We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

Computer infected?

Options
2»

Comments

  • derrick
    derrick Posts: 7,424 Forumite
    Part of the Furniture 1,000 Posts Name Dropper
    aliEnRIK wrote: »
    Yes, I certainly think you should

    Combofix advises;- "Close or disable all running Antivirus, Antispyware, and Firewall programs", so should I be doing the following to save more viruses from appearing on my computer whilst they are disabled?

    Download Combofix and make ready to run.
    Go offline and "Close or disable all running Antivirus, Antispyware, and Firewall programs".
    Run Combofix.
    Re-enable all Antivirus, Antispyware, and Firewall programs.
    Go back online.
    Don`t steal - the Government doesn`t like the competition


  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    If you wish to be extra safe then yes, thats fine
    :idea:
  • derrick
    derrick Posts: 7,424 Forumite
    Part of the Furniture 1,000 Posts Name Dropper
    ComboFix 10-05-23.06 - user 24/05/2010 8:45.3.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.207 [GMT 1:00]
    Running from: c:\documents and settings\user\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    Infected copy of c:\windows\system32\drivers\i8042prt.sys was found and disinfected
    Restored copy from - Kitty had a snack :p
    .
    ((((((((((((((((((((((((( Files Created from 2010-04-24 to 2010-05-24 )))))))))))))))))))))))))))))))
    .

    2010-05-22 11:51 . 2010-05-22 11:51
    d-sh--w- c:\documents and settings\NetworkService\IETldCache
    2010-05-22 11:46 . 2010-05-23 13:16
    d
    w- c:\documents and settings\user\Local Settings\Application Data\otfyntans
    2010-05-21 10:17 . 2010-05-24 07:40 0 ----a-w- c:\documents and settings\user\Local Settings\Application Data\prvlcl.dat
    2010-04-25 15:16 . 2010-04-25 15:16
    d
    w- c:\documents and settings\user\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
    2010-04-25 15:15 . 2010-04-25 15:15
    d
    w- c:\program files\Common Files\Adobe AIR

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-05-24 07:53 . 2007-05-02 12:47
    d
    w- c:\documents and settings\All Users\Application Data\Kontiki
    2010-05-22 12:15 . 2010-04-05 10:32
    d
    w- c:\program files\Malwarebytes' Anti-Malware
    2010-05-22 11:54 . 2009-08-13 09:29
    d
    w- c:\program files\Unlocker
    2010-05-22 09:50 . 2005-08-12 12:23
    d
    w- c:\program files\OpenOffice.org1.1.0
    2010-05-16 12:49 . 2005-08-01 19:36
    d
    w- c:\program files\Google
    2010-04-29 14:39 . 2010-04-05 10:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-04-29 14:39 . 2010-04-05 10:32 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-04-23 12:01 . 2006-02-20 13:26
    d
    w- c:\documents and settings\user\Application Data\VoipStunt
    2010-04-21 09:18 . 2010-04-05 15:05 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2010-04-13 15:17 . 2007-10-30 15:35
    d
    w- c:\program files\SUPERAntiSpyware
    2010-04-13 14:45 . 2006-08-11 15:12
    d
    w- c:\program files\a-squared Free
    2010-04-10 14:13 . 2005-08-03 13:11
    d
    w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2010-04-06 12:43 . 2010-04-06 12:43
    d
    w- c:\documents and settings\user\Application Data\GlarySoft
    2010-04-05 15:23 . 2005-08-01 20:11
    d
    w- c:\documents and settings\user\Application Data\Lavasoft
    2010-04-05 15:05 . 2010-04-05 15:05 12464 ----a-w- c:\windows\system32\avgrsstx.dll
    2010-04-05 15:04 . 2010-04-05 15:04 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2010-04-05 15:04 . 2010-04-05 15:04 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2010-04-05 15:00 . 2010-04-05 15:00
    d
    w- c:\documents and settings\All Users\Application Data\avg9
    2010-04-05 15:00 . 2008-07-22 10:56
    d
    w- c:\program files\AVG
    2010-04-05 14:30 . 2010-04-05 14:30
    d
    w- c:\program files\Trend Micro
    2010-04-05 10:33 . 2010-04-05 10:33
    d
    w- c:\documents and settings\user\Application Data\Malwarebytes
    2010-04-05 10:32 . 2010-04-05 10:32
    d
    w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-03-31 09:29 . 2006-01-05 11:13
    d
    w- c:\program files\Common Files\Java
    2010-03-31 09:28 . 2010-03-31 09:28 503808 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6dc55667-n\msvcp71.dll
    2010-03-31 09:28 . 2010-03-31 09:28 499712 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6dc55667-n\jmc.dll
    2010-03-31 09:28 . 2010-03-31 09:28 348160 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6dc55667-n\msvcr71.dll
    2010-03-31 09:28 . 2010-03-31 09:28 61440 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4295af85-n\decora-sse.dll
    2010-03-31 09:28 . 2010-03-31 09:28 12800 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4295af85-n\decora-d3d.dll
    2010-03-31 09:26 . 2006-01-05 11:15
    d
    w- c:\program files\Java
    2010-03-30 08:48 . 2010-03-30 08:48 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
    2010-03-30 08:48 . 2010-03-30 08:48 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
    2010-03-30 08:48 . 2010-03-30 08:48 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
    2010-03-30 08:48 . 2010-03-30 08:48 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
    2010-03-30 08:48 . 2010-03-30 08:48 49152 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
    2010-03-30 08:48 . 2010-03-30 08:48 308808 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
    2010-03-30 08:48 . 2010-03-30 08:48 14848 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    2010-03-30 08:48 . 2010-03-30 08:48 40960 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
    2010-03-30 08:48 . 2010-03-30 08:48 341600 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    2010-03-30 08:48 . 2005-08-05 22:11
    d
    w- c:\program files\Common Files\Real
    2010-03-30 08:44 . 2005-08-05 22:11
    d
    w- c:\program files\Real
    2010-03-30 08:43 . 2010-03-30 08:43
    d
    w- c:\program files\Common Files\xing shared
    2010-03-30 08:42 . 2005-08-01 19:35 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2010-03-30 08:42 . 2005-08-01 19:35 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2010-03-26 09:33 . 2010-04-07 08:25 1496064 ----a-w- c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\qfe532aq.Default User\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    2010-03-26 09:33 . 2010-04-07 08:25 43008 ----a-w- c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\qfe532aq.Default User\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
    2010-03-26 09:33 . 2010-04-07 08:25 339456 ----a-w- c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\qfe532aq.Default User\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
    2010-03-26 09:32 . 2010-04-07 08:25 346112 ----a-w- c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\qfe532aq.Default User\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
    2010-03-10 06:15 . 2003-03-31 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
    2010-03-09 03:28 . 2008-12-20 10:15 411368 ----a-w- c:\windows\system32\deploytk.dll
    2010-02-25 06:24 . 2003-03-31 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-02-24 13:11 . 2003-03-31 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2010-02-24 10:16 . 2009-10-03 08:52 181632
    w- c:\windows\system32\MpSigStub.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSGTAG"="c:\program files\MSGTAG\MSGTAG.exe" [2003-09-16 1320448]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-06 68856]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe" [2009-10-28 257440]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "snpstd"="c:\windows\vsnpstd.exe" [2004-05-10 286720]
    "SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
    "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-06-25 335872]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "RunNarrator"="Narrator.exe" [2008-04-14 53760]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2010-04-05 15:05 12464 ----a-w- c:\windows\system32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @=""

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
    backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
    backup=c:\windows\pss\MyWebSearch Email Plugin.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
    backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
    backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
    backup=c:\windows\pss\MyWebSearch Email Plugin.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4oD]
    2007-11-14 17:53 1032376 ----a-w- c:\program files\Kontiki\KHost.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FineReader7NewsReaderPro]
    2004-01-19 01:25 278528 ----a-w- c:\program files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
    2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2007-06-01 15:51 257088 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]
    2007-11-14 17:53 1032376 ----a-w- c:\program files\Kontiki\KHost.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsgCenterExe]
    2010-03-30 08:41 75320 ----a-w- c:\program files\Common Files\Real\Update_OB\RealOneMessageCenter.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2007-04-27 08:41 282624 ----a-w- c:\program files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
    2006-07-22 12:21 144448 ----a-w- c:\program files\Siber Systems\AI RoboForm\robotaskbaricon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2007-06-06 12:01 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2010-03-30 08:41 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipStunt]
    2009-11-12 13:21 9109296 ----a-w- c:\program files\VoipStunt.com\VoipStunt\voipstunt.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XSC SIP Client]
    2004-06-01 13:58 3305472 ----a-w- c:\program files\X-Lite\X-Lite.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "c:\\Program Files\\X-Lite\\X-Lite.exe"=
    "c:\\Program Files\\Abacast\\Abaclient.exe"=
    "c:\\Program Files\\MSGTAG\\MSGTAG.exe"=
    "c:\\Program Files\\VoipStunt.com\\VoipStunt\\VoipStunt.exe"=
    "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
    "c:\\Program Files\\Kontiki\\KService.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [05/04/2010 16:04 216200]
    R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [05/04/2010 16:05 242896]
    R1 SSHDRV65;SSHDRV65;c:\windows\system32\drivers\SSHDRV65.sys [05/08/2005 17:33 120320]
    R2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [08/06/2007 10:23 1858144]
    R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [05/04/2010 16:03 916760]
    R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [05/04/2010 16:02 308064]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [21/03/2010 13:36 136176]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-05-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-21 12:35]

    2010-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-21 12:35]

    2010-05-24 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-57989841-606747145-839522115-1004.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]

    2010-05-22 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-57989841-606747145-839522115-1004.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]

    2008-08-10 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
    - c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2008-06-29 13:45]

    2008-08-10 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
    - c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2008-06-29 13:45]
    .
    .
    Supplementary Scan
    .
    uStart Page = hxxp://moneysavingexpert.com/
    uInternet Settings,ProxyServer = http=127.0.0.1:5555
    uInternet Settings,ProxyOverride = <local>
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: &MSN Search - c:\program files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll/search.htm
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    IE: Open in new background tab - c:\program files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-gb\msntabres.dll/229?876c6236213c40b6b5e66d677a7e9629
    IE: Open in new foreground tab - c:\program files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-gb\msntabres.dll/230?876c6236213c40b6b5e66d677a7e9629
    IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} - hxxps://moneymanager.egg.com/Pinsafe/accounttracking.cab
    FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\qfe532aq.Default User\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - moneysavingexpert.com
    FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
    FF - component: c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\qfe532aq.Default User\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll
    FF - component: c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\qfe532aq.Default User\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
    FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAbacheck.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npBBCPlugin.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npcsau7.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npietab.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npitunes.dll
    FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-05-24 08:52
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2010-05-24 08:56:57
    ComboFix-quarantined-files.txt 2010-05-24 07:56
    ComboFix2.txt 2010-04-06 08:52
    ComboFix3.txt 2010-04-05 16:52

    Pre-Run: 4,264,054,784 bytes free
    Post-Run: 4,341,661,696 bytes free

    - - End Of File - - 6BACFE339B83F6A2AA8693A83187D828
    Don`t steal - the Government doesn`t like the competition


  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    Mostly looks fine now

    But 'mywebsearch' still has some entries

    Download HIJACK THIS (Make sure you click 'DOWNLOAD THIS VERSION')
    http://www.filehippo.com/download_hijackthis/2894/
    Click MAIN MENU then DO A SYSTEM SCAN AND SAVE A LOGFILE(Takes seconds) then post the log so we can see whats running
    (do NOT do anything else with Hijack but scan and post the FULL log)
    :idea:
  • derrick
    derrick Posts: 7,424 Forumite
    Part of the Furniture 1,000 Posts Name Dropper
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:45:41, on 24/05/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\a-squared free\a2service.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Kontiki\KService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\AVG\AVG9\avgemc.exe
    C:\WINDOWS\vsnpstd.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\MSGTAG\MSGTAG.exe
    C:\WINDOWS\system32\devldr32.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://moneysavingexpert.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
    O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\qfe532aq.Default User\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.55.dll (file missing)
    O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [MSGTAG] "C:\Program Files\MSGTAG\MSGTAG.exe" /startup
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-gb\msntabres.dll/229?876c6236213c40b6b5e66d677a7e9629
    O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-gb\msntabres.dll/230?876c6236213c40b6b5e66d677a7e9629
    O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - https://moneymanager.egg.com/Pinsafe/accounttracking.cab
    O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
    O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe

    --
    End of file - 9795 bytes
    Don`t steal - the Government doesn`t like the competition


This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 350.8K Banking & Borrowing
  • 253K Reduce Debt & Boost Income
  • 453.5K Spending & Discounts
  • 243.8K Work, Benefits & Business
  • 598.6K Mortgages, Homes & Bills
  • 176.8K Life & Family
  • 257K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 37.6K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture