We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Internet connection gone slow :( HIJACK THIS LOG INCLUDED!
Comments
-
If your brother installed bit-torrent, you have no way of being sure he didn't downlaod all kinds of dodgy stuff. By definition, torrented (pirated) programs are not guarnateed to be legit, and can often be full of malware and viruses.
If this was my PC, I'd wipe it and reinstall windows from scratch. You will never be 100% sure otherwise.
Never let any program run on your PC unless you know its legit,. and where it came from. In other words, avoid stuff from bit-torrent sites...
I could repackage a program or video game trivially to include something that sniffs out your banking details or other account passwords, this stuff is easy to do, and its rife
wow scary:eek: he was downloading music,but never again.0 -
-
avast still not downladed properly 0
-
Due to the malwarebytes log id recommend you do as follows ~
Please run COMBOFIX
Shut down your anti virus
Follow the simple instructions it gives
Post the COMPLETE log it creates here (Split into sections if need be)
If it comes up with a RENAMING error then RIGHT click the exe file and RENAME and call it QWERTY (Making the complete file name 'QWERTY.exe') Or SAVE as 'QWERTY' on download
I would also recommend you change all passwords that are money related or email accounts (Anything important)
make them ALL different and nothing that can be found in a dictionary:idea:0 -
Due to the malwarebytes log id recommend you do as follows ~
Please run COMBOFIX
Shut down your anti virus
Follow the simple instructions it gives
Post the COMPLETE log it creates here (Split into sections if need be)
If it comes up with a RENAMING error then RIGHT click the exe file and RENAME and call it QWERTY (Making the complete file name 'QWERTY.exe') Or SAVE as 'QWERTY' on download
I would also recommend you change all passwords that are money related or email accounts (Anything important)
make them ALL different and nothing that can be found in a dictionary
Attempted to run COMBOFIX now, But it is saying something about renaming error, i cannot see where i can rename it?
.
Wow, change all my passwords huh? off to do that now!
What gave you the conclusion that I should change the passwords,Is it because of the new logs?
What exactly were those malicious files?
I asked my brother about his downloadings on my laptop and he says they are blogspots so they are 100 percent safe?
Is that true?0 -
combofix completed.
LOG:
\Legacy_NPF
\Service_NPF
\Legacy_fqgdqwr
\Service_fqgdqwr
((((((((((((((((((((((((( Files Created from 2009-12-04 to 2010-01-04 )))))))))))))))))))))))))))))))
.
2010-01-04 15:55 . 2010-01-04 15:55
d
w- c:\users\Default\AppData\Local\temp
2010-01-04 09:39 . 2010-01-04 09:39
d
w- c:\users\Guest\AppData\Roaming\Malwarebytes
2010-01-04 09:00 . 2010-01-04 09:00
d
w- c:\program files\Windows Portable Devices
2010-01-04 06:13 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2010-01-04 06:13 . 2009-10-01 01:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2010-01-04 06:13 . 2009-10-01 01:01 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2010-01-04 06:13 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2010-01-04 06:13 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2010-01-04 06:13 . 2009-10-01 01:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2010-01-04 06:13 . 2009-10-01 01:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2010-01-04 06:13 . 2009-10-01 01:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2010-01-04 06:13 . 2009-10-01 01:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2010-01-04 06:13 . 2009-10-01 01:01 350208 ----a-w- c:\windows\system32\WPDSp.dll
2010-01-04 06:13 . 2009-10-01 01:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2010-01-04 06:13 . 2009-10-01 01:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2010-01-04 06:11 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-01-04 06:11 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-01-04 06:11 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-01-03 21:04 . 2010-01-03 21:05
d
w- c:\windows\system32\ca-ES
2010-01-03 21:04 . 2010-01-03 21:05
d
w- c:\windows\system32\eu-ES
2010-01-03 21:04 . 2010-01-03 21:05
d
w- c:\windows\system32\vi-VN
2010-01-03 19:12 . 2010-01-03 19:12
d
w- c:\windows\system32\EventProviders
2010-01-03 18:47 . 2009-03-08 11:32 72704 ----a-w- c:\windows\system32\admparse.dll
2009-12-16 19:44 . 2009-12-16 19:44
d
w- C:\My Music
2009-12-14 14:24 . 2009-12-14 14:24
d
w- c:\users\Resha\AppData\Local\Real
2009-12-14 14:23 . 2009-12-14 14:23
d
w- c:\program files\Common Files\xing shared
2009-12-11 11:29 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-11 11:29 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-11 11:29 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-11 10:43 . 2009-08-24 11:36 377344 ----a-w- c:\windows\system32\winhttp.dll
2009-12-11 10:42 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-04 15:58 . 2008-02-16 11:51 680 ----a-w- c:\users\Resha\AppData\Local\d3d9caps.dat
2010-01-04 11:58 . 2008-05-01 19:29 680 ----a-w- c:\users\Guest\AppData\Local\d3d9caps.dat
2010-01-04 08:59 . 2010-01-04 08:59 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-01-03 21:05 . 2006-11-02 12:37
d
w- c:\program files\Windows Sidebar
2010-01-03 21:05 . 2006-11-02 12:37
d
w- c:\program files\Windows Journal
2010-01-03 21:05 . 2006-11-02 12:37
d
w- c:\program files\Windows Collaboration
2010-01-03 21:05 . 2006-11-02 12:37
d
w- c:\program files\Windows Calendar
2010-01-03 21:05 . 2006-11-02 11:18
d
w- c:\program files\Windows Mail
2010-01-03 21:05 . 2006-11-02 12:37
d
w- c:\program files\Windows Photo Gallery
2010-01-03 21:05 . 2006-11-02 12:37
d
w- c:\program files\Windows Defender
2010-01-03 18:46 . 2009-01-03 13:45
d
w- c:\program files\Malwarebytes' Anti-Malware
2010-01-03 18:46 . 2010-01-03 18:45 5061519 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-03 09:33 . 2008-11-30 10:05
d
w- c:\users\Resha\AppData\Roaming\DNA
2010-01-01 13:33 . 2008-02-22 16:09 680 ----a-w- c:\users\AK47\AppData\Local\d3d9caps.dat
2009-12-30 14:55 . 2009-01-03 13:45 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-30 14:54 . 2009-01-03 13:45 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-23 16:35 . 2008-02-16 01:26 3066 ----a-w- c:\users\Resha\AppData\Roaming\wklnhst.dat
2009-12-14 14:23 . 2008-06-01 15:10
d
w- c:\program files\Common Files\Real
2009-12-11 11:29 . 2007-12-12 05:45
d
w- c:\programdata\Microsoft Help
2009-12-05 12:43 . 2009-11-23 12:03 439816 ----a-w- c:\users\Resha\AppData\Roaming\Real\Update\setup3.09\setup.exe
2009-12-05 11:26 . 2009-12-05 11:26 484976 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbAF5B.tmp.exe
2009-12-04 20:21 . 2009-12-04 20:21 784136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-11-28 11:00 . 2009-11-28 11:00
d
w- c:\program files\CCleaner
2009-11-23 22:54 . 2009-11-23 22:54
d
w- c:\program files\Trend Micro
2009-11-23 20:58 . 2009-11-23 20:58 79368 ----a-w- c:\users\Resha\AppData\Roaming\Real\Update\setup3.09\RUP\vista.exe
2009-11-21 06:40 . 2010-01-03 18:49 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2010-01-03 18:49 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2010-01-03 18:49 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2010-01-03 18:49 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-10 10:29 . 2009-11-10 10:29
d
w- c:\program files\DIFX
2009-11-06 05:31 . 2007-12-11 07:38
d--h--w- c:\program files\InstallShield Installation Information
2009-11-06 05:30 . 2009-07-22 16:58 2380538 ----a-w- c:\programdata\ArcSoft\Global Deploy\CheckUpdate\ArcConnect.exe
2009-11-02 20:42 . 2009-10-03 07:18 195456
w- c:\windows\system32\MpSigStub.exe
2009-10-29 09:17 . 2009-11-25 21:15 2048 ----a-w- c:\windows\system32\tzres.dll
2007-11-15 15:50 . 2007-03-07 12:54 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Reminder_MUI"="c:\applications\oem\Reminder\Reminder_MUI.exe" [2007-07-20 1089536]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-23 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SiSTray"="c:\program files\SiS VGA Utilities\SiSTray.exe" [2007-08-24 552960]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-09 4702208]
"Skytel"="Skytel.exe" [2007-08-03 1826816]
"UpdateP2GShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2007-07-26 202024]
"SiSPower"="SiSPower.dll" [2007-06-25 53248]
"SetLCDMode"="c:\windows\system32\LCDMode.exe" [2007-06-25 20480]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-10-10 203264]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-12-14 198160]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-12-30 1389904]
c:\users\AK47\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
c:\users\Resha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Utility Tray.lnk - c:\windows\System32\sistray.exe [2008-2-16 262144]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(b):4a,f3,f9,b5,b9,8c,ca,01
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\System32\drivers\rtl8187B.sys [11/12/2007 07:51 283136]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\System32\drivers\SiSGB6.sys [11/12/2007 07:42 46592]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [26/02/2009 01:54 101936]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [24/06/2008 09:51 21504]
S3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\System32\drivers\netr73.sys [11/12/2007 07:46 351232]
S3 optousb;OPTO ELECTRONICS optousb;c:\windows\System32\drivers\optousb.sys [10/11/2009 10:29 18432]
S3 optovcm;OPTO ELECTRONICS optovcm;c:\windows\System32\drivers\optovcm.sys [10/11/2009 10:29 26368]
S3 SiS6350;SiS6350;c:\windows\System32\drivers\SISGRKMD.sys [11/12/2007 07:33 452096]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
2010-01-04 c:\windows\Tasks\User_Feed_Synchronization-{008AF6D3-1145-4C92-B72D-E0C60C33658B}.job
- c:\windows\system32\msfeedssync.exe [2010-01-03 04:59]
2010-01-04 c:\windows\Tasks\User_Feed_Synchronization-{D9F112F9-71A6-4178-BFAC-9271A292E8A5}.job
- c:\windows\system32\msfeedssync.exe [2010-01-03 04:59]
.
.
Supplementary Scan
.
uStart Page = hxxp://uk.yahoo.com
mStart Page = hxxp://uk.yahoo.com
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://uk.search.yahoo.com
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: shopandscan.com\www
DPF: {EBB176D2-AF75-4706-832F-4C8448F72757} - hxxp://www.shopandscan.com/TNSClickrc.CAB
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{D0523BB4-21E7-11DD-9AB7-415B56D89593} - (no file)
HKCU-Run-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
HKLM-Run-NBDriver - E:\NBDriver.exe
HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-04 15:58
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Other Running Processes
.
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\WUDFHost.exe
c:\windows\RtHDVCpl.exe
c:\windows\System32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2010-01-04 16:08:39 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-04 16:08
Pre-Run: 6,880,075,776 bytes free
Post-Run: 7,365,689,344 bytes free
- - End Of File - - D282FE83707D3F006FC8AA3A5EBF20A20 -
Spybot running now0
-
Manually delete this ~
c:\programdata\Google\Google Toolbar\Update\gtbAF5B.tmp.exe
Then ~
Download and run the FREE version of DR WEB
http://www.freedrweb.com/download+cureit/gr/
Turn your anti virus OFF
Click CANCEL to the 'Would you like to read purchase terms now?' message
Click START click OK
It will auto QUICK scan
After that set to scan the WHOLE computer and press the 'play' icon
***DO NOT UPGRADE TO FULL VERSION***:idea:0 -
My laptop will be squeeky clean soon.lol
I still have NO ANTI VIRUS..
AVAST wont download for some reason.
I just done the spybot scan and its found stuff!!
I cant find the option to post the log but it found
ZANGO 1 Entry pups
Registry Helper 9 entries MALWARE
Doubleclick 1 entry browser
Fun web products 1 entry pups
I deleted all the malicious stuff, Thank you for that basmic
0 -
Manually delete this ~
c:\programdata\Google\Google Toolbar\Update\gtbAF5B.tmp.exe
Then ~
Download and run the FREE version of DR WEB
http://www.freedrweb.com/download+cureit/gr/
Turn your anti virus OFF
Click CANCEL to the 'Would you like to read purchase terms now?' message
Click START click OK
It will auto QUICK scan
After that set to scan the WHOLE computer and press the 'play' icon
***DO NOT UPGRADE TO FULL VERSION***
this is running now rik:beer:0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.3K Banking & Borrowing
- 253.6K Reduce Debt & Boost Income
- 454.3K Spending & Discounts
- 245.3K Work, Benefits & Business
- 601.1K Mortgages, Homes & Bills
- 177.5K Life & Family
- 259.2K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards