We’d like to remind Forumites to please avoid political debate on the Forum.

This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.

📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
The Forum now has a brand new text editor, adding a bunch of handy features to use when creating posts. Read more in our how-to guide

Google redirecting to other sites!

2»

Comments

  • eyelinerprincess
    eyelinerprincess Posts: 4,679 Forumite
    Part of the Furniture 1,000 Posts Combo Breaker
    ComboFix 09-05-31.06 - Jen 06/02/2009 22:40.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.958.556 [GMT 1:00]
    Running from: c:\documents and settings\Jen\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\-1669246863
    c:\windows\Install.txt
    c:\windows\system32\3361
    c:\windows\system32\drivers\ip_fw.sys
    c:\windows\system32\drivers\kungsfpucrcnpy.sys
    c:\windows\system32\ijqiyuqe.dll
    c:\windows\system32\ijqiyuqe32.dll
    c:\windows\system32\inform.dat
    c:\windows\system32\kungsfeqgvpfli.dat
    c:\windows\system32\kungsfkrvkbeae.dll
    c:\windows\system32\kungsfmqpapjmy.dat
    c:\windows\system32\kungsfrxeyfrmo.dll

    Infected copy of c:\windows\system32\drivers\ndis.sys was found and disinfected
    Restored copy from - The cat ate it :)
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    \Service_kungsfnvpwsfps
    \Legacy_6to4
    \Legacy_avast!antivirus
    \Legacy_dhcpsrv
    \Legacy_ipfw
    \Legacy_ip_fw
    \Legacy_msncache
    \Legacy_ntalme
    \Legacy_sopidkc
    \Service_6to4
    \Service_ip_fw
    \Service_ntalme


    ((((((((((((((((((((((((( Files Created from 2009-05-02 to 2009-06-02 )))))))))))))))))))))))))))))))
    .

    2009-06-01 15:25 . 2009-06-01 15:26 45 ----a-w- c:\windows\system32\ca.dat
    2009-06-01 15:25 . 2009-06-01 15:25 1 ----a-w- c:\windows\system32\q1.dat
    2009-06-01 15:25 . 2009-06-01 15:25 1 ----a-w- c:\windows\system32\idm.dat
    2009-06-01 15:25 . 2009-06-01 15:25 1 ----a-w- c:\windows\system32\ck.dat
    2009-06-01 15:25 . 2009-06-01 15:25 1 ----a-w- c:\windows\system32\c2d.dat
    2009-06-01 15:21 . 2009-03-09 19:06 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2009-06-01 15:16 . 2009-03-12 08:17 2902048 -c--a-w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
    2009-06-01 15:16 . 2009-06-01 15:16
    dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
    2009-06-01 15:16 . 2009-06-01 15:23
    d
    w- c:\documents and settings\All Users\Application Data\Lavasoft
    2009-06-01 15:16 . 2009-06-01 15:16
    d
    w- c:\program files\Lavasoft
    2009-06-01 15:07 . 2009-06-01 15:17
    d
    w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-06-01 15:07 . 2009-06-01 15:07
    d
    w- c:\program files\Spybot - Search & Destroy
    2009-06-01 15:00 . 2009-06-01 15:00
    d
    w- c:\program files\CCleaner
    2009-05-31 23:00 . 2009-05-31 23:00
    d
    w- c:\documents and settings\David\Local Settings\Application Data\Identities
    2009-05-31 18:29 . 2009-05-31 18:29
    d
    w- c:\documents and settings\Jen\Application Data\Malwarebytes
    2009-05-31 10:26 . 2009-05-31 10:26
    d
    w- c:\documents and settings\David\Application Data\Malwarebytes
    2009-05-31 10:14 . 2009-06-02 21:48 99422 ----a-w- c:\windows\system32\drivers\9555bf16.sys
    2009-05-31 06:59 . 2009-05-31 06:59
    d
    w- c:\documents and settings\Ann\Application Data\Malwarebytes
    2009-05-31 06:59 . 2009-05-26 12:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-05-31 06:59 . 2009-05-31 06:59
    d
    w- c:\program files\Malwarebytes' Anti-Malware
    2009-05-31 06:59 . 2009-05-31 06:59
    d
    w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-05-31 06:59 . 2009-05-26 12:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-05-31 06:56 . 2009-05-31 06:56
    d
    w- c:\program files\NVT Malware Remover Tool
    2009-05-31 06:47 . 2009-06-02 21:48 99422 ----a-w- c:\windows\system32\drivers\de481ae.sys
    2009-05-31 00:46 . 2009-05-31 00:46
    d
    w- c:\documents and settings\Ann\Local Settings\Application Data\iqgyhioo
    2009-05-31 00:46 . 2009-05-31 00:46
    d
    w- c:\documents and settings\Ann\Application Data\iqgyhioo
    2009-05-30 23:38 . 2009-05-30 23:38
    d
    w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\iqgyhioo
    2009-05-30 23:38 . 2009-05-30 23:38
    d
    w- c:\windows\system32\config\systemprofile\Application Data\iqgyhioo
    2009-05-30 21:50 . 2009-06-02 21:48 99422 ----a-w- c:\windows\system32\drivers\de9b2e3a.sys
    2009-05-30 21:39 . 2009-06-02 21:48 99422 ----a-w- c:\windows\system32\drivers\4c85f27e.sys
    2009-05-30 21:17 . 2009-05-30 21:17
    d-s---w- c:\windows\system32\config\systemprofile\UserData
    2009-05-30 20:44 . 2009-05-31 06:46
    d
    w- c:\windows\dhcp
    2009-05-30 20:40 . 2009-06-02 21:48 89420 ----a-w- c:\windows\system32\drivers\8eb360ea.sys
    2009-05-30 20:38 . 2009-05-30 20:38
    d
    w- c:\documents and settings\All Users\Application Data\MythPeople
    2009-05-30 20:38 . 2009-05-30 20:38 552 ----a-w- c:\windows\system32\d3d8caps.dat
    2009-05-30 19:58 . 2009-05-30 19:58
    d
    w- c:\program files\Wedding Dash 2
    2009-05-29 11:23 . 2009-05-29 11:23
    d
    w- c:\documents and settings\Wullie\Local Settings\Application Data\Identities
    2009-05-27 20:56 . 2009-05-27 20:56
    d
    w- c:\documents and settings\Ann\Local Settings\Application Data\Apple
    2009-05-26 18:00 . 2008-04-14 00:09 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
    2009-05-26 18:00 . 2008-04-14 00:09 6144 ----a-w- c:\windows\system32\kbd106.dll
    2009-05-26 18:00 . 2001-08-17 21:36 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
    2009-05-26 18:00 . 2001-08-17 21:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll
    2009-05-26 18:00 . 2001-08-17 21:36 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
    2009-05-26 18:00 . 2001-08-17 21:36 8192 ----a-w- c:\windows\system32\kbdkor.dll
    2009-05-26 18:00 . 2001-08-17 13:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
    2009-05-26 18:00 . 2001-08-17 13:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
    2009-05-26 18:00 . 2001-08-17 13:55 6144 ----a-w- c:\windows\system32\kbd101c.dll
    2009-05-26 18:00 . 2001-08-17 13:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
    2009-05-26 18:00 . 2001-08-17 13:55 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
    2009-05-26 18:00 . 2001-08-17 13:55 5632 ----a-w- c:\windows\system32\kbd103.dll
    2009-05-26 10:01 . 2009-05-09 19:39 38200 ----a-w- c:\documents and settings\Wullie\Application Data\Macromedia\Flash Player\https://www.macromedia.com\bin\airappinstaller\airappinstaller.exe
    2009-05-26 10:00 . 2009-05-26 10:00
    d
    w- c:\documents and settings\Wullie\Local Settings\Application Data\Adobe
    2009-05-26 00:24 . 2009-05-26 00:25
    d
    w- c:\documents and settings\David\Application Data\PSPdisp
    2009-05-23 20:09 . 2009-05-23 20:09
    d
    w- c:\documents and settings\Ann\Local Settings\Application Data\Last.fm
    2009-05-23 18:33 . 2009-05-23 18:33
    d
    w- c:\documents and settings\All Users\Application Data\SpinTop Games
    2009-05-20 14:34 . 2009-05-20 14:34
    d
    w- c:\program files\danny_kay1710
    2009-05-20 14:19 . 2009-05-20 14:19
    d
    w- c:\documents and settings\David\Local Settings\Application Data\Winnydows
    2009-05-20 14:10 . 2009-05-20 14:10
    d
    w- c:\program files\Winnydows
    2009-05-18 19:10 . 2009-05-18 19:10
    d
    w- c:\documents and settings\All Users\Application Data\GameHouse
    2009-05-18 00:51 . 2009-05-18 00:51
    d
    w- c:\documents and settings\David\Application Data\Ahead
    2009-05-18 00:06 . 2009-05-18 00:08
    d
    w- c:\documents and settings\David\Application Data\XBMC
    2009-05-17 19:56 . 2008-04-14 00:12 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
    2009-05-17 19:53 . 2009-05-17 19:53
    d
    w- c:\program files\Thrustmaster
    2009-05-17 19:53 . 2006-03-15 08:44 162176 ----a-w- c:\windows\system32\drivers\rt2500usb.sys
    2009-05-17 15:33 . 2009-05-17 15:33
    d
    w- c:\documents and settings\All Users\Application Data\GoBit Games
    2009-05-17 12:11 . 2009-05-17 12:11
    d
    w- c:\windows\system32\scripting
    2009-05-17 12:11 . 2009-05-17 12:11
    d
    w- c:\windows\system32\en
    2009-05-17 12:11 . 2009-05-17 12:11
    d
    w- c:\windows\system32\bits
    2009-05-17 12:11 . 2009-05-17 12:11
    d
    w- c:\windows\l2schemas
    2009-05-15 15:19 . 2009-05-15 15:19
    d
    w- c:\documents and settings\Ann\Local Settings\Application Data\Adobe
    2009-05-14 23:18 . 2009-05-27 12:55
    d
    w- c:\documents and settings\David\Application Data\uTorrent
    2009-05-14 23:15 . 2009-05-14 23:16
    d
    w- c:\documents and settings\David\Local Settings\Application Data\Adobe
    2009-05-14 22:25 . 2009-05-14 22:25
    d
    w- c:\documents and settings\All Users\SonicStage
    2009-05-14 22:21 . 2009-05-14 22:21
    d
    w- c:\documents and settings\All Users\Application Data\Sony Corporation
    2009-05-14 22:21 . 2009-05-14 22:22
    d
    w- c:\program files\Sony
    2009-05-14 22:20 . 2009-05-14 22:25
    d
    w- c:\documents and settings\David\Application Data\Sony Corporation
    2009-05-14 22:20 . 2009-05-14 22:21
    d
    w- c:\program files\Common Files\Sony Shared
    2009-05-14 22:08 . 2008-07-10 10:01 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
    2009-05-14 22:04 . 2009-05-14 22:08
    d--h--w- c:\windows\msdownld.tmp
    2009-05-14 22:04 . 2009-05-14 22:04
    d
    w- c:\windows\Logs
    2009-05-13 20:56 . 2009-05-13 20:56
    d
    w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
    2009-05-11 09:19 . 2009-05-11 09:19
    d
    w- c:\documents and settings\All Users\Application Data\Fugazo
    2009-05-11 09:19 . 2009-05-31 18:54
    d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2009-05-11 09:17 . 2009-05-11 09:19
    d
    w- c:\program files\Cooking Academy 2 World Cuisine
    2009-05-11 09:17 . 2009-05-11 09:17
    d
    w- c:\windows\Cooking Academy 2 World Cuisine
    2009-05-09 22:12 . 2009-05-09 22:12
    d
    w- c:\program files\iLyrics
    2009-05-09 21:37 . 2009-05-09 21:37
    d
    w- c:\documents and settings\Jen\Application Data\SharePod
    2009-05-09 19:39 . 2009-05-09 19:39
    d
    w- c:\program files\Common Files\Adobe AIR
    2009-05-09 19:38 . 2009-05-09 19:39
    d
    w- c:\program files\Common Files\Adobe
    2009-05-09 19:35 . 2009-05-09 19:40
    d
    w- c:\documents and settings\Jen\Local Settings\Application Data\Adobe
    2009-05-09 19:34 . 2009-05-09 20:21
    d
    w- c:\documents and settings\All Users\Application Data\NOS
    2009-05-09 19:34 . 2009-05-09 20:21
    d
    w- c:\program files\NOS
    2009-05-08 18:56 . 2009-05-30 19:58
    d
    w- c:\documents and settings\Jen\Application Data\PlayFirst
    2009-05-08 18:56 . 2009-05-30 19:58
    d
    w- c:\documents and settings\All Users\Application Data\PlayFirst
    2009-05-08 18:14 . 2009-05-09 11:06
    d
    w- c:\documents and settings\All Users\Application Data\Zylom
    2009-05-08 18:14 . 2009-05-08 18:16
    d
    w- c:\program files\Zylom Games
    2009-05-08 18:14 . 2009-03-24 10:10 114688 ----a-w- c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
    2009-05-08 18:14 . 2006-12-12 16:07 161976 ----a-w- c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylomgamesplayer.dll
    2009-05-07 20:20 . 2009-05-07 20:20
    d
    w- c:\documents and settings\Wullie\Application Data\AVGTOOLBAR
    2009-05-06 22:40 . 2009-05-23 20:12
    d
    w- c:\documents and settings\Ann\Application Data\AVGTOOLBAR
    2009-05-06 22:36 . 2009-05-06 22:36
    d
    w- c:\documents and settings\Ann\Local Settings\Application Data\Identities
    2009-05-06 20:56 . 2009-05-06 20:56
    d
    w- c:\documents and settings\David\Local Settings\Application Data\Apple
    2009-05-06 17:43 . 2009-05-06 17:56
    d
    w- c:\documents and settings\David\Application Data\LimeWire
    2009-05-06 10:07 . 2009-05-06 10:07
    d
    w- c:\program files\uTorrent
    2009-05-06 10:06 . 2009-06-01 15:21
    d
    w- c:\documents and settings\Jen\Application Data\uTorrent
    2009-05-06 08:11 . 2009-05-06 08:11
    d
    w- c:\documents and settings\Ann\Local Settings\Application Data\Mozilla
    2009-05-06 08:10 . 2009-05-06 08:10
    d
    w- c:\documents and settings\Ann\Local Settings\Application Data\Apple Computer
    2009-05-06 08:10 . 2009-05-06 08:10
    d
    w- c:\documents and settings\Ann\Local Settings\Application Data\ATI
    2009-05-06 08:10 . 2009-05-06 08:10
    d
    w- c:\documents and settings\Ann\Application Data\ATI
    2009-05-05 21:31 . 2009-04-22 18:13 98304 ----a-w- c:\documents and settings\Jen\Application Data\Mozilla\Firefox\Profiles\8zisr7kz.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayAccessService.dll
    2009-05-05 21:31 . 2009-04-22 18:13 77824 ----a-w- c:\documents and settings\Jen\Application Data\Mozilla\Firefox\Profiles\8zisr7kz.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayFormSubmitObserver.dll
    2009-05-05 07:30 . 2003-02-28 17:26 46352 ----a-w- c:\windows\setdebug.exe
    2009-05-05 07:30 . 2003-02-28 17:26 139536 ----a-w- c:\windows\system32\javaee.dll
    2009-05-05 07:30 . 2003-02-28 15:35 6550 ----a-w- c:\windows\jautoexp.dat
    2009-05-05 07:30 . 2003-02-28 15:38 113 ----a-w- c:\windows\system32\zonedon.reg
    2009-05-05 07:30 . 2003-02-28 15:38 113 ----a-w- c:\windows\system32\zonedoff.reg
    2009-05-04 19:31 . 2009-05-04 19:31
    d
    w- c:\program files\MSXML 4.0
    2009-05-04 19:30 . 2009-05-04 19:30 18816 ----a-w- c:\windows\system32\drivers\dvd43llh.sys
    2009-05-04 19:30 . 2009-05-04 19:30
    d
    w- c:\program files\dvd43
    2009-05-04 19:26 . 2003-01-26 11:41 40960 ----a-w- c:\windows\system32\ssubtmr6.dll
    2009-05-04 19:26 . 2009-05-04 19:26
    d
    w- c:\program files\DVD Flick
    2009-05-04 19:26 . 2002-07-17 08:03 45056 ----a-w- c:\windows\system32\WNASPI32.DLL
    2009-05-04 19:26 . 2002-07-17 07:05 16512 ----a-w- c:\windows\system32\drivers\ASPI32.SYS
    2009-05-04 19:26 . 2009-05-04 19:26
    d
    w- c:\program files\Free DVD Ripper
    2009-05-03 22:03 . 2009-05-17 15:24
    d
    w- c:\windows\system32\Adobe

    .
    "Beautiful young people are accidents of nature, But beautiful old people are works of art."
    -- Eleanor Roosevelt
  • eyelinerprincess
    eyelinerprincess Posts: 4,679 Forumite
    Part of the Furniture 1,000 Posts Combo Breaker
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-06-02 21:40 . 2002-08-29 02:09 182656 ----a-w- c:\windows\system32\drivers\ndis.sys
    2009-06-02 21:09 . 2009-05-02 18:25 664 ----a-w- c:\windows\system32\d3d9caps.dat
    2009-06-02 13:09 . 2009-05-03 07:39
    d
    w- c:\documents and settings\David\Application Data\AVGTOOLBAR
    2009-06-01 00:09 . 2009-05-03 07:37 13104 ----a-w- c:\documents and settings\David\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-05-31 21:24 . 2009-05-02 17:47 13104 ----a-w- c:\documents and settings\Jen\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-05-31 12:43 . 2009-05-02 17:49
    d
    w- c:\documents and settings\All Users\Application Data\avg8
    2009-05-30 23:38 . 2001-08-23 12:00
    d
    w- c:\program files\Common Files\Mozilla Shared
    2009-05-17 19:53 . 2009-05-03 08:40
    d--h--w- c:\program files\InstallShield Installation Information
    2009-05-17 12:15 . 2009-05-01 22:44 86327 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
    2009-05-14 22:20 . 2009-05-03 15:19
    d
    w- c:\program files\Common Files\InstallShield
    2009-05-14 22:09 . 2009-05-14 22:09
    d
    w- c:\program files\AGEIA Technologies
    2009-05-14 22:09 . 2009-05-14 22:09
    d
    w- c:\program files\Common Files\Wise Installation Wizard
    2009-05-06 08:09 . 2009-05-06 08:09 13104 ----a-w- c:\documents and settings\Ann\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-05-05 07:30 . 2009-05-05 07:30 2678 ----a-w- c:\windows\java\Packages\Data\5J1R975J.DAT
    2009-05-05 07:30 . 2009-05-05 07:30 2678 ----a-w- c:\windows\java\Packages\Data\UJ57331V.DAT
    2009-05-05 07:30 . 2009-05-05 07:30 2678 ----a-w- c:\windows\java\Packages\Data\TJX7V9BB.DAT
    2009-05-05 07:30 . 2009-05-05 07:30 2678 ----a-w- c:\windows\java\Packages\Data\I6ABTVBT.DAT
    2009-05-05 07:30 . 2009-05-05 07:30 2678 ----a-w- c:\windows\java\Packages\Data\0LBB1N53.DAT
    2009-05-03 21:12 . 2009-05-03 21:12
    d
    w- c:\documents and settings\Jen\Application Data\ATI
    2009-05-03 20:06 . 2009-05-03 20:06
    d
    w- c:\documents and settings\Wullie\Application Data\ATI
    2009-05-03 17:46 . 2009-05-03 17:46
    d
    w- c:\documents and settings\David\Application Data\Apple Computer
    2009-05-03 17:41 . 2009-05-03 17:41
    d
    w- c:\program files\Realtek AC97
    2009-05-03 17:41 . 2009-05-03 17:37 140999 ----a-w- c:\windows\hpoins27.dat
    2009-05-03 17:40 . 2009-05-03 17:40
    d
    w- c:\program files\Common Files\HP
    2009-05-03 17:40 . 2009-05-03 17:40
    d
    w- c:\program files\Hewlett-Packard
    2009-05-03 17:40 . 2009-05-03 17:40
    d
    w- c:\program files\Common Files\Hewlett-Packard
    2009-05-03 17:40 . 2009-05-03 17:40
    d
    w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
    2009-05-03 17:38 . 2009-05-03 17:38
    d
    w- c:\program files\HP
    2009-05-03 15:34 . 2009-05-03 15:34
    d
    w- c:\documents and settings\David\Application Data\ATI
    2009-05-03 15:34 . 2009-05-03 15:34
    d
    w- c:\documents and settings\All Users\Application Data\ATI
    2009-05-03 15:32 . 2009-05-03 15:32 0 ----a-w- c:\windows\ativpsrm.bin
    2009-05-03 15:28 . 2009-05-03 15:27
    d
    w- c:\program files\ATI Technologies
    2009-05-03 09:11 . 2009-05-03 09:11
    d
    w- c:\program files\Belarc
    2009-05-03 08:39 . 2009-05-03 08:39
    d
    w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
    2009-05-03 07:40 . 2009-05-03 07:40
    d
    w- c:\documents and settings\David\Application Data\XP Visual Tools
    2009-05-02 20:15 . 2009-05-02 20:15 13104 ----a-w- c:\documents and settings\Wullie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-05-02 19:30 . 2009-05-02 17:49
    d
    w- c:\documents and settings\Jen\Application Data\AVGTOOLBAR
    2009-05-02 18:40 . 2009-05-02 18:40 683801 ----a-w- c:\documents and settings\All Users\Application Data\Last.fm\Client\UninstWMP\unins000.exe
    2009-05-02 18:40 . 2009-05-02 18:40 184 ----a-w- c:\documents and settings\All Users\Application Data\Last.fm\Client\uninst2.bat
    2009-05-02 18:40 . 2009-05-02 18:40 683801 ----a-w- c:\documents and settings\All Users\Application Data\Last.fm\Client\UninstITW\unins000.exe
    2009-05-02 18:40 . 2009-05-02 18:40
    d
    w- c:\documents and settings\All Users\Application Data\Last.fm
    2009-05-02 18:40 . 2009-05-02 17:54
    d
    w- c:\program files\iTunes
    2009-05-02 18:39 . 2009-05-02 18:39
    d
    w- c:\program files\Last.fm
    2009-05-02 17:54 . 2009-05-02 17:54
    d
    w- c:\documents and settings\Jen\Application Data\Apple Computer
    2009-05-02 17:54 . 2009-05-02 17:54
    d
    w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    2009-05-02 17:54 . 2009-05-02 17:54
    d
    w- c:\program files\iPod
    2009-05-02 17:54 . 2009-05-02 17:54
    d
    w- c:\program files\Bonjour
    2009-05-02 17:53 . 2009-05-02 17:53
    d
    w- c:\program files\QuickTime
    2009-05-02 17:53 . 2009-05-02 17:53
    d
    w- c:\documents and settings\All Users\Application Data\Apple Computer
    2009-05-02 17:53 . 2009-05-02 17:53
    d
    w- c:\program files\Apple Software Update
    2009-05-02 17:52 . 2009-05-02 17:52
    d
    w- c:\program files\Common Files\Apple
    2009-05-02 17:52 . 2009-05-02 17:52
    d
    w- c:\documents and settings\All Users\Application Data\Apple
    2009-05-02 17:49 . 2009-05-02 17:49 11952 ----a-w- c:\windows\system32\avgrsstx.dll
    2009-05-02 17:49 . 2009-05-02 17:49 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2009-05-02 17:49 . 2009-05-02 17:49 325896 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2009-05-02 17:49 . 2009-05-02 17:49 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2009-05-02 17:49 . 2009-05-02 17:49
    d
    w- c:\program files\AVG
    2009-05-02 17:07 . 2009-05-02 17:07 410984 ----a-w- c:\windows\system32\deploytk.dll
    2009-05-02 17:07 . 2009-05-02 17:07
    d
    w- c:\program files\Java
    2009-05-02 17:07 . 2009-05-02 17:07 152576 ----a-w- c:\documents and settings\Jen\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
    2009-05-02 16:56 . 2009-05-02 16:56 0 ----a-w- c:\windows\nsreg.dat
    2009-05-01 22:45 . 2009-05-01 22:45
    d
    w- c:\program files\microsoft frontpage
    2009-05-01 22:44 . 2009-05-01 22:44 558142 ----a-w- c:\windows\java\Packages\MSA8BHJD.ZIP
    2009-05-01 22:44 . 2009-05-01 22:44 155995 ----a-w- c:\windows\java\Packages\4AKN9BJP.ZIP
    2009-05-01 22:41 . 2009-05-01 22:41 21640 ----a-w- c:\windows\system32\emptyregdb.dat
    2009-04-28 09:47 . 2009-04-28 09:47 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2009-04-28 09:47 . 2009-04-28 09:47 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2009-04-22 18:13 . 2009-05-02 18:14 98304 ----a-w- c:\documents and settings\Jen\Application Data\Mozilla\Firefox\Profiles\wypg1ssf.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayAccessService.dll
    2009-04-22 18:13 . 2009-05-02 18:14 77824 ----a-w- c:\documents and settings\Jen\Application Data\Mozilla\Firefox\Profiles\wypg1ssf.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayFormSubmitObserver.dll
    2009-04-21 14:05 . 2009-04-21 14:05 86016 ----a-w- c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\Zylom\fitnessdash\en-US\ZylomHost.exe
    2009-04-21 14:05 . 2009-04-21 14:05 49152 ----a-w- c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\Zylom\fitnessdash\en-US\ZylomAdapter.dll
    2009-04-21 14:05 . 2009-04-21 14:05 2080768 ----a-w- c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\Zylom\fitnessdash\en-US\fitnessdash.exe
    2009-04-09 10:05 . 2009-04-09 10:05 86016 ----a-w- c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\Zylom\cookingdash\en-US\ZylomHost.exe
    2009-04-09 10:05 . 2009-04-09 10:05 49152 ----a-w- c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\Zylom\cookingdash\en-US\ZylomAdapter.dll
    2009-04-09 10:04 . 2009-04-09 10:04 1810432 ----a-w- c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\Zylom\cookingdash\en-US\cookingdash.exe
    2009-04-06 11:14 . 2009-04-06 11:14 86016 ----a-w- c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\Zylom\petshophop\en-US\ZylomHost.exe
    2009-04-06 11:14 . 2009-04-06 11:14 49152 ----a-w- c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\Zylom\petshophop\en-US\ZylomAdapter.dll
    2009-04-06 11:14 . 2009-04-06 11:14 1974272 ----a-w- c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\Zylom\petshophop\en-US\PetShopHop.exe
    2009-04-03 11:39 . 2009-04-03 11:39 70936 ----a-w- c:\windows\system32\PhysXLoader.dll
    2009-04-02 15:29 . 2009-04-02 15:29 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
    2009-03-26 14:23 . 2009-05-02 17:53 36864 ----a-w- c:\windows\system32\drivers\usbaapl.sys
    2009-03-26 14:23 . 2009-05-02 17:53 1900544 ----a-w- c:\windows\system32\usbaaplrc.dll
    2009-03-19 15:32 . 2009-05-02 17:54 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2009-03-19 15:32 . 2009-03-19 15:32 23400 ----a-w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
    2009-03-16 13:18 . 2009-05-14 22:09 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
    2009-03-16 13:18 . 2009-05-14 22:09 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
    2009-03-16 13:18 . 2009-05-14 22:09 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
    2009-03-16 13:18 . 2009-05-14 22:09 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
    2009-03-09 14:27 . 2009-05-14 22:09 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
    2009-03-09 14:27 . 2009-05-14 22:09 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
    2009-03-09 14:27 . 2009-05-14 22:09 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
    2009-03-06 14:22 . 2002-08-29 03:41 284160 ----a-w- c:\windows\system32\pdh.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2009-05-02 17:49 11952 ----a-w- c:\windows\system32\avgrsstx.dll

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
    "wave"= serwvdrv.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lavasoft ad-aware service]
    @="Service"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Winnydows\\ISO Compressor\\ISO Compressor.exe"=
    "\\"= c:\\WINDOWS\\system\\svchost.exe

    R0 lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/1/2009 4:21 PM 64160]
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/2/2009 6:49 PM 325896]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/2/2009 6:49 PM 108552]
    R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [5/2/2009 6:49 PM 908568]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [5/2/2009 6:49 PM 298776]
    R3 pspdisp;pspdisp;c:\windows\system32\drivers\pspdisp.sys [12/25/2008 3:24 PM 3072]
    S2 hoalbfam;Logical Disk Manager Helper;c:\windows\System32\svchost.exe -k netsvcs [8/23/2001 1:00 PM 14336]
    S2 lavasoft ad-aware service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 8:06 PM 951632]
    S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [5/4/2009 8:26 PM 16512]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    hoalbfam

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ac018590-fbbd-4789-a15b-ffbbbe6c8965}]
    rundll32 bekbn.dll,InitO
    .
    Contents of the 'Scheduled Tasks' folder

    2009-06-01 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 19:06]

    2009-05-27 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

    2009-06-02 c:\windows\Tasks\WGASetup.job
    - c:\windows\system32\KB905474\wgasetup.exe [2009-05-02 21:18]
    .
    - - - - ORPHANS REMOVED - - - -

    BHO-{10c0b0c0-fc01-473b-8ebb-4376353f96e4} - (no file)
    Notify-vahfwhde - (no file)
    SafeBoot-procexp90.sys


    .
    Supplementary Scan
    .
    uInternet Settings,ProxyOverride = *.local
    DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    DPF: {195B4BBF-E1E4-4020-9773-0A8C6F65EA35} - hxxp://www.shockwave.com/content/cookingdash/sis/CookingDashWeb.1.0.0.9.cab
    DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} - hxxp://www.shockwave.com/content/burgershop/sis/EggoKitchen/GoBitGamesPlayer_v5.cab
    FF - ProfilePath - c:\documents and settings\Jen\Application Data\Mozilla\Firefox\Profiles\8zisr7kz.default\
    FF - component: c:\documents and settings\Jen\Application Data\Mozilla\Firefox\Profiles\8zisr7kz.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayAccessService.dll
    FF - component: c:\documents and settings\Jen\Application Data\Mozilla\Firefox\Profiles\8zisr7kz.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayFormSubmitObserver.dll
    FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
    FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
    FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true.

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-06-02 22:48
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\4c85f27e]
    "ImagePath"="\SystemRoot\System32\drivers\4c85f27e.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\8eb360ea]
    "ImagePath"="\SystemRoot\System32\drivers\8eb360ea.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\9555bf16]
    "ImagePath"="\SystemRoot\System32\drivers\9555bf16.sys"
    --

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\de481ae]
    "ImagePath"="\SystemRoot\System32\drivers\de481ae.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\de9b2e3a]
    "ImagePath"="\SystemRoot\System32\drivers\de9b2e3a.sys"
    .
    DLLs Loaded Under Running Processes

    - - - - - - - > 'winlogon.exe'(592)
    c:\windows\system32\Ati2evxx.dll
    .
    Other Running Processes
    .
    c:\windows\system32\ati2evxx.exe
    c:\windows\system32\ati2evxx.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\wdfmgr.exe
    c:\program files\AVG\AVG8\avgrsx.exe
    c:\progra~1\AVG\AVG8\avgnsx.exe
    c:\program files\AVG\AVG8\avgcsrvx.exe
    .
    **************************************************************************
    .
    Completion time: 2009-06-02 22:50 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-06-02 21:50

    Pre-Run: 164,499,947,520 bytes free
    Post-Run: 169,015,603,200 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

    386 --- E O F --- 2009-05-17 20:00
    "Beautiful young people are accidents of nature, But beautiful old people are works of art."
    -- Eleanor Roosevelt
  • eyelinerprincess
    eyelinerprincess Posts: 4,679 Forumite
    Part of the Furniture 1,000 Posts Combo Breaker
    Seems to have fixed it after it deleted some files, but I shall see once I play around with google some more
    "Beautiful young people are accidents of nature, But beautiful old people are works of art."
    -- Eleanor Roosevelt
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    I wouldnt get too comfy just yet

    run a KASPERSKY ONLINE SCAN (click to scan 'MY COMPUTER')
    http://www.kaspersky.co.uk/virusscanner
    Please post the complete log it creates (This only SCANS it DOESNT delete anything, so we'd need to see anything it finds)

    Can you please also open malwarebytes and goto LOGS and post the log of the FULL scan I asked you to run?
    :idea:
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    Your DEFINITELY still infected by the way. Id suggest running the kaspersky scan as soon as possible else it will quickly get worse again (And I can help remove everything at once)
    :idea:
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 353.9K Banking & Borrowing
  • 254.3K Reduce Debt & Boost Income
  • 455.2K Spending & Discounts
  • 247K Work, Benefits & Business
  • 603.6K Mortgages, Homes & Bills
  • 178.3K Life & Family
  • 261.1K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 37.7K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture