We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
A little help please.
Comments
-
Your quite badly infected so far as I can tell
By running 2 anti virus programs theyve probably been conflicting with one another (Which is why you believe AVAST hasnt been doing anything when in reality it tends to be the much better av program)
Combofix also mentions this ~
'Norton Internet Worm Protection'
Please uninstall it from your computer
Then run the KASPERSKY ONLINE SCANNER (a full MY COMPUTER scan)
Post the log it creates and we shall take from there:idea:0 -
How do i uninstall the norton worm thing? It isn't on the add or remove programs. Norton was already on the comp when i bought it but i never used it as i dont like NortonAccept that some days you're the pigeon and some days you're the statue.0
-
I've found the folder but no uninstall option, will it work if i delete the folder?
I've also uninstalled AVGAccept that some days you're the pigeon and some days you're the statue.0 -
Use the norton removal tool
http://service1.symantec.com/Support/tsgeninfo.nsf/docid/2005033108162039:idea:0 -
Scan statistics Files scanned 108755 Threat name 1 Infected objects 2 Suspicious objects 0 Duration of the scan 04:58:14
File name Threat name Threats count C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\6.0\44\232f2a6c-72a6c328Infected: Exploit.Java.Gimsh.a1
C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-51fad18-5a0ad922.zipInfected: Exploit.Java.Gimsh.a1
The selected area was scanned.Accept that some days you're the pigeon and some days you're the statue.0 -
It says 'the selected area was scanned'. Did you scan the WHOLE computer?
Open notepad and copy/paste the text in RED below
File::
C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvm impro.jar-51fad18-5a0ad922.zip
C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\6.0\44\232f2a6c-72a6c328
c:\windows\system32\uwahogup.tmp
C:\sqmdata03.sqm
C:\sqmnoopt03.sqm
C:\sqmdata02.sqm
C:\sqmnoopt02.sqm
C:\sqmdata01.sqm
C:\sqmnoopt01.sqm
C:\sqmdata00.sqm
C:\sqmnoopt00.sqm
C:\sqmdata19.sqm
C:\sqmnoopt19.sqm
C:\sqmdata18.sqm
C:\sqmnoopt18.sqm
C:\sqmdata17.sqm
C:\sqmnoopt17.sqm
C:\sqmdata16.sqm
C:\sqmnoopt16.sqm
C:\sqmdata15.sqm
C:\sqmnoopt15.sqm
C:\sqmdata14.sqm
C:\sqmnoopt14.sqm
C:\sqmdata13.sqm
C:\sqmnoopt13.sqm
C:\sqmdata12.sqm
C:\sqmnoopt12.sqm
C:\sqmdata11.sqm
C:\sqmnoopt11.sqm
C:\sqmdata10.sqm
C:\sqmnoopt10.sqm
C:\sqmdata09.sqm
C:\sqmnoopt09.sqm
C:\sqmdata08.sqm
C:\sqmnoopt08.sqm
C:\sqmdata07.sqm
C:\sqmnoopt07.sqm
C:\sqmdata06.sqm
C:\sqmnoopt06.sqm
C:\sqmdata05.sqm
C:\sqmnoopt05.sqm
C:\sqmdata04.sqm
C:\sqmnoopt04.sqm
c:\windows\Internet Logs\xDB1.tmp
Save this as "CFScript"
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply
Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
UNINSTALL ~ 'ASKBARDIS' (The ask toolbar)
Download CCLEANER (Make sure you click 'DOWNLOAD LATEST VERSION' ~ make sure YAHOO TOOLBAR is unticked on installation)
http://www.filehippo.com/download_ccleaner/
Run the CLEANER scan
Then run the REGISTRY scan (Backup the registry when it asks)
Download SUPERANTISPYWARE (Make sure you click 'DOWNLOAD LATEST VERSION')
http://www.filehippo.com/download_superantispyware/
UPDATE and PERFORM COMPLETE SCAN
(Then goto console and LOGS and post the log it created then untick it from STARTING UP WITH WINDOWS)
then UPDATE and run another FULL malwarebytes scan:idea:0 -
It did scan the whole computer, not sure why it says selected areas though.
ComboFix 09-04-20.02 - HP_Administrator 20/04/2009 15:22.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1023.413 [GMT 1:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090419-0] *On-access scanning enabled* (Updated)
FW: ZoneAlarm Firewall *enabled*
* Created a new restore point
FILE ::
c:\documents and settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\6.0\44\232f2a6c-72a6c328
c:\documents and settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvm impro.jar-51fad18-5a0ad922.zip
C:\sqmdata00.sqm
C:\sqmdata01.sqm
C:\sqmdata02.sqm
C:\sqmdata03.sqm
C:\sqmdata04.sqm
C:\sqmdata05.sqm
C:\sqmdata06.sqm
C:\sqmdata07.sqm
C:\sqmdata08.sqm
C:\sqmdata09.sqm
C:\sqmdata10.sqm
C:\sqmdata11.sqm
C:\sqmdata12.sqm
C:\sqmdata13.sqm
C:\sqmdata14.sqm
C:\sqmdata15.sqm
C:\sqmdata16.sqm
C:\sqmdata17.sqm
C:\sqmdata18.sqm
C:\sqmdata19.sqm
C:\sqmnoopt00.sqm
C:\sqmnoopt01.sqm
C:\sqmnoopt02.sqm
C:\sqmnoopt03.sqm
C:\sqmnoopt04.sqm
C:\sqmnoopt05.sqm
C:\sqmnoopt06.sqm
C:\sqmnoopt07.sqm
C:\sqmnoopt08.sqm
C:\sqmnoopt09.sqm
C:\sqmnoopt10.sqm
C:\sqmnoopt11.sqm
C:\sqmnoopt12.sqm
C:\sqmnoopt13.sqm
C:\sqmnoopt14.sqm
C:\sqmnoopt15.sqm
C:\sqmnoopt16.sqm
C:\sqmnoopt17.sqm
C:\sqmnoopt18.sqm
C:\sqmnoopt19.sqm
c:\windows\Internet Logs\xDB1.tmp
c:\windows\system32\uwahogup.tmp
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\6.0\44\232f2a6c-72a6c328
C:\sqmdata00.sqm
C:\sqmdata01.sqm
C:\sqmdata02.sqm
C:\sqmdata03.sqm
C:\sqmdata04.sqm
C:\sqmdata05.sqm
C:\sqmdata06.sqm
C:\sqmdata07.sqm
C:\sqmdata08.sqm
C:\sqmdata09.sqm
C:\sqmdata10.sqm
C:\sqmdata11.sqm
C:\sqmdata12.sqm
C:\sqmdata13.sqm
C:\sqmdata14.sqm
C:\sqmdata15.sqm
C:\sqmdata16.sqm
C:\sqmdata17.sqm
C:\sqmdata18.sqm
C:\sqmdata19.sqm
C:\sqmnoopt00.sqm
C:\sqmnoopt01.sqm
C:\sqmnoopt02.sqm
C:\sqmnoopt03.sqm
C:\sqmnoopt04.sqm
C:\sqmnoopt05.sqm
C:\sqmnoopt06.sqm
C:\sqmnoopt07.sqm
C:\sqmnoopt08.sqm
C:\sqmnoopt09.sqm
C:\sqmnoopt10.sqm
C:\sqmnoopt11.sqm
C:\sqmnoopt12.sqm
C:\sqmnoopt13.sqm
C:\sqmnoopt14.sqm
C:\sqmnoopt15.sqm
C:\sqmnoopt16.sqm
C:\sqmnoopt17.sqm
C:\sqmnoopt18.sqm
C:\sqmnoopt19.sqm
c:\windows\Internet Logs\xDB1.tmp
c:\windows\system32\uwahogup.tmp
.
((((((((((((((((((((((((( Files Created from 2009-03-20 to 2009-04-20 )))))))))))))))))))))))))))))))
.
2009-04-19 22:26 . 2009-04-19 22:26
d
w c:\documents and settings\All Users\Application Data\NortonInstaller
2009-04-19 17:06 . 2009-04-19 17:06
d
w c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
2009-04-19 17:06 . 2009-04-06 14:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-19 17:06 . 2009-04-06 14:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-19 17:06 . 2009-04-19 17:06
d
w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-19 17:05 . 2009-04-19 17:06
d
w c:\program files\Malwarebytes' Anti-Malware
2009-04-19 09:30 . 2009-04-19 15:09
dc-h--w c:\documents and settings\All Users\Application Data\~0
2009-04-19 09:29 . 2009-04-19 15:09
d
w c:\documents and settings\All Users\Application Data\Lavasoft
2009-04-16 17:54 . 2009-03-09 01:53 73728 ----a-w c:\windows\system32\javacpl.cpl
2009-04-16 17:54 . 2009-03-09 04:19 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-15 08:54 . 2009-03-06 14:22 284160
w c:\windows\system32\dllcache\pdh.dll
2009-04-15 08:54 . 2009-02-09 12:10 401408
w c:\windows\system32\dllcache\rpcss.dll
2009-04-15 08:54 . 2009-02-06 11:11 110592
w c:\windows\system32\dllcache\services.exe
2009-04-15 08:54 . 2009-02-09 12:10 729088
w c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 08:54 . 2009-02-09 12:10 617472
w c:\windows\system32\dllcache\advapi32.dll
2009-04-15 08:54 . 2009-02-09 12:10 473600
w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 08:54 . 2009-02-09 12:10 453120
w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 08:54 . 2009-02-06 10:10 227840
w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 08:54 . 2009-02-09 12:10 714752
w c:\windows\system32\dllcache\ntdll.dll
2009-04-15 08:53 . 2008-05-03 11:55 2560
w c:\windows\system32\xpsp4res.dll
2009-04-15 08:53 . 2009-03-27 06:58 1203922
w c:\windows\system32\dllcache\sysmain.sdb
2009-04-15 08:53 . 2008-04-21 12:08 215552
w c:\windows\system32\dllcache\wordpad.exe
2009-04-11 17:03 . 2009-04-11 17:03
d
w c:\program files\Bethesda Softworks
2009-04-10 23:25 . 2009-04-10 23:25
d
w c:\program files\iPod
2009-04-10 23:25 . 2009-04-10 23:25
d
w c:\program files\iTunes
2009-04-10 23:25 . 2009-04-10 23:25
d
w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-10 23:23 . 2009-04-10 23:23
d
w c:\program files\Bonjour
2009-04-10 23:18 . 2009-04-10 23:19
d
w c:\program files\Safari
2009-04-06 15:27 . 2009-04-06 15:27
d
w c:\documents and settings\HP_Administrator\Application Data\Playrix Entertainment
2009-04-06 14:26 . 2009-04-06 14:26
d
w c:\documents and settings\All Users\Application Data\HipSoft
2009-04-06 14:26 . 2009-04-19 19:11
d
w c:\windows\Fishdom
2009-04-06 14:26 . 2009-04-09 16:44
d
w c:\program files\Fishdom
2009-04-04 03:04 . 2009-04-04 03:05
d
w c:\program files\Common Files\DivX Shared
2009-03-28 19:11 . 2009-03-28 19:11
d
w c:\documents and settings\All Users\Application Data\NCH Software
2009-03-28 19:10 . 2009-03-29 09:15
d
w c:\program files\NCH Software
2009-03-28 19:10 . 2009-03-28 19:11
d
w c:\documents and settings\All Users\Application Data\NCH Swift Sound
2009-03-28 19:10 . 2009-03-29 09:16
d
w c:\documents and settings\HP_Administrator\Application Data\NCH Swift Sound
2009-03-27 10:02 . 2009-03-27 10:03
d
w c:\program files\AskBarDis
2009-03-23 16:35 . 2009-03-23 16:35 4 ----a-w c:\windows\msoffice.ini
2009-03-23 16:33 . 2009-03-23 16:35
d
w C:\CompuServe 2000a
2009-03-23 16:23 . 1999-04-05 17:23 204331 ----a-w c:\windows\csunins.exe
2009-03-23 16:23 . 1999-01-26 18:21 153088 ----a-w c:\windows\system32\jgdwmie.dll
2009-03-22 17:10 . 2009-03-22 17:10
d
w c:\documents and settings\All Users\Application Data\n7-89-o9-3r-4t-r9
2009-03-22 17:10 . 2009-03-22 17:10
d
w c:\documents and settings\HP_Administrator\Application Data\GameHouse
2009-03-21 23:49 . 2009-03-21 23:49
d
w c:\documents and settings\All Users\Application Data\Trymedia
2009-03-21 23:49 . 2009-03-22 00:50
d
w C:\GameHouse Games
2009-03-21 23:48 . 2009-03-22 00:50
d
w c:\program files\RealArcade
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-19 22:30 . 2006-07-16 03:00
d
w c:\program files\Common Files\Symantec Shared
2009-04-19 15:44 . 2008-03-28 14:18
d
w c:\program files\MagicISO
2009-04-19 15:43 . 2006-07-16 02:57
d
w c:\program files\Google
2009-04-19 15:41 . 2006-07-16 02:43
d--h--w c:\program files\InstallShield Installation Information
2009-04-19 15:00 . 2009-04-19 10:59 1080 ----a-w C:\aaw7boot.log
2009-04-19 10:59 . 2009-03-06 15:53 90112 ----a-w c:\windows\DUMPa316.tmp
2009-04-19 09:36 . 2009-04-19 09:37 1810944 ----a-w c:\windows\Internet Logs\xDB2.tmp
2009-04-18 00:11 . 2007-06-01 00:03
d
w c:\documents and settings\HP_Administrator\Application Data\uTorrent
2009-04-16 18:04 . 2006-07-16 02:06
d
w c:\program files\Java
2009-04-16 17:54 . 2006-10-31 17:02
d
w c:\program files\LimeWire
2009-04-13 15:03 . 2006-10-31 19:21
d
w c:\documents and settings\HP_Administrator\Application Data\Apple Computer
2009-04-10 23:25 . 2007-08-28 20:21
d
w c:\program files\Common Files\Apple
2009-04-06 15:27 . 2009-03-19 21:30
d
w c:\program files\Zylom Games
2009-04-06 14:26 . 2009-03-19 21:31
d
w c:\documents and settings\HP_Administrator\Application Data\Zylom
2009-04-04 03:05 . 2008-03-18 15:45
d
w c:\program files\DivX
2009-03-27 10:02 . 2007-01-16 00:20 4212 ---ha-w c:\windows\system32\zllictbl.dat
2009-03-21 17:39 . 2006-10-22 21:11 55472 ----a-w c:\documents and settings\HP_Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-21 14:06 . 2009-03-21 14:06 989696
w c:\windows\system32\dllcache\kernel32.dll
2009-03-19 21:30 . 2009-03-19 21:30
d
w c:\documents and settings\All Users\Application Data\Zylom
2009-03-19 15:32 . 2008-01-29 11:01 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-19 13:26 . 2009-03-19 13:26
d
w c:\program files\MSBuild
2009-03-19 13:26 . 2009-03-19 13:26
d
w c:\program files\Reference Assemblies
2009-03-18 22:41 . 2009-03-18 22:40
d
w c:\program files\Microsoft IntelliPoint
2009-03-18 15:56 . 2009-03-18 15:55
d
w c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-18 15:52 . 2008-12-23 12:19
d
w c:\program files\QuickTime
2009-03-09 14:59 . 2009-03-09 14:59
d
w c:\program files\Atari
2009-03-08 21:50 . 2009-03-08 21:50 3532 ----a-w C:\drmHeader.bin
2009-03-08 15:08 . 2008-12-16 22:51
d
w c:\documents and settings\HP_Administrator\Application Data\Move Networks
2009-03-08 15:01 . 2009-03-08 15:01
d
w c:\program files\Microsoft Silverlight
2009-03-08 13:32 . 2009-03-08 13:32
d
w c:\documents and settings\HP_Administrator\Application Data\Uniblue
2009-03-08 12:41 . 2009-03-08 12:41
d
w c:\program files\uTorrent
2009-03-07 11:08 . 2009-03-07 11:08
d
w c:\program files\Alwil Software
2009-03-06 15:46 . 2009-03-06 15:46 85439 ----a-w c:\windows\Internet Logs\vsmon_2nd_2009_03_06_15_43_27_small.dmp.zip
2009-03-06 15:43 . 2009-03-06 15:43 85535 ----a-w c:\windows\Internet Logs\vsmon_2nd_2009_03_06_15_28_39_small.dmp.zip
2009-03-06 15:28 . 2009-03-06 15:28 84219 ----a-w c:\windows\Internet Logs\vsmon_2nd_2009_03_06_15_26_05_small.dmp.zip
2009-03-06 15:25 . 2009-03-06 15:25 83978 ----a-w c:\windows\Internet Logs\vsmon_2nd_2009_03_06_15_21_30_small.dmp.zip
2009-03-06 15:21 . 2009-03-06 15:21 84223 ----a-w c:\windows\Internet Logs\vsmon_2nd_2009_03_06_15_17_45_small.dmp.zip
2009-03-06 14:22 . 2004-08-09 21:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-06 13:59 . 2009-03-06 13:59
d
w c:\documents and settings\All Users\Application Data\SupportSoft
2009-03-06 13:58 . 2009-03-06 13:57
d
w c:\program files\O2
2009-03-06 13:44 . 2009-03-06 13:44
d
w c:\program files\Common Files\SupportSoft
2009-03-03 00:18 . 2004-08-09 21:00 826368 ----a-w c:\windows\system32\wininet.dll
2009-03-03 00:18 . 2004-08-09 21:00 826368 ----a-w c:\windows\system32\dllcache\wininet.dll
2009-02-28 04:54 . 2004-08-09 21:00 636072 ----a-w c:\windows\system32\dllcache\iexplore.exe
2009-02-24 19:34 . 2009-02-24 19:34 90112 ----a-w c:\windows\system32\dpl100.dll
2009-02-24 19:34 . 2009-02-24 19:34 823296 ----a-w c:\windows\system32\divx_xx0c.dll
2009-02-24 19:34 . 2009-02-24 19:34 823296 ----a-w c:\windows\system32\divx_xx07.dll
2009-02-24 19:34 . 2009-02-24 19:34 815104 ----a-w c:\windows\system32\divx_xx0a.dll
2009-02-24 19:34 . 2009-02-24 19:34 802816 ----a-w c:\windows\system32\divx_xx11.dll
2009-02-24 19:34 . 2009-02-24 19:34 684032 ----a-w c:\windows\system32\DivX.dll
2009-02-20 10:20 . 2007-05-09 17:02 13824 ----a-w c:\windows\system32\dllcache\ieudinit.exe
2009-02-20 10:20 . 2004-08-09 21:00 70656 ----a-w c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 05:14 . 2004-08-09 21:00 161792 ----a-w c:\windows\system32\dllcache\ieakui.dll
2009-02-16 00:10 . 2009-03-08 12:43 1221512 ----a-w c:\windows\system32\zpeng25.dll
2009-02-09 12:10 . 2004-08-09 21:00 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2004-08-10 04:00 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2004-08-09 21:00 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2004-08-09 21:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 11:13 . 2008-11-26 01:10 1846784 ----a-w c:\windows\system32\dllcache\win32k.sys
2009-02-09 11:13 . 2004-08-09 21:00 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-07 18:02 . 2008-11-26 01:09 2066048 ----a-w c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-06 11:11 . 2004-08-09 21:00 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:08 . 2008-11-26 01:09 2189056 ----a-w c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-06 11:06 . 2008-11-26 01:09 2145280 ----a-w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-06 11:06 . 2006-10-31 17:45 2145280 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2004-08-09 21:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 10:39 . 2004-08-09 21:00 35328 ----a-w c:\windows\system32\dllcache\sc.exe
2009-02-06 10:32 . 2008-11-26 01:09 2023936 ----a-w c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-06 10:32 . 2006-10-31 17:45 2023936 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-03 19:59 . 2009-02-03 19:59 56832
w c:\windows\system32\dllcache\secur32.dll
2009-02-03 19:59 . 2004-08-09 21:00 56832 ----a-w c:\windows\system32\secur32.dll
2008-09-22 17:33 . 2008-09-22 17:33 251 ----a-w c:\program files\wt3d.ini
2007-09-01 19:53 . 2007-09-01 19:53 53920 ----a-w c:\documents and settings\HP_Administrator\Application Data\GDIPFONTCACHEV1.DAT
2006-10-19 20:21 . 2006-10-19 20:13 139 ----a-w c:\documents and settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
2006-07-16 02:01 . 2006-07-16 02:01 136 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\fusioncache.dat
2009-02-24 19:2009-02-24 19:34 34:32 . c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:2009-02-24 19:34 34:32 . c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-12-17 14:44 . 2008-12-17 14:44 32768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008121720081218\index.dat
.
((((((((((((((((((((((((((((( SnapShot@2009-04-19_21.12.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-19 22:35 . 2009-04-19 22:35 16384 c:\windows\Temp\Perflib_Perfdata_704.dat
+ 2009-04-20 11:52 . 2009-04-20 11:52 16384 c:\windows\Temp\Perflib_Perfdata_198.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-10-16 18:22 333192 ----a-w c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-16 333192]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-16 333192]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-02-13 7557120]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-26 177472]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"ftutil2"="ftutil2.dll" - c:\windows\system32\ftutil2.dll [2004-06-07 106496]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-03-08 16010240]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" - c:\windows\arpwrmsg.exe [2005-08-02 77312]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 1294336]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Belkin Wireless USB Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Belkin Wireless USB Utility.lnk
backup=c:\windows\pss\Belkin Wireless USB Utility.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Belkin\\USB F5D7050\\Wireless Utility\\Belkinwcui.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Alwil Software\\Avast4\\ashDisp.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"30672:TCP"= 30672:TCP:Bit Torrent
S1 aswSP;avast! Self Protection; [x]
S2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [2008-10-16 464264]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17a8c1b6-bb55-11dd-9a8b-0016eca352bb}]
\Shell\AutoRun\command - J:\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{20f24d05-6463-11dc-9828-0016eca352bb}]
\Shell\AutoRun\command - J:\AutoRun.exeAccept that some days you're the pigeon and some days you're the statue.0 -
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{679da352-54e1-11dc-981c-0016eca352bb}]
\Shell\AutoRun\command - K:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{679da355-54e1-11dc-981c-0016eca352bb}]
\Shell\AutoRun\command - K:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b9538b04-55a3-11dc-981d-0016eca352bb}]
\Shell\AutoRun\command - J:\AutoRun.exe
.
Contents of the 'Scheduled Tasks' folder
2009-04-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 12:34]
2009-04-20 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
2009-03-18 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2008-06-10 12:56]
.
.
Supplementary Scan
.
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=63&bd=PAVILION&pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=63&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=63&bd=PAVILION&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=63&bd=PAVILION&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
IE: &Search
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
TCP: {2096E753-C77D-459F-B010-F8353A27F8EB} = 194.168.4.100,194.168.8.100
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fem57wf5.default\
FF - prefs.js: browser.startup.homepage - https://www.yahoo.co.uk
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1856535&SearchSource=2&q=
FF - component: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fem57wf5.default\extensions\{2dd8ae44-bd83-45b1-a3e5-451f60672ec1}\components\FFAlert.dll
FF - component: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fem57wf5.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayAccessService.dll
FF - component: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fem57wf5.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayFormSubmitObserver.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fem57wf5.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npcsau7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-20 15:28
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_USERS\S-1-5-21-2969302126-4026353310-1886354327-1007\Software\YourCompanyName\YourProductName\Version*]
"VersionData"=hex:9a,44,c7,8c,ee,aa,f7,03,3b,7d,6b,e2,e9,7a,c7,dc,a3,34,2b,27,
dd,ad,45,bd,5e,ee,ac,6a,f3,2a,49,66,5a,64,28,63,c6,f8,2a,1d,29,ee,0d,7f,1b,\
.
Completion time: 2009-04-20 15:30
ComboFix-quarantined-files.txt 2009-04-20 14:30
ComboFix2.txt 2009-04-19 21:15
Pre-Run: 26,398,150,656 bytes free
Post-Run: 26,458,861,568 bytes free
388 --- E O F --- 2009-04-15 09:25
Just gonna do everything else you said now
Accept that some days you're the pigeon and some days you're the statue.0 -
Whilst i'm doing this, i just got an email to say my ebay password had been changed. I've reset it now though but i guess it just got hacked?Accept that some days you're the pigeon and some days you're the statue.0
-
Whilst i'm doing this, i just got an email to say my ebay password had been changed. I've reset it now though but i guess it just got hacked?
thats not good!
You might have a keylogger on your computer then (A little out of my league)
Have to see how you get on. It might have just been a coincedence:idea:0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.5K Banking & Borrowing
- 253.7K Reduce Debt & Boost Income
- 454.5K Spending & Discounts
- 245.5K Work, Benefits & Business
- 601.5K Mortgages, Homes & Bills
- 177.6K Life & Family
- 259.5K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards