We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
please have a look
Comments
-
ok have done that this is what it comes up with
ComboFix 09-05-08.03 -***** 09/05/2009 18:22.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1215.492 [GMT 1:00]
Running from: c:\documents and settings\*****\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated)
FW: PC Tools Firewall Plus *enabled*
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\*****\LOCALS~1\Temp\catchme.dll
c:\documents and settings\*****\Application Data\inst.exe
c:\documents and settings\*****\Local Settings\Temp\catchme.dll
.
((((((((((((((((((((((((( Files Created from 2009-04-09 to 2009-05-09 )))))))))))))))))))))))))))))))
.
2009-05-09 09:10 . 2009-05-09 09:10
d
w c:\program files\Trend Micro
2009-05-08 22:33 . 2009-05-08 22:36
d
w c:\documents and settings\*****\Application Data\Mobile Master
2009-05-08 22:32 . 2009-05-08 23:15
d
w c:\program files\Mobile Master
2009-04-30 19:27 . 2009-03-24 15:08 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-04-30 19:26 . 2009-04-30 19:26
d
w c:\program files\Avira
2009-04-30 19:26 . 2009-04-30 19:26
d
w c:\documents and settings\All Users\Application Data\Avira
2009-04-25 16:57 . 2009-04-25 16:57
d
w c:\documents and settings\*****\Local Settings\Application Data\Help
2009-04-22 19:06 . 2003-11-04 14:10 69632 ----a-w c:\windows\system32\lfgif13n.dll
2009-04-22 19:06 . 2004-01-12 01:09 206336 ----a-w c:\windows\system32\ltefx13n.dll
2009-04-22 19:06 . 2004-05-14 15:53 401408 ----a-w c:\windows\system32\lfcmp13n.dll
2009-04-22 19:06 . 2004-05-14 15:53 57344 ----a-w c:\windows\system32\lfbmp13n.dll
2009-04-22 19:06 . 2004-05-14 15:53 450560 ----a-w c:\windows\system32\ltimg13n.dll
2009-04-22 19:06 . 2004-05-14 15:53 299008 ----a-w c:\windows\system32\ltdis13n.dll
2009-04-22 19:06 . 2004-05-14 15:53 163840 ----a-w c:\windows\system32\ltfil13n.dll
2009-04-22 19:06 . 2004-05-14 15:53 462848 ----a-w c:\windows\system32\ltkrn13n.dll
2009-04-21 20:04 . 2009-05-01 22:08
d
w c:\documents and settings\*****\Application Data\gtk-2.0
2009-04-21 20:04 . 2009-04-22 07:05
d
w c:\documents and settings\*****\.thumbnails
2009-04-21 20:00 . 2009-05-05 21:03
d
w c:\documents and settings\*****\.gimp-2.6
2009-04-21 20:00 . 2009-04-21 20:00
d
w c:\documents and settings\*****\.gegl-0.0
2009-04-21 19:58 . 2009-04-21 19:58
d
w c:\program files\GIMP-2.0
2009-04-15 07:51 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-15 07:51 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-15 07:51 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-15 07:51 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 07:51 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 07:51 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 07:51 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 07:51 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-15 07:51 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-15 07:49 . 2008-05-03 11:55 2560
w c:\windows\system32\xpsp4res.dll
2009-04-15 07:49 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-14 20:51 . 2009-04-14 20:51
d
w c:\documents and settings\*****\Local Settings\Application Data\HP
2009-04-14 20:50 . 2009-04-14 20:50
d
w c:\documents and settings\All Users\Application Data\HP
2009-04-14 20:49 . 2009-04-14 20:51
d
w c:\program files\HP
2009-04-14 20:48 . 2009-04-14 20:51 19498 ----a-w c:\windows\hpqins13.dat
2009-04-14 20:25 . 2009-04-14 20:39
d
w c:\program files\Magic Gallery 5
2009-04-10 19:43 . 2009-04-10 19:43 47360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2009-04-10 19:43 . 2009-04-11 07:03 47360 ----a-w c:\documents and settings\*****\Application Data\pcouffin.sys
2009-04-10 19:43 . 2009-04-11 07:03
d
w c:\documents and settings\*****\Application Data\Vso
2009-04-10 14:03 . 2009-04-10 14:03
d
w c:\documents and settings\*****\Application Data\AVS4YOU
2009-04-10 14:03 . 2009-04-10 14:03
d
w c:\documents and settings\All Users\Application Data\AVS4YOU
2009-04-10 14:01 . 2009-04-10 14:02
d
w c:\program files\Common Files\AVSMedia
2009-04-10 14:00 . 2009-01-28 19:49 974848 ----a-w c:\windows\system32\mfc70.dll
2009-04-10 14:00 . 2009-01-28 19:49 487424 ----a-w c:\windows\system32\msvcp70.dll
2009-04-10 14:00 . 2009-01-28 19:49 344064 ----a-w c:\windows\system32\msvcr70.dll
2009-04-10 14:00 . 2009-01-28 19:49 1700352 ----a-w c:\windows\system32\GdiPlus.dll
2009-04-10 14:00 . 2009-01-28 19:49 24576 ----a-w c:\windows\system32\msxml3a.dll
2009-04-10 14:00 . 2009-04-10 19:26
d
w c:\program files\AVS4YOU
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-08 23:15 . 2009-03-14 18:40
d
w c:\program files\Common Files\Wise Installation Wizard
2009-05-06 15:48 . 2009-03-14 18:40
d
w c:\program files\SUPERAntiSpyware
2009-04-14 17:04 . 2009-03-14 18:39
d
w c:\program files\Malwarebytes' Anti-Malware
2009-04-06 14:32 . 2009-03-14 18:40 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 14:32 . 2009-03-14 18:40 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-06 08:58 . 2009-03-14 20:49
d
w c:\program files\Java
2009-03-29 19:02 . 2009-03-29 19:02
d
w c:\program files\Windows Media Connect 2
2009-03-29 19:00 . 2005-08-24 05:56
d
w c:\program files\Windows Media Connect
2009-03-29 19:00 . 2009-03-14 17:43 129 ----a-w c:\documents and settings\*****\Local Settings\Application Data\fusioncache.dat
2009-03-28 20:41 . 2009-03-28 20:41
d
w c:\program files\Coupon Printer
2009-03-28 20:41 . 2009-03-28 20:41 31 ---ha-w c:\windows\UKCpInfo.sys
2009-03-23 21:47 . 2009-03-23 21:43
d
w c:\program files\TVersity Codec Pack
2009-03-23 21:47 . 2009-03-23 21:46
d
w c:\program files\ffdshow
2009-03-23 21:42 . 2009-03-23 21:42
d
w c:\program files\TVersity
2009-03-18 12:21 . 2009-03-14 18:38
d
w c:\program files\PC Tools Firewall Plus
2009-03-15 14:12 . 2009-03-14 18:35 13104 ----a-w c:\documents and settings\*****\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-15 12:58 . 2009-03-15 10:33 130424 ----a-w c:\windows\system32\drivers\PCTCore.sys
2009-03-15 12:58 . 2009-03-15 10:33 73840 ----a-w c:\windows\system32\drivers\PCTAppEvent.sys
2009-03-15 12:58 . 2009-03-15 10:32 95640 ----a-w c:\windows\system32\drivers\pctplfw.sys
2009-03-15 12:54 . 2009-03-14 18:38
d
w c:\program files\Common Files\PC Tools
2009-03-15 01:32 . 2009-03-15 01:32 60 ----a-w c:\windows\system32\SYSDRV.DAT
2009-03-14 22:02 . 2005-08-24 05:55
d
w c:\program files\MSN Messenger
2009-03-14 21:41 . 2005-02-15 01:03 76487 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-03-14 20:02 . 2009-03-14 18:44
d
w c:\program files\Spybot - Search & Destroy
2009-03-14 18:48 . 2009-03-14 18:37
d
w c:\program files\ThreatFire
2009-03-14 18:41 . 2009-03-14 18:41
d
w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-03-14 18:40 . 2009-03-14 18:40
d
w c:\documents and settings\*****\Application Data\SUPERAntiSpyware.com
2009-03-14 18:39 . 2009-03-14 18:39 0 ----a-w c:\windows\nsreg.dat
2009-03-09 04:19 . 2009-03-14 20:50 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-06 14:22 . 2005-02-14 23:48 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 12:19 . 2009-03-14 18:37 39184 ----a-w c:\windows\system32\drivers\TfSysMon.sys
2009-03-03 12:19 . 2009-03-14 18:37 33040 ----a-w c:\windows\system32\drivers\TfNetMon.sys
2009-03-03 12:19 . 2009-03-14 18:37 51472 ----a-w c:\windows\system32\drivers\TfFsMon.sys
2009-03-03 12:19 . 2009-03-14 18:37 12560 ----a-w c:\windows\system32\drivers\TfKbMon.sys
2009-03-03 00:18 . 2005-02-15 06:49 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2005-02-14 23:48 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 12:10 . 2005-02-15 06:48 729088
w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2005-02-15 06:48 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 12:10 . 2005-02-14 23:48 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2005-02-14 23:48 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 11:13 . 2005-02-15 06:49 1846784
w c:\windows\system32\win32k.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-07-15 32768]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
"AudioDeck"="c:\program files\VIAudioi\SBADeck\ADeck.exe" [2004-09-30 7957504]
"ThreatFire"="c:\program files\ThreatFire\TFTray.exe" [2009-03-03 263440]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2009-03-15 2652056]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-05-04 98304]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2004-10-01 53248]
"VTTrayp"="VTtrayp.exe" - c:\windows\system32\VTTrayp.exe [2004-06-22 143360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Power2GoExpress"="c:\program files\CyberLink\Power2Go\Power2GoExpress.exe" [2004-11-06 1359967]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= serwvdrv.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\TVersity\\Media Server\\MediaServer.exe"=
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [07/01/2009 23:39 20744]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [14/03/2009 19:37 51472]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [14/03/2009 19:37 39184]
R0 viaide1;viaide1;c:\windows\system32\drivers\viaidexp.sys [24/08/2005 04:36 6144]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [15/03/2009 11:33 159600]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [17/02/2009 12:43 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [17/02/2009 12:43 55024]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [30/04/2009 20:27 108289]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [15/03/2009 11:33 73840]
R2 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service --> c:\program files\ThreatFire\TFService.exe service [?]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [15/03/2009 11:32 95640]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17/02/2009 12:43 7408]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [14/03/2009 19:37 33040]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [07/12/2008 12:44 30088]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [02/07/2008 14:58 26248]
--- Other Services/Drivers In Memory ---
*Deregistered* - mchInjDrv
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{39fb6d3e-1bb7-11de-aa27-0013d39ba668}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ad58fac6-10bf-11de-a9ff-0013d39ba668}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
.
Supplementary Scan
.
FF - ProfilePath - c:\documents and settings\maggie\Application Data\Mozilla\Firefox\Profiles\7bacgmi5.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.co.uk/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-09 18:34
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
DLLs Loaded Under Running Processes
- - - - - - - > 'winlogon.exe'(884)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\ThreatFire\TFWAH.dll
c:\program files\ThreatFire\TFNI.dll
- - - - - - - > 'lsass.exe'(940)
c:\program files\ThreatFire\TFWAH.dll
- - - - - - - > 'explorer.exe'(10888)
c:\program files\ThreatFire\TFWAH.dll
c:\program files\ThreatFire\TFNI.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-05-09 18:42
ComboFix-quarantined-files.txt 2009-05-09 17:42
Pre-Run: 51,893,686,272 bytes free
Post-Run: 51,945,496,576 bytes free
210 --- E O F --- 2009-04-15 08:15
i still havent took off threatfire yet, thats getting done tonight, i also changed my computers name to ****has been around for a while but always learning,0 -
Combofix found 3 nasties ~
c:\docume~1\*****\LOCALS~1\Temp\catchme.dll
c:\documents and settings\*****\Application Data\inst.exe
c:\documents and settings\*****\Local Settings\Temp\catchme.dll
I dont really have time to check it right now so id suggest a KASPERSKY ONLINE SCAN (click to scan 'MY COMPUTER')
http://www.kaspersky.co.uk/virusscanner
Please post the complete log it creates:idea:0 -
have done that scan and its come up with notihng, didnt give me a log file
has been around for a while but always learning,0 -
Ok ~ id say your clean now :idea:0
-
thanks for that alienrik i havent been on comp for a couple of days hence the late reply.
i did anouther scan today using kapersky (just in case) and it did pick something up
although the avira still has not heres what the log file said
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
A:\
C:\
\
Scan statistics:
Files scanned: 39772
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 00:45:17
File name / Threat name / Threats count
C:\iQon\Install_IOLfree.exe Infected: Backdoor.Win32.Hupigon.guug 1
The selected area was scanned.
any ideas on what to do from here?has been around for a while but always learning,0 -
Just find the file and manually remove it. Looks like its only nasty if its run:idea:0
-
thanks again as always you manage to fix it has been around for a while but always learning,0
-
RIK, how come Avira is letting all these through then? Not as good as it used to be?No free lunch, and no free laptop
0 -
Who deliberately ignores a virus warning though (apart from her brother)?No free lunch, and no free laptop0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.1K Banking & Borrowing
- 253.6K Reduce Debt & Boost Income
- 454.3K Spending & Discounts
- 245.2K Work, Benefits & Business
- 600.9K Mortgages, Homes & Bills
- 177.5K Life & Family
- 259K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards