We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
The MSE Forum Team would like to wish you all a Merry Christmas. However, we know this time of year can be difficult for some. If you're struggling during the festive period, here's a list of organisations that might be able to help
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Has MSE helped you to save or reclaim money this year? Share your 2025 MoneySaving success stories!
Beware of malicious software "WinPC Antivirus"
Comments
-
Please run COMBOFIX
Follow the simple instructions it gives
Post the COMPLETE log it creates here (Split into sections if need be)
If it comes up with a RENAMING error then RIGHT click the exe file and RENAME and call it QWERTY (Making the complete file name 'QWERTY.exe') Or SAVE as 'QWERTY' on download:idea:0 -
AliEnRik - this is Danandjens Worldtravels - I managed to find my old log in because it wouldn't let me post links etc, with the Danandjens Worldtravels. Thanks for all your help.
ComboFix 09-05-25.07 - Jenny 26/05/2009 11:18.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.191 [GMT 1:00]
Running from: c:\documents and settings\Jenny\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
ADS - WINDOWS: deleted 48 bytes in 1 streams.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Altnet
c:\windows\Fonts\acrsec.fon
c:\windows\system32\AdCache
c:\windows\system32\cache329
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
\Legacy_MYWEBSEARCHSERVICE
((((((((((((((((((((((((( Files Created from 2009-04-26 to 2009-05-26 )))))))))))))))))))))))))))))))
.
2009-05-25 18:59 . 2009-05-25 18:59
d
w c:\program files\CCleaner
2009-05-25 18:53 . 2009-05-25 18:53
d
w c:\program files\Trend Micro
2009-05-25 18:45 . 2009-05-25 18:45
d
w c:\documents and settings\Jenny\Local Settings\Application Data\Mozilla
2009-05-25 18:38 . 2009-05-25 18:38
d
w c:\documents and settings\Jenny\Application Data\Malwarebytes
2009-05-25 16:01 . 2009-05-25 16:01
d
w c:\documents and settings\Administrator.ADVICESKILLS.000\Application Data\Malwarebytes
2009-05-25 15:35 . 2009-04-06 14:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-25 15:34 . 2009-04-06 14:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-25 15:34 . 2009-05-25 16:01
d
w c:\program files\Malwarebytes' Anti-Malware
2009-05-25 15:34 . 2009-05-25 15:34
d
w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-23 10:47 . 2009-05-03 09:07 2051864 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-05-23 10:47 . 2009-05-03 09:06 354584 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgxch32.dll
2009-05-23 10:47 . 2009-05-03 09:06 424472 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgwdwsc.dll
2009-05-23 10:47 . 2009-05-03 09:06 312088 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avglngx.dll
2009-05-23 10:47 . 2009-05-03 09:06 177432 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgmail.dll
2009-05-23 10:47 . 2009-05-03 09:06 3288344 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe
2009-05-23 10:47 . 2009-05-03 09:07 486168 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgrsx.exe
2009-05-23 10:43 . 2009-05-03 09:03 1437464 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
2009-05-23 10:43 . 2009-05-03 09:03 755992 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avginet.dll
2009-05-22 17:52 . 2009-05-22 17:52
d
w c:\documents and settings\Jenny\Application Data\Fabulous Finds
2009-05-21 13:52 . 2009-05-21 13:52
d
w c:\documents and settings\Jenny\Local Settings\Application Data\Slapdash Games
2009-05-21 13:52 . 2009-05-21 13:52
d
w c:\documents and settings\All Users\Application Data\Slapdash Games
2009-05-15 11:42 . 2009-05-03 09:07 2302232 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avguiadv.dll
2009-05-15 11:42 . 2009-05-03 09:07 3399960 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-25 19:29 . 2008-10-13 20:06
d
w c:\program files\Yahoo!
2009-05-25 19:27 . 2007-10-25 21:26
d
w c:\program files\Google
2009-05-25 19:27 . 2008-10-19 12:09
d
w c:\program files\Virgin Media Games
2009-05-22 18:56 . 2008-11-03 19:49
d
w c:\program files\Oberon Media
2009-05-22 18:54 . 2008-10-14 15:08
d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-05-03 09:07 . 2009-03-21 11:14 11952 ----a-w c:\windows\system32\avgrsstx.dll
2009-05-03 09:07 . 2007-10-21 15:16 27784 ----a-w c:\windows\system32\drivers\avgmfx86.sys
2009-05-03 09:07 . 2009-03-21 11:14 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-05-03 09:06 . 2009-03-21 11:14 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-04-23 19:04 . 2006-03-10 11:09
d--h--w c:\program files\InstallShield Installation Information
2009-04-23 19:04 . 2006-12-10 14:21
d
w c:\program files\LG PC Suite
2009-04-23 18:45 . 2006-03-10 11:21
d
w c:\program files\Roxio
2009-04-23 17:50 . 2009-04-23 17:00
d
w c:\program files\HandBrake
2009-04-23 17:26 . 2009-04-23 17:26
d
w c:\documents and settings\Jenny\Application Data\HandBrake
2009-04-23 15:51 . 2009-04-19 13:31
d
w c:\documents and settings\Jenny\Application Data\dvdcss
2009-04-22 13:15 . 2009-04-22 13:14
d
w c:\program files\FormatFactory
2009-04-20 21:26 . 2009-04-20 21:26
d
w c:\program files\Cucusoft
2009-04-19 13:59 . 2009-04-19 13:37
d
w c:\program files\Elaborate Bytes
2009-04-19 13:31 . 2009-04-19 13:16
d
w c:\documents and settings\Jenny\Application Data\vlc
2009-04-19 13:07 . 2009-04-19 13:07
d
w c:\program files\VideoLAN
2009-04-16 09:23 . 2008-11-22 15:54
d
w c:\documents and settings\Jenny\Application Data\HPAppData
2009-03-12 13:44 . 2009-03-12 13:44 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-12 13:43 . 2009-03-12 13:43 152576 ----a-w c:\documents and settings\Jenny\Application Data\Sun\Java\jre1.6.0_11\lzma.dll
2009-03-11 10:01 . 2006-08-05 00:56 35656 ----a-w c:\documents and settings\Jenny\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-06 14:22 . 2004-08-10 12:51 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2004-08-10 12:51 826368 ----a-w c:\windows\system32\wininet.dll
2007-09-20 20:56 . 2007-02-20 18:59 56 --sh--r c:\windows\system32\6AA03F41E4.sys
2007-09-20 20:56 . 2007-02-20 18:59 2828 --sha-w c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-07-02 393216]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell Wireless Manager UI"="c:\windows\system32\WLTRAY" [X]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 761947]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-12 136600]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-03-10 26112]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-03 1947928]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-09-09 393216]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-03 09:07 11952 ----a-w c:\windows\system32\avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [21/03/2009 12:14 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [21/03/2009 12:14 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [21/03/2009 12:13 298776]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [11/03/2009 10:59 55152]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 19:08 533360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
2009-05-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 11:34]
2007-07-08 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 1100 series272A572217594EBCF1CEE215E352B92AD073FDE4172168893.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 17:56]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-DVDXGhost - c:\program files\DVD Ghost\DVDGhost.EXE
HKCU-Run-AVScan - c:\documents and settings\Jenny\Application Data\winav.exe
HKLM-Run-NapsterShell - c:\program files\Napster\napster.exe
HKLM-Run-MPSExe - c:\progra~1\mcafee.com\mps\mscifapp.exe
HKLM-Run-MCUpdateExe - c:\progra~1\mcafee.com\agent\mcupdate.exe
HKLM-Run-MCAgentExe - c:\progra~1\mcafee.com\agent\mcagent.exe
HKLM-Run-AOLDialer - c:\program files\Common Files\AOL\ACS\AOLDial.exe
HKLM-Run-BVRPLiveUpdate - c:\program files\Avanquest update\Engine\Setup.exe
SafeBoot-procexp90.Sys
.
Supplementary Scan
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.co.uk/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
FF - ProfilePath - c:\documents and settings\Jenny\Application Data\Mozilla\Firefox\Profiles\bd3sdegs.default\
FF - prefs.js: browser.startup.homepage - https://www.google.co.uk
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-26 11:25
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
DLLs Loaded Under Running Processes
- - - - - - - > 'winlogon.exe'(768)
c:\windows\System32\BCMLogon.dll
- - - - - - - > 'explorer.exe'(1628)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Other Running Processes
.
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Dell\NicConfigSvc\NicConfigSvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\WLTRAY.EXE
c:\program files\Digital Line Detect\DLG.exe
c:\program files\FinePixViewerS\QuickDCF2.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\msiexec.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2009-05-26 11:31 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-26 10:31
Pre-Run: 3,966,349,312 bytes free
Post-Run: 4,459,704,320 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
225 --- E O F --- 2009-05-13 15:50Ready to Go Go!0 -
Combofix removed some nasties. Looks clean otherwise
Download SUPERANTISPYWARE (Make sure you click 'DOWNLOAD LATEST VERSION')
http://www.filehippo.com/download_superantispyware/
UPDATE and PERFORM COMPLETE SCAN
(Then goto console and LOGS and post the log it created then untick it from STARTING UP WITH WINDOWS):idea:0 -
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 05/26/2009 at 02:32 PM
Application Version : 4.26.1002
Core Rules Database Version : 3909
Trace Rules Database Version: 1853
Scan type : Complete Scan
Total Scan Time : 00:58:33
Memory items scanned : 613
Memory threats detected : 0
Registry items scanned : 6253
Registry threats detected : 0
File items scanned : 22063
File threats detected : 0Ready to Go Go!0 -
Looks like your nice and clean now
:idea:0 -
Oooh goody, thanks for all your help. You are my most favourite person today! :jReady to Go Go!0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.9K Banking & Borrowing
- 253.9K Reduce Debt & Boost Income
- 454.7K Spending & Discounts
- 246K Work, Benefits & Business
- 602.1K Mortgages, Homes & Bills
- 177.8K Life & Family
- 259.9K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards