We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Your sytem is infected - virus - ups email
Options
Comments
-
Had the same email. lucky enough the junk mail software detected it.0
-
ComboFix 10-01-20.05 - kay 21/01/2010 15:32:53.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.382.99 [GMT 0:00]
Running from: d:\documents and settings\kay\Desktop\ComboFix.exe
Command switches used :: d:\documents and settings\kay\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FILE ::
"c:\windows\system32\config\systemprofile\Applicati on Data\mvhgkr.dat"
"c:\windows\system32\drivers\apkvwk.sys"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\drivers\apkvwk.sys
.
((((((((((((((((((((((((( Files Created from 2009-12-21 to 2010-01-21 )))))))))))))))))))))))))))))))
.
2010-01-20 17:41 . 2010-01-20 17:41
d
w- c:\program files\TrendMicro
2010-01-20 13:25 . 2010-01-07 16:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-20 13:25 . 2010-01-07 16:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-20 13:25 . 2010-01-20 13:25
d
w- c:\program files\Malwarebytes' Anti-Malware
2010-01-20 12:01 . 2010-01-20 12:01
d-sh--w- d:\documents and settings\Administrator\IETldCache
2010-01-13 07:20 . 2009-11-21 15:51 471552
w- c:\windows\system32\dllcache\aclayers.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-21 12:33 . 2009-11-30 20:18
d
w- d:\documents and settings\All Users\Application Data\avg9
2010-01-21 07:22 . 2008-12-19 13:47
d
w- c:\program files\Microsoft Silverlight
2010-01-20 17:50 . 2007-05-08 11:26
d---a-w- d:\documents and settings\All Users\Application Data\TEMP
2010-01-20 10:46 . 2010-01-20 11:03 191162 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat
2010-01-20 09:44 . 2010-01-20 09:44 8 ----a-w- c:\windows\system32\config\systemprofile\Application Data\mvhgkr.dat
2010-01-13 12:41 . 2007-07-02 11:29
d
w- d:\documents and settings\kay\Application Data\OpenOffice.org2
2009-11-30 20:22 . 2009-06-15 16:51
d
w- d:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-11-30 20:20 . 2009-06-15 16:51 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-30 20:20 . 2009-06-15 16:51 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-30 20:20 . 2007-01-14 10:48 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-11-30 20:20 . 2009-06-15 16:51 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-30 20:18 . 2009-06-15 16:51
d
w- c:\program files\AVG
2009-11-26 18:54 . 2009-11-26 18:54
d
w- d:\documents and settings\kay\Application Data\Keynote Systems
2009-11-21 15:51 . 2004-09-10 14:56 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-10-29 07:45 . 2004-09-10 14:57 916480
w- c:\windows\system32\wininet.dll
2008-03-05 22:20 . 2008-03-05 22:20 0 -c--a-w- c:\program files\temp01
2009-11-26 18:54 . 2009-11-26 18:54 149344 ----a-w- c:\program files\mozilla firefox\components\FFConnectorLauncher.dll
2009-11-26 18:54 . 2009-11-26 18:54 279392 ----a-w- c:\program files\mozilla firefox\components\FFSource.dll
2006-10-11 08:04 . 2008-04-15 08:23 61036 -c--a-w- c:\program files\mozilla firefox\components\jar50.dll
2006-10-11 08:04 . 2008-04-15 08:23 48742 -c--a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2006-10-11 08:05 . 2008-04-15 08:23 29313 -c--a-w- c:\program files\mozilla firefox\components\myspell.dll
2006-10-11 08:05 . 2008-04-15 08:23 41082 -c--a-w- c:\program files\mozilla firefox\components\spellchk.dll
2006-10-11 08:04 . 2008-04-15 08:23 166510 -c--a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 13:01 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-12 68856]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-08-03 160592]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"BTAgile"="c:\program files\BT Broadband Talk Softphone\BTAgile.exe" [2007-06-18 61440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 129536]
"Vade Retro Outlook Express"="c:\progra~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" [2004-10-04 310272]
"Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112]
"Ulead AutoDetector"="c:\program files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" [2003-11-18 45056]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-17 185872]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-09 15691264]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2003-12-16 77824]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2003-12-16 188416]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"DSLSTATEXE"="c:\program files\BT Voyager 105 ADSL Modem\dslstat.exe" [2003-06-28 1658965]
"DSLAGENTEXE"="c:\program files\BT Voyager 105 ADSL Modem\dslagent.exe" [2003-08-19 16384]
"btbb_wcm_McciTrayApp"="c:\program files\btbb_wcm\McciTrayApp.exe" [2006-12-07 935936]
"btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe" [2007-05-23 936960]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-01-01 2033432]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"AGEIA PhysX SysTray"="c:\program files\AGEIA Technologies\TrayIcon.exe" [2006-08-16 339968]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 24576]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
d:\documents and settings\All Users\Start Menu\Programs\Startup\
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\APPS\\skype\\phone\\Skype.exe"=
"c:\\Program Files\\Yahoo!\\browser\\ybrowser.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\ATI Technologies\\ATI.ACE\\CLI.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [15/06/2009 16:51 333192]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [15/06/2009 16:51 360584]
R1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [03/09/2009 17:34 58856]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [03/09/2009 17:34 333928]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [30/11/2009 20:18 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [30/11/2009 20:18 285392]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [16/03/2009 19:12 55152]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [03/09/2009 17:34 967912]
S2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [20/02/2009 18:05 266240]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 18:08 533360]
.
Contents of the 'Scheduled Tasks' folder
2010-01-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2006-08-16 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8147730231.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 23:52]
.
.
Supplementary Scan
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Customize Menu - [URL]file://c:\program[/URL] files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - [URL]file://c:\program[/URL] files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - [URL]file://c:\program[/URL] files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - [URL]file://c:\program[/URL] files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
DPF: Microsoft XML Parser for Java - [URL]file:///C:/WINDOWS/Java/classes/xmldso.cab[/URL]
DPF: {0CFA086E-6336-4D95-B6AA-90F564E99631} - hxxp://www.shopandscan.com/TNSClicker.CAB
DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} - hxxp://www.mypixmania.com/importer/MypixUploader.cab
DPF: {3B5E9B23-7537-4601-A9E8-FA0D956DEA16} - hxxp://www.couponreport.net/ftp/v3123/csauie1.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game04.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - d:\documents and settings\kay\Application Data\Mozilla\Firefox\Profiles\lfhg0ycg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-21 15:48
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_USERS\S-1-5-21-3621275639-3551950293-1788070341-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:4b,7b,45,be,61,1a,92,b2,4f,60,3a,57,07,ab,bb,00,59,a1,dd,06,99,82,1a,
95,29,da,d0,07,c7,39,3a,83,62,db,65,ba,e7,9e,6f,da,3d,bd,16,66,5d,66,97,d0,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d
[HKEY_USERS\S-1-5-21-3621275639-3551950293-1788070341-1005\Software\SecuROM\License information*]
"datasecu"=hex:9b,c5,18,89,e0,98,1a,83,a5,ee,a4,2a,23,a6,6e,25,c0,4a,98,41,87,
2a,53,32,68,06,67,21,1d,fb,94,70,93,80,2f,45,32,f4,33,74,96,df,de,99,d1,71,\
"rkeysecu"=hex:7f,bf,05,93,7c,f3,2a,23,08,dc,09,f1,a0,4f,3b,fd
.
DLLs Loaded Under Running Processes
- - - - - - - > 'winlogon.exe'(688)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-01-21 15:52:08
ComboFix-quarantined-files.txt 2010-01-21 15:52
ComboFix2.txt 2010-01-21 14:08
Pre-Run: 6,591,549,440 bytes free
Post-Run: 6,564,302,848 bytes free
- - End Of File - - A23915312C2D950EB1A687C2C046B47B
This took a lot less time to run. Thankyou for the easy explanation on how to do the CFScript.Wins in 2013 - Jan - Heinz No Noise Ketchup.0 -
Could someone take a glance for me please.Wins in 2013 - Jan - Heinz No Noise Ketchup.0
-
Open malwarebytes
goto MORE TOOLS
then RUN TOOL
Find ~
c:\windows\system32\config\systemprofile\Application Data\mvhgkr.dat
and remove it:idea:0 -
when i get to system profile i cannot find the next item. I have administators docs,desktop, favorites,start menu and ntuser.datWins in 2013 - Jan - Heinz No Noise Ketchup.0
-
-
thankyou. have done post 27, followed by post 25Wins in 2013 - Jan - Heinz No Noise Ketchup.0
-
Download and run the FREE version of DR WEB
http://www.freedrweb.com/download+cureit/gr/
Turn your anti virus OFF
Click CANCEL to the 'Would you like to read purchase terms now?' message
Click START click OK
It will auto QUICK scan
After that set to scan the WHOLE computer and press the 'play' icon
***DO NOT UPGRADE TO FULL VERSION***:idea:0 -
On the auto scan this message had come up
\Documents and Settings\kay\My Documents\couponprinter.exe
Archive contains infected items
Move?
Yes yes to all no no to all
Am not clicking anything till i know its okWins in 2013 - Jan - Heinz No Noise Ketchup.0 -
move ~ yes to all:idea:0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351.1K Banking & Borrowing
- 253.1K Reduce Debt & Boost Income
- 453.6K Spending & Discounts
- 244.1K Work, Benefits & Business
- 599K Mortgages, Homes & Bills
- 177K Life & Family
- 257.4K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards