We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
OMG 334 infected files found
Comments
-
It took 5 hours to do this scan, heres the log results, not sure if the first 1 will be deleted though
POSTOOBE.NEC;C:\DRIVERS;VBS.Generic.278;Deleted.;
Voyager100pppoeDriver.exe/Setup.EXE\data018;C:\Program Files\AOL\Broadband Assistant\vendors\aoluk\content\template\driven_dev\BroadBandAsst\Voyager100\Voyager100PPPoEDriv;Probably DLOADER.Trojan;;
\Setup.EXE;C:\Program Files\AOL\Broadband Assistant\vendors\aoluk\content\template\driven_dev\BroadBandAsst\Voyager100\Voyager100PPPoEDriv;Archive contains infected objects;;
Voyager100pppoeDriver.exe;C:\Program Files\AOL\Broadband Assistant\vendors\aoluk\content\template\driven_dev\BroadBandAsst\Voyager100\Voyager100PPPoEDriv;Archive contains infected objects;Moved.;
Voyager105pppoeDriver.exe/Setup.EXE\data018;C:\Program Files\AOL\Broadband Assistant\vendors\aoluk\content\template\driven_dev\BroadBandAsst\Voyager105\Voyager105PPPoEDriv;Probably DLOADER.Trojan;;
\Setup.EXE;C:\Program Files\AOL\Broadband Assistant\vendors\aoluk\content\template\driven_dev\BroadBandAsst\Voyager105\Voyager105PPPoEDriv;Archive contains infected objects;;
Voyager105pppoeDriver.exe;C:\Program Files\AOL\Broadband Assistant\vendors\aoluk\content\template\driven_dev\BroadBandAsst\Voyager105\Voyager105PPPoEDriv;Archive contains infected objects;Moved.;
setup.exe;C:\Program Files\AOL\Installers\ASP 2.0;Probably BACKDOOR.Trojan;Moved.;
aspupdate\data017;C:\Program Files\Common Files\AOL\AOL Spyware Protection\Update\aspupdate;Probably BACKDOOR.Trojan;;
aspupdate;C:\Program Files\Common Files\AOL\AOL Spyware Protection\Update;Archive contains infected objects;Moved.;
acssetup.exe\data010;C:\Program Files\Common Files\AOL\Backup\ACS\Current\UK\acssetup.exe;Probably BACKDOOR.Trojan;;
acssetup.exe;C:\Program Files\Common Files\AOL\Backup\ACS\Current\UK;Archive contains infected objects;Moved.;
acssetup.exe\data010;C:\Program Files\Common Files\AOL\Backup\ACS\Rollback\acssetup.exe;Probably BACKDOOR.Trojan;;
acssetup.exe;C:\Program Files\Common Files\AOL\Backup\ACS\Rollback;Archive contains infected objects;Moved.;
InstallHelper.exe;C:\Program Files\Common Files\Motive;Probably MULDROP.Trojan;Moved.;
V105 oE V1-0.exe/Drivers/Voyager105/Voyager105PPPoEDriver/Voyager105pppoeDriver.exe/Setup.EXE\data018;C:\Program Files\VoyagerModemDrivers\V105 oE V1-0.exe/Drivers/Voyager105/Voyager105PPPoEDriver/Voyager105pppoeDriver.exe/Setup.;Probably DLOADER.Trojan;;
\Setup.EXE;C:\Program Files\VoyagerModemDrivers;Archive contains infected objects;;
Drivers/Voyager105/Voyager105PPPoEDriver/Voyager105pppoeDriver.exe;C:\Program Files\VoyagerModemDrivers;Archive contains infected objects;;
V105 oE V1-0.exe;C:\Program Files\VoyagerModemDrivers;Archive contains infected objects;Moved.;
Voyager105pppoeDriver.exe/Setup.EXE\data018;C:\Program Files\VoyagerModemDrivers\Drivers\Voyager105PPPoEDriver\Voyager105pppoeDriver.exe/Setup.EXE;Probably DLOADER.Trojan;;
\Setup.EXE;C:\Program Files\VoyagerModemDrivers\Drivers\Voyager105PPPoEDriver;Archive contains infected objects;;
Voyager105pppoeDriver.exe;C:\Program Files\VoyagerModemDrivers\Drivers\Voyager105PPPoEDriver;Archive contains infected objects;Moved.;
A0137516.exe;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP628;Probably BACKDOOR.Trojan;Moved.;
A0137663.exe;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP629;Probably BACKDOOR.Trojan;Moved.;
A0137722.exe;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP630;Probably BACKDOOR.Trojan;Moved.;
A0137878.exe;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP631;Probably BACKDOOR.Trojan;Moved.;
A0137936.exe;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP632;Probably BACKDOOR.Trojan;Moved.;
A0138034.exe;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP632;Probably BACKDOOR.Trojan;Moved.;
A0138129.exe;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP633;Probably BACKDOOR.Trojan;Moved.;
A0138190.exe;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP634;Probably BACKDOOR.Trojan;Moved.;
A0138538.exe;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP637;Probably BACKDOOR.Trojan;Moved.;
A0138616.exe;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP637;Probably BACKDOOR.Trojan;Moved.;
A0138719.exe;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP638;Probably BACKDOOR.Trojan;Moved.;
A0138775.exe;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP639;Probably BACKDOOR.Trojan;Moved.;
A0139953.exe;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP640;Probably BACKDOOR.Trojan;Moved.;
A0140026.exe;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP641;Probably BACKDOOR.Trojan;Moved.;
A0141227.exe;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP644;Probably BACKDOOR.Trojan;Moved.;
A0141395.exe;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP645;Probably BACKDOOR.Trojan;Moved.;
A0141697.exe;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP647;Probably BACKDOOR.Trojan;Moved.;
A0141939.exe;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP649;Probably BACKDOOR.Trojan;Moved.;
A0143098.exe;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP650;Probably BACKDOOR.Trojan;Moved.;
A0143562.exe;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP653;Probably BACKDOOR.Trojan;Moved.;
A0143854.exe;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP653;Probably BACKDOOR.Trojan;Moved.;
A0147333.exe;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP669;Probably BACKDOOR.Trojan;Moved.;
A0149937.exe/Setup.EXE\data018;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP677\A0149937.exe/Setup.EXE;Probably DLOADER.Trojan;;
\Setup.EXE;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP677;Archive contains infected objects;;
A0149937.exe;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP677;Archive contains infected objects;Moved.;
A0149938.exe/Setup.EXE\data018;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP677\A0149938.exe/Setup.EXE;Probably DLOADER.Trojan;;
\Setup.EXE;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP677;Archive contains infected objects;;
A0149938.exe;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP677;Archive contains infected objects;Moved.;
A0149939.exe\data010;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP677\A0149939.exe;Probably BACKDOOR.Trojan;;
A0149939.exe;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP677;Archive contains infected objects;Moved.;
A0149940.exe\data010;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP677\A0149940.exe;Probably BACKDOOR.Trojan;;
A0149940.exe;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP677;Archive contains infected objects;Moved.;
A0149941.exe/Drivers/Voyager105/Voyager105PPPoEDriver/Voyager105pppoeDriver.exe/Setup.EXE\data018;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP677\A0149941.exe/Drivers/Voyager105/Voyager105PPP;Probably DLOADER.Trojan;;
\Setup.EXE;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP677;Archive contains infected objects;;
Drivers/Voyager105/Voyager105PPPoEDriver/Voyager105pppoeDriver.exe;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP677;Archive contains infected objects;;
A0149941.exe;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP677;Archive contains infected objects;Moved.;
A0149942.exe/Setup.EXE\data018;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP677\A0149942.exe/Setup.EXE;Probably DLOADER.Trojan;;
\Setup.EXE;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP677;Archive contains infected objects;;
A0149942.exe;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP677;Archive contains infected objects;Moved.;
Voyager105PPPoEDriver.exe/Setup.EXE\data018;C:\WINDOWS\system32\Voyager105PPPoEDriver.exe/Setup.EXE;Probably DLOADER.Trojan;;
\Setup.EXE;C:\WINDOWS\system32;Archive contains infected objects;;
Voyager105PPPoEDriver.exe;C:\WINDOWS\system32;Archive contains infected objects;Moved.;
setup.exe;D:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ASP2A9.tmp\aspapp;Probably BACKDOOR.Trojan;Moved.;
setup.exe;D:\Documents and Settings\laura\Local Settings\Temp\asp2upd;Probably BACKDOOR.Trojan;Moved.;
ComboFix[1].exe/data002\32788R22FWJFW\c.bat;D:\Documents and Settings\Steph\Local Settings\Temporary Internet Files\Content.IE5\2Z88ING9\ComboFix[1].exe/data002;Probably BATCH.Virus;;
data002;D:\Documents and Settings\Steph\Local Settings\Temporary Internet Files\Content.IE5\2Z88ING9;Archive contains infected objects;;
ComboFix[1].exe;D:\Documents and Settings\Steph\Local Settings\Temporary Internet Files\Content.IE5\2Z88ING9;Container contains infected objects;Moved.;
ComboFix[1].exe/data002\32788R22FWJFW\c.bat;D:\Documents and Settings\Steph\Local Settings\Temporary Internet Files\Content.IE5\5DC1L6DC\ComboFix[1].exe/data002;Probably BATCH.Virus;;
ComboFix[1].exe/data002\32788R22FWJFW\psexec.cfexe;D:\Documents and Settings\Steph\Local Settings\Temporary Internet Files\Content.IE5\5DC1L6DC\ComboFix[1].exe/data002;Program.PsExec.171;;
data002;D:\Documents and Settings\Steph\Local Settings\Temporary Internet Files\Content.IE5\5DC1L6DC;Archive contains infected objects;;
ComboFix[1].exe;D:\Documents and Settings\Steph\Local Settings\Temporary Internet Files\Content.IE5\5DC1L6DC;Container contains infected objects;Moved.;
ComboFix[2].exe/data002\32788R22FWJFW\c.bat;D:\Documents and Settings\Steph\Local Settings\Temporary Internet Files\Content.IE5\5DC1L6DC\ComboFix[2].exe/data002;Probably BATCH.Virus;;
ComboFix[2].exe/data002\32788R22FWJFW\psexec.cfexe;D:\Documents and Settings\Steph\Local Settings\Temporary Internet Files\Content.IE5\5DC1L6DC\ComboFix[2].exe/data002;Program.PsExec.171;;
data002;D:\Documents and Settings\Steph\Local Settings\Temporary Internet Files\Content.IE5\5DC1L6DC;Archive contains infected objects;;
ComboFix[2].exe;D:\Documents and Settings\Steph\Local Settings\Temporary Internet Files\Content.IE5\5DC1L6DC;Container contains infected objects;Moved.;
.;
Voyager100pppoeDriver.exe/Setup.EXE\data018;C:\Program Files\AOL\Broadband Assistant\vendors\aoluk\content\template\driven_dev\BroadBandAsst\Voyager100\Voyager100PPPoEDriv;Probably DLOADER.Trojan;;
\Setup.EXE;C:\Program Files\AOL\Broadband Assistant\vendors\aoluk\content\template\driven_dev\BroadBandAsst\Voyager100\Voyager100PPPoEDriv;Archive contains infected objects;;
Voyager100pppoeDriver.exe;C:\Program Files\AOL\Broadband Assistant\vendors\aoluk\content\template\driven_dev\BroadBandAsst\Voyager100\Voyager100PPPoEDriv;Archive contains infected objects;Moved.;
Voyager105pppoeDriver.exe/Setup.EXE\data018;C:\Program Files\AOL\Broadband Assistant\vendors\aoluk\content\template\driven_dev\BroadBandAsst\Voyager105\Voyager105PPPoEDriv;Probably DLOADER.Trojan;;
\Setup.EXE;C:\Program Files\AOL\Broadband Assistant\vendors\aoluk\content\template\driven_dev\BroadBandAsst\Voyager105\Voyager105PPPoEDriv;Archive contains infected objects;;
Voyager105pppoeDriver.exe;C:\Program Files\AOL\Broadband Assistant\vendors\aoluk\content\template\driven_dev\BroadBandAsst\Voyager105\Voyager105PPPoEDriv;Archive contains infected objects;Moved.;
setup.exe;C:\Program Files\AOL\Installers\ASP 2.0;Probably BACKDOOR.Trojan;Moved.;
aspupdate\data017;C:\Program Files\Common Files\AOL\AOL Spyware Protection\Update\aspupdate;Probably BACKDOOR.Trojan;;
aspupdate;C:\Program Files\Common Files\AOL\AOL Spyware Protection\Update;Archive contains infected objects;Moved.;
acssetup.exe\data010;C:\Program Files\Common Files\AOL\Backup\ACS\Current\UK\acssetup.exe;Probably BACKDOOR.Trojan;;
acssetup.exe;C:\Program Files\Common Files\AOL\Backup\ACS\Current\UK;Archive contains infected objects;Moved.;
acssetup.exe\data010;C:\Program Files\Common Files\AOL\Backup\ACS\Rollback\acssetup.exe;Probably BACKDOOR.Trojan;;
acssetup.exe;C:\Program Files\Common Files\AOL\Backup\ACS\Rollback;Archive contains infected objects;Moved.;
InstallHelper.exe;C:\Program Files\Common Files\Motive;Probably MULDROP.Trojan;Moved.;
V105 oE V1-0.exe/Drivers/Voyager105/Voyager105PPPoEDriver/Voyager105pppoeDriver.exe/Setup.EXE\data018;C:\Program Files\VoyagerModemDrivers\V105 oE V1-0.exe/Drivers/Voyager105/Voyager105PPPoEDriver/Voyager105pppoeDriver.exe/Setup.;Probably DLOADER.Trojan;;
\Setup.EXE;C:\Program Files\VoyagerModemDrivers;Archive contains infected objects;;
Drivers/Voyager105/Voyager105PPPoEDriver/Voyager105pppoeDriver.exe;C:\Program Files\VoyagerModemDrivers;Archive contains infected objects;;
V105 oE V1-0.exe;C:\Program Files\VoyagerModemDrivers;Archive contains infected objects;Moved.;
Voyager105pppoeDriver.exe/Setup.EXE\data018;C:\Program Files\VoyagerModemDrivers\Drivers\Voyager105PPPoEDriver\Voyager105pppoeDriver.exe/Setup.EXE;Probably DLOADER.Trojan;;
\Setup.EXE;C:\Program Files\VoyagerModemDrivers\Drivers\Voyager105PPPoEDriver;Archive contains infected objects;;
Voyager105pppoeDriver.exe;C:\Program Files\VoyagerModemDrivers\Drivers\Voyager105PPPoEDriver;Archive contains infected objects;Moved.;
A0137516.exe;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP628;Probably BACKDOOR.Trojan;Moved.;
A0137663.exe;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP629;Probably BACKDOOR.Trojan;Moved.;
A0137722.exe;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP630;Probably BACKDOOR.Trojan;Moved.;
A0137878.exe;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP631;Probably BACKDOOR.Trojan;Moved.;
A0137936.exe;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP632;Probably BACKDOOR.Trojan;Moved.;
A0138034.exe;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP632;Probably BACKDOOR.Trojan;Moved.;
A0138129.exe;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP633;Probably BACKDOOR.Trojan;Moved.;
A0138190.exe;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP634;Probably BACKDOOR.Trojan;Moved.;
A0138538.exe;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP637;Probably BACKDOOR.Trojan;Moved.;
A0138616.exe;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP637;Probably BACKDOOR.Trojan;Moved.;
A0138719.exe;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP638;Probably BACKDOOR.Trojan;Moved.;
A0138775.exe;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP639;Probably BACKDOOR.Trojan;Moved.;
A0139953.exe;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP640;Probably BACKDOOR.Trojan;Moved.;
A0140026.exe;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP641;Probably BACKDOOR.Trojan;Moved.;
A0141227.exe;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP644;Probably BACKDOOR.Trojan;Moved.;
A0141395.exe;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP645;Probably BACKDOOR.Trojan;Moved.;
A0141697.exe;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP647;Probably BACKDOOR.Trojan;Moved.;
A0141939.exe;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP649;Probably BACKDOOR.Trojan;Moved.;
A0143098.exe;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP650;Probably BACKDOOR.Trojan;Moved.;
A0143562.exe;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP653;Probably BACKDOOR.Trojan;Moved.;
A0143854.exe;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP653;Probably BACKDOOR.Trojan;Moved.;
A0147333.exe;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP669;Probably BACKDOOR.Trojan;Moved.;
A0149937.exe/Setup.EXE\data018;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP677\A0149937.exe/Setup.EXE;Probably DLOADER.Trojan;;
\Setup.EXE;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP677;Archive contains infected objects;;
A0149937.exe;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP677;Archive contains infected objects;Moved.;
A0149938.exe/Setup.EXE\data018;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP677\A0149938.exe/Setup.EXE;Probably DLOADER.Trojan;;
\Setup.EXE;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP677;Archive contains infected objects;;
A0149938.exe;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP677;Archive contains infected objects;Moved.;
A0149939.exe\data010;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP677\A0149939.exe;Probably BACKDOOR.Trojan;;
A0149939.exe;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP677;Archive contains infected objects;Moved.;
A0149940.exe\data010;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP677\A0149940.exe;Probably BACKDOOR.Trojan;;
A0149940.exe;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP677;Archive contains infected objects;Moved.;
A0149941.exe/Drivers/Voyager105/Voyager105PPPoEDriver/Voyager105pppoeDriver.exe/Setup.EXE\data018;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP677\A0149941.exe/Drivers/Voyager105/Voyager105PPP;Probably DLOADER.Trojan;;
\Setup.EXE;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP677;Archive contains infected objects;;
Drivers/Voyager105/Voyager105PPPoEDriver/Voyager105pppoeDriver.exe;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP677;Archive contains infected objects;;
A0149941.exe;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP677;Archive contains infected objects;Moved.;
A0149942.exe/Setup.EXE\data018;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP677\A0149942.exe/Setup.EXE;Probably DLOADER.Trojan;;
\Setup.EXE;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP677;Archive contains infected objects;;
A0149942.exe;C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP677;Archive contains infected objects;Moved.;
Voyager105PPPoEDriver.exe/Setup.EXE\data018;C:\WINDOWS\system32\Voyager105PPPoEDriver.exe/Setup.EXE;Probably DLOADER.Trojan;;
\Setup.EXE;C:\WINDOWS\system32;Archive contains infected objects;;
Voyager105PPPoEDriver.exe;C:\WINDOWS\system32;Archive contains infected objects;Moved.;
setup.exe;D:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ASP2A9.tmp\aspapp;Probably BACKDOOR.Trojan;Moved.;
setup.exe;D:\Documents and Settings\laura\Local Settings\Temp\asp2upd;Probably BACKDOOR.Trojan;Moved.;
ComboFix[1].exe/data002\32788R22FWJFW\c.bat;D:\Documents and Settings\Steph\Local Settings\Temporary Internet Files\Content.IE5\2Z88ING9\ComboFix[1].exe/data002;Probably BATCH.Virus;;
data002;D:\Documents and Settings\Steph\Local Settings\Temporary Internet Files\Content.IE5\2Z88ING9;Archive contains infected objects;;
ComboFix[1].exe;D:\Documents and Settings\Steph\Local Settings\Temporary Internet Files\Content.IE5\2Z88ING9;Container contains infected objects;Moved.;
ComboFix[1].exe/data002\32788R22FWJFW\c.bat;D:\Documents and Settings\Steph\Local Settings\Temporary Internet Files\Content.IE5\5DC1L6DC\ComboFix[1].exe/data002;Probably BATCH.Virus;;
ComboFix[1].exe/data002\32788R22FWJFW\psexec.cfexe;D:\Documents and Settings\Steph\Local Settings\Temporary Internet Files\Content.IE5\5DC1L6DC\ComboFix[1].exe/data002;Program.PsExec.171;;
data002;D:\Documents and Settings\Steph\Local Settings\Temporary Internet Files\Content.IE5\5DC1L6DC;Archive contains infected objects;;
ComboFix[1].exe;D:\Documents and Settings\Steph\Local Settings\Temporary Internet Files\Content.IE5\5DC1L6DC;Container contains infected objects;Moved.;
ComboFix[2].exe/data002\32788R22FWJFW\c.bat;D:\Documents and Settings\Steph\Local Settings\Temporary Internet Files\Content.IE5\5DC1L6DC\ComboFix[2].exe/data002;Probably BATCH.Virus;;
ComboFix[2].exe/data002\32788R22FWJFW\psexec.cfexe;D:\Documents and Settings\Steph\Local Settings\Temporary Internet Files\Content.IE5\5DC1L6DC\ComboFix[2].exe/data002;Program.PsExec.171;;
data002;D:\Documents and Settings\Steph\Local Settings\Temporary Internet Files\Content.IE5\5DC1L6DC;Archive contains infected objects;;
ComboFix[2].exe;D:\Documents and Settings\Steph\Local Settings\Temporary Internet Files\Content.IE5\5DC1L6DC;Container contains infected objects;Moved.;0 -
does the avira have firewall running on it, aol has picked up its antiviras but no firewall, thanks0
-
Avira doesnt have a firewall no. Sorry, didnt realise you had the PAID version of AVG (The AVG firewall is full of 'holes' anyways)
Switch on windows firewall. Then either install PCTOOLS firewall (Its what I use) ~
Download PC TOOLS FIREWALL (Make sure you click 'DOWNLOAD NOW')
When installing you have the option of installing 'THREATFIRE' too (another antivirus program). Entirely upto you if you wish to or not.
http://www.download.com/PC-Tools-Firewall-Plus-Free-Edition/3000-10435_4-10625321.html
Or keep windows one
Or put AVG on again (Which has proven to be next to useless):idea:0 -
Looks like all the others are quarantined somewhere.
Can you post a hijack log please?:idea:0 -
hi here the hijack log
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\system32\Brmfrmps.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\wanmpsvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\Common Files\AOL\1137441772\ee\AOLSoftware.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
C:\WINDOWS\system32\sistray.exe
c:\program files\common files\aol\1137441772\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
c:\program files\common files\aol\1137441772\ee\aolsoftware.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=UK&range=AD&phase=6&key=SEARCH
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.moneybackmadness.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
O2 - BHO: Adobe PDF Reader Link Helper - !!06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - !!3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - !!724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - !!761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AOL Toolbar - !!4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &RoboForm - !!724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1137441772\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AOLAspSunset2]
\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\updates\aspapp\sunsetAsp2.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: AOL Broadband Assistant.lnk = C:\Program Files\AOL\Broadband Assistant\bin\matcli.exe
O4 - Global Startup: Digimax Viewer 2.1.lnk = C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Customize Menu - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - !!320AF880-6646-11D3-ABEE-C5DBF3571F46} - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - !!320AF880-6646-11D3-ABEE-C5DBF3571F46} - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - !!320AF880-6646-11D3-ABEE-C5DBF3571F49} - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - !!320AF880-6646-11D3-ABEE-C5DBF3571F49} - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: AOL Toolbar - !!4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - !!4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: RoboForm - !!724d43aa-0d85-11d4-9908-00400523e39a} - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - !!724d43aa-0d85-11d4-9908-00400523e39a} - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - !!85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - !!85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: !!0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: !!4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aolsvc.co.uk/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: !!5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aolsvc.co.uk/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {BF6BBE9A-0656-4598-A0CD-32DAC03959B5} (Image Uploader 3.0 Control) - http://www.tescophoto.com/wpp/tesco/app/opcuploader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\!!61D2B7B6-5C5D-4E1F-A55A-F61B9A500243}: NameServer = 92.31.241.20 92.31.241.21
O17 - HKLM\System\CCS\Services\Tcpip\..\{A5A5FB9E-D7CD-409A-9EDF-5F103EA5E1DD}: NameServer = 205.188.146.145
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 13708 bytes0 -
FIX these using hijack ~
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - !!3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKLM\..\Run: [AOLAspSunset2]\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\updates\aspapp\sunsetAsp2.ex e
O16 - DPF: !!4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aolsvc.co.uk/molb...4/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aolsvc.co.uk/molb...21/mcgdmgr.cab
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
Use the MCAFEE REMOVAL TOOL (Still some Mcafee in the log)
http://service.mcafee.com/FAQDocument.aspx?id=TS100507
Download SPYBOT (Make sure you click 'DOWNLOAD LATEST VERSION' ~ make sure TEA TIMER is UNTICKED on installation)
http://www.filehippo.com/download_spybot_search_destroy/
UPDATE and IMMUNISE (Make sure it reads ZERO unprotected) and SCAN
Then try COMBOFIX again
(Right click AVIRA and shut it down whilst it runs):idea:0 -
That's only part of the HJT log. Can you please post the complete log including the headers.
Also please can you say how your computer is behaving now. Slow? Faster? Any warning messages or other signs of things not working as they should?
Thanks.0 -
Hi, sorry i havent got back sooner, down loaded the fierwall and wouldnt let me back on the internet lonly just loged back on so not sure how the pc is yet. thanks
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:52:18, on 15/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\system32\svchost.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\Common Files\AOL\1137441772\ee\AOLSoftware.exe
C:\Program Files\QuickTime\QTTask.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\ThreatFire\TFGui.exe
c:\program files\common files\aol\1137441772\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
c:\program files\common files\aol\1137441772\ee\aolsoftware.exe
c:\progra~1\aol9~1.0\waol.exe
c:\progra~1\aol9~1.0\shellmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=UK&range=AD&phase=6&key=SEARCH
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.moneybackmadness.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
O2 - BHO: Adobe PDF Reader Link Helper - !!06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - !!3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - !!724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - !!761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AOL Toolbar - !!4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &RoboForm - !!724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1137441772\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AOLAspSunset2]\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\updates\aspapp\sunsetAsp2.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: AOL Broadband Assistant.lnk = C:\Program Files\AOL\Broadband Assistant\bin\matcli.exe
O4 - Global Startup: Digimax Viewer 2.1.lnk = C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Customize Menu - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - !!320AF880-6646-11D3-ABEE-C5DBF3571F46} - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - !!320AF880-6646-11D3-ABEE-C5DBF3571F46} - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - !!320AF880-6646-11D3-ABEE-C5DBF3571F49} - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - !!320AF880-6646-11D3-ABEE-C5DBF3571F49} - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: AOL Toolbar - !!4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - !!4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: RoboForm - !!724d43aa-0d85-11d4-9908-00400523e39a} - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - !!724d43aa-0d85-11d4-9908-00400523e39a} - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - !!85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - !!85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: !!0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: !!4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aolsvc.co.uk/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: !!5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aolsvc.co.uk/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {BF6BBE9A-0656-4598-A0CD-32DAC03959B5} (Image Uploader 3.0 Control) - http://www.tescophoto.com/wpp/tesco/app/opcuploader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\!!61D2B7B6-5C5D-4E1F-A55A-F61B9A500243}: NameServer = 92.31.241.20 92.31.241.21
O17 - HKLM\System\CCS\Services\Tcpip\..\{A5A5FB9E-D7CD-409A-9EDF-5F103EA5E1DD}: NameServer = 205.188.146.145
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 14397 bytes0 -
couple of minor fixes
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - !!3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
just tick those items and fix themEx forum ambassador
Long term forum member0 -
i did click these, will do it again, also have done a spybot scan it did find a few infection clicked quaratine then it disapeared so didnt save a log. i will see if i can do a combofix now, thank0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352K Banking & Borrowing
- 253.5K Reduce Debt & Boost Income
- 454.2K Spending & Discounts
- 245K Work, Benefits & Business
- 600.6K Mortgages, Homes & Bills
- 177.4K Life & Family
- 258.8K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.2K Discuss & Feedback
- 37.6K Read-Only Boards