We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
I have a Worm on my laptop & AVG just crashes laptop. please help
Comments
-
ComboFix 09-10-01.05 - Milly 02/10/2009 23:05.1.2 - NTFSx86
Running from: c:\users\Milly\Downloads\QWERTY.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-2547951775-1051920787-1014185920-500
c:\$recycle.bin\S-1-5-21-3896610404-381596494-3881642372-500
c:\recycler\S-1-5-21-2332114524-8714061328-266594714-2202
c:\windows\system32\NlsLexicons000a.dll
.
((((((((((((((((((((((((( Files Created from 2009-09-02 to 2009-10-02 )))))))))))))))))))))))))))))))
.
2009-10-02 22:22 . 2009-10-02 22:22
d
w- c:\users\Default\AppData\Local\temp
2009-09-30 07:57 . 2009-09-30 08:02
d
w- c:\windows\system32\ca-ES
2009-09-30 07:57 . 2009-09-30 08:01
d
w- c:\windows\system32\eu-ES
2009-09-30 07:57 . 2009-09-30 08:01
d
w- c:\windows\system32\vi-VN
2009-09-29 06:35 . 2009-09-29 06:35
d
w- C:\85fc0991842b7d05ab020413da53
2009-09-22 22:32 . 2009-09-22 22:32
d
w- c:\windows\system32\EventProviders
2009-09-17 10:04 . 2009-04-11 06:28 407552 ----a-w- c:\windows\system32\MPSSVC.dll
2009-09-17 10:03 . 2009-04-11 06:28 19456 ----a-w- c:\windows\system32\MsCtfMonitor.dll
2009-09-17 10:02 . 2009-04-11 06:28 115712 ----a-w- c:\windows\system32\WinSCard.dll
2009-09-17 10:01 . 2009-04-11 06:28 31744 ----a-w- c:\windows\system32\cscapi.dll
2009-09-17 10:00 . 2009-04-11 06:28 356864 ----a-w- c:\windows\system32\MediaMetadataHandler.dll
2009-09-17 09:59 . 2009-04-11 06:28 99840 ----a-w- c:\windows\system32\ulib.dll
2009-09-17 09:58 . 2009-04-11 06:28 1209856 ----a-w- c:\windows\system32\comsvcs.dll
2009-09-13 14:37 . 2009-09-13 14:37
d
w- c:\program files\Trend Micro
2009-09-13 09:43 . 2009-09-13 09:43
d
w- c:\users\Milly\AppData\Roaming\Malwarebytes
2009-09-13 09:43 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-13 09:43 . 2009-09-13 09:43
d
w- c:\program files\Malwarebytes' Anti-Malware
2009-09-13 09:43 . 2009-09-13 09:43
d
w- c:\programdata\Malwarebytes
2009-09-13 09:43 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-12 20:56 . 2009-07-28 15:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-09-12 12:16 . 2009-09-12 12:16
d
w- c:\program files\Alwil Software
2009-09-09 10:43 . 2009-09-09 10:43
d
w- c:\users\Milly\AppData\Roaming\Yahoo!
2009-09-09 10:43 . 2009-09-13 08:42
d
w- c:\program files\Yahoo!
2009-09-09 10:43 . 2009-09-09 10:43
d
w- c:\program files\CCleaner
2009-09-09 10:31 . 2009-08-14 13:49 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-09-09 10:31 . 2009-08-14 13:49 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-09-09 10:31 . 2009-08-14 13:49 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-09-09 10:31 . 2009-08-14 13:49 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-09-09 10:31 . 2009-08-14 13:49 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-09-09 10:31 . 2009-08-14 13:48 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-09-09 10:31 . 2009-08-14 13:49 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-09-09 10:31 . 2009-08-14 13:49 10240 ----a-w- c:\windows\system32\finger.exe
2009-09-09 10:31 . 2009-08-14 16:27 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-09-09 10:31 . 2009-08-14 15:53 17920 ----a-w- c:\windows\system32\netevent.dll
2009-09-09 10:31 . 2009-08-14 13:48 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-09-09 10:20 . 2009-09-12 20:12
d
w- c:\programdata\Spybot - Search & Destroy
2009-09-09 10:20 . 2009-09-09 10:21
d
w- c:\program files\Spybot - Search & Destroy
2009-09-09 07:54 . 2009-07-11 19:01 513536 ----a-w- c:\windows\system32\wlansvc.dll
2009-09-09 07:54 . 2009-07-11 19:01 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-09-09 07:54 . 2009-07-11 17:03 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-09-09 07:54 . 2009-04-11 06:28 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2009-09-09 07:54 . 2009-07-11 19:01 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-09-09 07:54 . 2009-07-11 19:01 65024 ----a-w- c:\windows\system32\wlanapi.dll
2009-09-09 07:54 . 2009-06-10 11:41 2868224 ----a-w- c:\windows\system32\mf.dll
2009-09-09 07:54 . 2009-04-11 06:28 98816 ----a-w- c:\windows\system32\mfps.dll
2009-09-09 07:54 . 2009-04-11 06:27 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2009-09-09 07:54 . 2009-04-11 06:27 24576 ----a-w- c:\windows\system32\mfpmp.exe
2009-09-09 07:54 . 2009-04-11 04:54 2048 ----a-w- c:\windows\system32\mferror.dll
2009-09-03 16:15 . 2009-09-03 16:15
d
w- C:\164cf8e27b08bd1e250181d10393d5
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-30 08:03 . 2006-11-02 12:37
d
w- c:\program files\Windows Calendar
2009-09-30 08:03 . 2006-11-02 11:18
d
w- c:\program files\Windows Mail
2009-09-30 08:03 . 2006-11-02 12:37
d
w- c:\program files\Windows Sidebar
2009-09-30 08:03 . 2006-11-02 12:37
d
w- c:\program files\Windows Collaboration
2009-09-30 08:03 . 2006-11-02 12:37
d
w- c:\program files\Windows Journal
2009-09-30 08:03 . 2006-11-02 12:37
d
w- c:\program files\Windows Photo Gallery
2009-09-30 08:02 . 2006-11-02 12:37
d
w- c:\program files\Windows Defender
2009-09-29 16:57 . 2009-05-11 08:42 634 ----a-w- c:\users\Milly\AppData\Roaming\wklnhst.dat
2009-09-12 10:19 . 2007-08-01 21:44
d
w- c:\program files\Google
2009-09-09 08:47 . 2007-08-01 21:57
d
w- c:\program files\Common Files\PX Storage Engine
2009-09-09 08:47 . 2007-08-01 21:57
d
w- c:\program files\DivX
2009-09-01 16:15 . 2007-08-01 22:02
d
w- c:\program files\Java
2009-08-31 18:57 . 2009-08-31 18:57
d
w- c:\programdata\Office Genuine Advantage
2009-08-29 00:27 . 2009-09-02 21:06 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-02 21:06 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 08:21 . 2009-06-03 10:56 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-28 08:20 . 2009-06-03 10:56 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-28 08:20 . 2009-06-03 10:56 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-03 14:07 . 2009-08-03 14:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 14:07 . 2009-08-03 14:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 14:07 . 2009-08-03 14:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
2009-07-25 04:23 . 2009-03-02 08:10 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-21 21:52 . 2009-07-29 06:51 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 06:51 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 06:51 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 06:51 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 13:54 . 2009-08-13 07:16 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-15 12:40 . 2009-08-13 07:14 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-15 12:39 . 2009-08-13 07:14 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-15 12:39 . 2009-08-13 07:14 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-15 12:39 . 2009-08-13 07:14 7680 ----a-w- c:\windows\system32\spwmp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-26 09:36 1008896 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2007-06-29 258048]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-06-10 118784]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-30 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-30 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-30 133656]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-06-12 317560]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-12-10 29744]
"USB Storage Toolbox"="c:\windows\UMStor\Res.EXE" [2005-09-14 65536]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-28 2007832]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-06-26 4489216]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-06-26 1826816]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-07-25 02:26 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll c:\windows\System32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):13,ac,cc,37,a5,41,ca,01
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B57F0516-75F1-4686-82D5-02409FEB55CB}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{5C39AEB0-990B-4F5A-8430-F863BADA86BE}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{9296F22B-990F-42B6-9EF4-8198383B6147}"= UDP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"{FE1E8A57-C32A-4159-B035-CADDFF2191F4}"= TCP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"{7E34A8A2-66AA-4E66-B48B-43781D48B7CC}"= Disabled:UDP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{42889660-F511-43DA-9D8E-4E03ABC77413}"= Disabled:TCP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{A61EF93F-6C28-48F8-AB1D-778F241F215B}"= UDP:c:\program files\BitLord2\BitLord.exe:Bitlord2
"{B9F96D57-8A91-4DF2-B894-CE2F8B2AA9CC}"= TCP:c:\program files\BitLord2\BitLord.exe:Bitlord2
"{C0A106FB-5405-4F45-A922-2762E684B494}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{D4263B21-87ED-4B4B-A2F8-91D97D40C1A5}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{ABEFC02C-897F-4AD4-AA03-BD9314A5C256}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [03/06/2009 11:56 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [03/06/2009 11:56 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [03/06/2009 11:55 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [03/06/2009 11:55 297752]
R3 ti21sony;ti21sony;c:\windows\System32\drivers\ti21sony.sys [01/08/2007 19:53 812544]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [01/08/2007 22:59 29744]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
Supplementary Scan
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {065EF4B3-A805-44C1-BE8E-B761BEFE5AFB} = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-02 23:22
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b4
.
Completion time: 2009-10-02 23:26
ComboFix-quarantined-files.txt 2009-10-02 22:26
Pre-Run: 113,258,311,680 bytes free
Post-Run: 113,320,525,824 bytes free
203 --- E O F --- 2009-09-30 07:36
Angel 0 -
Still won't let me use word
Angel 0 -
Combofix has found infections and im still not convinced its clean
You seem more interested in getting office to work than cleaning your computer of nasties. Personally id suggest to run DR WEB
http://www.freedrweb.com/download+cureit/
After its run set to scan the WHOLE computer:idea:0 -
Course I am interested in doing both, I need office for my work, and I had just purchased office 2007. Its all genuine, office was on my laptop when bought it from pcworld, then office ran out and I bought the new one from comet. Obviously I don't want anything nasty on their either.
I shall run the other link you have provided, thank you Angel 0 -
Ok doki
so what 'exactly' is the problem with office?
Has it installed correctly?
What happens when you attempt to open word?
I think id suggest uninstalling office (As you clearly installed it on an infected computer)
Run DR WEB as above
reboot
Download CCLEANER
http://www.ccleaner.com/download/builds/downloading-slim
Run the CLEANER scan (UNTICK 'cookies')
Then run the REGISTRY scan (Backup the registry when it asks)
Then reinstall office:idea:0 -
It was already on this laptop when I bought it about 2 years ago, I didn't use it so left it when it had run out, I now need it so bought the office home and student edition 2007 which is on there already and when I tried entering the code it says to install so I do and it doesn't complete the setup
I tried uninstalling office but it won't let me, it says the same 'did not complete'
When I open word at the moment it asks for the validation code.
dr web is already running. Angel 0 -
Id still remove what you have now:idea:0
-
Yes I will but don't know how to, when I go to uninstall it won't let me, it says did not complete Angel 0
-
that last virus scanner says done, no viruses found Angel 0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.1K Banking & Borrowing
- 253.6K Reduce Debt & Boost Income
- 454.2K Spending & Discounts
- 245.1K Work, Benefits & Business
- 600.8K Mortgages, Homes & Bills
- 177.5K Life & Family
- 258.9K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards