We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Hijack this help please
Comments
-
The chances of your computer dying at this stage is very small
If you feel theres important things you need to back up then please do so as nothing is ever guaranteed:idea:0 -
I will give it a go then, fingers crossed.0
-
Ok, I have finally managed the first of your instructions and run the combo fix again - managed to disable the AVG this time - I thought I had last time but now realise I hadn't. Anyway here is the log and I will get on with the rest.
ComboFix 09-11-16.05 - Administrator 16/11/2009 21:02.2.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.447.150 [GMT 0:00]
Running from: c:\documents and settings\Administrator\Desktop\Qwerty.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FILE ::
"c:\documents and settings\All Users\Application Data\NeoEdge Networks\MostFun\gamedownloader.exe"
"c:\windows\Byipelozu.dat"
"c:\windows\Esuloso.bin"
"c:\windows\system32\fdscd.dat"
"c:\windows\system32\gqcj38.dll"
"c:\windows\system32\idmf.dat"
"c:\windows\system32\qsfff.dat"
"c:\windows\UKCpInfo.sys"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\NeoEdge Networks\MostFun\gamedownloader.exe
c:\windows\Byipelozu.dat
c:\windows\Esuloso.bin
c:\windows\system32\gqcj38.dll
c:\windows\UKCpInfo.sys
.
((((((((((((((((((((((((( Files Created from 2009-10-16 to 2009-11-16 )))))))))))))))))))))))))))))))
.
2009-11-13 14:46 . 2009-11-13 14:46 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-11-13 14:46 . 2009-11-13 14:49
d
w- c:\documents and settings\Administrator\.housecall6.6
2009-11-12 22:31 . 2009-11-12 22:31
d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-11-12 22:23 . 2009-11-12 22:23
d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-11-12 22:18 . 2009-11-12 22:18
d
w- c:\windows\ie8updates
2009-11-12 22:10 . 2009-11-12 22:15
dc-h--w- c:\windows\ie8
2009-11-12 22:04 . 2009-10-02 04:44 92160
w- c:\windows\system32\dllcache\iecompat.dll
2009-11-12 22:03 . 2009-08-29 08:08 12800
w- c:\windows\system32\dllcache\xpshims.dll
2009-11-12 22:03 . 2009-08-29 08:08 246272
w- c:\windows\system32\dllcache\ieproxy.dll
2009-11-12 18:07 . 2009-11-12 18:07
d
w- c:\program files\Trend Micro
2009-11-12 16:04 . 2009-11-12 16:04
d
w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-11-12 16:04 . 2009-09-10 14:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-12 16:04 . 2009-11-12 16:04
d
w- c:\program files\Malwarebytes' Anti-Malware
2009-11-12 16:04 . 2009-11-12 16:04
d
w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-12 16:04 . 2009-09-10 14:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-11 15:39 . 2009-11-11 23:20
d
w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-11 15:39 . 2009-11-11 15:49
d
w- c:\program files\Spybot - Search & Destroy
2009-11-11 15:17 . 2009-11-11 15:17
d
w- c:\documents and settings\Administrator\Local Settings\Application Data\Threat Expert
2009-11-09 16:14 . 2009-11-09 16:14
d
w- c:\documents and settings\Administrator\Local Settings\Application Data\{91103DE8-50CF-4E66-BCE3-0D5CE6DF99BF}
2009-10-21 11:56 . 2009-10-21 11:55 2064152 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-10-18 11:36 . 2009-10-18 11:36
d
w- c:\windows\Cache
2009-10-18 11:35 . 2009-11-13 12:01
d
w- c:\program files\Coupon Printer
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-12 22:56 . 2007-03-06 19:37
d
w- c:\program files\Virtools Web Player 3.0
2009-11-12 21:46 . 2006-07-11 06:07
d
w- c:\program files\Common Files\Symantec Shared
2009-11-12 13:02 . 2007-02-07 15:14
d
w- c:\program files\Lavasoft
2009-11-11 14:55 . 2008-05-25 20:34
d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-30 13:23 . 2009-03-24 18:53
d
w- c:\documents and settings\All Users\Application Data\JollyBear
2009-10-30 13:21 . 2009-03-16 19:46
d
w- c:\program files\MostFun
2009-10-30 12:24 . 2009-10-03 15:08
d
w- c:\documents and settings\Administrator\Application Data\Gaijin Ent
2009-10-26 18:04 . 2009-07-09 19:14
d
w- c:\documents and settings\All Users\Application Data\Fugazo
2009-10-26 17:29 . 2009-03-24 15:29
d
w- c:\documents and settings\All Users\Application Data\TERMINAL Studio
2009-10-26 17:13 . 2009-03-16 19:46
d
w- c:\documents and settings\All Users\Application Data\NeoEdge Networks
2009-10-14 10:32 . 2007-01-27 12:55
d
w- c:\program files\Common Files\Adobe
2009-10-12 16:50 . 2009-07-23 18:19
d
w- c:\documents and settings\All Users\Application Data\My Games
2009-10-09 08:46 . 2009-10-09 08:46
d
w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-10-07 09:32 . 2009-06-11 15:45
d
w- c:\program files\Stopbuddy
2009-10-07 09:30 . 2006-07-11 05:40
d--h--w- c:\program files\InstallShield Installation Information
2009-10-06 12:10 . 2009-10-06 12:10
d
w- c:\documents and settings\Administrator\Application Data\Skinux
2009-10-03 16:29 . 2009-10-03 16:16
d
w- c:\documents and settings\All Users\Application Data\UClick
2009-10-03 16:29 . 2009-10-03 16:16
d
w- c:\documents and settings\Administrator\Application Data\UClick
2009-09-25 15:20 . 2007-02-21 18:49
d
w- c:\documents and settings\All Users\Application Data\PlayFirst
2009-09-25 15:20 . 2007-02-21 18:49
d
w- c:\documents and settings\Administrator\Application Data\PlayFirst
2009-09-11 14:18 . 2004-08-04 08:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2004-08-04 08:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2004-08-04 08:00 916480
w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2004-08-04 08:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-20 14:09 . 2009-08-20 14:09 1193832 ----a-w- c:\windows\system32\FM20.DLL
2007-02-15 15:31 . 2007-02-15 15:31 774144 ----a-w- c:\program files\RngInterstitial.dll
2007-01-14 22:30 . 2007-01-14 22:30 56 --sha-w- c:\windows\SMINST\hpboot.sys
.
((((((((((((((((((((((((((((( [EMAIL="SnapShot@2009-11-12_23.47.44"]SnapShot@2009-11-12_23.47.44[/EMAIL] )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-04 08:00 . 2009-06-22 06:44 726528 c:\windows\system32\jscript.dll
- 2004-08-04 08:00 . 2009-03-08 04:33 726528 c:\windows\system32\jscript.dll
+ 2008-05-09 10:53 . 2009-06-22 06:44 726528 c:\windows\system32\dllcache\jscript.dll
- 2008-05-09 10:53 . 2009-03-08 04:33 726528 c:\windows\system32\dllcache\jscript.dll
+ 2009-11-13 10:23 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB976749-IE8\spuninst\updspapi.dll
+ 2009-11-13 10:23 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB976749-IE8\spuninst\spuninst.exe
+ 2009-11-13 10:22 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB971961-IE8\spuninst\updspapi.dll
+ 2009-11-13 10:22 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB971961-IE8\spuninst\spuninst.exe
+ 2009-11-13 10:22 . 2009-03-08 04:33 726528 c:\windows\ie8updates\KB971961-IE8\jscript.dll
+ 2004-08-04 08:00 . 2009-10-22 09:19 5939712 c:\windows\system32\mshtml.dll
+ 2006-09-14 08:39 . 2009-10-22 09:19 5939712 c:\windows\system32\dllcache\mshtml.dll
+ 2009-11-13 10:23 . 2009-08-29 08:08 5940224 c:\windows\ie8updates\KB976749-IE8\mshtml.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-16 1004800]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-16 08:29 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-16 1004800]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-16 1004800]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-31 761946]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-03-28 454656]
"CognizanceTS"="c:\progra~1\HPQ\IAM\Bin\AsTsVcc.dll" [2003-12-22 17920]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-23 131072]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2005-12-20 1187840]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-02-15 892928]
"Motive SmartBridge"="c:\progra~1\BLUEYO~1\SMARTB~1\blueyonder-istnotifier.exe" [2005-09-22 438359]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-11-04 2028312]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"MsmqIntCert"="mqrt.dll" - c:\windows\system32\mqrt.dll [2008-04-14 177152]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2005-07-25 18:41 40960 ----a-w- c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-15 09:40 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN]
2006-03-03 15:08 434176 ----a-w- c:\windows\system32\IfxWlxEN.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^blueyonder Instant Support Tool.lnk]
backup=c:\windows\pss\blueyonder Instant Support Tool.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DVD Check.lnk]
backup=c:\windows\pss\DVD Check.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Hp\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [25/05/2008 19:21 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [25/05/2008 19:21 108552]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [29/11/2005 16:56 36768]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [04/08/2004 08:00 14336]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [03/07/2008 11:01 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [03/07/2008 11:00 297752]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [08/12/2006 02:49 2368]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [21/10/2005 11:19 36352]
--- Other Services/Drivers In Memory ---
*Deregistered* - mbr
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASChannel
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E7F780A5-FC7C-45C5-882E-256832665E0A}]
rundll32 gqcj38.dll,laspi
.
.
Supplementary Scan
.
uStart Page = hxxp://forums.moneysavingexpert.com/forumdisplay.html?s=&daysprune=&f=36
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Connection Wizard,ShellNext = hxxp://www.blueyonder.co.uk/
uInternet Settings,ProxyOverride = 127.0.0.1
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - [URL]file://c:\windows\Java\classes\xmldso.cab[/URL]
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
DPF: {C1BAC744-8F0B-11D0-89E7-00C0A8295197} - hxxp://www.crtvg.es/camweb/camera.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-16 21:20
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_USERS\S-1-5-21-2541423913-2234353754-4243743288-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,62,f8,6e,e3,cd,46,da,4a,9d,e5,2f,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,62,f8,6e,e3,cd,46,da,4a,9d,e5,2f,\
.
DLLs Loaded Under Running Processes
- - - - - - - > 'winlogon.exe'(892)
c:\windows\system32\Ati2evxx.dll
c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll
c:\program files\HPQ\IAM\Bin\ASChnl.dll
c:\windows\system32\WININET.dll
c:\program files\HPQ\IAM\Bin\ItMsg.dll
c:\windows\system32\IfxWlxEN.dll
- - - - - - - > 'explorer.exe'(3628)
c:\windows\system32\WININET.dll
c:\progra~1\BLUEYO~1\SMARTB~1\SBHook.dll
c:\program files\HPQ\IAM\Bin\SFSShell.dll
c:\program files\HPQ\IAM\bin\ItMsg.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Other Running Processes
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\msdtc.exe
c:\windows\system32\IFXSPMGT.exe
c:\windows\system32\IFXTCS.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
c:\windows\system32\tcpsvcs.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\mqsvc.exe
c:\program files\ProtectTools\Embedded Security Software\PSDrt.exe
c:\program files\HPQ\IAM\bin\asghost.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\mqtgsvc.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\HPQ\Shared\HPQTOA~1.EXE
.
**************************************************************************
.
Completion time: 2009-11-16 21:34 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-16 21:34
ComboFix2.txt 2009-11-13 00:06
Pre-Run: 29,717,774,336 bytes free
Post-Run: 29,667,844,096 bytes free
- - End Of File - - 258D0878249BA047B5D2824B9BAE45E00 -
Hi,
I managed to follow all instructions. The only thing I could not find was the System File Checker but I managed to start it from the Run "box".
Here is the final log from Superantispyware.
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 11/17/2009 at 10:44 AM
Application Version : 4.30.1004
Core Rules Database Version : 4280
Trace Rules Database Version: 2156
Scan type : Complete Scan
Total Scan Time : 01:19:25
Memory items scanned : 559
Memory threats detected : 0
Registry items scanned : 6533
Registry threats detected : 0
File items scanned : 30677
File threats detected : 33
Adware.Tracking Cookie
C:\Documents and Settings\Administrator\Cookies\administrator@rambler[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@media6degrees[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@microsoftwindows.112.2o7[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@sonyonlineentertainment.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.googleadservices[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.googleadservices[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.googleadservices[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@interclick[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@collective-media[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@bs.serving-sys[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@richmedia.yahoo[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@microsoftinternetexplorer.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adxpose[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@chitika[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@questionmarket[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@cdn5.specificclick[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@revsci[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@specificclick[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@clickshift[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@account.station.sony[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@content.yieldmanager[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@microsoftsto.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.techguy[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@acronis.122.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@avgtechnologies.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@serving-sys[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@kontera[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@imrworldwide[2].txt
Trojan.Agent/Gen-Nullo[Short]
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP679\A0064570.DLL
Trojan.Agent/Gen-Polax
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP683\A0065281.DLL
Adware.CouponBar
C:\WINDOWS\SYSTEM32\CPNPRT2.CID
I hope the verdict is good.0 -
Well theyre still finding nasties ~ I suppose thats good (Though the question is how they got there in the 1st place):idea:0
-
Hi aLiEnRiK,
I would love to know how and when they got in. I have always had AVG running but now have a lot less confidence when I see what I have just got rid of. I wouldn't have been able to without your help. I don't know these programs you advised but I will use them as they seem to be picking up things that others are not.
Do you have any other advice or is there anything else I need to do (apart from tidy all thes programs from my desktop to somewhere more organised)?0 -
Im mostly waiting to see if Dr Web finds anything ~ ill take it from there:idea:0
-
Sorry, I didn't realise you wanted me to post that one. Its huge - over 28,000bytes. I have tried twice already but will have to send it in bits.0
-
no no
Look right at the end ~ it will tell you if anything HAS been found (The log itself that your on about is just a log of whats been scanned):idea:0 -
OK now I feel even thicker than I first thought.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Backups\regLocal.reg - incurable - deleted
C:\Qoobox\Quarantine\C\WINDOWS\COUPON~1.OCX.vir - incurable - deleted
C:\Qoobox\Quarantine\C\WINDOWS\Downloaded Program Files\popcaploader.dll.vir - incurable - deleted
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP674\A0064208.dll - incurable - deleted
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP679\A0064703.dll - incurable - deleted
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP679\A0064704.exe - incurable - deleted
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP679\A0064705.dll - incurable - deleted
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP681\A0065009.ocx - incurable - deleted
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP683\A0065283.bat - incurable - deleted
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP683\A0065391.bat - incurable - deleted0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.1K Banking & Borrowing
- 253.5K Reduce Debt & Boost Income
- 454.2K Spending & Discounts
- 245.1K Work, Benefits & Business
- 600.7K Mortgages, Homes & Bills
- 177.5K Life & Family
- 258.9K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.2K Discuss & Feedback
- 37.6K Read-Only Boards