We’d like to remind Forumites to please avoid political debate on the Forum.

This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.

📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

A little help ....pleaaseee

13»

Comments

  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    You never posted the combofix log which really needs looking at (And no, dont use it 'willy nilly')
    AVG tool is fine
    Id also recommend uninstalling Avira and reinstalling as im not convinced its quite right
    :idea:
  • 5stey
    5stey Posts: 115 Forumite
    Sorry alienrik here goes:
    ((((((((((((((((((((((((( Files Created from 2009-04-09 to 2009-05-09 )))))))))))))))))))))))))))))))
    .

    2009-05-09 09:51 . 2009-05-09 09:51
    d
    w c:\documents and settings\All Users\Application Data\NortonInstaller
    2009-05-09 09:08 . 2009-05-09 09:08
    d
    w c:\program files\Trend Micro
    2009-05-08 18:34 . 2009-05-08 18:34
    d
    w c:\documents and settings\Freda\Application Data\Malwarebytes
    2009-05-08 18:34 . 2009-04-06 14:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
    2009-05-08 18:34 . 2009-04-06 14:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
    2009-05-08 18:34 . 2009-05-08 18:34
    d
    w c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-05-08 18:34 . 2009-05-08 18:34
    d
    w c:\program files\Malwarebytes' Anti-Malware
    2009-05-08 18:02 . 2009-05-08 18:02
    d
    w c:\program files\EsetOnlineScanner
    2009-04-19 17:55 . 2009-03-06 14:22 284160
    w c:\windows\system32\dllcache\pdh.dll
    2009-04-19 17:55 . 2009-02-09 12:10 401408
    w c:\windows\system32\dllcache\rpcss.dll
    2009-04-19 17:55 . 2009-02-06 11:11 110592
    w c:\windows\system32\dllcache\services.exe
    2009-04-19 17:55 . 2009-02-09 12:10 473600
    w c:\windows\system32\dllcache\fastprox.dll
    2009-04-19 17:55 . 2009-02-06 10:10 227840
    w c:\windows\system32\dllcache\wmiprvse.exe
    2009-04-19 17:55 . 2009-02-09 12:10 453120
    w c:\windows\system32\dllcache\wmiprvsd.dll
    2009-04-19 17:55 . 2009-02-09 12:10 729088
    w c:\windows\system32\dllcache\lsasrv.dll
    2009-04-19 17:55 . 2009-02-09 12:10 617472
    w c:\windows\system32\dllcache\advapi32.dll
    2009-04-19 17:55 . 2009-02-09 12:10 714752
    w c:\windows\system32\dllcache\ntdll.dll
    2009-04-19 17:53 . 2008-05-03 11:55 2560
    w c:\windows\system32\xpsp4res.dll
    2009-04-19 17:53 . 2008-04-21 12:08 215552
    w c:\windows\system32\dllcache\wordpad.exe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-04-28 16:04 . 2009-03-17 18:37 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
    2009-03-17 18:37 . 2009-03-17 18:37
    d
    w c:\program files\Avira
    2009-03-06 14:22 . 1979-12-31 23:00 284160 ----a-w c:\windows\system32\pdh.dll
    2009-03-03 00:18 . 1979-12-31 23:00 826368 ----a-w c:\windows\system32\wininet.dll
    2009-02-20 18:09 . 1979-12-31 23:00 78336 ----a-w c:\windows\system32\ieencode.dll
    2009-02-20 15:08 . 2005-12-11 08:16 96040 ----a-w c:\documents and settings\Freda\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-02-20 14:52 . 2009-01-10 10:32 410984 ----a-w c:\windows\system32\deploytk.dll
    2009-02-09 12:10 . 1979-12-31 23:00 729088 ----a-w c:\windows\system32\lsasrv.dll
    2009-02-09 12:10 . 1979-12-31 23:00 714752 ----a-w c:\windows\system32\ntdll.dll
    2009-02-09 12:10 . 1979-12-31 23:00 617472 ----a-w c:\windows\system32\advapi32.dll
    2009-02-09 12:10 . 1979-12-31 23:00 401408 ----a-w c:\windows\system32\rpcss.dll
    2009-02-09 10:13 . 1979-12-31 23:00 1846784 ----a-w c:\windows\system32\win32k.sys
    2008-05-04 20:54 . 2008-05-04 20:54 122880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    .

    ((((((((((((((((((((((((((((( SnapShot@2009-05-09_10.13.10 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-05-09 20:08 . 2009-05-09 20:08 16384 c:\windows\Temp\Perflib_Perfdata_430.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-30 68856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "eRecoveryService"="c:\windows\System32\Check.exe" [2005-03-23 245760]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-01-31 385024]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-20 148888]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "EnableProfileQuota"= 1 (0x1)

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SMART Board Tools.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SMART Board Tools.lnk
    backup=c:\windows\pss\SMART Board Tools.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Utility Tray.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Utility Tray.lnk
    backup=c:\windows\pss\Utility Tray.lnkCommon Startup

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\MSN Messenger\\livecall.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [17/03/2009 19:37 108289]
    S2 gupdate1c9896baa71d80;Google Update Service (gupdate1c9896baa71d80);c:\program files\Google\Update\GoogleUpdate.exe [07/02/2009 21:28 133104]
    S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [04/05/2008 21:54 29744]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5653bf6a-785f-11da-bee9-0014a4526f32}]
    \Shell\AutoRun\command - F:\setupSNK.exe
    .
    Contents of the 'Scheduled Tasks' folder

    2009-05-09 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-31 16:38]

    2009-05-09 c:\windows\Tasks\GoogleUpdateTaskMachine.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-07 20:27]

    2009-05-09 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
    - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]

    2009-05-09 c:\windows\Tasks\User_Feed_Synchronization-{5E7CE7D3-9BF2-4FE4-9DF7-0E75437DA228}.job
    - c:\windows\system32\msfeedssync.exe [2007-08-13 17:36]

    2009-03-23 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]
    .
    .
    Supplementary Scan
    .
    uStart Page = hxxp://www.google.co.uk/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/
    uInternet Settings,ProxyServer = http=localhost:7171
    uInternet Settings,ProxyOverride = *.local;<local>
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
    IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://virtualstudio.live.2020.net/KBBPromoVirtualPlanner/Core/Player/2020PlayerAX_Win32.cab
    FF - ProfilePath - c:\documents and settings\Farida\Application Data\Mozilla\Firefox\Profiles\38lf5q9w.default\
    FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
    FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
    FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-05-09 21:18
    Windows 5.1.2600 Service Pack 3 FAT NTAPI

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    DLLs Loaded Under Running Processes

    - - - - - - - > 'explorer.exe'(3520)
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2009-05-09 21:20
    ComboFix-quarantined-files.txt 2009-05-09 20:20
    ComboFix2.txt 2009-05-09 10:16

    Pre-Run: 10,780,819,456 bytes free
    Post-Run: 10,769,891,328 bytes free

    147 --- E O F --- 2009-04-30 14:25
  • 5stey
    5stey Posts: 115 Forumite
    Thankyouuuuuuuuuuu so much
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    Just as a final check ~

    run a KASPERSKY ONLINE SCAN (click to scan 'MY COMPUTER')
    http://www.kaspersky.co.uk/virusscanner
    Please post the complete log it creates
    :idea:
  • 5stey
    5stey Posts: 115 Forumite
    sorry been tied up. will run scan now. thanx
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 352.2K Banking & Borrowing
  • 253.6K Reduce Debt & Boost Income
  • 454.3K Spending & Discounts
  • 245.2K Work, Benefits & Business
  • 600.9K Mortgages, Homes & Bills
  • 177.5K Life & Family
  • 259K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16K Discuss & Feedback
  • 37.7K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture