We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
The Forum now has a brand new text editor, adding a bunch of handy features to use when creating posts. Read more in our how-to guide
Delicate situation
Comments
-
then run COMBOFIX
(Follow the simple instructions it gives)
Post the COMPLETE log it creates (Split into sections if need be)
an error msg comes up when I try and run combofix saying something about 'not being able to rename combofix' Strange ?I owe many thanks to free-easy-money.com !:beer:0 -
Micro
RIGHT CLICK it and RENAME it to 'QWERTY.EXE':idea:0 -
That may not work - if it does not you may need to rename it prior to saving it to your computer;
Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.
Link 1
Link 2
Link 3
Double click on Combo-Fix.exe & follow the prompts.-
When finished, it will produce a report for you.
- Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall0 -
ComboFix 09-04-13.A2 - andy 2009-04-13 13:11.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.304 [GMT 1:00]
Running from: c:\documents and settings\TEMP\My Documents\QWERTY.EXE
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
c:\windows\system32\Desktop_.ini
c:\windows\system32\drivers\senekapjortnku.sys
c:\windows\system32\mizifaru.dll
c:\windows\system32\senekairfvprie.dat
c:\windows\system32\senekampitgbsh.dll
c:\windows\system32\senekamxtwqxyu.dat
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
\Service_SENEKA
\Service_SENEKA
((((((((((((((((((((((((( Files Created from 2009-03-13 to 2009-04-13 )))))))))))))))))))))))))))))))
.
2009-04-13 12:10 . 2009-04-13 12:10
d
w c:\documents and settings\TEMP.ANDY-491HIJ81VU
2009-04-13 09:26 . 2009-04-13 09:26
d
w c:\documents and settings\TEMP
2009-04-12 15:16 . 2009-04-12 15:16
d
w c:\program files\Trend Micro
2009-04-12 14:58 . 2009-03-09 19:06 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-04-12 13:58 . 2009-04-12 13:58
d
w c:\program files\Disk Cleaner
2009-04-09 21:08 . 2009-03-09 19:06 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-04-09 20:58 . 2009-04-09 20:58
d--h--w c:\documents and settings\All Users.WINDOWS\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-09 20:58 . 2009-04-09 20:58
d
w c:\program files\Lavasoft
2009-04-09 20:58 . 2009-04-09 20:58
d
w c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft
2009-04-09 20:34 . 2009-04-09 20:34
d
w c:\documents and settings\All Users.WINDOWS\Application Data\MSN6
2009-04-09 19:24 . 2009-04-06 14:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-09 19:24 . 2009-04-06 14:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-09 19:24 . 2009-04-09 19:24
d
w c:\program files\Malwarebytes' Anti-Malware
2009-04-09 19:24 . 2009-04-09 19:24
d
w c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-04-08 07:58 . 2009-04-08 07:58 155 ----a-w c:\windows\system32\SelfDel.bat
2009-04-07 20:24 . 2009-04-07 20:24
d
w c:\program files\Norton AntiVirus
2009-04-07 20:22 . 2009-04-07 20:22
d
w c:\documents and settings\All Users.WINDOWS\Application Data\Symantec
2009-04-07 20:22 . 2009-04-07 20:22
d
w c:\program files\Common Files\Symantec Shared
2009-04-07 20:20 . 2009-04-07 20:21 6 ----a-w C:\ISACER.ID
2009-04-07 20:04 . 2009-04-07 20:04
d-sh--w c:\windows\system32\config\systemprofile\Application Data\wsnpoem
2009-04-07 18:57 . 2009-04-07 18:57 56320 ----a-w c:\windows\system32\ldr_CRYPTED.exe
2009-03-25 19:17 . 2009-03-25 19:17 372736 ----a-w c:\windows\system32\DiskCleanerLM.ocx
2009-03-25 19:13 . 2009-03-25 19:13 372736 ----a-w c:\windows\system32\RegistryHelperLM.ocx
2009-03-15 13:19 . 2009-03-15 13:19
d
w C:\Amy MacDonald - This Is The Life [DL 2008]
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-13 12:10 . 2009-04-12 15:10 1706 ----a-w C:\aaw7boot.log
2009-04-09 19:34 . 2009-01-09 19:34 51200 --sha-w c:\windows\system32\tibepozi.exe
2009-04-09 19:34 . 2009-01-09 19:34 51200 --sha-w c:\windows\system32\tibepozi.exe
2009-03-11 20:19 . 2009-03-11 20:19
d
w c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help
2009-02-23 18:33 . 2009-02-23 18:34 32768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012009022320090224\index.dat
2009-02-23 18:33 . 2009-02-23 18:34 32768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012009020920090216\index.dat
2009-02-23 14:30 . 2009-02-13 19:14 76487 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-02-23 14:22 . 2003-03-31 11:00 250048 --sha-r C:\ntldr
2009-02-22 07:58 . 2009-02-22 07:58
d
w c:\program files\iPod To Computer Transfer
2009-02-21 20:09 . 2009-02-21 20:09
d
w c:\program files\AudioShell
2009-02-19 16:44 . 2009-02-19 16:44 53733 ----a-w C:\Sponsor_Form_(2).pdf
2009-02-19 16:36 . 2009-02-19 16:36
d
w c:\documents and settings\All Users.WINDOWS\Application Data\NOS
2009-02-19 16:34 . 2009-02-19 16:34 3369578 ----a-w C:\Hereford_Half_Marathon_Final.pdf
2009-02-16 14:24 . 2009-02-16 14:24
d
w c:\documents and settings\All Users.WINDOWS\Application Data\Skype
2009-02-15 19:50 . 2009-02-15 19:50
d
w c:\program files\Adobe Media Player
2009-02-15 19:10 . 2009-02-15 19:10
d
w c:\documents and settings\All Users.WINDOWS\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-02-15 19:09 . 2009-02-15 19:09
d
w c:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer
2009-02-15 19:08 . 2009-02-15 19:08
d
w c:\documents and settings\All Users.WINDOWS\Application Data\Apple
2009-02-15 18:43 . 2009-02-15 18:43 3086960 ----a-w C:\Windows6.0-KB942288-v2-x64.msu
2009-02-15 18:38 . 2009-02-15 18:38 3327000 ----a-w C:\WindowsXP-KB942288-v3-x86.exe
2009-02-15 18:31 . 2009-02-15 18:33 69076264 ----a-w C:\iTunesSetup.exe
2009-02-15 17:05 . 2009-01-14 17:59 26 ----a-w C:\md5key.txt
2009-02-14 08:31 . 2009-02-14 08:31
d
w c:\program files\NETGEAR
2009-02-14 08:21 . 2009-02-14 08:21 21275 ----a-w c:\windows\system32\drivers\AegisP.sys
2009-02-14 08:21 . 2009-02-14 08:21
d
w c:\documents and settings\All Users.WINDOWS\Application Data\Intel
2009-02-14 08:09 . 2009-02-14 08:09
d
w c:\documents and settings\All Users.WINDOWS\Application Data\Atheros
2009-02-13 19:59 . 2009-02-13 19:51 373 ----a-w C:\Shortcut to Chipset Driver Intel Ver.8.0.1.1002.lnk
2009-02-13 19:12 . 2009-02-13 19:11 21640 ----a-w c:\windows\system32\emptyregdb.dat
2009-02-09 10:13 . 2009-02-16 14:49 1846784
w c:\windows\system32\dllcache\win32k.sys
2009-02-09 10:13 . 2003-03-31 11:00 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-03 19:21 . 2009-01-16 13:00 70448 ----a-w c:\documents and settings\Andy.HUGHESHOMECOMPU\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-01-16 20:35 . 2009-02-16 14:49 3594752
w c:\windows\system32\dllcache\mshtml.dll
2009-01-16 07:48 . 2009-01-16 07:48 0 ----a-w c:\documents and settings\Andy.HUGHESHOMECOMPU\Application Data\wklnhst.dat
2009-01-14 14:11 . 2009-02-13 21:05 13140 ----a-w C:\Chipset Driver Intel Ver.8.0.1.1002.zip
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_03\bin\jusched.exe" [2009-02-13 32881]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-07-20 593920]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2006-08-16 53248]
"igfxtray"="c:\windows\System32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\System32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\System32\igfxpers.exe" [2006-03-23 118784]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-04-14 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-04-14 602182]
"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2006-04-14 569413]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"tsnp2std"="c:\windows\tsnp2std.exe" [2006-07-07 258048]
"snp2std"="c:\windows\vsnp2std.exe" [2006-09-15 675840]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-09 515416]
"SkyTel"="SkyTel.EXE" [2006-08-16 c:\windows\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-16 c:\windows\RTHDCPL.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\outlook.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\groove.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\onenote.exe"=
"c:\\Program Files\\iPod\\BIN\\iPodService.exe"=
"c:\\Program Files\\Intel\\Wireless\\Bin\\EvtEng.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-03-09 64160]
S2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\DRIVERS\EAPPkt.sys [2005-04-01 66048]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 951632]
.
Contents of the 'Scheduled Tasks' folder
2009-04-12 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 20:06]
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-13 13:15
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\windows\system32\drivers\senekadjqviovh.sys 81920 bytes
c:\windows\system32\drivers\senekatykvvkmn.sys 81920 bytes
c:\windows\system32\drivers\senekawfgtwnyx.sys 81920 bytes
c:\windows\system32\drivers\senekaijnfthfq.sys 81920 bytes
c:\windows\system32\drivers\senekaavymxehh.sys 81920 bytes
c:\windows\system32\drivers\senekaooedbmrr.sys 81920 bytes
c:\windows\system32\drivers\senekawoumvqrd.sys 81920 bytes
c:\windows\system32\senekantjkvdks.dll 57344 bytes
c:\windows\system32\senekababwuxbc.dat 40960 bytes
c:\windows\system32\senekamqsioror.dll 24576 bytes
c:\windows\system32\senekaiqhwqwho.dll 24576 bytes
c:\windows\system32\senekarbpxuiqa.dat 8192 bytes
c:\windows\system32\senekamlrrnusb.dll 57344 bytes
c:\windows\system32\senekartqipfti.dat 8192 bytes
c:\windows\system32\senekaqxeiseec.dll 24576 bytes
c:\windows\system32\senekakfpyrbqy.dll 24576 bytes
c:\windows\system32\senekanojuwpib.dat 8192 bytes
c:\windows\system32\senekaadgixldo.dat 8192 bytes
c:\windows\system32\senekaduxvnwte.dll 57344 bytes
c:\windows\system32\senekaxtuicxjk.dll 24576 bytes
c:\windows\system32\senekanyrbvpwi.dat 8192 bytes
c:\windows\system32\senekahfgtbdjb.dll 57344 bytes
c:\windows\system32\senekavxeixexy.dll 24576 bytes
c:\windows\system32\senekalqitnxnw.dll 24576 bytes
c:\windows\system32\senekagwwykmov.dat 16384 bytes
c:\windows\system32\senekamyfyeppa.dat 8192 bytes
c:\windows\system32\senekallssvpie.dll 57344 bytes
c:\windows\system32\senekalnstnqqh.dll 24576 bytes
c:\windows\system32\senekaoibpxmtb.dll 24576 bytes
c:\windows\system32\senekayqgwbitu.dll 57344 bytes
c:\windows\system32\senekawuyueteg.dat 8192 bytes
c:\windows\system32\senekantixriba.dll 24576 bytes
c:\windows\system32\senekapqqomkbp.dll 24576 bytes
c:\windows\system32\senekasirmwowu.dll 24576 bytes
c:\windows\system32\senekayqrxuiqo.dll 24576 bytes
scan completed successfully
hidden files: 35
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\seneka]
"imagepath"="\systemroot\system32\drivers\senekawoumvqrd.sys"
.
Completion time: 2009-04-13 13:15
ComboFix-quarantined-files.txt 2009-04-13 12:15
Pre-Run: 9,561,088,000 bytes free
Post-Run: 10,147,291,136 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
192 --- E O F --- 2009-03-11 14:47I owe many thanks to free-easy-money.com !:beer:0 -
Does anyone know where AlienRIK is. I suddenly feel very vulnerable without him/her ! Esp as I'm half way through saving my laptop !!I owe many thanks to free-easy-money.com !:beer:0
-
She's at a disco.
Reveal hidden folders
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/hiddenfiles.mspx
"To see hidden files:
1.
On the Tools menu in Windows Explorer, click Folder Options.
2.
Click the View tab.
3.
Under Hidden files and folders, click Show hidden files and folders.
Note To access Windows Explorer, click Start, point to All Programs, and then click Windows Explorer."
Then can you upload the following files to, if you can find them http://www.virustotal.com then post the scan link back e.g. http://www.virustotal.com/analisis/2f55873df380a5683816a6843f2158f7
c:\windows\system32\senekayqrxuiqo.dll
c:\windows\system32\senekallssvpie.dll
c:\windows\system32\senekagwwykmov.dat
c:\windows\system32\drivers\senekadjqviovh.sys
c:\windows\system32\senekababwuxbc.dat0 -
Ok - Think Ive got it. Done the 1st ( which is actually the last on your list). Is this what you mean. Thanks
http://www.virustotal.com/analisis/16dab25a1de8d9f0e4cd6e8e1685aec1I owe many thanks to free-easy-money.com !:beer:0 -
Yup
send them to Malwarebytes as well http://uploads.malwarebytes.org/ 0 -
Here are the others
http://www.virustotal.com/reanalisis.html?8620121755378b68943f9b223b51c249
http://www.virustotal.com/reanalisis.html?46d0f8f1ac7a6f06e4823f07157ee1ce
http://www.virustotal.com/reanalisis.html?c209bab14fb89a4d72f6cfb5f54ff688
http://www.virustotal.com/reanalisis.html?0693d895fd630f8fb7e5936e032cdfbeI owe many thanks to free-easy-money.com !:beer:0 -
thomas01155 wrote: »Yup send them to Malwarebytes as well http://uploads.malwarebytes.org/
Many thanks for your helpI owe many thanks to free-easy-money.com !:beer:0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 353.5K Banking & Borrowing
- 254.2K Reduce Debt & Boost Income
- 455.1K Spending & Discounts
- 246.6K Work, Benefits & Business
- 603K Mortgages, Homes & Bills
- 178.1K Life & Family
- 260.6K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards