We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Please Help Laptop Died
Options
Comments
-
Thanks for picking this one up RIK, it seemed fairly clean after MBAM, but I don't like steaming in with Combofix as I am unfamiliar with the output.Download COMBOFIX
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Switch off your anti virus and follow the simple instructions
Post the WHOLE of the log it creates (split into sections if too big)0 -
Rik sorry it has taken me so long to get back on here but, not been too well I have dragged the file onto the icon as you said and I still have the results on the screen but, where is Combofix.txt ? As you can tell I am not much good on computers so thanks for helping me again. Jacqui0
-
ComboFix 10-01-18.03 - jacqui 19/01/2010 17:49:17.5.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.442 [GMT 0:00]
Running from: c:\documents and settings\jacqui\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\jacqui\My Documents\CFScript
AV: avast! antivirus 4.8.1368 [VPS 100119-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FILE ::
"c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\Unpack\bfgsetup_s1_ l1.exe"
"c:\program files\DNA\btdna.exe"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\temp
c:\program files\temp\Message.ini
c:\program files\temp\Msg.ini
c:\program files\temp\Msg_chs.ini
c:\program files\temp\Msg_cht.ini
c:\program files\temp\Msg_kor.ini
c:\program files\temp\Uninst\Admin.exe
c:\program files\temp\Uninst\Message.ini
c:\program files\temp\Uninst\Msg.ini
c:\program files\temp\Uninst\Msg_chs.ini
c:\program files\temp\Uninst\Msg_cht.ini
c:\program files\temp\Uninst\Msg_kor.ini
.
((((((((((((((((((((((((( Files Created from 2009-12-19 to 2010-01-19 )))))))))))))))))))))))))))))))
.
2010-01-17 14:11 . 2010-01-14 11:12 181120
w- c:\windows\system32\MpSigStub.exe
2010-01-17 14:07 . 2010-01-17 14:07
d
w- c:\windows\system32\wbem\Repository
2010-01-17 13:51 . 2010-01-17 14:06
d
w- C:\32788R22FWJFW(2)
2010-01-17 12:28 . 2010-01-17 12:28
d
w- c:\program files\Windows Defender
2010-01-16 22:57 . 2010-01-16 22:57
d
w- c:\program files\Trend Micro
2010-01-16 21:54 . 2010-01-16 21:54 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-13 16:03 . 2010-01-13 16:03
d
w- c:\documents and settings\NetworkService\Application Data\HPAppData
2010-01-13 11:13 . 2009-11-21 15:51 471552
w- c:\windows\system32\dllcache\aclayers.dll
2010-01-07 14:20 . 2010-01-07 14:20 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-05 16:19 . 2010-01-05 16:19
d
w- c:\documents and settings\NetworkService\Application Data\Trusteer
2010-01-04 18:33 . 2010-01-04 18:33
d
w- c:\documents and settings\jacqui\Application Data\Trusteer
2010-01-04 18:33 . 2010-01-04 18:33
d
w- c:\program files\Trusteer
2010-01-04 18:32 . 2010-01-04 18:32
d
w- c:\documents and settings\All Users\Application Data\Trusteer
2010-01-03 13:45 . 2010-01-03 13:45
d
w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-01-03 13:40 . 2010-01-03 13:40
d
w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-01-02 18:40 . 2010-01-02 18:41 2605832 ----a-w- c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\Unpack\bfgsetup_s1_l1.exe
2010-01-02 18:40 . 2010-01-02 18:40
d
w- c:\documents and settings\All Users\Application Data\BigFishGamesCache
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-19 16:29 . 2007-06-23 11:08
d---a-w- c:\documents and settings\All Users\Application Data\temp
2010-01-18 10:40 . 2009-03-18 19:02
d
w- c:\program files\DNA
2010-01-17 18:10 . 2009-03-18 19:02
d
w- c:\documents and settings\jacqui\Application Data\DNA
2010-01-16 21:54 . 2009-08-21 17:33
d
w- c:\program files\Malwarebytes' Anti-Malware
2010-01-07 16:07 . 2009-08-21 17:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 16:07 . 2009-08-21 17:33 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-03 13:40 . 2007-06-18 22:11
d
w- c:\program files\Google
2009-12-06 10:38 . 2009-11-28 20:33
d
w- c:\program files\Microsoft Silverlight
2009-12-03 17:41 . 2007-06-21 10:03 56720 ----a-w- c:\documents and settings\jacqui\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-03 16:38 . 2009-12-03 16:38
d
w- c:\program files\MSBuild
2009-12-03 16:38 . 2009-12-03 16:38
d
w- c:\program files\Reference Assemblies
2009-11-28 20:33 . 2009-05-03 12:23
d
w- c:\program files\Windows Live
2009-11-28 20:28 . 2009-11-28 20:28
d
w- c:\program files\Microsoft SQL Server Compact Edition
2009-11-28 20:16 . 2007-06-18 22:00
d
w- c:\program files\Java
2009-11-28 20:14 . 2009-11-28 20:14 152576 ----a-w- c:\documents and settings\jacqui\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-28 20:14 . 2009-11-09 15:26 79488 ----a-w- c:\documents and settings\jacqui\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-28 20:13 . 2009-11-28 20:10 1924440 ----a-w- c:\documents and settings\jacqui\Application Data\Macromedia\Flash Player\https://www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2009-11-24 23:54 . 2009-08-20 19:33 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-08-20 19:34 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2009-08-20 19:34 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2009-08-20 19:34 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2009-08-20 19:34 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2009-08-20 19:34 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-08-20 19:34 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-08-20 19:34 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-08-20 19:34 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-21 15:51 . 2004-08-10 11:50 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-10-29 07:46 . 2004-08-10 11:51 832512
w- c:\windows\system32\wininet.dll
2009-10-29 07:46 . 2004-08-10 11:51 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:46 . 2004-08-10 11:50 17408 ----a-w- c:\windows\system32\corpol.dll
2009-10-23 09:33 . 2007-06-24 16:37 56720 ----a-w- c:\documents and settings\kirsty.JACNORM\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((( [EMAIL="SnapShot@2010-01-17_18.51.11"]SnapShot@2010-01-17_18.51.11[/EMAIL] )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-19 16:29 . 2010-01-19 16:29 16384 c:\windows\Temp\Perflib_Perfdata_988.dat
+ 2010-01-19 16:29 . 2010-01-19 16:29 16384 c:\windows\Temp\Perflib_Perfdata_6f4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-28 395776]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2009-01-27 251264]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"NCLaunch"="c:\windows\NCLAUNCH.EXe" [2007-07-21 40960]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-03 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2006-09-22 282624]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-09-22 761947]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-02-20 1191936]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-01 1392640]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 49152]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"Broadbandadvisor.exe"="c:\program files\Virgin Broadband\advisor\Broadbandadvisor.exe" [2007-01-24 2037240]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"EPSON Stylus Photo R200 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE" [2003-07-08 99840]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-28 185896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-6-18 24576]
Ulead Photo Express 3.0 SE Calendar Checker.lnk - c:\program files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe [2009-2-10 61440]
Update Agent.lnk - c:\program files\3\3Connect\AutoUpdateSrv.exe [2009-8-1 670256]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [20/08/2009 19:34 114768]
R1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [15/12/2009 13:37 58984]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [15/12/2009 13:37 337000]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [20/08/2009 19:34 20560]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [15/12/2009 13:37 972008]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [03/01/2010 13:40 135664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Contents of the 'Scheduled Tasks' folder
2010-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-03 13:39]
2010-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-03 13:39]
2010-01-19 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
.
Supplementary Scan
.
uStart Page = hxxp://uk.yahoo.com/
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZUxdm080YYGB&fl=0&ptb=0GcYHhZFMf0xOrC89UNvxQ&url=http://www.uk.ask.com/web&q={searchTerms}&l=zu&o=sb
uInternet Connection Wizard,ShellNext = hxxp://127.0.0.1:4664/first_usage&s=pBc5b8HngTFmGfqSqLdCvNpQ0u8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_5F1A57F0B9B89E2E.dll/cmsidewiki.html
IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?c9c319d62ed648bbbac397f24f860cb3
IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?c9c319d62ed648bbbac397f24f860cb3
FF - ProfilePath - c:\documents and settings\jacqui\Application Data\Mozilla\Firefox\Profiles\1in8irci.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - MyWebSearch
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZSYYYYYYYYGB&fl=0&ptb=TzLobXdPa6GYUuKqxvZ1RQ&url=http://search.mywebsearch.com/mywebsearch/GGmain.jhtml&st=kwd&n=77ce525d&searchfor=
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-19 17:57
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
DLLs Loaded Under Running Processes
- - - - - - - > 'winlogon.exe'(796)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll
.
Completion time: 2010-01-19 18:01:11
ComboFix-quarantined-files.txt 2010-01-19 18:00
ComboFix2.txt 2010-01-18 10:43
ComboFix3.txt 2010-01-17 18:53
ComboFix4.txt 2010-01-17 16:28
Pre-Run: 57,706,987,520 bytes free
Post-Run: 57,713,229,824 bytes free
- - End Of File - - 25CB630DFF06B350129C3CDC18691F8C
Rik I hope I have done this right this time my granddaughter thinks its mad how stressed I have been with this.0 -
Hmmm. One of the files still there but youve done your part right
Look in ADD/REMOVE programs and uninstall anything along the lines of ~
BigFishGames
(Its whats probably caused the main part of your infection)
Then, or if you cant find it ~
Download SPYBOT (Make sure you click 'DOWNLOAD LATEST VERSION' ~ make sure TEA TIMER is UNTICKED on installation)
http://www.filehippo.com/download_spybot_search_destroy/
UPDATE and IMMUNISE (Make sure it reads ZERO unprotected) and SCAN:idea:0 -
RaiderHammer wrote: »Do people think that Firefox is a better option than IE? Thanks.
http://www.internetnews.com/security/article.php/3847461
Use Opera.Je suis Charlie.0 -
"As well a fair amount of the vulnerabilities have come by way of plug-ins"
Well the NOSCRIPT plugin makes Firefox bomb proof and FAR safer to use than IE. They also shouldnt be testing it using plugins, or if they do then that should be part of the report
I also have a link somewhere (Cant find it as yet) showing Firefox to be far safer in its newly downloaded state than IE:idea:0 -
"As well a fair amount of the vulnerabilities have come by way of plug-ins"
Well the NOSCRIPT plugin makes Firefox bomb proof and FAR safer to use than IE. They also shouldnt be testing it using plugins, or if they do then that should be part of the report
I also have a link somewhere (Cant find it as yet) showing Firefox to be far safer in its newly downloaded state than IE
Whereas Opera actually has the look and feel of a professional product, not something that a 16-year-old just did for a school project.Je suis Charlie.0 -
Thanks Rik will do that now0
-
I do quite like Opera too, but essentially Firefox is my default - it's simply too good
0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351K Banking & Borrowing
- 253.1K Reduce Debt & Boost Income
- 453.6K Spending & Discounts
- 244K Work, Benefits & Business
- 598.9K Mortgages, Homes & Bills
- 176.9K Life & Family
- 257.3K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards