We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
The Forum now has a brand new text editor, adding a bunch of handy features to use when creating posts. Read more in our how-to guide
Hijack this report
Comments
-
ComboFix 10-02-26.01 - davidbevan 26/02/2010 23:14:18.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1014.321 [GMT 0:00]
Running from: c:\documents and settings\davidbevan\My Documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\jestertb.dll
c:\windows\system32\dcuykwqq.ini
c:\windows\system32\drivers\ikptwlug.sys
c:\windows\system32\hnyuiugg.ini
c:\windows\system32\juvlqvlj.ini
c:\windows\system32\kjxmofff.ini
c:\windows\system32\kusqkfjd.ini
c:\windows\system32\nhmybser.ini
c:\windows\system32\riellnby.ini
c:\windows\system32\sripkrnu.ini
c:\windows\system32\ueofpreo.ini
c:\windows\system32\vdftnokj.ini
c:\windows\system32\xdwcrbvp.ini
c:\windows\system32\xrimmsew.ini
c:\windows\system32\yhgjdome.ini
c:\windows\system32\yISDNqru.ini
c:\windows\system32\yISDNqru.ini2
\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
\Service_mfiqp
((((((((((((((((((((((((( Files Created from 2010-01-26 to 2010-02-26 )))))))))))))))))))))))))))))))
.
2010-02-26 21:41 . 2010-02-26 21:41
d
w- c:\documents and settings\davidbevan\Application Data\Malwarebytes
2010-02-26 21:41 . 2010-01-07 16:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-26 21:41 . 2010-02-26 21:41
d
w- c:\program files\Malwarebytes' Anti-Malware
2010-02-26 21:41 . 2010-02-26 21:41
d
w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-26 21:41 . 2010-01-07 16:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-26 21:17 . 2010-02-26 21:17
d
w- c:\program files\TrendMicro
2010-02-26 21:03 . 2010-02-26 21:03
d
w- c:\documents and settings\davidbevan\Local Settings\Application Data\Mozilla
2010-02-26 19:50 . 2010-02-26 19:50
d
w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-02-26 19:50 . 2010-02-26 19:50
d
w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2010-02-26 19:49 . 2010-02-26 19:49
d
w- c:\documents and settings\Administrator\Application Data\U3
2010-02-26 19:49 . 2010-02-26 19:49
d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-02-06 15:25 . 2010-02-06 16:52
d
w- c:\program files\GameSpy Arcade
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-26 23:23 . 2008-07-15 04:08
d
w- c:\documents and settings\davidbevan\Application Data\Skype
2010-02-26 23:08 . 2009-04-19 12:26
d
w- c:\program files\Lavasoft
2010-02-26 23:08 . 2009-04-19 12:26
d
w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-02-26 22:54 . 2009-07-05 14:29
d
w- c:\documents and settings\davidbevan\Application Data\U3
2010-02-26 21:17 . 2010-02-26 21:17 388096 ----a-r- c:\documents and settings\davidbevan\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-02-26 20:58 . 2009-04-19 12:31
d
w- c:\program files\CCleaner
2010-02-21 11:28 . 2006-05-11 23:32
d
w- c:\program files\Google
2010-02-18 11:54 . 2007-06-13 19:53 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2010-01-20 20:00 . 2009-06-11 19:58
d
w- c:\program files\Microsoft Silverlight
2010-01-08 20:01 . 2009-07-19 14:40 1 ----a-w- c:\documents and settings\davidbevan\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-01-04 10:52 . 2006-03-27 16:17 86323 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-01-04 10:32 . 2006-05-12 04:35
d
w- c:\program files\Java
2010-01-04 10:30 . 2010-01-04 10:30 152576 ----a-w- c:\documents and settings\davidbevan\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-01-04 10:26 . 2009-12-02 17:07 79488 ----a-w- c:\documents and settings\davidbevan\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-31 16:50 . 2005-05-10 08:17 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14 . 2004-08-04 21:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-16 18:43 . 2004-08-04 21:00 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2004-08-04 21:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:26 . 2004-08-04 21:00 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2004-08-04 21:00 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2005-01-19 12:26 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-12-01 17:36 . 2008-05-31 03:19 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-12-01 17:36 . 2008-05-31 03:19 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-12-01 17:36 . 2008-05-31 03:19 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-12-01 17:36 . 2008-05-31 03:19 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-11 68856]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-03-27 24103720]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-15 454656]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-18 61952]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-04 761948]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-04-11 102400]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-07 131072]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2006-02-22 40960]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-11-22 26112]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-01 2000152]
"VX1000"="c:\windows\vVX1000.exe" [2007-04-10 709992]
"btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2008-09-11 1517056]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
HP Photosmart Premier Fast Start.lnk - c:\program files\Hp\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Huawei technologies\\Huawei UMTS Data Card\\3 USB Modem.exe"=
"c:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpBrowser.exe"=
"c:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpNotifier.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3096:UDP"= 3096:UDP:Windows Media Format SDK (iexplore.exe)
"3097:UDP"= 3097:UDP:Windows Media Format SDK (iexplore.exe)
"3108:UDP"= 3108:UDP:Windows Media Format SDK (iexplore.exe)
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [31/05/2008 03:19 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [31/05/2008 03:19 108552]
R1 SASDIFSV;SASDIFSV;c:\docume~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [24/02/2010 16:58 9968]
R1 SASKUTIL;SASKUTIL;c:\docume~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys [24/02/2010 16:58 74480]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [01/12/2009 17:36 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [01/12/2009 17:36 297752]
R2 Start BT in service;Start BT in service;c:\program files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [19/03/2008 15:52 51816]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 gupdate1c9c1029fccf6b8;Google Update Service (gupdate1c9c1029fccf6b8);c:\program files\Google\Update\GoogleUpdate.exe [19/04/2009 15:22 133104]
S3 gUSBSTOi;gUSBSTOi;\??\c:\docume~1\DAVIDB~1\LOCALS~1\Temp\gUSBSTOi.sys --> c:\docume~1\DAVIDB~1\LOCALS~1\Temp\gUSBSTOi.sys [?]
S3 SASENUM;SASENUM;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS [?]
.
Contents of the 'Scheduled Tasks' folder
2010-02-26 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-02-16 12:07]
2010-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-19 15:22]
2010-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-19 15:22]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
Trusted Zone: motive.com\pbttbc.bt
FF - ProfilePath - c:\documents and settings\davidbevan\Application Data\Mozilla\Firefox\Profiles\ct238sg1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1591.6512\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Pareto_Update - c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe
HKLM-Run-AOLDialer - c:\program files\Common Files\AOL\ACS\AOLDial.exe
HKLM-Run-btbb_wcm_McciTrayApp - c:\program files\BT Broadband Desktop Help\btbb_wcm\McciTrayApp.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-26 23:20
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ???HS??????(?@???????@
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_USERS\S-1-5-21-1880564037-1445530939-3266629433-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
DLLs Loaded Under Running Processes
- - - - - - - > 'explorer.exe'(1692)
c:\windows\system32\WININET.dll
.
Other Running Processes
.
c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\HPQ\Shared\HPQTOA~1.EXE
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
.
**************************************************************************
.
Completion time: 2010-02-26 23:25:52 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-26 23:25
Pre-Run: 67,980,328,960 bytes free
Post-Run: 67,904,176,128 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - C2897A0B4ADF6C69E59DB05229619B93:idea: Jan 09. Debt @ LBM - £11936.55 Debt at worst - £12600.55 Current Debt (01/03/2012) £8,859.51 29.7% Paid offHoneymoon Fund £410.40/£6000 House Deposit £1.50:A Proud to be dealing with my debts. DFW Nerd 1177 :A0 -
jesus
I can tell you now that your computer is seriously infected with trojans
My recommendation is to format the hardrive and start afresh. Its the only way to be absolutely sure its clean
If you wish to go on, I would advise not doing any internet banking or anything to do with money (paypal etc)
If you do wish to continue ~
Download and run the FREE version of DR WEB
http://www.freedrweb.com/download+cureit/gr/
Turn your anti virus OFF
Click CANCEL to the 'Would you like to read purchase terms now?' message
Click START click OK
It will auto QUICK scan
After that set to scan the WHOLE computer and press the 'play' icon
***DO NOT UPGRADE TO FULL VERSION***:idea:0 -
You also need to remove some files manually
Open malwarebytes
Goto MORE TOOLS
then RUN TOOL
REMOVE all these ~
c:\docume~1\ADMINI~1\LOCALS~1\Te mp\SAS_SelfExtract\SASDIFSV.SYS
c:\docume~1\ADMINI~1\LOCALS~1\Te mp\SAS_SelfExtract\SASKUTIL.sys
c:\docume~1\DAVIDB~1\LOCALS~1\Temp\gUSBSTOi.sys
c:\docume~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract \SASENUM.SYS
Download CCLEANER
http://www.ccleaner.com/download/builds/downloading-slim
Run the CLEANER scan (UNTICK 'cookies')
Then run the REGISTRY scan (Backup the registry when it asks):idea:0 -
I definitely want to continue, on with drweb. this is hubbys laptop and I don't use it very often, recently had a virus at work which I thought might have got onto my home and his which is why I've scanned them all, mine is only a few months old and been scanned daily, I've found out tonight this one hasn't.
Is formating the hard drive easy? I'll lose everything won't I? Would it be a good idea to put photo's etc onto external drive? Or will I have time to do that later?:idea: Jan 09. Debt @ LBM - £11936.55 Debt at worst - £12600.55 Current Debt (01/03/2012) £8,859.51 29.7% Paid offHoneymoon Fund £410.40/£6000 House Deposit £1.50:A Proud to be dealing with my debts. DFW Nerd 1177 :A0 -
Really depends if you have everything at hand
You need an XP disc
You need the XP product key
You also need the drivers for your computer (Should be ona disc that came with the computer)
Assuming you have all these it should be fairly easy
You can back up anything you wish, but at risk of backing up viruses too (If the pics or whatever are infected):idea:0 -
can i do the removals while drweb is working? it's still on the quick scan
:idea: Jan 09. Debt @ LBM - £11936.55 Debt at worst - £12600.55 Current Debt (01/03/2012) £8,859.51 29.7% Paid offHoneymoon Fund £410.40/£6000 House Deposit £1.50:A Proud to be dealing with my debts. DFW Nerd 1177 :A0 -
You can stop dr web, do the removal then rerun dr web
I wouldnt suggest running both as malwarebytes might decide to do a reboot to remove them:idea:0 -
DH is going to try and find the discs tomorrow as he thinks they are at his mums after he moved out, I don't know about the XP discs though, I bought windows 7 for my computer, could I use that if I can't find the old XP disc.
Worse case scenario, how bad is it?:idea: Jan 09. Debt @ LBM - £11936.55 Debt at worst - £12600.55 Current Debt (01/03/2012) £8,859.51 29.7% Paid offHoneymoon Fund £410.40/£6000 House Deposit £1.50:A Proud to be dealing with my debts. DFW Nerd 1177 :A0 -
You could have problems getting things working using windows 7
That said it 'might' run like a dream
Worst case scenario? Scammers have stolen your details and rob you blind?:idea:0 -
I've tried to find the files to remove but can't seem to find them, whenever I type the whole thing in it says the path doesnt exist.
if scammers do get the details and I somehow manage to fix the laptop, can they still have access to what they have?:idea: Jan 09. Debt @ LBM - £11936.55 Debt at worst - £12600.55 Current Debt (01/03/2012) £8,859.51 29.7% Paid offHoneymoon Fund £410.40/£6000 House Deposit £1.50:A Proud to be dealing with my debts. DFW Nerd 1177 :A0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 354K Banking & Borrowing
- 254.3K Reduce Debt & Boost Income
- 455.3K Spending & Discounts
- 247.1K Work, Benefits & Business
- 603.7K Mortgages, Homes & Bills
- 178.3K Life & Family
- 261.2K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.7K Read-Only Boards