We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
The Forum now has a brand new text editor, adding a bunch of handy features to use when creating posts. Read more in our how-to guide
What is jmxremote?
Comments
-
To disable the Resident Shield, please:
- Open AVG User Interface.
- Double-click on the Resident Shield.
- Un-tick the option Resident Shield active.
- Save the changes.
0 -
Right... I admit I got confused and probably didn't do it right (!) but here's the log:
ComboFix 10-07-07.02 - karen 08/07/2010 16:01:03.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.1023.426 [GMT 1:00]
Running from: c:\documents and settings\karen\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2010-06-08 to 2010-07-08 )))))))))))))))))))))))))))))))
.
2010-07-08 10:20 . 2010-07-08 10:20
d
w- c:\program files\Trend Micro
2010-07-08 09:25 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-08 09:25 . 2010-07-08 09:26
d
w- c:\program files\Malwarebytes' Anti-Malware
2010-07-08 09:25 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-16 10:38 . 2009-03-04 15:19 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-06-09 21:18 . 2009-03-04 15:10 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-06-02 19:15 . 2009-06-28 12:00 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-02 19:15 . 2009-06-28 12:00 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
1999-10-27 16:20 . 1999-10-27 16:20 557328 ----a-w- c:\program files\Common Files\DAO360.DLL
1998-06-30 14:12 . 1998-06-30 14:12 73184 ----a-w- c:\program files\Common Files\Dao2535.tlb
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\karen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-02 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"\\STEVE-7248A7CD7\EPSON Stylus Photo R220 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE" [2005-03-09 98304]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-06-16 864112]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-02 2065248]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-12 09:42 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HOTSYNCSHORTCUTNAME.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk
backup=c:\windows\pss\HOTSYNCSHORTCUTNAME.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^karen^Start Menu^Programs^Startup^hfs web sever.lnk]
path=c:\documents and settings\karen\Start Menu\Programs\Startup\hfs web sever.lnk
backup=c:\windows\pss\hfs web sever.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^karen^Start Menu^Programs^Startup^Palm Registration.lnk]
path=c:\documents and settings\karen\Start Menu\Programs\Startup\Palm Registration.lnk
backup=c:\windows\pss\Palm Registration.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^karen^Start Menu^Programs^Startup^TrayIt!.lnk]
path=c:\documents and settings\karen\Start Menu\Programs\Startup\TrayIt!.lnk
backup=c:\windows\pss\TrayIt!.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^karen^Start Menu^Programs^Startup^vnc.lnk]
path=c:\documents and settings\karen\Start Menu\Programs\Startup\vnc.lnk
backup=c:\windows\pss\vnc.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
2010-05-26 10:03 2346192 ----a-w- c:\program files\IObit\Advanced SystemCare 3\AWC.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-09-02 21:15 133104 ----atw- c:\documents and settings\karen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-07-13 13:03 292128 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
2005-01-18 16:47 458752 ----a-w- c:\program files\Logitech\Video\ISStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
2005-01-18 16:37 217088 ----a-w- c:\program files\Logitech\Video\LogiTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
2004-10-08 10:52 221184 ----a-w- c:\windows\system32\LVCOMSX.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2006-08-11 20:43 7630848 ----a-w- c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2006-08-11 20:43 86016 ----a-w- c:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-08-11 20:43 1519616 ----a-w- c:\windows\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 16:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 19:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steves Printer]
2005-03-09 06:00 98304 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIAIE.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-12-14 03:42 144784 ----a-w- c:\program files\Java\jre1.6.0_04\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tracks Eraser]
2005-04-13 10:10 546304 ----a-w- c:\program files\Tracks Eraser\te.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\HFS web server\\hfs.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [04/03/2009 16:10 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [28/06/2009 12:59 216200]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [28/06/2009 13:00 242896]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [12/03/2010 10:42 308064]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [04/02/2010 16:52 1352832]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [02/12/2009 09:18 135664]
S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]
S4 Xmscaxxser;Xmscaxxser;c:\windows\system32\ctfmon.exe [04/08/2004 05:56 15360]
.
Contents of the 'Scheduled Tasks' folder
2010-07-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 10:38]
2010-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-02 08:18]
2010-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-02 08:18]
2010-07-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789336058-1336601894-725345543-1003Core.job
- c:\documents and settings\karen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 21:15]
2010-07-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789336058-1336601894-725345543-1003UA.job
- c:\documents and settings\karen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 21:15]
.
.
Supplementary Scan
.
uStart Page = hxxp://news.bbc.co.uk/
mStart Page = hxxp://news.bbc.co.uk/
mWindow Title = ..:: Panda HQ ::..
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-AnyDVD - c:\program files\SlySoft\AnyDVD\AnyDVD.exe
MSConfigStartUp-CloneCDTray - c:\program files\SlySoft\CloneCD\CloneCDTray.exe
MSConfigStartUp-PeerGuardian - c:\program files\PeerGuardian2\pg2.exe
MSConfigStartUp-SSC Service Utility - c:\program files\SSC Service Utility\ssc_serv.exe
MSConfigStartUp-VirtualCloneDrive - c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-08 16:04
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_USERS\S-1-5-21-789336058-1336601894-725345543-1003\Software\Zepter Software\RegLib*fc4b1dce\CloneDVDmobile/1]
"1"=dword:4507f32c
"2"=dword:456d7d44
.
DLLs Loaded Under Running Processes
- - - - - - - > 'explorer.exe'(1680)
c:\progra~1\WINDOW~2\wmpband.dll
.
Completion time: 2010-07-08 16:06:33
ComboFix-quarantined-files.txt 2010-07-08 15:06
Pre-Run: 16,927,659,520 bytes free
Post-Run: 16,883,102,720 bytes free
- - End Of File - - 9BDD1B2D2C7D9E7C33F0F679010D9D10It's nice to be important.....but it's more important to be nice
0 -
I've left a note for alienRIK on another thread so hopefully he will come and check the logs for you.
Once the logs are checked and alienRIK posts his response(s) below, some things to consider: Have you paid for the AVG and would you consider changing AVG to another antivirus programme? I personally use avira but others use avast or microsoft security essential which are all free. If you are happy to change the programme, you will have to uninstall AVG from the control panel to run one of the others. Also after uninstalling run the removal tool too: http://www.avg.com/download-tools
Also I would stick with malwarebytes and uninstall lavasoft too.0 -
No, I don't pay for AVG so will look at the alternatives. Seems a good time for a change...
Will uninstall Ad-Aware and use your suggested programme instead.
I'm totally clueless when it comes to this stuff, so I really do appreciate your help.It's nice to be important.....but it's more important to be nice0 -
I'd wait for alienRIK's reply - your computer *should* be clean but if it's not, it may not be very good if you install an antivirus on an infected computer!0
-
Yes - that'll give me a while to check out all the options It's nice to be important.....but it's more important to be nice0
-
Open malwarebytes
Goto MORE TOOLS
then RUN TOOL
Using the tool, destroy this file ~
d:\PciCon.sys:idea:0 -
When I click RUN TOOL a box pops up asking me to select a location.
What do I do?!It's nice to be important.....but it's more important to be nice0 -
I selected D drive from the drop down list, then put d:\PciCon.sys as the file and clicked OPEN... but it said "this file does not exist" it then said "create the file?" to which I clicked NO (because I wasn't sure what I'd be creating!)
I can't understand what I'm doing wrong
It's nice to be important.....but it's more important to be nice0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 353.5K Banking & Borrowing
- 254.2K Reduce Debt & Boost Income
- 455.1K Spending & Discounts
- 246.6K Work, Benefits & Business
- 603K Mortgages, Homes & Bills
- 178.1K Life & Family
- 260.6K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards