We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Slow computer fix - Spamfighter
Comments
-
Wow, still the help keeps coming. Okay I will run the full scan (wonder if it will ask me to pay - I see there is a Purchase button).
How serious is that Trojan? Would it explain the slow running? How did it get into my computer? I am always careful about opening email attachments if I don't know or trust the sender. Why didn't Norton stop it? Could I have passed it on to my email contacts?
The more I find out the more questions I have. Sorry and thanks again everyone.
I haven't bogged off yet, and I ain't no babe
0 -
Okay I will run the full scan (wonder if it will ask me to pay - I see there is a Purchase button).
If you have downloaded the correct version, as in the original link, then there is nothing to pay, regardless of quick/full scan.Move along, nothing to see.0 -
Vundo is a more serious infection , Combofix takes about 15 minutes to run and combines/automates a load of removal tools
would also slow things downEx forum ambassador
Long term forum member0 -
Vundo is very serious generally speaking. It can sometimes be a nightmare to remove completely (Sometimes you can 'get lucky' though)
Im really not sure where it comes from but its going to be either ~ downloaded. email. dodgy link (msn or suchlike) or a dodgy website
Why didnt norton catch it? Well vundo by its very nature is very slippery so even the very best anti virus programs struggle. But norton isnt all that good anyways.
You wont have passed it on via email unless you sent an attachment out with it in (highly unlikely):idea:0 -
Vundo is very serious generally speaking. It can sometimes be a nightmare to remove completely (Sometimes you can 'get lucky' though)
Just a thought...SuperAntiSpyware have been adding Vundo/Vundo variants to their definitions recently like there's no tomorrow...if still getting vundo problems, would be well worth giving SAS a blast
......Gettin' There, Wherever There is......
I have a dodgy "i" key, so ignore spelling errors due to "i" issues, ...I blame Apple0 -
Well I ran the Malwarebytes full scan for over an hour and a half, it scanned over 100,000 files and found nothing, but then it froze and stopped responding before it had finished. So I didn't get the log reports.
Suppose I'll have to start all over again tomorrow. Don't think I can stay awake long enough to do it again tonight. Anyway I have made some progress, thanks to you lovely people.
Bit worrying though
. I haven't bogged off yet, and I ain't no babe
0 -
Run combofix then
then ~
Download SUPERANTISPYWARE (Make sure you click 'DOWNLOAD LATEST VERSION')
http://www.filehippo.com/download_superantispyware/
UPDATE and PERFORM COMPLETE SCAN
(Then goto console and LOGS and post the log it created then untick it from STARTING UP WITH WINDOWS):idea:0 -
Right I've done that - the asterisks are where it showed my real name....
ComboFix 09-06-14.02 - ****** 15/06/2009 13:40.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.382.116 [GMT 1:00]
Running from: c:\documents and settings\******\Desktop\qwerty.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Internet Explorer\msimg32.dll
\Autorun.inf\Desktop.ini
.
((((((((((((((((((((((((( Files Created from 2009-05-15 to 2009-06-15 )))))))))))))))))))))))))))))))
.
2009-06-15 12:11 . 2009-06-15 12:13
d
w- C:\32788R22FWJFW.0.tmp
2009-06-14 13:46 . 2009-06-14 13:46
d
w- c:\documents and settings\******\Application Data\Malwarebytes
2009-06-14 13:45 . 2009-05-26 12:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-14 13:45 . 2009-06-14 13:45
d
w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-14 13:45 . 2009-05-26 12:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-14 13:45 . 2009-06-14 13:46
d
w- c:\program files\Malwarebytes' Anti-Malware
2009-06-13 20:01 . 2009-06-13 20:01
d
w- c:\documents and settings\All Users\Application Data\Fighters
2009-06-13 20:00 . 2009-06-13 20:00
d
w- c:\program files\Fighters
2009-06-12 22:01 . 2009-06-12 22:01
d
w- c:\windows\ie8updates
2009-06-12 18:44 . 2009-04-30 21:22 12800
w- c:\windows\system32\dllcache\xpshims.dll
2009-06-12 18:44 . 2009-04-30 21:22 246272
w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-12 17:44 . 2009-06-12 17:44 390664 ----a-w- c:\documents and settings\******\Application Data\Real\RealPlayer\Update\realplayer11gold.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-15 13:02 . 2008-06-01 12:17
d
w- c:\documents and settings\All Users\Application Data\Kontiki
2009-06-15 12:54 . 2006-04-24 06:25
d
w- c:\program files\Common Files\Symantec Shared
2009-06-15 12:20 . 2009-05-15 17:25
d
w- c:\program files\SPAMfighter
2009-06-14 13:37 . 2006-06-02 16:38 3624 ----a-w- c:\documents and settings\******\Application Data\wklnhst.dat
2009-06-01 12:59 . 2006-04-24 06:30
d
w- c:\program files\Google
2009-05-15 17:26 . 2009-05-15 17:26
d
w- c:\program files\Common Files\Application
2009-05-13 05:15 . 2004-08-04 08:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:32 . 2004-08-04 08:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-01 19:44 . 2009-05-01 19:44
d
w- c:\program files\Common Files\xing shared
2009-05-01 19:44 . 2006-06-12 18:01
d
w- c:\program files\Common Files\Real
2009-05-01 19:43 . 2003-02-21 03:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-04-17 12:26 . 2004-08-04 08:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-04 08:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-09 20:41 . 2009-04-09 20:41 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-03-31 21:46 . 2008-02-24 02:07 9584 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\NCO20.dll
2009-03-19 15:32 . 2009-03-19 15:32 23400 ----a-w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-19 15:32 . 2008-01-29 11:01 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-31 21:47 . 2008-07-28 08:12 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
2008-09-14 15:04 . 2008-09-14 15:05 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-09-20 14:09 . 2008-04-17 13:40 67696 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-09-20 14:09 . 2008-04-17 13:40 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-09-20 14:09 . 2008-04-17 13:40 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-09-20 14:09 . 2008-04-17 13:40 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-09-20 14:09 . 2008-04-17 13:40 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2006-07-30 12:55 . 2006-07-30 12:55 22 --sha-w- c:\windows\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-22 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"kdx"="c:\program files\Kontiki\KHost.exe" [2008-02-27 1032376]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-10 344064]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 729178]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2005-12-12 94208]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-22 405504]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-08-01 233534]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 507904]
"TIxDSL"="c:\progra~1\FREESE~1\BIN\WIN2K\tidslmon.exe" [2002-10-21 421888]
"D-Link AirPlus G"="c:\program files\D-Link\AirPlus G\AirGCFG.exe" [2005-11-23 1544192]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-10-19 49152]
"Share-to-Web Namespace Daemon"="c:\program files\HP\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 69632]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-14 29744]
"SmartDefrag"="c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" [2007-10-19 2736384]
"btbb_wcm_McciTrayApp"="c:\program files\btbb_wcm\McciTrayApp.exe" [2006-12-07 935936]
"btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe" [2007-05-23 936960]
"YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 129536]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-01 198160]
"SPAMfighter Agent"="c:\program files\SPAMfighter\SFAgent.exe" [2009-03-12 326792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-08-17 439872]
c:\documents and settings\******\Start Menu\Programs\Startup\
WkCalRem.LNK - c:\program files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2004-6-23 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
BT Broadband Desktop Help.lnk - c:\program files\BT Broadband Desktop Help\bin\matcli.exe [2008-7-8 217088]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]
hp psc 2000 Series.lnk - c:\program files\HP\Digital Imaging\bin\hpobnz08.exe [2002-6-27 323646]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
officejet 6100.lnk - c:\program files\HP\Digital Imaging\bin\hposol08.exe [2002-6-27 147456]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R2 gupdate1c9abe3fa07a260;Google Update Service (gupdate1c9abe3fa07a260);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-23 133104]
R3 AtmLane;ATM LAN Emulation;c:\windows\system32\DRIVERS\atmlane.sys [2008-04-13 55808]
R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]
R3 Freeserve;TIDSLInstaller Device Driver;c:\windows\system32\DRIVERS\instl.sys [2002-07-08 11878]
R3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-14 29744]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-05-26 40160]
R3 TIAu5Bt;Copperjet ADSL modem Boot Device;c:\windows\system32\Drivers\tiau5bt.sys [2002-04-02 11775]
S2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
S2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [2009-03-12 184968]
S3 AtmElan;ATM Emulated LAN;c:\windows\system32\DRIVERS\atmlane.sys [2008-04-13 55808]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-03-16 101936]
S3 HSFHWATI;HSFHWATI;c:\windows\system32\DRIVERS\HSFHWATI.sys [2005-08-22 231424]
S3 TIAU5CO;Copperjet ADSL modem connecting with Freeserve Broadband;c:\windows\system32\DRIVERS\TIAU5CO.sys [2002-04-02 57093]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - COMHOST
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-06-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 12:34]
2009-06-15 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-23 18:19]
2009-06-15 c:\windows\Tasks\SLOW-PCfighter.job
- c:\program files\Fighters\SLOW-PCfighter\SLOW-PCfighter.exe [2009-06-03 11:14]
2009-04-26 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\schedule.exe [2007-11-21 22:05]
2009-06-15 c:\windows\Tasks\User_Feed_Synchronization-{ACE5ED9C-5C7A-4F2F-BF45-27846BBDA8DC}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
.
Supplementary Scan
.
uStart Page = hxxp://news.bbc.co.uk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Search
DPF: Microsoft XML Parser for Java - [URL]file:///C:/WINDOWS/Java/classes/xmldso.cab[/URL]
FF - ProfilePath -
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-15 13:59
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
DLLs Loaded Under Running Processes
- - - - - - - > 'winlogon.exe'(1348)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(5572)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Other Running Processes
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Kontiki\KService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\CF17890.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\HP\HP Share-to-Web\hpgs2wnf.exe
c:\progra~1\Yahoo!\browser\ycommon.exe
c:\program files\BT Broadband Desktop Help\bin\BTHelpBrowser.exe
c:\progra~1\HPQ\shared\HPQTOA~1.EXE
c:\program files\HP\Digital Imaging\bin\hpoevm08.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\windows\system32\msiexec.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hposts08.exe
.
**************************************************************************
.
Completion time: 2009-06-15 14:07 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-15 13:07
Pre-Run: 34,788,515,840 bytes free
Post-Run: 34,849,345,536 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
219 --- E O F --- 2009-06-14 22:27 I haven't bogged off yet, and I ain't no babe
0 -
^ That's the log from Combofix. I think it's the next bit you meant me to post. Off to run that now... I haven't bogged off yet, and I ain't no babe
0
-
I ran the full SuperAntiSpyware scan and it found four critical items. I clicked on "delete" them but it told me it was better to uninstall them individually myself. I clicked on Reports and it opened a box that was just a short version of the critical items strings, which luckily I had scribbled down what I could see of them while it was running the scan. Here's as much as I could see for each of them...
RiskTool.PsKill.1101:c:\ProgramFiles\BT Broadband......
SPR/Tool.PV:c:\32788R22FWJFW.0.tmp\pv.exe
Need2Find Bar:HKCU\Sofware\Microsoft\Internet E.....
RiskTool.PsKill.1101:c:\WINDOWS\Motive\btbb\Unin.....
Don't suppose this is much help but it's all I could get.
I'd better explain about the BT Broadband - I installed it on this laptop to use at another address where I had BT as my ISP, but then I brought it back to use with my Orange Broadband. I uninstalled the BT Help Desk bit because it flagged up an "update" box that I couldn't get off the screen, but have not uninstalled the BT Broadband itself just in case I ever need to use it elsewhere again. I wonder if this is contributing to the problems. I haven't bogged off yet, and I ain't no babe
0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352K Banking & Borrowing
- 253.5K Reduce Debt & Boost Income
- 454.2K Spending & Discounts
- 245K Work, Benefits & Business
- 600.6K Mortgages, Homes & Bills
- 177.4K Life & Family
- 258.8K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.2K Discuss & Feedback
- 37.6K Read-Only Boards