:\program files\Brother\Brmfl04a\BrStDvPt.exe" [2004-05-25 49152]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 851968]
"DSLSTATEXE"="c:\program files\BT Voyager 105 ADSL Modem\dslstat.exe" [2003-06-28 1658965]
"DSLAGENTEXE"="c:\program files\BT Voyager 105 ADSL Modem\dslagent.exe" [2003-08-19 16384]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"ThreatFire"="c:\program files\ThreatFire\TFTray.exe" [2009-03-03 263440]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2008-12-11 2652056]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"SoundMan"="SOUNDMAN.EXE" [2005-06-20 c:\windows\SOUNDMAN.EXE]
"SiSPower"="SiSPower.dll" [2005-01-04 c:\windows\system32\SiSPower.dll]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
d:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
AOL 9.0 Tray Icon.lnk - c:\program files\AOL 9.0\aoltray.exe [2007-05-16 156784]
AOL Broadband Assistant.lnk - c:\program files\AOL\Broadband Assistant\bin\matcli.exe [2006-10-11 217088]
Digimax Viewer 2.1.lnk - c:\program files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe [2006-01-08 626688]
Utility Tray.lnk - c:\windows\system32\sistray.exe [2005-12-09 331776]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"!!5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.ulmp3acm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
"msacm.mpegacm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\mpegacm.acm
"VIDC.MJPG"= jl_mjpg2.drv
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1137441772\\ee\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\1137441772\\ee\\aolsoftware.exe"=
"c:\\APPS\\skype\\phone\\Skype.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\Magentic\\bin\\MgApp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2009-03-15 51472]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2009-03-15 39184]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-03-18 159600]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-02-17 8944]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-02-17 55024]
S2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2009-03-18 73840]
S2 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service --> c:\program files\ThreatFire\TFService.exe service [?]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\DRIVERS\avgfwdx.sys --> c:\windows\system32\DRIVERS\avgfwdx.sys [?]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwdx.sys --> c:\windows\system32\DRIVERS\avgfwdx.sys [?]
S3 JL2005;JL2005A Camera;c:\windows\system32\Drivers\toywdm.sys --> c:\windows\system32\Drivers\toywdm.sys [?]
S3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2009-03-18 95640]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2009-03-15 33040]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Magentic - c:\progra~1\Magentic\bin\Magentic.exe
.
Supplementary Scan
.
uStart Page = hxxp://www.moneybackmadness.co.uk/
uInternet Connection Wizard,ShellNext = iexplore
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: &eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: &Search
IE: Customize Menu - [URL]file://c:\program[/URL] files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - [URL]file://c:\program[/URL] files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - [URL]file://c:\program[/URL] files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - [URL]file://c:\program[/URL] files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: !!51C16693-1E81-45D1-9180-0DDF7AE87B5A} = 92.31.242.20 92.31.242.21
DPF: Microsoft XML Parser for Java - [URL]file://c:\windows\Java\classes\xmldso.cab[/URL]
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-20 17:35:21
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
DLLs Loaded Under Running Processes
- - - - - - - > 'winlogon.exe'(960)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2009-03-20 17:38:37
ComboFix-quarantined-files.txt 2009-03-20 17:38:11
Pre-Run: 10,460,528,640 bytes free
Post-Run: 10,442,526,720 bytes free
191 --- E O F --- 2009-03-12 17:27:100 -
Hi aliEnRIK
have done the killbox, AOL has done a quick scan and found bitfrost- backdoor.
thanks steph0 -
Only thing left now is to remove AVG properly as its still mostly running
Use the 32 bit AVG removal tool
http://www.avg.com/download-tools
Let me know how you get on:idea:0 -
Hi have done the above twice so should of gone now, so is my pc clean now and got rid of all the bugs. can i start to loging into places and enter my details. thanks steph0
-
Id say your clean ~ (AVG pending):idea:0
-
how will i know if avg has gone for sure 0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352K Banking & Borrowing
- 253.5K Reduce Debt & Boost Income
- 454.2K Spending & Discounts
- 245.1K Work, Benefits & Business
- 600.6K Mortgages, Homes & Bills
- 177.4K Life & Family
- 258.8K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.2K Discuss & Feedback
- 37.6K Read-Only Boards