We’d like to remind Forumites to please avoid political debate on the Forum.

This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.

📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

Unable to remove virus from my computer

2

Comments

  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    When in safe mode ~

    Download HIJACK THIS (Make sure you click 'DOWNLOAD LATEST VERSION')
    http://www.filehippo.com/download_hijackthis/

    REBOOT (Needs to be RUN in NORMAL mode)
    Click MAIN MENU then DO A SYSTEM SCAN AND SAVE A LOGFILE(Takes seconds) then post the log so we can see whats running
    (do NOT do anything else with Hijack but scan and post the FULL log)
    If you get a message that you cant write to the hosts file then Press the SHIFT key, and whilst holding it RIGHT CLICK and select RUN AS (admin)
    :idea:
  • greenpixey
    greenpixey Posts: 2,806 Forumite
    paulofessex wrote: »
    I had the very same virus last week, Malwares got rid of it. Reconnect the internet and start up in safe mode choosing 'safemode with networking' or similar and then run malware. It should find 2 different virus/program

    Good luck

    I have done what you suggested and Malware found nothing. It's not an updated version and I cant get the latest one because I cant access internet. I got a connection but It wont accept any address I type in.
    Although I cant access any pages it is happy enough to open it's own and throw !!!!!! at me
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    Reset the hosts file and see if you can download anything then

    http://support.microsoft.com/kb/972034
    :idea:
  • greenpixey
    greenpixey Posts: 2,806 Forumite
    Malwarebytes' Anti-Malware 1.46
    https://www.malwarebytes.org

    Database version: 4271

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.18928

    03/07/2010 19:00:45
    mbam-log-2010-07-03 (19-00-45).txt

    Scan type: Full scan (C:\|D:\|)
    Objects scanned: 290982
    Time elapsed: 44 minute(s), 55 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 14
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 4
    Files Infected: 24

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\hotbarweather.weathercontroller (Adware.Softomate) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hotbarweather.weathercontroller.1 (Adware.Softomate) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{2f9ad413-2e0b-4a85-bb2a-cf961238262a} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\cntntcntr.cntntdic (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\cntntcntr.cntntdic.1 (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\cntntcntr.cntntdisp (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\cntntcntr.cntntdisp.1 (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hotbarax.info (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hotbarax.info.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hotbarax.userprofiles (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hotbarax.userprofiles.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\hotbarsa (Adware.Hotbar) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yutmdwpw (Trojan.Agent) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    C:\ProgramData\HotbarSA (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Users\Jon\AppData\Roaming\WeatherDPA (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge (Spyware.MarketScore) -> Quarantined and deleted successfully.

    Files Infected:
    C:\Users\Jon\AppData\Local\rbuplrdsr\vpwxtsntssd.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Mozilla Firefox\plugins\npclntax_HotbarSA.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Users\Jon\AppData\Local\Temp\fb147f0a.exe (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.
    C:\Users\Jon\AppData\Local\Temp\27f99e83.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\Temp\~os7F9B.tmp\rlvknlg.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
    C:\Windows\Temp\~osC87F.tmp\rlvknlg.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
    C:\Windows\Temp\~osC87F.tmp\rlxf.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
    C:\Windows\Temp\~osC87F.tmp\rlxg.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
    C:\ProgramData\HotbarSA\HotbarSA.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\ProgramData\HotbarSA\HotbarSAAbout.mht (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\ProgramData\HotbarSA\HotbarSAau.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\ProgramData\HotbarSA\HotbarSAEULA.mht (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\ProgramData\HotbarSA\HotbarSA_kyf.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar\About Hotbar.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar\Hotbar Customer Support Center.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar\Hotbar Games!.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar\Hotbar Uninstall Instructions.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar\Hotbar Videos!.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar\Reset Cursor.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar\Weather.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Support.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Uninstall Instructions.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.



    THis is the full scan, i'm now reboting and will do highjack this
  • greenpixey
    greenpixey Posts: 2,806 Forumite
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 19:37:58, on 03/07/2010
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.18928)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Dell\DellDock\DellDock.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Windows\RtHDVCpl.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\Common Files\Logishrd\LComMgr\LVComSX.exe
    C:\Program Files\Common Files\Logishrd\LComMgr\Communications_Helper.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Program Files\FlashGet\flashget.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Users\Jon\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/2
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eveonline.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/2
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5577
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SetPoint] C:\Program Files\Logitech\SetPoint\KEM.EXE
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe"
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\FlashGet.exe /min
    O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Jon\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB6.5; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.21022; .NET CLR 3.5.30729; MDDC; .NET CLR 3.0.30729; .NET CLR 1.1.4322; !!!!!!!!!!Connector.1.3; !!!!!!!!!!Patch.0.0)" -"http://www.miniclip.com/games/down-hill-chill/en/"
    O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
    O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    O8 - Extra context menu item: Save YouTube Video - res://C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP4.htm
    O8 - Extra context menu item: Save YouTube Video as MP3 - res://C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/War%20Chess/Images/stg_drm.ocx
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/War%20Chess/Images/armhelper.ocx
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-gb.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
    O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
    O23 - Service: Google Update Service (gupdate1ca2af76176118b) (gupdate1ca2af76176118b) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: RelevantKnowledge - Unknown owner - C:\Program Files\RelevantKnowledge\rlservice.exe (file missing)
    O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

    --
    End of file - 11524 bytes
  • greenpixey
    greenpixey Posts: 2,806 Forumite
    Ok, what next :)
  • DCFC79
    DCFC79 Posts: 40,641 Forumite
    Part of the Furniture 10,000 Posts Name Dropper
    aliEnRIK wrote: »
    How far do you get? Have you managed to download malwarebytes?
    Will it not install?
    Will it not run once installed?

    Try running fix.exe first ~
    http://download.bleepingcomputer.com/reg/antivirus-vista-2010/FixExe.reg


    sorry to jump in but is there a similar product for xp
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    DCFC79 wrote: »
    sorry to jump in but is there a similar product for xp

    It works on xp, vista and 7 :)
    :idea:
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    TICK and FIX these in hijack ~
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=127.0.0.1:5577
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB6.5; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.21022; .NET CLR 3.5.30729; MDDC; .NET CLR 3.0.30729; .NET CLR 1.1.4322; !!!!!!!!!!Connector.1.3; !!!!!!!!!!Patch.0.0)" -"http://www.miniclip.com/games/down-hill-chill/en/"
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
    O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/War%20Chess/Images/stg_drm.ocx
    O23 - Service: RelevantKnowledge - Unknown owner - C:\Program Files\RelevantKnowledge\rlservice.exe (file missing)

    ..................................................................


    Because you have trojans ~

    Please run COMBOFIX
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Shut down your anti virus
    Follow the simple instructions it gives
    Post the COMPLETE log it creates here (Split into sections if need be) ~ if there are loads of 'SNAPSHOT' pages then leave them out

    If it comes up with a RENAMING error then RIGHT click the exe file and RENAME and call it QWERTY (Making the complete file name 'QWERTY.exe') Or SAVE as 'QWERTY' on download
    (If no log comes up or you lose it, COMBOFIX.TXT can be found in C drive)
    :idea:
  • greenpixey
    greenpixey Posts: 2,806 Forumite
    ComboFix 10-07-03.06 - Jon 04/07/2010 13:10:19.1.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3036.2038 [GMT 1:00]
    Running from: c:\users\Jon\Downloads\ComboFix.exe
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\Cheat Engine\dbk32.sys
    c:\users\Jon\CreeperWorld-0346.exe
    c:\users\Jon\WarChessSetup.exe
    c:\windows\xpsp1hfm.log
    D:\Autorun.inf

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    \Service_RelevantKnowledge


    ((((((((((((((((((((((((( Files Created from 2010-06-04 to 2010-07-04 )))))))))))))))))))))))))))))))
    .

    2010-07-03 18:18 . 2010-07-03 18:18
    d
    w- c:\program files\Trend Micro
    2010-07-03 00:00 . 2010-07-03 18:00
    d
    w- c:\users\Jon\AppData\Local\rbuplrdsr
    2010-06-24 02:00 . 2009-11-08 09:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
    2010-06-24 02:00 . 2009-11-08 09:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
    2010-06-24 02:00 . 2009-11-08 09:55 297808 ----a-w- c:\windows\system32\mscoree.dll
    2010-06-24 02:00 . 2009-11-08 09:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
    2010-06-24 02:00 . 2009-11-08 09:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
    2010-06-23 02:54 . 2010-04-16 16:43 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
    2010-06-23 02:54 . 2010-04-16 14:39 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
    2010-06-13 12:53 . 2010-06-13 12:53
    d
    w- c:\program files\SystemRequirementsLab
    2010-06-13 12:53 . 2010-06-13 12:53
    d
    w- c:\users\Jon\AppData\Roaming\SystemRequirementsLab
    2010-06-11 18:35 . 2010-06-11 18:35
    d
    w- c:\users\Jon\AppData\Local\Dell
    2010-06-09 18:51 . 2010-06-09 18:51
    d
    w- c:\program files\DIFX
    2010-06-09 18:51 . 2010-06-09 18:51
    d
    w- C:\opticon_driver
    2010-06-05 06:02 . 2010-06-05 06:02
    d
    w- c:\program files\Common Files\xing shared

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-07-04 12:16 . 2009-10-14 18:37
    d
    w- c:\program files\Cheat Engine
    2010-07-03 18:18 . 2010-07-03 18:18 388096 ----a-r- c:\users\Jon\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2010-07-03 16:54 . 2009-09-30 21:54
    d
    w- c:\program files\Malwarebytes' Anti-Malware
    2010-07-02 23:28 . 2009-07-30 19:48
    d
    w- c:\program files\Windows Live
    2010-07-02 19:02 . 2009-08-05 12:09 72936 ----a-w- c:\users\Jon\AppData\Local\GDIPFONTCACHEV1.DAT
    2010-07-02 18:59 . 2009-08-06 16:45
    d
    w- c:\program files\MUSICMATCH
    2010-07-02 18:59 . 2009-07-30 19:34
    d--h--w- c:\program files\InstallShield Installation Information
    2010-07-02 18:58 . 2009-07-30 19:48
    d
    w- c:\program files\Microsoft
    2010-07-02 18:57 . 2009-07-30 19:53
    d
    w- c:\programdata\Microsoft Help
    2010-07-02 18:57 . 2009-07-30 19:53
    d
    w- c:\program files\Microsoft.NET
    2010-06-27 10:36 . 2009-09-01 12:05 2400256 ---h--w- c:\programdata\PopCap Games\Peggle\popcapgame1.exe
    2010-06-23 22:39 . 2010-06-23 22:39 501936 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb6BDE.tmp.exe
    2010-06-21 19:19 . 2009-09-01 12:05
    d
    w- c:\program files\PopCap Games
    2010-06-13 22:13 . 2010-01-25 22:08
    d
    w- c:\users\Jon\AppData\Roaming\EVEMon
    2010-06-13 12:53 . 2010-06-13 12:53 85504 ----a-w- c:\users\Jon\AppData\Roaming\SystemRequirementsLab\srlproxy_cyri_4.1.71.0A.dll
    2010-06-11 19:03 . 2009-08-14 18:31
    d
    w- c:\program files\Tropico
    2010-06-11 19:02 . 2010-03-10 16:01
    d
    w- c:\program files\Pokemon World Online
    2010-06-11 19:01 . 2006-11-02 12:37
    d
    w- c:\program files\Microsoft Games
    2010-06-11 19:00 . 2010-05-10 15:21
    d
    w- c:\programdata\OfficeRecovery
    2010-06-09 08:06 . 2010-06-09 08:06 976832 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\20876\AdobeARM.exe
    2010-06-09 08:06 . 2010-06-09 08:06 70584 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\20876\AdobeExtractFiles.dll
    2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\20876\ReaderUpdater.exe
    2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\20876\AcrobatUpdater.exe
    2010-06-09 02:23 . 2006-11-02 11:18
    d
    w- c:\program files\Windows Mail
    2010-06-05 06:02 . 2010-06-05 06:02 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
    2010-06-05 06:02 . 2010-06-05 06:02 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
    2010-06-05 06:02 . 2010-06-05 06:02 49152 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
    2010-06-05 06:02 . 2010-06-05 06:02 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
    2010-06-05 06:02 . 2010-06-05 06:02 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
    2010-06-05 06:02 . 2010-06-05 06:02 40960 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
    2010-06-05 06:02 . 2010-06-05 06:02 341600 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    2010-06-05 06:02 . 2010-06-05 06:02 308808 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
    2010-06-05 06:02 . 2010-06-05 06:02 14848 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    2010-06-05 06:02 . 2009-08-06 16:45
    d
    w- c:\program files\Common Files\Real
    2010-06-05 06:02 . 2009-08-06 16:45
    d
    w- c:\program files\Real
    2010-06-02 22:51 . 2010-06-02 22:50 1198133 ----a-w- c:\users\Jon\EFT2.12.3.zip
    2010-05-26 17:06 . 2010-06-08 23:59 34304 ----a-w- c:\windows\system32\atmlib.dll
    2010-05-26 14:47 . 2010-06-08 23:59 289792 ----a-w- c:\windows\system32\atmfd.dll
    2010-05-21 13:14 . 2009-10-02 18:35 221568
    w- c:\windows\system32\MpSigStub.exe
    2010-05-18 09:47 . 2010-05-17 17:21
    d
    w- c:\program files\Virtual Villagers 2
    2010-05-17 17:06 . 2010-05-17 17:05
    d
    w- c:\program files\Virtual Villagers - The Lost Children
    2010-05-17 17:04 . 2010-05-17 17:04
    d
    w- c:\program files\bfgclient
    2010-05-17 17:03 . 2010-05-17 17:03 207952 ----a-w- c:\users\Jon\virtualvillagersth_s1_l1_gF1438T1L1_d894768462.exe
    2010-05-14 17:24 . 2010-05-14 17:24
    d
    w- c:\programdata\CCP
    2010-05-14 16:56 . 2009-11-15 20:58
    d
    w- c:\program files\CCP
    2010-05-10 22:12 . 2009-07-30 19:56
    d
    w- c:\programdata\McAfee
    2010-05-10 15:30 . 2010-05-10 15:30
    d
    w- c:\users\Jon\AppData\Roaming\OfficeRecovery
    2010-05-10 15:27 . 2010-05-10 15:21
    d
    w- c:\program files\OfficeRecovery
    2010-05-10 14:58 . 2010-05-10 14:58
    d
    w- c:\program files\Recuva
    2010-05-10 13:41 . 2010-05-10 13:35
    d
    w- c:\program files\DDR - FAT Recovery(Demo)
    2010-05-10 13:17 . 2010-02-07 20:45
    d
    w- c:\users\Jon\AppData\Roaming\vlc
    2010-05-10 13:08 . 2010-05-10 13:08
    d
    w- c:\program files\EASEUS
    2010-05-09 11:13 . 2009-09-01 11:28
    d
    w- c:\program files\Google
    2010-05-04 05:59 . 2010-06-08 23:59 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-05-04 05:55 . 2010-06-08 23:59 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2010-05-04 05:55 . 2010-06-08 23:59 71680 ----a-w- c:\windows\system32\iesetup.dll
    2010-05-04 04:31 . 2010-06-08 23:59 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2010-05-01 14:13 . 2010-06-08 23:59 2037248 ----a-w- c:\windows\system32\win32k.sys
    2010-04-29 14:39 . 2009-09-30 21:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-04-29 14:39 . 2009-09-30 21:54 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-04-23 14:13 . 2010-05-26 11:16 2048 ----a-w- c:\windows\system32\tzres.dll
    2010-04-16 23:04 . 2010-04-16 23:04 306032 ----a-w- c:\windows\WLXPGSS.SCR
    2010-04-16 21:12 . 2010-04-16 21:12 48464 ----a-w- c:\windows\system32\sirenacm.dll
    2010-04-16 16:43 . 2010-06-23 02:54 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
    2010-04-16 16:43 . 2010-06-23 02:54 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
    2010-04-16 16:43 . 2010-06-23 02:54 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
    2010-04-16 16:43 . 2010-06-23 02:54 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
    2010-04-05 17:01 . 2010-06-08 23:59 67072 ----a-w- c:\windows\system32\asycfilt.dll
    2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
    2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
    2009-07-31 05:09 . 2009-04-11 17:43 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-01 39408]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "Google Update"="c:\users\Jon\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-08-11 133104]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
    "Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-06-05 202256]
    "RtHDVCpl"="RtHDVCpl.exe" [2008-07-18 6246400]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-23 150552]
    "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-04-24 250192]
    "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
    "LVCOMSX"="c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe" [2007-01-12 244512]
    "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-01-12 488984]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-23 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-23 173592]
    "Flashget"="c:\program files\FlashGet\FlashGet.exe" [2007-09-25 2007088]
    "dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

    c:\users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-12-25 67128]
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-8-13 813584]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
    2009-07-30 19:40 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "VistaSp2"=hex(b):81,de,16,d4,18,2c,ca,01

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate1ca2af76176118b;Google Update Service (gupdate1ca2af76176118b);c:\program files\Google\Update\GoogleUpdate.exe [2009-09-01 133104]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    S1 aswSP;avast! Self Protection; [x]
    S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2008-07-18 73728]
    S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-11-24 53328]
    S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
    S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [2008-07-21 27648]
    S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-02-23 112128]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    WindowsMobile REG_MULTI_SZ wcescomm rapimgr
    LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder

    2010-07-04 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-01 20:24]

    2010-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-09-01 11:28]

    2010-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-09-01 11:28]

    2010-07-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-295937859-792311906-2248885373-1000Core.job
    - c:\users\Jon\AppData\Local\Google\Update\GoogleUpdate.exe [2009-08-11 23:56]

    2010-07-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-295937859-792311906-2248885373-1000UA.job
    - c:\users\Jon\AppData\Local\Google\Update\GoogleUpdate.exe [2009-08-11 23:56]

    2010-07-04 c:\windows\Tasks\RtlNICDiagVistaStart.job
    - c:\program files\Realtek\RTNICDiag\RTNICDiag.exe [2009-07-30 11:18]

    2010-07-04 c:\windows\Tasks\User_Feed_Synchronization-{21C70AB0-27B3-4FC9-8263-AF0E68D0925E}.job
    - c:\windows\system32\msfeedssync.exe [2010-06-08 04:30]
    .
    .
    Supplementary Scan
    .
    uStart Page = hxxp://www.eveonline.com/
    uInternet Settings,ProxyOverride = <local>
    IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
    IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    IE: Save YouTube Video - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP4.htm
    IE: Save YouTube Video as MP3 - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    FF - ProfilePath - c:\users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\q4zvk57j.default\
    FF - component: c:\program files\Common Files\DVDVideoSoft\Dll\FFContextMenuY\components\FFContextMenu.dll
    FF - component: c:\users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\q4zvk57j.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}\components\nsCatcher.dll
    FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\Google\Google Updater\2.4.1851.5542\npCIDetect14.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\nppopcaploader.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    FF - plugin: c:\users\Jon\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\users\Jon\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
    FF - plugin: c:\users\Jon\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    .
    - - - - ORPHANS REMOVED - - - -

    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    HKLM-Run-SetPoint - c:\program files\Logitech\SetPoint\KEM.EXE



    **************************************************************************
    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files:

    **************************************************************************
    .
    Other Running Processes
    .
    c:\program files\Alwil Software\Avast4\aswUpdSv.exe
    c:\program files\Alwil Software\Avast4\ashServ.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\windows\system32\WUDFHost.exe
    c:\program files\Alwil Software\Avast4\ashMaiSv.exe
    c:\program files\Alwil Software\Avast4\ashWebSv.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\program files\Dell Support Center\bin\sprtsvc.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    .
    **************************************************************************
    .
    Completion time: 2010-07-04 13:24:08 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-07-04 12:24

    Pre-Run: 252,216,336,384 bytes free
    Post-Run: 252,434,313,216 bytes free

    - - End Of File - - F4643611DDB25465F81D31A7D37D2231
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 352.2K Banking & Borrowing
  • 253.6K Reduce Debt & Boost Income
  • 454.3K Spending & Discounts
  • 245.3K Work, Benefits & Business
  • 601K Mortgages, Homes & Bills
  • 177.5K Life & Family
  • 259.1K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16K Discuss & Feedback
  • 37.7K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture