We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Acer laptop with virus and spyware
Comments
-
Ok, I ran ComboFix before re-running HijackThis, and there was only one "no file" entry in the O2 section of the HijackThis log. I'm running a full MalwareBytes scan right now, and fingers crossed it'll be okay now.0
-
post the combofix log when you canEx forum ambassador
Long term forum member0 -
It seems to be fixed now, but I'll post the log later.0
-
Okay, I've put the ComboFix log file on my webserver here if anyone would like to have a look and advise me further.0
-
Mothballs ~ your definitely still infected
Id say some of it is to do with a website you visit?
Open notepad and copy/paste the text in RED below
File::
c:\windows\system32\839718926.dat
c:\windows\system32\fontsub.dll
c:\windows\system32\t2embed.dll
c:\windows\system32\quartz.dll
c:\windows\system32\wininet.dll
c:\windows\system32\localspl.dll
c:\documents and settings\john singh\Application Data\Macromedia\Flash Player\#SharedObjects\Q9GGDTME\www.lubeyourtube.com
c:\documents and settings\john singh\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.lubeyourtube.com
Dirlook::
c:\documents and settings\All Users\Application Data\System Security.bumwipes
Save this as "CFScript"
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply
Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.:idea:0 -
Well, aliEnRIK, it's not my laptop - it's a friend's, and, yes, he likes to visit a lot of those sorts of sites, if you know what I mean
(I think he's a dumb donkey, but, hey, that's just my opinion.)
ETA: I'll post the ComboFix.txt log when the scan's finished.0 -
RIK - good suggestion about Firefox - it might make his Hotmail work again.0
-
Okay, so here's the log from ComboFix (it did perform an upload of a malware file while the scan was running, which is at the end):
ComboFix 09-07-26.03 - {owner's name removed to protect privacy} 27/07/2009 17:19.6.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.494.145 [GMT 1:00]
Running from: d:\recovery tools\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\config\systemprofile\Application Data\alot
.
---- Previous Run
.
c:\windows\system32\t2embed.dll
c:\windows\system32\wininet.dll
.
((((((((((((((((((((((((( Files Created from 2009-06-27 to 2009-07-27 )))))))))))))))))))))))))))))))
.
2009-07-27 14:06 . 2009-05-13 05:15 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-27 14:06 . 2009-05-13 05:15 915456 ----a-w- c:\windows\system32\dllcache\wininet.dll
2009-07-27 14:02 . 2009-07-27 14:02
d-sh--w- C:\FOUND.000
2009-07-27 08:40 . 2008-10-16 13:06 208744 ----a-w- c:\windows\system32\muweb.dll
2009-07-27 08:40 . 2008-10-16 13:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-07-26 08:54 . 2009-07-26 08:54
d-sh--w- c:\program files\Common Files\WindowsLiveInstaller
2009-07-26 08:53 . 2009-07-26 08:53
d
w- c:\program files\Windows Live
2009-07-26 08:53 . 2009-07-26 08:53
d
w- c:\documents and settings\All Users\Application Data\WLInstaller
2009-07-26 08:49 . 2009-07-26 08:49
d-sh--w- c:\documents and settings\{owner's name removed to protect privacy}\PrivacIE
2009-07-25 17:15 . 2009-07-25 17:15
d-sh--w- c:\documents and settings\{owner's name removed to protect privacy}\IECompatCache
2009-07-25 16:52 . 2009-07-25 16:52
d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-07-25 16:51 . 2009-07-25 16:51
d-sh--w- c:\documents and settings\{owner's name removed to protect privacy}\IETldCache
2009-07-25 16:43 . 2009-07-25 16:43
d
w- c:\windows\ie8updates
2009-07-25 16:37 . 2009-07-25 16:37
d--h--w- c:\windows\ie8
2009-07-25 16:32 . 2009-07-01 07:08 101376
w- c:\windows\system32\dllcache\iecompat.dll
2009-07-25 16:32 . 2009-04-30 21:22 12800
w- c:\windows\system32\dllcache\xpshims.dll
2009-07-25 16:32 . 2009-04-30 21:22 246272
w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-25 10:23 . 2009-07-25 10:23
d
w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2009-07-20 17:47 . 2009-07-20 17:47
d
w- C:\HiJackThis
2009-07-20 14:24 . 2009-06-14 15:07 1004800 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-07-20 11:54 . 2009-07-20 11:54
d
w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-07-20 11:54 . 2009-07-20 11:54
d
w- c:\documents and settings\LocalService\Application Data\AVGTOOLBAR
2009-07-20 11:45 . 2009-07-20 11:45 3775176 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-18 10:35 . 2009-07-18 10:35
d--h--w- C:\$AVG8.VAULT$
2009-07-17 21:24 . 2009-07-17 21:24
d
w- c:\documents and settings\{owner's name removed to protect privacy}\Application Data\AVGTOOLBAR
2009-07-17 19:29 . 2009-07-17 19:30 81928 ----a-w- c:\documents and settings\{owner's name removed to protect privacy}\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-17 17:08 . 2009-07-17 17:08
d
w- c:\documents and settings\{owner's name removed to protect privacy}\Application Data\Malwarebytes
2009-07-17 17:08 . 2009-07-13 12:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-17 17:08 . 2009-07-17 17:08
d
w- c:\program files\Malwarebytes' Anti-Malware
2009-07-17 17:08 . 2009-07-17 17:08
d
w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-17 17:08 . 2009-07-13 12:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-17 17:08 . 2009-07-17 17:08
d
w- c:\program files\CCleaner
2009-07-17 17:06 . 2009-07-17 17:06
d
w- c:\program files\Spybot - Search & Destroy
2009-07-17 17:06 . 2009-07-17 17:06
d
w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-17 16:16 . 2009-07-17 16:16
d
w- c:\documents and settings\{owner's name removed to protect privacy}\Local Settings\Application Data\PCHealth
2009-07-17 16:16 . 2009-07-17 16:16
d
w- c:\program files\Windows Defender
2009-07-13 14:25 . 2009-07-13 14:25
d
w- c:\documents and settings\All Users\Application Data\19043604
2009-07-12 17:38 . 2009-07-12 17:38
d
w- c:\documents and settings\NetworkService\Application Data\Yahoo!
2009-07-12 17:38 . 2009-07-12 17:38
d
w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-07-12 13:19 . 2009-07-12 13:19
d--h--w- c:\windows\PIF
2009-07-06 09:26 . 2009-07-06 09:26
d
w- c:\documents and settings\All Users\Application Data\System Security.bumwipes
2009-07-02 07:18 . 2009-07-02 07:18
d
w- c:\documents and settings\{owner's name removed to protect privacy}\Application Data\AVG8
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-27 14:10 . 2004-08-30 12:57 12 ----a-w- c:\windows\bthservsdp.dat
2009-07-20 11:54 . 2009-02-01 18:28 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-20 11:54 . 2009-02-01 18:28 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-20 11:54 . 2009-02-01 18:28 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-07-20 11:53 . 2009-02-01 18:28 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-06-17 14:05 . 2009-06-17 14:05
d
w- c:\windows\system32\config\systemprofile\Application Data\Yahoo!
2006-06-05 07:13 . 2006-06-05 07:13 49465 ----a-w- c:\program files\moviepass Terms.html
.
Sigcheck
[-] 2008-06-20 10:45 360320 1CC09561E21A48A7F649A40F18235860 c:\windows\system32\drivers\tcpip.sys
[-] 2008-06-20 10:45 360320 1CC09561E21A48A7F649A40F18235860 c:\windows\system32\dllcache\tcpip.sys
[-] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\tcpip.sys
[7] 2004-08-04 04:00 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB893066$\tcpip.sys
[7] 2005-05-25 11:07 359936 63FDFEA54EB53DE2D863EE454937CE1E c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[7] 2006-01-13 16:07 360448 5562CC0A47B2AEF06D3417B733F3C195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[7] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[7] 2007-10-30 15:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[7] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2005-05-25 11:04 359808 88763A98A4C26C409741B4AA162720C9 c:\windows\$NtUninstallKB913446$\tcpip.sys
[7] 2006-01-13 01:28 359808 583E063FDC888CA30D05C2724B0D7EF4 c:\windows\$NtUninstallKB917953$\tcpip.sys
[7] 2006-04-20 11:51 359808 1DBF125862891817F374F407626967F4 c:\windows\$NtUninstallKB941644$\tcpip.sys
[7] 2007-10-30 16:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\$NtUninstallKB951748$\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-07-26_18.36.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-27 14:12 . 2009-07-27 14:12 16384 c:\windows\Temp\Perflib_Perfdata_264.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-14 15:07 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-04 39408]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"epm-dm"="c:\acer\epm\epm-dm.exe" [2004-07-14 151552]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-20 98304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-20 532480]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-01 136600]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"SetDefPrt"="c:\program files\Brother\Brmfl04a\BrStDvPt.exe" [2004-05-25 49152]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-21 40960]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2004-11-23 26112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-11-23 98304]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 57393]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-09 50688]
"MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe" [2005-12-19 190024]
"LManager"="c:\program files\Launch Manager\QtZgAcer.EXE" [2004-07-30 319488]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 40960]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-02-11 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-02-11 118784]
"HostManager"="c:\program files\Common Files\AOL\1156238581\ee\AOLSoftware.exe" [2006-11-17 50736]
"ePowerManagement"="c:\acer\ePM\ePM.exe" [2004-09-01 2876416]
"DSLSTATEXE"="c:\program files\BT Voyager 105 ADSL Modem\dslstat.exe" [2003-06-28 1658965]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 851968]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-20 1948440]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2007-12-07 71008]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"%FP%Friendly fts.exe"="c:\program files\VoyagerTest\fts.exe" [2003-05-06 72192]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
c:\documents and settings\{owner's name removed to protect privacy}\Start Menu\Programs\Startup\
OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2007-2-2 393216]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Status Monitor.lnk - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [2005-8-4 819200]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
AOL Broadband Check-Up.lnk - c:\program files\AOL\Broadband CheckUp\bin\matcli.exe [2005-2-24 217088]
AOL 9.0 Tray Icon.lnk - c:\program files\AOL 9.0e\aoltray.exe [2006-4-7 156784]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-20 11:54 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geBstuRi]
[BU]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MSIServer"=3 (0x3)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\Messenger\\MSMSGS.EXE"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"=
"c:\\Program Files\\AOL 9.0a\\waol.exe"=
"c:\\Program Files\\AOL 9.0c\\waol.exe"=
"c:\\WINDOWS\\System32\\fxsclnt.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AOL 9.0d\\waol.exe"=
"c:\\WINDOWS\\System32\\ftp.exe"=
"c:\\Program Files\\AOL 9.0e\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\1156238581\\EE\\aolsoftware.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [01/02/2009 19:28 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [01/02/2009 19:28 108552]
R1 SMBHC;Microsoft SM Bus Host Controller Driver;c:\windows\system32\drivers\smbhc.sys [30/08/2004 13:34 6784]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [20/07/2009 12:53 906520]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [20/07/2009 12:53 298776]
R2 DK3DRV;DK3 Windows NT Driver;c:\windows\system32\drivers\dk3drv.sys [23/11/2006 09:57 13872]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
R3 SMBBATT;Microsoft Smart Battery Driver;c:\windows\system32\drivers\smbbatt.sys [30/08/2004 13:34 16128]
S0 Winjn37;Winjn37;c:\windows\system32\Drivers\Winjn37.sys --> c:\windows\system32\Drivers\Winjn37.sys [?]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-07-27 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
2005-05-31 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8107272060.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 23:52]
.
.
Supplementary Scan
.
uStart Page = hxxp://login.live.com/login.srf?id=2
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
Trusted Zone: adobe.com\get
Trusted Zone: elmhurstenergy.co.uk\www
Trusted Zone: hotmail.co.uk\www
Trusted Zone: live.com\login
Trusted Zone: live.com\mail
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
**************************************************************************
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-27 17:25
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
DLLs Loaded Under Running Processes
- - - - - - - > 'explorer.exe'(3172)
c:\windows\system32\WININET.dll
c:\program files\MessengerPlus! 3\MsgPlusLoader.dll
c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2009-07-27 17:27
ComboFix-quarantined-files.txt 2009-07-27 16:27
ComboFix.txt 2009-07-26 18:42
ComboFix2.txt 2009-07-27 13:48
ComboFix3.txt 2009-07-27 13:36
Pre-Run: 15,183,347,712 bytes free
Post-Run: 15,146,991,616 bytes free
Current=4 Default=4 Failed=2 LastKnownGood=5 Sets=1,2,3,4,5
234 --- E O F --- 2009-07-27 09:14
Upload was successful
[The C:\FOUND.000 directory is from a CHKDSK scan that has been run on start up.]0 -
that did not removed anything major
is the PC better ??
you did seem to have MessengerPlus! , which is bundled with "LOP" unless you decided not to add the "sponsor" program
see here foir more info
http://www.sunbeltsecurity.com/ThreatDisplay.aspx?tid=8144&cs=71E32D8CF240F998F96A2C6CF2DDBB17
combofix should dealEx forum ambassador
Long term forum member0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.1K Banking & Borrowing
- 253.6K Reduce Debt & Boost Income
- 454.3K Spending & Discounts
- 245.2K Work, Benefits & Business
- 600.8K Mortgages, Homes & Bills
- 177.5K Life & Family
- 259K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards