We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Need Help - keeps Uploading
Options
mrsJeckyl
Posts: 201 Forumite
in Techie Stuff
Not sure the best way to explain this. We have unlimited download from virgin, but being nosy, I decided to have the dbb moniter from think broadband just to see how much we use. Everything has been fine, but a couple of days ago it has started registering that we are uploading like mad - yesterday over 11,000MB. I ran a virus scan from virgin and it found 1 item which is removed and it is not uploading anywhere near as much today but it still seems a lot higher then it used to be.
Can anyone help explain why it is doing this and what I can do.
Can anyone help explain why it is doing this and what I can do.
0
Comments
-
That doesnt sound good at all
Download MALWAREBYTES (Make sure you click 'DOWNLOAD LATEST VERSION')
http://www.filehippo.com/download_malwarebytes_anti_malware/
Open malwarebytes and goto UPDATE and click 'check for updates'. After its updated goto SCANNER and click PERFORM FULL SCAN then click SCAN
Post the COMPLETE log here AFTER youve deleted everything it finds
reboot
Download HIJACK THIS (Make sure you click 'DOWNLOAD LATEST VERSION')
http://www.filehippo.com/download_hijackthis/
Click MAIN MENU then DO A SYSTEM SCAN AND SAVE A LOGFILE(Takes seconds) then post the log so we can see whats running
(do NOT do anything else with Hijack but scan and post the FULL log):idea:0 -
Are you sure it's 11,000MB because that's nearlly 10.75GB unless my calculations are wrong?
PS. You don't have a torrrent programme installed?0 -
Don't think I have torrent installed fiddiwebb. Thanks AlienRik, I will try that now and let you know what it says.0
-
OK. Done Malware. Loads of problems came up.
Scan type: Full scan (C:\|H:\|)
Objects scanned: 286509
Time elapsed: 1 hour(s), 31 minute(s), 6 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 21
Files Infected: 55
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
C:\Program Files\Adparatus (Adware.Adparatus) -> Quarantined and deleted successfully.
C:\Program Files\Adparatus\FF (Adware.Adparatus) -> Quarantined and deleted successfully.
C:\Program Files\Adparatus\FF\2594 (Adware.Adparatus) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\AdparatusTemp (Adware.Adparatus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Cleaner2009 Freeware (Rogue.MalwareCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Cleaner2009 Freeware\Data (Rogue.MalwareCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\Cleaner2009 Freeware (Rogue.MalwareCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\Cleaner2009 Freeware\Logs (Rogue.MalwareCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Cleaner2009 (Rogue.CleanupTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Cleaner2009\Update (Rogue.CleanupTool) -> Quarantined and deleted successfully.
C:\Program Files\BitDownload (Trojan.Swizzor) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\PlayMP3z (Adware.PLayMP3z) -> Quarantined and deleted successfully.
C:\Program Files\SmartEnhancer (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Start Menu\Programs\BitDownload (Trojan.Swizzor) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Start Menu\Programs\PlayMP3z (Adware.PLayMP3z) -> Quarantined and deleted successfully.
C:\RESTORE\k-1-3542-4232123213-7676767-8888886 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wsnpoem (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Kwanzy (Adware.Kwanzy) -> Quarantined and deleted successfully.
Files Infected:
C:\Program Files\FunWebProducts\Installr\1.bin\F3EZSETP.DLL (Adware.FunWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F7149EC7-4FA5-4148-81FA-2F7A6348FD9A}\RP883\A0180454.exe (Worm.Koobface) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F7149EC7-4FA5-4148-81FA-2F7A6348FD9A}\RP883\A0180455.exe (Worm.Koobface) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F7149EC7-4FA5-4148-81FA-2F7A6348FD9A}\RP883\A0180456.exe (Worm.Koobface) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F7149EC7-4FA5-4148-81FA-2F7A6348FD9A}\RP920\A0186405.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F7149EC7-4FA5-4148-81FA-2F7A6348FD9A}\RP921\A0186417.exe (Adware.AdRotator) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F7149EC7-4FA5-4148-81FA-2F7A6348FD9A}\RP921\A0186430.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F7149EC7-4FA5-4148-81FA-2F7A6348FD9A}\RP921\A0186446.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\xhmrqqtg.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\ipp92.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\nslCB.tmp\wansis.dll (Adware.AdRotator) -> Quarantined and deleted successfully.
C:\Program Files\Adparatus\Support.url (Adware.Adparatus) -> Quarantined and deleted successfully.
C:\Program Files\Adparatus\FF\2594\install.rdf (Adware.Adparatus) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\AdparatusTemp\DUH110.tmp.xml (Adware.Adparatus) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\AdparatusTemp\DUH111.tmp.html (Adware.Adparatus) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\AdparatusTemp\DUH112.tmp.xml (Adware.Adparatus) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\AdparatusTemp\DUH113.tmp.html (Adware.Adparatus) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\AdparatusTemp\DUH117.tmp.xml (Adware.Adparatus) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\AdparatusTemp\DUH118.tmp.xml (Adware.Adparatus) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\AdparatusTemp\DUH119.tmp.html (Adware.Adparatus) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\AdparatusTemp\DUH11A.tmp.xml (Adware.Adparatus) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\AdparatusTemp\DUH11D.tmp.xml (Adware.Adparatus) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\AdparatusTemp\DUH11E.tmp.html (Adware.Adparatus) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\AdparatusTemp\DUH11F.tmp.xml (Adware.Adparatus) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\AdparatusTemp\DUH120.tmp.html (Adware.Adparatus) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\AdparatusTemp\DUH121.tmp.xml (Adware.Adparatus) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\AdparatusTemp\DUH122.tmp.xml (Adware.Adparatus) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\AdparatusTemp\DUH123.tmp.html (Adware.Adparatus) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\AdparatusTemp\DUH124.tmp.xml (Adware.Adparatus) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\AdparatusTemp\DUH125.tmp.xml (Adware.Adparatus) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\AdparatusTemp\DUH126.tmp.xml (Adware.Adparatus) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\AdparatusTemp\DUH127.tmp.html (Adware.Adparatus) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\AdparatusTemp\DUH128.tmp.xml (Adware.Adparatus) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\AdparatusTemp\DUH129.tmp.html (Adware.Adparatus) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\AdparatusTemp\DUH12E.tmp.xml (Adware.Adparatus) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\AdparatusTemp\DUH12F.tmp.xml (Adware.Adparatus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Cleaner2009 Freeware\Data\ActivationCode (Rogue.MalwareCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\Cleaner2009 Freeware\Logs\scns.log (Rogue.MalwareCleaner) -> Quarantined and deleted successfully.
C:\Program Files\BitDownload\asoc.ini (Trojan.Swizzor) -> Quarantined and deleted successfully.
C:\Program Files\BitDownload\Uninstall.exe (Trojan.Swizzor) -> Quarantined and deleted successfully.
C:\Program Files\PlayMP3z\uninstall.exe (Adware.PLayMP3z) -> Quarantined and deleted successfully.
C:\Program Files\SmartEnhancer\pcre3.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\SmartEnhancer\SmartEnhancer.dat (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\SmartEnhancer\uninstall.exe (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Start Menu\Programs\BitDownload\BitDownload Downloads.lnk (Trojan.Swizzor) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Start Menu\Programs\BitDownload\BitDownload Uninstall.lnk (Trojan.Swizzor) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Start Menu\Programs\BitDownload\BitDownload.lnk (Trojan.Swizzor) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Start Menu\Programs\PlayMP3z\Run PlayMP3z.lnk (Adware.PLayMP3z) -> Quarantined and deleted successfully.
C:\RESTORE\k-1-3542-4232123213-7676767-8888886\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\adparatus.installer.log (Adware.Adparatus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Favorites\_favdata.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\~tmp.html (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\config.cfg (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\owner\Application Data\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\owner\Start Menu\Programs\Startup\syspck32.exe (Trojan.Downloader) -> Delete on reboot.
Doesn't mean anything to me....
I've rebooted, but HIJACK THIS doesn't seem to be downloading for me! I've tried a few times.0 -
Just realised, It had downloaded:
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virgin Media\Security\Fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Virgin Media\Security\rps.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Lexmark 6300 Series\lxcdmon.exe
C:\Program Files\Lexmark 6300 Series\ezprint.exe
C:\Program Files\Virgin Media\HUB\VirginMediaHUB.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\thinkbroadband.com\tbbMeter\tbbmeter.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Virgin Media\Security\RpsSecurityAwareR.exe
C:\Program Files\Virgin Media\HUB\ServicepointService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\lxcdcoms.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Virgin Media\HUB\VirginMediaHUBComHandler.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [LXCDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCDtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcdmon.exe] "C:\Program Files\Lexmark 6300 Series\lxcdmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 6300 Series\ezprint.exe"
O4 - HKLM\..\Run: [VirginMediaHUB.exe] "C:\Program Files\Virgin Media\HUB\VirginMediaHUB.exe" /AUTORUN
O4 - HKLM\..\Run: [Oyixezi] rundll32.exe "C:\WINDOWS\azahowoboz.dll",Startup
O4 - HKLM\..\Run: [tbbMeter] C:\Program Files\thinkbroadband.com\tbbMeter\tbbmeter.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Documents and Settings\owner\Desktop\LimeWire\LimeWire.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxcd_device - Unknown owner - C:\WINDOWS\system32\lxcdcoms.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
O23 - Service: Virgin Media Security (Radialpoint Security Services) - Virgin Media - C:\Program Files\Virgin Media\Security\RpsSecurityAwareR.exe
O23 - Service: RadialpointIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe
O23 - Service: Virgin Media Security Firewall (RP_FWS) - Virgin Media - C:\Program Files\Virgin Media\Security\Fws.exe
O23 - Service: ServicepointService - Radialpoint Inc. - C:\Program Files\Virgin Media\HUB\ServicepointService.exe
--
End of file - 10246 bytes
Any help you can give will be greatly appreciated0 -
I think we can safely say that virgins protection system has SERIOUSLY let you down
Run LSPFIX (make sure you download the EXE file)
http://www.cexx.org/lspfix.htm
and as youve had such serious problems ~
Please run COMBOFIX
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Shut down your anti virus
Follow the simple instructions it gives
Post the COMPLETE log it creates here (Split into sections if need be) ~ if there are loads of 'SNAPSHOT' pages then leave them out
If it comes up with a RENAMING error then RIGHT click the exe file and RENAME and call it QWERTY (Making the complete file name 'QWERTY.exe') Or SAVE as 'QWERTY' on download:idea:0 -
Just realised you never posted all the malwarebytes log either
Please open malwarebytes, goto LOGS and post what the DATABASE version was that youve just run:idea:0 -
I've gone into LOGS and it doesn't mention any DATABASE version, but the log which was there:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4070
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
06/05/2010 12:01:20
mbam-log-2010-05-06 (12-01-20).txt
Scan type: Full scan (C:\|H:\|)
Objects scanned: 286509
Time elapsed: 1 hour(s), 31 minute(s), 6 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 21
Files Infected: 55
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
C:\Program Files\Adparatus (Adware.Adparatus) -> Quarantined and deleted successfully.
C:\Program Files\Adparatus\FF (Adware.Adparatus) -> Quarantined and deleted successfully.
C:\Program Files\Adparatus\FF\2594 (Adware.Adparatus) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\AdparatusTemp (Adware.Adparatus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Cleaner2009 Freeware (Rogue.MalwareCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Cleaner2009 Freeware\Data (Rogue.MalwareCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\Cleaner2009 Freeware (Rogue.MalwareCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\Cleaner2009 Freeware\Logs (Rogue.MalwareCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Cleaner2009 (Rogue.CleanupTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Cleaner2009\Update (Rogue.CleanupTool) -> Quarantined and deleted successfully.
C:\Program Files\BitDownload (Trojan.Swizzor) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\PlayMP3z (Adware.PLayMP3z) -> Quarantined and deleted successfully.
C:\Program Files\SmartEnhancer (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Start Menu\Programs\BitDownload (Trojan.Swizzor) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Start Menu\Programs\PlayMP3z (Adware.PLayMP3z) -> Quarantined and deleted successfully.
C:\RESTORE\k-1-3542-4232123213-7676767-8888886 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wsnpoem (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Kwanzy (Adware.Kwanzy) -> Quarantined and deleted successfully.
Files Infected:
C:\Program Files\FunWebProducts\Installr\1.bin\F3EZSETP.DLL (Adware.FunWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F7149EC7-4FA5-4148-81FA-2F7A6348FD9A}\RP883\A0180454.exe (Worm.Koobface) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F7149EC7-4FA5-4148-81FA-2F7A6348FD9A}\RP883\A0180455.exe (Worm.Koobface) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F7149EC7-4FA5-4148-81FA-2F7A6348FD9A}\RP883\A0180456.exe (Worm.Koobface) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F7149EC7-4FA5-4148-81FA-2F7A6348FD9A}\RP920\A0186405.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F7149EC7-4FA5-4148-81FA-2F7A6348FD9A}\RP921\A0186417.exe (Adware.AdRotator) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F7149EC7-4FA5-4148-81FA-2F7A6348FD9A}\RP921\A0186430.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F7149EC7-4FA5-4148-81FA-2F7A6348FD9A}\RP921\A0186446.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\xhmrqqtg.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\ipp92.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\nslCB.tmp\wansis.dll (Adware.AdRotator) -> Quarantined and deleted successfully.
C:\Program Files\Adparatus\Support.url (Adware.Adparatus) -> Quarantined and deleted successfully.
C:\Program Files\Adparatus\FF\2594\install.rdf (Adware.Adparatus) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\AdparatusTemp\DUH110.tmp.xml (Adware.Adparatus) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\AdparatusTemp\DUH111.tmp.html (Adware.Adparatus) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\AdparatusTemp\DUH112.tmp.xml (Adware.Adparatus) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\AdparatusTemp\DUH113.tmp.html (Adware.Adparatus) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\AdparatusTemp\DUH117.tmp.xml (Adware.Adparatus) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\AdparatusTemp\DUH118.tmp.xml (Adware.Adparatus) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\AdparatusTemp\DUH119.tmp.html (Adware.Adparatus) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\AdparatusTemp\DUH11A.tmp.xml (Adware.Adparatus) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\AdparatusTemp\DUH11D.tmp.xml (Adware.Adparatus) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\AdparatusTemp\DUH11E.tmp.html (Adware.Adparatus) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\AdparatusTemp\DUH11F.tmp.xml (Adware.Adparatus) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\AdparatusTemp\DUH120.tmp.html (Adware.Adparatus) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\AdparatusTemp\DUH121.tmp.xml (Adware.Adparatus) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\AdparatusTemp\DUH122.tmp.xml (Adware.Adparatus) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\AdparatusTemp\DUH123.tmp.html (Adware.Adparatus) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\AdparatusTemp\DUH124.tmp.xml (Adware.Adparatus) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\AdparatusTemp\DUH125.tmp.xml (Adware.Adparatus) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\AdparatusTemp\DUH126.tmp.xml (Adware.Adparatus) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\AdparatusTemp\DUH127.tmp.html (Adware.Adparatus) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\AdparatusTemp\DUH128.tmp.xml (Adware.Adparatus) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\AdparatusTemp\DUH129.tmp.html (Adware.Adparatus) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\AdparatusTemp\DUH12E.tmp.xml (Adware.Adparatus) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\AdparatusTemp\DUH12F.tmp.xml (Adware.Adparatus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Cleaner2009 Freeware\Data\ActivationCode (Rogue.MalwareCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\Cleaner2009 Freeware\Logs\scns.log (Rogue.MalwareCleaner) -> Quarantined and deleted successfully.
C:\Program Files\BitDownload\asoc.ini (Trojan.Swizzor) -> Quarantined and deleted successfully.
C:\Program Files\BitDownload\Uninstall.exe (Trojan.Swizzor) -> Quarantined and deleted successfully.
C:\Program Files\PlayMP3z\uninstall.exe (Adware.PLayMP3z) -> Quarantined and deleted successfully.
C:\Program Files\SmartEnhancer\pcre3.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\SmartEnhancer\SmartEnhancer.dat (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\SmartEnhancer\uninstall.exe (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Start Menu\Programs\BitDownload\BitDownload Downloads.lnk (Trojan.Swizzor) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Start Menu\Programs\BitDownload\BitDownload Uninstall.lnk (Trojan.Swizzor) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Start Menu\Programs\BitDownload\BitDownload.lnk (Trojan.Swizzor) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Start Menu\Programs\PlayMP3z\Run PlayMP3z.lnk (Adware.PLayMP3z) -> Quarantined and deleted successfully.
C:\RESTORE\k-1-3542-4232123213-7676767-8888886\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\adparatus.installer.log (Adware.Adparatus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Favorites\_favdata.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\~tmp.html (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\config.cfg (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\owner\Application Data\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\owner\Start Menu\Programs\Startup\syspck32.exe (Trojan.Downloader) -> Delete on reboot.0 -
LSPFIX seems to be OK
Repair summary says "No Problems Found" , No changes neccessary.0 -
Ok, go onto the rest now:idea:0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351.1K Banking & Borrowing
- 253.1K Reduce Debt & Boost Income
- 453.6K Spending & Discounts
- 244.1K Work, Benefits & Business
- 599K Mortgages, Homes & Bills
- 177K Life & Family
- 257.4K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards