We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Check on hijack log please
Comments
-
Please run COMBOFIX
Follow the simple instructions it gives
Post the COMPLETE log it creates here (Split into sections if need be)
If it comes up with a RENAMING error then RIGHT click the exe file and RENAME and call it QWERTY (Making the complete file name 'QWERTY.exe'):idea:0 -
ComboFix 09-04-15.08 - Katy 15/04/2009 20:56.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1023.341 [GMT 1:00]
Running from: c:\documents and settings\Katy\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated)
AV: COMODO Antivirus *On-access scanning enabled* (Updated)
FW: COMODO Firewall *enabled*
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\INSTALL.LOG
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
\Legacy_ISODRIVE
\Service_ISODrive
((((((((((((((((((((((((( Files Created from 2009-03-15 to 2009-04-15 )))))))))))))))))))))))))))))))
.
2009-04-14 19:46 . 2009-04-14 19:46
d
w c:\documents and settings\Katy\Application Data\Malwarebytes
2009-04-14 19:46 . 2009-04-06 14:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-14 19:46 . 2009-04-06 14:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-14 19:46 . 2009-04-14 19:46
d
w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-14 19:46 . 2009-04-14 19:46
d
w c:\program files\Malwarebytes' Anti-Malware
2009-04-13 06:27 . 2009-04-13 06:28
d
w c:\program files\iTunes
2009-04-13 06:27 . 2009-04-13 06:28
d
w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-13 06:24 . 2009-04-13 06:26
d
w c:\program files\QuickTime
2009-04-10 10:57 . 2009-02-13 10:31 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-04-10 10:56 . 2009-04-10 10:56
d
w c:\program files\Avira
2009-04-10 10:56 . 2009-04-10 10:56
d
w c:\documents and settings\All Users\Application Data\Avira
2009-04-10 07:28 . 2009-04-10 07:28
d
w C:\marksvirusremoval
2009-04-08 17:17 . 2009-04-08 17:17
d
w c:\windows\Be a King
2009-04-07 15:25 . 2009-04-07 15:25
d
w c:\documents and settings\All Users\Application Data\HipSoft
2009-04-07 08:08 . 2009-04-07 08:08
d
w c:\program files\bfgclient
2009-04-07 08:06 . 2009-04-07 16:51
d
w c:\documents and settings\All Users\Application Data\BigFishGamesCache
2009-04-03 09:47 . 2009-01-09 19:19 1089593 -c----w c:\windows\system32\dllcache\ntprint.cat
2009-04-03 08:30 . 2009-04-03 08:38
d
w C:\a69772461920d7b20c10e9df1307a4
2009-03-25 19:12 . 2009-03-27 17:17
d
w c:\documents and settings\Katy\Application Data\Spotify
2009-03-25 19:12 . 2009-03-25 19:12
d
w c:\documents and settings\Katy\Local Settings\Application Data\Spotify
2009-03-25 19:09 . 2009-03-25 19:09
d
w c:\program files\Spotify
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-15 20:06 . 2008-09-07 20:02 136 ----a-w c:\windows\system32\drivers\ALCICH.DAT
2009-04-15 19:29 . 2009-01-26 09:19
d
w c:\documents and settings\Katy\Application Data\uTorrent
2009-04-13 06:27 . 2005-05-05 20:21
d
w c:\program files\iPod
2009-04-13 06:27 . 2008-03-10 15:25
d
w c:\program files\Common Files\Apple
2009-04-10 17:36 . 2008-12-05 20:26
d
w c:\documents and settings\All Users\Application Data\_comodo_
2009-04-10 14:13 . 2005-01-17 20:55
d
w c:\program files\Common Files\Real
2009-04-10 11:25 . 2005-02-12 00:08
d
w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-10 11:25 . 2005-02-12 00:08
d
w c:\program files\Spybot - Search & Destroy
2009-04-09 20:01 . 2009-01-26 09:19
d
w c:\program files\uTorrent
2009-04-09 14:51 . 2002-01-17 08:16
d--h--w c:\program files\InstallShield Installation Information
2009-04-08 16:39 . 2008-08-25 10:27
d
w c:\program files\Coupon Printer
2009-04-06 21:47 . 2006-10-27 16:22
d
w c:\documents and settings\Katy\Application Data\Avant Profiles
2009-04-03 09:40 . 2005-01-03 14:33 83768 ----a-w c:\documents and settings\Katy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-19 15:32 . 2006-09-19 14:44 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-19 07:36 . 2005-01-03 13:56
d
w c:\program files\Avant Browser
2009-03-13 20:25 . 2007-01-28 11:38
d
w c:\documents and settings\Katy\Application Data\Sports Interactive
2009-03-13 20:18 . 2009-03-13 19:45
d
w c:\documents and settings\All Users\Application Data\Sports Interactive
2009-03-13 19:21 . 2009-03-13 19:21
d
w c:\program files\Sports Interactive
2009-03-12 16:45 . 2009-03-12 16:45
d
w c:\program files\Common Files\INCA Shared
2009-03-12 08:13 . 2009-03-12 07:56
d
w c:\program files\Microsoft
2009-03-12 08:12 . 2008-11-15 14:18
d
w c:\program files\Windows Live
2009-03-12 08:09 . 2009-03-12 08:09
d
w c:\program files\Microsoft Sync Framework
2009-03-12 08:06 . 2009-03-12 08:06
d
w c:\program files\Microsoft SQL Server Compact Edition
2009-03-12 07:55 . 2009-03-12 07:55
d
w c:\program files\Windows Live SkyDrive
2009-03-12 07:46 . 2009-03-12 07:46
d
w c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-12 07:40 . 2009-03-12 07:40
d
w c:\program files\Bonjour
2009-03-05 23:59 . 2009-03-12 07:31 1900544 ----a-w c:\windows\system32\usbaaplrc.dll
2009-03-05 23:59 . 2008-09-27 20:19 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-02-27 06:55 . 2008-08-23 07:27
d
w c:\program files\Microsoft Silverlight
2009-02-09 11:13 . 2002-01-17 14:54 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-06 19:03 . 2009-02-06 19:03 307576 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 18:52 . 2009-02-06 18:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-02 10:06 . 2005-02-16 18:09 8192 -c--a-w c:\windows\d3dx.dat
2008-12-07 22:09 . 2005-05-18 20:13 83768 ----a-w c:\documents and settings\Katy\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-01 136600]
"WorksFUD"="c:\program files\Microsoft Works\wkfud.exe" [2001-08-24 24576]
"Microsoft Works Portfolio"="c:\program files\Microsoft Works\WksSb.exe" [2001-08-23 331830]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-17 28738]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-26 13680640]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"ActiveSpeed"="c:\program files\Ascentive\ActiveSpeed\AS.exe" [2008-11-24 1998848]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-26 86016]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-06 177472]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-12-26 1657376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2008-04-14 53760]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WG111T Smart Wizard.lnk - c:\program files\NETGEAR\WG111T\wlan111t.exe [2006-9-27 884840]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= ctwdm32.dll
"aux3"= ctwdm32.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\marks\\Sports Interactive\\Football Manager 2009\\fm.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R3 BTCOMM;BTCOMM; [x]
R3 BTKRNBDG;Bluetooth COM Bridge; [x]
R3 CSRBC01;%CSRBC01.SvcDesc%; [x]
R3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
R3 PCAlertDriver;PCAlertDriver; [x]
R3 V90drv;V90drv;c:\windows\system32\DRIVERS\v90drv.sys [2001-01-01 1410768]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2008-12-05 101776]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2008-11-19 31504]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-03-05 108289]
S2 fssfltr;fssfltr;c:\windows\system32\DRIVERS\fssfltr_tdi.sys [2009-02-06 55152]
S2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
S2 SVKP;SVKP;c:\windows\system32\SVKP.sys [2005-02-16 2368]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.SYS [2003-07-24 17149]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - TMPREFLT
*Deregistered* - tmpreflt
.
Contents of the 'Scheduled Tasks' folder
2009-04-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-FreeRAM XP - c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
HKCU-Run-Performance Center - c:\program files\Ascentive\Performance Center\ApcMain.exe
HKLM-Run-COMODO Internet Security - c:\program files\COMODO\COMODO Internet Security\cfp.exe
.
Supplementary Scan
.
uStart Page = hxxp://try.bigsnapsearch.co.uk/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - [URL]file://c:\windows\Java\classes\xmldso.cab[/URL]
DPF: {0A46CB52-CFA0-4E78-A181-948D5E361BE3} - hxxp://esupport.epson-europe.com/ePC/activex/EpsonSetup.cab
DPF: {1B735B98-8010-11D5-AD0B-00500463D885} - hxxp://www.partsarena.com/baxi/Plugins/IMIESRCHie7.cab
DPF: {36C17E9B-3354-11D1-95CF-0000B4530F04} - hxxp://www.partsarena.com/baxi/Plugins/GFXVIEW.cab
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-15 21:12
Windows 5.1.2600 Service Pack 3 NTFS
detected NTDLL code modification:
ZwClose
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
DLLs Loaded Under Running Processes
- - - - - - - > 'explorer.exe'(1240)
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSENG.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Other Running Processes
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\searchindexer.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\devldr32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
c:\windows\PSEXESVC.EXE
.
**************************************************************************
.
Completion time: 2009-04-15 21:18 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-15 20:17
Pre-Run: 21,860,642,816 bytes free
Post-Run: 22,424,010,752 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
217 --- E O F --- 2009-03-15 22:510 -
my virus checker keeps finding this file
APPL/PsExec.E0 -
According to the log you have both Comodo anti virus AND Avira anti virus?
You MUST remove one (Remove COMODO anti virus, but KEEP Comodo firewall)
(It might just be remnants of comodo av left ~ its hard to tell):idea:0 -
i tried to get rid of comodo, just a few files left in the folder to get rid of them one is called cmdagent.exe but in the tast manager the file cmdagent.exe wont' remove, so can't get rid of comodo properly,0
-
Run a KASPERSKY ONLINE SCAN (click to scan 'MY COMPUTER')
http://www.kaspersky.co.uk/kos_trialpay_offer
Post the whole log it creates:idea:0 -
To attempt to clean up comodo and the computer in general ~
Download CCLEANER (Make sure you click 'DOWNLOAD LATEST VERSION' ~ make sure YAHOO TOOLBAR is unticked on installation)
http://www.filehippo.com/download_ccleaner/
Run the CLEANER scan (UNTICK 'cookies')
Then run the REGISTRY scan (Backup the registry when it asks)
reboot
Download GLARY UTILITIES (Make sure you click 'DOWNLOAD NOW' ~ UNTICK the ASK toolbar on installation)
http://www.download.com/Glary-Utilities/3000-2094_4-10508531.html
Run the ONE CLICK scan:idea:0 -
Run a KASPERSKY ONLINE SCAN (click to scan 'MY COMPUTER')
http://www.kaspersky.co.uk/kos_trialpay_offer
Post the whole log it creates
i am doing this alienrik, just taking me some time to get it done, program is running now, will post log when its finished, been a little busy with the wife on holiday at same time as me, shopping shopping and more shopping0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.5K Banking & Borrowing
- 253.7K Reduce Debt & Boost Income
- 454.5K Spending & Discounts
- 245.5K Work, Benefits & Business
- 601.5K Mortgages, Homes & Bills
- 177.6K Life & Family
- 259.5K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards