We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Help comp under threat
Comments
-
Sorry ~ I dont sugar coat anything
DONT take it to PC World
Best bet would probably be some local little computer shop
HOWEVER
We can help on here if your willing to take it nice and slow
Firt up ~ open MALWAREBYTES and goto UPDATE. Let it update via the net (The DATABASE VERSION should then be 2008 or more)
Then goto SCANNER and perform a FULL SCAN (You only ran a quick one)
Then update java HERE
And try Kaspersky again:idea:0 -
Nice and slow sounds good
Well i updated the Malwarebytes (2010) and performed a full scan, nothing was found
Malwarebytes' Anti-Malware 1.36
Database version: 2010
Windows 5.1.2600 Service Pack 3
19/04/2009 21:48:53
mbam-log-2009-04-19 (21-48-53).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 186752
Time elapsed: 58 minute(s), 56 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
will try and update java now0 -
The Combofix log
ComboFix 09-04-20.02 - HHeather 19/04/2009 22:22.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.446.144 [GMT 1:00]
Running from: c:\documents and settings\HHeather\Desktop\QWERTY.exe
AV: Active Virus Shield *On-access scanning disabled* (Outdated)
AV: Norton AntiVirus 2006 *On-access scanning enabled* (Updated)
FW: Norton Internet Worm Protection *enabled*
FW: Sunbelt Kerio Personal Firewall *enabled*
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\autorun.ini
c:\windows\system32\fsmgmt.dll
.
((((((((((((((((((((((((( Files Created from 2009-03-20 to 2009-04-20 )))))))))))))))))))))))))))))))
.
2009-04-19 20:58 . 2009-04-19 20:57 73728 ----a-w c:\windows\system32\javacpl.cpl
2009-04-19 20:58 . 2009-04-19 20:57 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-17 17:44 . 2009-04-17 17:44
d
w c:\documents and settings\HHeather\Local Settings\Application Data\WMTools Downloaded Files
2009-04-16 21:53 . 2009-04-16 21:53
d
w c:\documents and settings\HHeather\Application Data\Malwarebytes
2009-04-16 21:53 . 2009-04-06 14:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-16 21:53 . 2009-04-06 14:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-16 21:53 . 2009-04-16 21:53
d
w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-16 07:50 . 2009-03-06 14:22 284160
w c:\windows\system32\dllcache\pdh.dll
2009-04-16 07:50 . 2009-02-09 12:10 401408
w c:\windows\system32\dllcache\rpcss.dll
2009-04-16 07:50 . 2009-02-06 11:11 110592
w c:\windows\system32\dllcache\services.exe
2009-04-16 07:50 . 2009-02-09 12:10 473600
w c:\windows\system32\dllcache\fastprox.dll
2009-04-16 07:50 . 2009-02-06 10:10 227840
w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 07:50 . 2009-02-09 12:10 453120
w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 07:50 . 2009-02-09 12:10 729088
w c:\windows\system32\dllcache\lsasrv.dll
2009-04-16 07:50 . 2009-02-09 12:10 617472
w c:\windows\system32\dllcache\advapi32.dll
2009-04-16 07:50 . 2009-02-09 12:10 714752
w c:\windows\system32\dllcache\ntdll.dll
2009-04-16 07:49 . 2008-05-03 11:55 2560
w c:\windows\system32\xpsp4res.dll
2009-04-16 07:49 . 2009-03-27 06:58 1203922
w c:\windows\system32\dllcache\sysmain.sdb
2009-04-16 07:49 . 2008-04-21 12:08 215552
w c:\windows\system32\dllcache\wordpad.exe
2009-04-04 21:39 . 2009-04-04 21:39
d
w c:\documents and settings\HHeather\OngameNetwork
2009-04-03 11:24 . 2008-04-14 00:12 91136 ----a-w c:\windows\system32\kswdmcap.ax
2009-04-03 11:24 . 2008-04-14 00:12 91136 ----a-w c:\windows\system32\dllcache\kswdmcap.ax
2009-04-03 11:24 . 2008-04-14 00:12 43008 ----a-w c:\windows\system32\ksxbar.ax
2009-04-03 11:24 . 2008-04-14 00:12 43008 ----a-w c:\windows\system32\dllcache\ksxbar.ax
2009-04-03 11:24 . 2008-04-14 00:12 53760 ----a-w c:\windows\system32\vfwwdm32.dll
2009-04-03 11:24 . 2008-04-14 00:12 53760 ----a-w c:\windows\system32\dllcache\vfwwdm32.dll
2009-04-03 11:24 . 2008-04-14 00:12 61952 ----a-w c:\windows\system32\kstvtune.ax
2009-04-03 11:24 . 2008-04-14 00:12 61952 ----a-w c:\windows\system32\dllcache\kstvtune.ax
2009-04-03 11:24 . 2009-04-03 11:24
d
w C:\My Music
2009-04-03 11:23 . 2009-04-03 11:23 24064 ----a-w c:\windows\system32\prefscpl.cpl
2009-04-03 11:23 . 2003-09-04 09:40 12112 ----a-w c:\windows\system32\drivers\LVUSBSta.sys
2009-04-03 11:23 . 2003-09-04 09:38 152576 ----a-w c:\windows\system32\drivers\LV532AV.SYS
2009-04-03 11:22 . 2003-09-04 09:53 49152 ----a-w c:\windows\system32\vatee.ax
2009-04-03 11:22 . 2003-09-04 09:47 360448 ----a-w c:\windows\system32\LVUI2RC.dll
2009-04-03 11:22 . 2003-09-04 09:49 86016 ----a-w c:\windows\system32\lvcoinst.dll
2009-04-03 11:22 . 2003-09-04 09:47 122880 ----a-w c:\windows\system32\LVUI2.dll
2009-04-03 11:22 . 2003-09-04 09:45 57344 ----a-w c:\windows\system32\LVComC.dll
2009-04-03 11:22 . 2003-09-04 09:30 15387 ----a-w c:\windows\system32\lvcoinst.ini
2009-04-03 11:22 . 2003-09-04 09:45 135214 ----a-w c:\windows\system32\LVComS.exe
2009-04-03 11:22 . 2003-09-04 09:46 172032 ----a-w c:\windows\system32\lvcodec2.dll
2009-04-03 11:21 . 2009-04-03 11:22 544 ----a-w c:\windows\_delis32.ini
2009-03-31 22:42 . 2009-03-31 22:42
d
w c:\documents and settings\HHeather\Application Data\Skype
2009-03-31 22:41 . 2009-03-31 22:41
d
w c:\documents and settings\All Users\Application Data\Skype
2009-03-21 14:06 . 2009-03-21 14:06 989696
w c:\windows\system32\dllcache\kernel32.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-19 12:26 . 2007-02-28 17:02 32 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-19 12:26 . 2007-02-28 17:02 32 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-19 12:26 . 2007-02-28 17:02 3104 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-04-19 12:26 . 2007-02-28 17:02 2168 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-04-16 21:53 . 2009-04-16 21:53
d
w c:\program files\Malwarebytes' Anti-Malware
2009-04-03 11:25 . 2009-04-03 11:18 51233 ----a-w C:\Installer.log
2009-04-03 11:24 . 2009-04-03 11:24
d
w c:\program files\directx
2009-04-03 11:23 . 2009-04-03 11:23
d
w c:\program files\Real
2009-04-03 11:23 . 2009-04-03 11:23
d
w c:\program files\Common Files\Real
2009-04-03 11:21 . 2009-04-03 11:21
d
w c:\program files\Common Files\Logitech
2009-04-03 11:19 . 2009-04-03 11:19
d
w c:\program files\Labtec
2009-03-31 22:41 . 2009-03-31 22:41
d
r c:\program files\Skype
2009-03-25 20:37 . 2009-03-25 20:37
d
w c:\program files\Trend Micro
2009-03-06 14:22 . 2004-08-10 19:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-02-27 21:07 . 2009-02-27 21:07 266240 ----a-w c:\windows\system32\CSHelper.exe
2009-02-27 21:07 . 2009-02-27 21:07 225280 ----a-w c:\windows\system32\CSInstru.DLL
2009-02-09 12:10 . 2004-08-10 19:00 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2004-08-10 19:00 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2004-08-10 19:00 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2004-08-10 19:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:13 . 2008-10-15 06:44 1846784
w c:\windows\system32\dllcache\win32k.sys
2009-02-09 10:13 . 2004-08-10 19:00 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-07 18:02 . 2008-10-15 07:07 2066048
w c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-07 18:02 . 2005-09-28 14:35 2066048 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-06 11:11 . 2004-08-10 19:00 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:08 . 2008-10-15 07:07 2189056
w c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-06 11:08 . 2005-09-28 15:04 2189056 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 11:06 . 2008-10-15 07:07 2145280
w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-06 10:39 . 2004-08-10 19:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 10:39 . 2004-08-10 19:00 35328 ----a-w c:\windows\system32\dllcache\sc.exe
2009-02-06 10:32 . 2008-10-15 07:07 2023936
w c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-03 19:59 . 2009-02-03 19:59 56832
w c:\windows\system32\dllcache\secur32.dll
2009-02-03 19:59 . 2004-08-10 19:00 56832 ----a-w c:\windows\system32\secur32.dll
2008-11-23 13:31 . 2003-02-12 14:05 53376 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2008-10-25 09:42 . 2006-11-15 05:51 53376 ----a-w c:\documents and settings\HHeather\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2008-01-16 12:16 . 2006-11-15 06:03 398 ----a-w c:\documents and settings\HHeather\Application Data\wklnhst.dat
2007-01-19 15:59 . 2007-01-19 15:58 127 ----a-w c:\documents and settings\Eden\Local Settings\Application Data\fusioncache.dat
2006-11-15 05:52 . 2006-11-15 05:51 131 ----a-w c:\documents and settings\HHeather\Local Settings\Application Data\fusioncache.dat
2003-02-12 14:05 . 2007-01-19 15:58 35792 ----a-w c:\documents and settings\Eden\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2003-02-12 12:52 . 2003-02-12 12:52 136 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\fusioncache.dat
2008-09-06 19:37 . 2008-09-01 19:36 321 --sh--w c:\windows\system32\78814445.sys
2008-10-25 09:12 . 2008-10-25 09:12 32768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008102520081026\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSystemAnalyzer"="c:\program files\iolo\System Mechanic 6\SMSystemAnalyzer.exe" [2006-12-20 557056]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2008-09-02 716800]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-23 68856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-03-11 24095528]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-08-24 53248]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-01-07 102491]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-01-07 692315]
"ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 45056]
"Acer ePresentation HPD"="c:\acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-03-31 204800]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-04-04 421888]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-04-28 401408]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2006-03-31 471040]
"ImageItEncrypt"="c:\windows\system32\ImageItEncrypt.exe" [2005-12-30 40960]
"aol"="c:\program files\AOL\Active Virus Shield\avp.exe" [2006-05-30 139367]
"TalkTalk"="c:\program files\TalkTalk\bin\sprtcmd.exe" [2005-08-15 192512]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"DACSMiniApp"="c:\program files\Fisher-Price\DACS\MiniApp\DACSMiniApp.exe" [2008-03-13 128256]
"LVCOMS"="c:\program files\Common Files\Logitech\QCDriver2\LVCOMS.EXE" [2003-09-04 135214]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2009-04-03 20480]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-08-09 77824]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-19 148888]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2005-12-12 88204]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-02-10 15969280]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acer Empowering Technology.lnk - c:\acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2006-3-27 45056]
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-5-17 24576]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0smrgdf c:\program files\iolo\System Mechanic 6\\0iolobtdfg c:\windows\system32
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AOL\\Active Virus Shield\\avp.exe"=
"c:\\Program Files\\Messenger\\MSMSGS.EXE"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil_.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; [x]
R3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\DRIVERS\LV532AV.SYS [2003-09-04 152576]
S1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [2007-02-20 302000]
S1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [2007-02-20 71088]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2008-09-07 141312]
S2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2009-02-27 266240]
S3 SbieDrv;SbieDrv;c:\program files\Sandboxie\SbieDrv.sys [2008-09-02 100352]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - JAVAQUICKSTARTERSERVICE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
2009-04-17 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-08-02 18:35]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.mytalktalk.co.uk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
.
.
File Associations
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-19 22:29
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_USERS\S-1-5-21-1762697732-2958930938-1926643416-1005\RemoteAccess\Profile\`Þt*]
"EnableAutodisconnect"=dword:00000001
"EnableExitDisconnect"=dword:00000001
"DisconnectIdleTime"=dword:00000014
[HKEY_USERS\S-1-5-21-1762697732-2958930938-1926643416-1005\RemoteAccess\Profile\xÞt`Þt*]
"EnableAutodisconnect"=dword:00000001
"EnableExitDisconnect"=dword:00000001
"DisconnectIdleTime"=dword:00000014
.
DLLs Loaded Under Running Processes
- - - - - - - > 'winlogon.exe'(1040)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\klogon.dll
.
Completion time: 2009-04-19 22:32
ComboFix-quarantined-files.txt 2009-04-19 21:32
Pre-Run: 15,379,890,176 bytes free
Post-Run: 16,180,740,096 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
239 --- E O F --- 2009-04-16 09:17
Still cant seem to get the Kaspersky online scan to work
0 -
I have tried numerous times to get the kaspersky scanner to work and i cant!!!
I downloaded Firefox and the kaspersky scan worked for 1 hour and found 1 threat and then the comp froze and since then i cannot get it to scan again no matter what i do!0 -
TICK this in HIJACK then FIX it ~
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Unknown owner - C:\Program Files\WinClamAVShield\sp_clamsrv.exe (file missing)
UNINSTALL SPYWARE TERMINATOR
According to a scan I did you have AOL anti virus? It put KASPERSKY next to this? IS it kaspersky you have now? (Through aol):idea:0 -
TICK this in HIJACK then FIX it ~
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Unknown owner - C:\Program Files\WinClamAVShield\sp_clamsrv.exe (file missing) I did that but it still shows up the same in another scan
UNINSTALL SPYWARE TERMINATOR
have uninstalled this
According to a scan I did you have AOL anti virus? It put KASPERSKY next to this? IS it kaspersky you have now? (Through aol)
I havent got a clue All i can see is a AOL security toolbar 
0 -
Download AVIRA (Make sure you click 'DOWNLOAD LATEST VERSION')
http://www.filehippo.com/download_antivir/
then UPDATE and run a full scan
Avira is your new anti virus software:idea:0 -
Ok done that heres the first report
Avira AntiVir Personal
Report file date: 23 April 2009 23:18
Scanning for 1363488 virus strains and unwanted programs.
Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : HEATHER
Version information:
BUILD.DAT : 9.0.0.387 17962 Bytes 3/24/2009 11:04:00
AVSCAN.EXE : 9.0.3.3 464641 Bytes 2/24/2009 11:13:28
AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 09:58:26
LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 10:35:50
LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 09:58:54
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 11:30:38
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 2/11/2009 19:33:28
ANTIVIR2.VDF : 7.1.3.63 1588224 Bytes 4/16/2009 22:17:12
ANTIVIR3.VDF : 7.1.3.102 125952 Bytes 4/23/2009 22:17:12
Engineversion : 8.2.0.155
AEVDF.DLL : 8.1.1.0 106868 Bytes 1/27/2009 16:36:42
AESCRIPT.DLL : 8.1.1.77 381306 Bytes 4/23/2009 22:17:16
AESCN.DLL : 8.1.1.10 127348 Bytes 4/23/2009 22:17:16
AERDL.DLL : 8.1.1.3 438645 Bytes 10/29/2008 17:24:42
AEPACK.DLL : 8.1.3.14 397685 Bytes 4/23/2009 22:17:16
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 2/26/2009 19:01:58
AEHEUR.DLL : 8.1.0.121 1728887 Bytes 4/23/2009 22:17:16
AEHELP.DLL : 8.1.2.2 119158 Bytes 2/26/2009 19:01:58
AEGEN.DLL : 8.1.1.39 348532 Bytes 4/23/2009 22:17:14
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/9/2008 13:32:40
AECORE.DLL : 8.1.6.9 176500 Bytes 4/23/2009 22:17:12
AEBB.DLL : 8.1.0.3 53618 Bytes 10/9/2008 13:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 07:48:00
AVPREF.DLL : 9.0.0.1 43777 Bytes 12/5/2008 09:32:16
AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 13:34:30
AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 09:32:10
AVARKT.DLL : 9.0.0.1 292609 Bytes 2/9/2009 06:52:26
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 09:37:10
SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 14:03:50
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 07:21:34
NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 09:32:12
RCIMAGE.DLL : 9.0.0.21 2438401 Bytes 2/9/2009 10:45:46
RCTEXT.DLL : 9.0.35.0 87297 Bytes 3/11/2009 14:55:14
Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Start of the scan: 23 April 2009 23:18
Starting search for hidden objects.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AVP\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AVP\security
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\klif\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\klif\parameters
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\klif\security
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\klif\Parameters\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\klif\Parameters\909
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\klif\Parameters\909\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\klif\Parameters\909\filters
[INFO] The registry entry is invisible.
'67541' objects were checked, '9' hidden objects were found.
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'msiexec.exe' - '1' Module(s) have been scanned
Scan process 'java.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'wmiapsrv.exe' - '1' Module(s) have been scanned
Scan process 'CLI.EXE' - '1' Module(s) have been scanned
Scan process 'CLI.EXE' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SbieSvc.exe' - '1' Module(s) have been scanned
Scan process 'KService.exe' - '1' Module(s) have been scanned
Scan process 'BlueSoleil_.exe' - '1' Module(s) have been scanned
Scan process 'KPF4SS.EXE' - '1' Module(s) have been scanned
Scan process 'JQS.EXE' - '1' Module(s) have been scanned
Scan process 'ehSched.exe' - '1' Module(s) have been scanned
Scan process 'ehRecvr.exe' - '1' Module(s) have been scanned
Scan process 'CSHelper.exe' - '1' Module(s) have been scanned
Scan process 'AVP.EXE' - '0' Module(s) have been scanned
Scan process 'MemCheck.exe' - '1' Module(s) have been scanned
Scan process 'Acer.Empowering.Framework.Launcher.exe' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'MSNMSGR.EXE' - '1' Module(s) have been scanned
Scan process 'Skype.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'SbieCtrl.exe' - '1' Module(s) have been scanned
Scan process 'CTFMON.EXE' - '1' Module(s) have been scanned
Scan process 'SMSystemAnalyzer.exe' - '1' Module(s) have been scanned
Scan process 'REALPLAY.EXE' - '1' Module(s) have been scanned
Scan process 'LVComS.exe' - '1' Module(s) have been scanned
Scan process 'DACSMiniApp.exe' - '1' Module(s) have been scanned
Scan process 'OpWareSE4.exe' - '1' Module(s) have been scanned
Scan process 'SPRTCMD.EXE' - '1' Module(s) have been scanned
Scan process 'AVP.EXE' - '0' Module(s) have been scanned
Scan process 'QtZgAcer.EXE' - '1' Module(s) have been scanned
Scan process 'eRAgent.exe' - '1' Module(s) have been scanned
Scan process 'ePower_DMC.exe' - '1' Module(s) have been scanned
Scan process 'ePresentation.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'SynTPLpr.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned
Scan process 'AGRSMMSG.EXE' - '1' Module(s) have been scanned
Scan process 'CLI.EXE' - '1' Module(s) have been scanned
Scan process 'EHTRAY.EXE' - '1' Module(s) have been scanned
Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned
Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned
Scan process 'ATI2EVXX.EXE' - '1' Module(s) have been scanned
Scan process 'SYMLCSVC.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'ATI2EVXX.EXE' - '1' Module(s) have been scanned
Scan process 'LSASS.EXE' - '1' Module(s) have been scanned
Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned
Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned
Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned
Scan process 'SMSS.EXE' - '1' Module(s) have been scanned
68 processes with 68 modules were scanned
Starting master boot sector scan:
Start scanning boot sectors:
Starting to scan executable files (registry).
The registry was scanned ( '88' files ).
Starting the file scan:
Begin scan in 'C:\' <ACER>
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\hiberfil.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\DAEPMOBW\NewServer[1].dll
[DETECTION] Is the TR/Crypt.FKM.Gen Trojan
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll
[WARNING] The file could not be opened!
C:\System Volume Information\_restore{FB4FD21E-FF3C-4ADA-9BFC-05192CF00D34}\RP539\A0088446.exe
[0] Archive type: ZIP
--> {B753F255-83C5-4556-9B92-D5A28A3E9151}.exe
[DETECTION] Is the TR/PSW.Wow.fqt Trojan
C:\System Volume Information\_restore{FB4FD21E-FF3C-4ADA-9BFC-05192CF00D34}\RP563\A0091901.ocx
[DETECTION] Contains recognition pattern of the ADSPY/Coupons.U adware or spyware
C:\System Volume Information\_restore{FB4FD21E-FF3C-4ADA-9BFC-05192CF00D34}\RP563\A0091902.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{FB4FD21E-FF3C-4ADA-9BFC-05192CF00D34}\RP563\A0091904.exe
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
C:\System Volume Information\_restore{FB4FD21E-FF3C-4ADA-9BFC-05192CF00D34}\RP518\A0086232.DLL
[DETECTION] Is the TR/Crypt.FKM.Gen Trojan
C:\System Volume Information\_restore{FB4FD21E-FF3C-4ADA-9BFC-05192CF00D34}\RP567\A0092427.dll
[DETECTION] Is the TR/Crypt.FKM.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\fsmgmt.dll.vir
[DETECTION] Is the TR/Crypt.FKM.Gen Trojan
Begin scan in 'D:\' <ACERDATA>
Beginning disinfection:
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\DAEPMOBW\NewServer[1].dll
[DETECTION] Is the TR/Crypt.FKM.Gen Trojan
[NOTE] The file was moved to '4a67f95b.qua'!
C:\System Volume Information\_restore{FB4FD21E-FF3C-4ADA-9BFC-05192CF00D34}\RP539\A0088446.exe
[NOTE] The file was moved to '4a20f92a.qua'!
C:\System Volume Information\_restore{FB4FD21E-FF3C-4ADA-9BFC-05192CF00D34}\RP563\A0091901.ocx
[DETECTION] Contains recognition pattern of the ADSPY/Coupons.U adware or spyware
[NOTE] The file was moved to '4b79c273.qua'!
C:\System Volume Information\_restore{FB4FD21E-FF3C-4ADA-9BFC-05192CF00D34}\RP563\A0091902.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26004
[WARNING] The source file could not be found.
[NOTE] Attempting to perform action using the ARK library.
[WARNING] Error in ARK library
[NOTE] The file is scheduled for deleting after reboot.
C:\System Volume Information\_restore{FB4FD21E-FF3C-4ADA-9BFC-05192CF00D34}\RP563\A0091904.exe
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
[NOTE] The file was moved to '4a20f957.qua'!
C:\System Volume Information\_restore{FB4FD21E-FF3C-4ADA-9BFC-05192CF00D34}\RP518\A0086232.DLL
[DETECTION] Is the TR/Crypt.FKM.Gen Trojan
[NOTE] The file was moved to '4a20f95a.qua'!
C:\System Volume Information\_restore{FB4FD21E-FF3C-4ADA-9BFC-05192CF00D34}\RP567\A0092427.dll
[DETECTION] Is the TR/Crypt.FKM.Gen Trojan
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26004
[WARNING] The source file could not be found.
[NOTE] Attempting to perform action using the ARK library.
[WARNING] Error in ARK library
[NOTE] The file is scheduled for deleting after reboot.
C:\Qoobox\Quarantine\C\WINDOWS\system32\fsmgmt.dll.vir
[DETECTION] Is the TR/Crypt.FKM.Gen Trojan
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26004
[WARNING] The source file could not be found.
[NOTE] Attempting to perform action using the ARK library.
[WARNING] Error in ARK library
[NOTE] The file is scheduled for deleting after reboot.
End of the scan: 24 April 2009 00:26
Used time: 1:06:51 Hour(s)
The scan has been done completely.
7124 Scanned directories
320589 Files were scanned
8 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
5 Files were moved to quarantine
0 Files were renamed
3 Files cannot be scanned
320578 Files not concerned
9334 Archives were scanned
6 Warnings
10 Notes
67541 Objects were scanned with rootkit scan
9 Hidden objects were found0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.2K Banking & Borrowing
- 253.6K Reduce Debt & Boost Income
- 454.3K Spending & Discounts
- 245.2K Work, Benefits & Business
- 600.9K Mortgages, Homes & Bills
- 177.5K Life & Family
- 259.1K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards