We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
The Forum is currently experiencing technical issues which the team are working to resolve. Thank you for your patience.
Beware of malicious software "WinPC Antivirus"
Comments
-
Please run COMBOFIX
Follow the simple instructions it gives
Post the COMPLETE log it creates here (Split into sections if need be)
If it comes up with a RENAMING error then RIGHT click the exe file and RENAME and call it QWERTY (Making the complete file name 'QWERTY.exe') Or SAVE as 'QWERTY' on download:idea:0 -
AliEnRik - this is Danandjens Worldtravels - I managed to find my old log in because it wouldn't let me post links etc, with the Danandjens Worldtravels. Thanks for all your help.
ComboFix 09-05-25.07 - Jenny 26/05/2009 11:18.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.191 [GMT 1:00]
Running from: c:\documents and settings\Jenny\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
ADS - WINDOWS: deleted 48 bytes in 1 streams.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Altnet
c:\windows\Fonts\acrsec.fon
c:\windows\system32\AdCache
c:\windows\system32\cache329
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
\Legacy_MYWEBSEARCHSERVICE
((((((((((((((((((((((((( Files Created from 2009-04-26 to 2009-05-26 )))))))))))))))))))))))))))))))
.
2009-05-25 18:59 . 2009-05-25 18:59
d
w c:\program files\CCleaner
2009-05-25 18:53 . 2009-05-25 18:53
d
w c:\program files\Trend Micro
2009-05-25 18:45 . 2009-05-25 18:45
d
w c:\documents and settings\Jenny\Local Settings\Application Data\Mozilla
2009-05-25 18:38 . 2009-05-25 18:38
d
w c:\documents and settings\Jenny\Application Data\Malwarebytes
2009-05-25 16:01 . 2009-05-25 16:01
d
w c:\documents and settings\Administrator.ADVICESKILLS.000\Application Data\Malwarebytes
2009-05-25 15:35 . 2009-04-06 14:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-25 15:34 . 2009-04-06 14:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-25 15:34 . 2009-05-25 16:01
d
w c:\program files\Malwarebytes' Anti-Malware
2009-05-25 15:34 . 2009-05-25 15:34
d
w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-23 10:47 . 2009-05-03 09:07 2051864 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-05-23 10:47 . 2009-05-03 09:06 354584 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgxch32.dll
2009-05-23 10:47 . 2009-05-03 09:06 424472 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgwdwsc.dll
2009-05-23 10:47 . 2009-05-03 09:06 312088 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avglngx.dll
2009-05-23 10:47 . 2009-05-03 09:06 177432 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgmail.dll
2009-05-23 10:47 . 2009-05-03 09:06 3288344 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe
2009-05-23 10:47 . 2009-05-03 09:07 486168 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgrsx.exe
2009-05-23 10:43 . 2009-05-03 09:03 1437464 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
2009-05-23 10:43 . 2009-05-03 09:03 755992 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avginet.dll
2009-05-22 17:52 . 2009-05-22 17:52
d
w c:\documents and settings\Jenny\Application Data\Fabulous Finds
2009-05-21 13:52 . 2009-05-21 13:52
d
w c:\documents and settings\Jenny\Local Settings\Application Data\Slapdash Games
2009-05-21 13:52 . 2009-05-21 13:52
d
w c:\documents and settings\All Users\Application Data\Slapdash Games
2009-05-15 11:42 . 2009-05-03 09:07 2302232 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avguiadv.dll
2009-05-15 11:42 . 2009-05-03 09:07 3399960 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-25 19:29 . 2008-10-13 20:06
d
w c:\program files\Yahoo!
2009-05-25 19:27 . 2007-10-25 21:26
d
w c:\program files\Google
2009-05-25 19:27 . 2008-10-19 12:09
d
w c:\program files\Virgin Media Games
2009-05-22 18:56 . 2008-11-03 19:49
d
w c:\program files\Oberon Media
2009-05-22 18:54 . 2008-10-14 15:08
d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-05-03 09:07 . 2009-03-21 11:14 11952 ----a-w c:\windows\system32\avgrsstx.dll
2009-05-03 09:07 . 2007-10-21 15:16 27784 ----a-w c:\windows\system32\drivers\avgmfx86.sys
2009-05-03 09:07 . 2009-03-21 11:14 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-05-03 09:06 . 2009-03-21 11:14 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-04-23 19:04 . 2006-03-10 11:09
d--h--w c:\program files\InstallShield Installation Information
2009-04-23 19:04 . 2006-12-10 14:21
d
w c:\program files\LG PC Suite
2009-04-23 18:45 . 2006-03-10 11:21
d
w c:\program files\Roxio
2009-04-23 17:50 . 2009-04-23 17:00
d
w c:\program files\HandBrake
2009-04-23 17:26 . 2009-04-23 17:26
d
w c:\documents and settings\Jenny\Application Data\HandBrake
2009-04-23 15:51 . 2009-04-19 13:31
d
w c:\documents and settings\Jenny\Application Data\dvdcss
2009-04-22 13:15 . 2009-04-22 13:14
d
w c:\program files\FormatFactory
2009-04-20 21:26 . 2009-04-20 21:26
d
w c:\program files\Cucusoft
2009-04-19 13:59 . 2009-04-19 13:37
d
w c:\program files\Elaborate Bytes
2009-04-19 13:31 . 2009-04-19 13:16
d
w c:\documents and settings\Jenny\Application Data\vlc
2009-04-19 13:07 . 2009-04-19 13:07
d
w c:\program files\VideoLAN
2009-04-16 09:23 . 2008-11-22 15:54
d
w c:\documents and settings\Jenny\Application Data\HPAppData
2009-03-12 13:44 . 2009-03-12 13:44 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-12 13:43 . 2009-03-12 13:43 152576 ----a-w c:\documents and settings\Jenny\Application Data\Sun\Java\jre1.6.0_11\lzma.dll
2009-03-11 10:01 . 2006-08-05 00:56 35656 ----a-w c:\documents and settings\Jenny\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-06 14:22 . 2004-08-10 12:51 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2004-08-10 12:51 826368 ----a-w c:\windows\system32\wininet.dll
2007-09-20 20:56 . 2007-02-20 18:59 56 --sh--r c:\windows\system32\6AA03F41E4.sys
2007-09-20 20:56 . 2007-02-20 18:59 2828 --sha-w c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-07-02 393216]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell Wireless Manager UI"="c:\windows\system32\WLTRAY" [X]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 761947]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-12 136600]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-03-10 26112]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-03 1947928]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-09-09 393216]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-03 09:07 11952 ----a-w c:\windows\system32\avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [21/03/2009 12:14 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [21/03/2009 12:14 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [21/03/2009 12:13 298776]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [11/03/2009 10:59 55152]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 19:08 533360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
2009-05-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 11:34]
2007-07-08 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 1100 series272A572217594EBCF1CEE215E352B92AD073FDE4172168893.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 17:56]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-DVDXGhost - c:\program files\DVD Ghost\DVDGhost.EXE
HKCU-Run-AVScan - c:\documents and settings\Jenny\Application Data\winav.exe
HKLM-Run-NapsterShell - c:\program files\Napster\napster.exe
HKLM-Run-MPSExe - c:\progra~1\mcafee.com\mps\mscifapp.exe
HKLM-Run-MCUpdateExe - c:\progra~1\mcafee.com\agent\mcupdate.exe
HKLM-Run-MCAgentExe - c:\progra~1\mcafee.com\agent\mcagent.exe
HKLM-Run-AOLDialer - c:\program files\Common Files\AOL\ACS\AOLDial.exe
HKLM-Run-BVRPLiveUpdate - c:\program files\Avanquest update\Engine\Setup.exe
SafeBoot-procexp90.Sys
.
Supplementary Scan
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.co.uk/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
FF - ProfilePath - c:\documents and settings\Jenny\Application Data\Mozilla\Firefox\Profiles\bd3sdegs.default\
FF - prefs.js: browser.startup.homepage - https://www.google.co.uk
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-26 11:25
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
DLLs Loaded Under Running Processes
- - - - - - - > 'winlogon.exe'(768)
c:\windows\System32\BCMLogon.dll
- - - - - - - > 'explorer.exe'(1628)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Other Running Processes
.
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Dell\NicConfigSvc\NicConfigSvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\WLTRAY.EXE
c:\program files\Digital Line Detect\DLG.exe
c:\program files\FinePixViewerS\QuickDCF2.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\msiexec.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2009-05-26 11:31 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-26 10:31
Pre-Run: 3,966,349,312 bytes free
Post-Run: 4,459,704,320 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
225 --- E O F --- 2009-05-13 15:50Ready to Go Go!0 -
Combofix removed some nasties. Looks clean otherwise
Download SUPERANTISPYWARE (Make sure you click 'DOWNLOAD LATEST VERSION')
http://www.filehippo.com/download_superantispyware/
UPDATE and PERFORM COMPLETE SCAN
(Then goto console and LOGS and post the log it created then untick it from STARTING UP WITH WINDOWS):idea:0 -
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 05/26/2009 at 02:32 PM
Application Version : 4.26.1002
Core Rules Database Version : 3909
Trace Rules Database Version: 1853
Scan type : Complete Scan
Total Scan Time : 00:58:33
Memory items scanned : 613
Memory threats detected : 0
Registry items scanned : 6253
Registry threats detected : 0
File items scanned : 22063
File threats detected : 0Ready to Go Go!0 -
Looks like your nice and clean now
:idea:0 -
Oooh goody, thanks for all your help. You are my most favourite person today! :jReady to Go Go!0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 350K Banking & Borrowing
- 252.7K Reduce Debt & Boost Income
- 453.1K Spending & Discounts
- 242.9K Work, Benefits & Business
- 619.8K Mortgages, Homes & Bills
- 176.4K Life & Family
- 255.9K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 15.1K Coronavirus Support Boards