We’d like to remind Forumites to please avoid political debate on the Forum.

This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.

📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

AV Security

24567

Comments

  • Donnie
    Donnie Posts: 9,862 Forumite
    Current Database version is 4312. Did you choose Remove Selected at the end of the scan? You need to do it. Seems you'll need to run the scan again.
  • andyrules
    andyrules Posts: 3,558 Forumite
    Sorry, log is never ending, still only half of it! if I post it all it will take over. off to work, back later. Will delete those logs if they are in the way!
  • andyrules
    andyrules Posts: 3,558 Forumite
    Donnie wrote: »
    Current Database version is 4312. Did you choose Remove Selected at the end of the scan?

    No, didn't take any action sorry, will delete and try to run again later.
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    Did you attempt to UPDATE first?
    :idea:
  • Donnie
    Donnie Posts: 9,862 Forumite
    Not sure what happened to my link in post #4 :o

    Anyway, here it is :)
  • andyrules
    andyrules Posts: 3,558 Forumite
    aliEnRIK wrote: »
    Did you attempt to UPDATE first?

    Yes, wouldn't let me.
  • andyrules
    andyrules Posts: 3,558 Forumite
    Run malware, but not updated. Even though I downloaded AlienRik's link, can't open it. Also downloaded the hostxpert, but can't open that either. Still can't update old version either. Have removed all it found but the thing is still there.

    Log is very long still - too long to post!
  • andyrules
    andyrules Posts: 3,558 Forumite
    Ok, have got a Hijack this log, not sure how as a message said it could not run.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:43:48, on 14/07/2010
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\RunDll32.exe
    C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\DOCUME~1\Dave\LOCALS~1\Temp\Gt1.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Documents and Settings\All Users\Application Data\52013f0\SM5201_302.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\System32\notepad.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.co.uk/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    R3 - URLSearchHook: (no name) - {EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
    O1 - Hosts: 74.125.45.100 4-open-davinci.com
    O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
    O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
    O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
    O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
    O1 - Hosts: 74.125.45.100 secure-plus-payments.com
    O1 - Hosts: 74.125.45.100 https://www.getantivirusplusnow.com
    O1 - Hosts: 74.125.45.100 https://www.secure-plus-payments.com
    O1 - Hosts: 74.125.45.100 https://www.getavplusnow.com
    O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
    O1 - Hosts: 74.125.45.100 urs.microsoft.com
    O1 - Hosts: 74.125.45.100 https://www.securesoftwarebill.com
    O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
    O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
    O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
    O1 - Hosts: 67.230.163.203 https://www.google.com
    O1 - Hosts: 67.230.163.203 google.com
    O1 - Hosts: 67.230.163.203 google.com.au
    O1 - Hosts: 67.230.163.203 https://www.google.com.au
    O1 - Hosts: 67.230.163.203 google.be
    O1 - Hosts: 67.230.163.203 https://www.google.be
    O1 - Hosts: 67.230.163.203 google.com.br
    O1 - Hosts: 67.230.163.203 https://www.google.com.br
    O1 - Hosts: 67.230.163.203 google.ca
    O1 - Hosts: 67.230.163.203 https://www.google.ca
    O1 - Hosts: 67.230.163.203 google.ch
    O1 - Hosts: 67.230.163.203 https://www.google.ch
    O1 - Hosts: 67.230.163.203 google.de
    O1 - Hosts: 67.230.163.203 https://www.google.de
    O1 - Hosts: 67.230.163.203 google.dk
    O1 - Hosts: 67.230.163.203 https://www.google.dk
    O1 - Hosts: 67.230.163.203 google.fr
    O1 - Hosts: 67.230.163.203 https://www.google.fr
    O1 - Hosts: 67.230.163.203 google.ie
    O1 - Hosts: 67.230.163.203 https://www.google.ie
    O1 - Hosts: 67.230.163.203 google.it
    O1 - Hosts: 67.230.163.203 https://www.google.it
    O1 - Hosts: 67.230.163.203 google.co.jp
    O1 - Hosts: 67.230.163.203 https://www.google.co.jp
    O1 - Hosts: 67.230.163.203 google.nl
    O1 - Hosts: 67.230.163.203 https://www.google.nl
    O1 - Hosts: 67.230.163.203 google.no
    O1 - Hosts: 67.230.163.203 https://www.google.no
    O1 - Hosts: 67.230.163.203 google.co.nz
    O1 - Hosts: 67.230.163.203 https://www.google.co.nz
    O1 - Hosts: 67.230.163.203 google.pl
    O1 - Hosts: 67.230.163.203 https://www.google.pl
    O1 - Hosts: 67.230.163.203 google.se
    O1 - Hosts: 67.230.163.203 https://www.google.se
    O1 - Hosts: 67.230.163.203 google.co.uk
    O1 - Hosts: 67.230.163.203 https://www.google.co.uk
    O1 - Hosts: 67.230.163.203 google.co.za
    O1 - Hosts: 67.230.163.203 https://www.google.co.za
    O1 - Hosts: 67.230.163.203 https://www.google-analytics.com
    O1 - Hosts: 67.230.163.203 https://www.bing.com
    O1 - Hosts: 67.230.163.203 search.yahoo.com
    O1 - Hosts: 67.230.163.203 https://www.search.yahoo.com
    O1 - Hosts: 67.230.163.203 uk.search.yahoo.com
    O1 - Hosts: 67.230.163.203 ca.search.yahoo.com
    O1 - Hosts: 67.230.163.203 de.search.yahoo.com
    O1 - Hosts: 67.230.163.203 fr.search.yahoo.com
    O1 - Hosts: 67.230.163.203 au.search.yahoo.com
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe "Dave"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [JDK5SWFMZY] C:\DOCUME~1\Dave\LOCALS~1\Temp\Gt1.exe
    O4 - HKCU\..\Run: [Security Master AV] "C:\Documents and Settings\All Users\Application Data\52013f0\SM5201_302.exe" /s /d
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?07053b3f4a014960b43f981c527ed7db
    O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?07053b3f4a014960b43f981c527ed7db
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file://C:\Program Files\Monopoly\Images\stg_drm.ocx
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.sc-server1.bt.com/broadband/MotivePreQual.cab
    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Monopoly\Images\armhelper.ocx
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9CF0FC9B-2487-4FC7-A9A2-735080C955E8}: NameServer = 93.188.162.61,93.188.161.201
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.162.61,93.188.161.201
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 93.188.162.61,93.188.161.201
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.61,93.188.161.201
    O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

    --
    End of file - 12074 bytes
  • spud17
    spud17 Posts: 4,441 Forumite
    Part of the Furniture 1,000 Posts Name Dropper Combo Breaker
    SP1 and IE 6 :eek:

    Good luck guys, have to go now. ;)
    Move along, nothing to see.
  • Donnie
    Donnie Posts: 9,862 Forumite
    spud17 wrote: »
    SP1 and IE 6 :eek:

    Good luck guys, have to go now. ;)

    It's not even funny. :D

    Come back! It's a collective responsibility. :rotfl:
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 352.5K Banking & Borrowing
  • 253.7K Reduce Debt & Boost Income
  • 454.4K Spending & Discounts
  • 245.5K Work, Benefits & Business
  • 601.4K Mortgages, Homes & Bills
  • 177.6K Life & Family
  • 259.4K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16K Discuss & Feedback
  • 37.7K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture