We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Hiloti Trojan
Comments
-
The_Grandmaster wrote: »When you switch your computer again and problem persists, start your computer in safe mode with networking - you need to press F8 or F10 when the computer turns on. Then try the above link.
Also I may be tempted to update definitions and rerun malwarebytes.
MBAM 5350 is only one less than current 5351 probably un-necessary4.8kWp 12x400W Longhi 9.6 kWh battery Giv-hy 5.0 Inverter, WSW facing Essex . Aint no sunshine ☀️ Octopus gas fixed dec 24 @ 5.74 tracker again+ Octopus Intelligent Flux leccy0 -
I know but I don't understand why avast is turned off and the internet is not connecting... Thought it was worth a shot as malwarebytes may have missed something? I've seen it do it once...
Obviously rerunning malwarebytes would be after the hijackthis log. And by the time OP returns, the definitions may have gone up quite a bit.0 -
looking at that log file , run this
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
and post the log file it produces
AlienRik is the expert on reading those....Ex forum ambassador
Long term forum member0 -
When I logged in this morning A box popped up saying
Error running C:\windows\soldet.dll The specified module could not be found. I then tried to open IE but pop up fom Comodo Safesurf saying
Attack detected
Application: Microsoft Corp
Publisher: Unknown
Blocked from executing a possible buffer overflow attack
C:\program files\internet explorer\iexplore
Went backin in safe mode andtried Hijackthis. Used button for latest version (1.34) and got a window up saying
The system administrator has set policie ro prevent this installation. Looked at other versions and it let me install 2,02 andthis is the log
I'll do combofix next Thanks again
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:05:27, on 19/12/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17093)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.koower.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - (no file)
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll
O3 - Toolbar: (no name) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - (no file)
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [McAfee Guardian] C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe /SU
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [Tpugugawopikebeg] rundll32.exe "C:\WINDOWS\ayodaribiy.dll",Startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {55A548B3-AFA8-41E3-8057-FD24931C6388} (FXExec Control) - http://216.87.37.188/app/FXCtrl.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189250150781
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-gb/1,0,0,21/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\cssdll32.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Creative Centrale Media Server (CTUPnPSv) - Creative Technology Ltd - C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
--
End of file - 7147 bytes0 -
open IE, go to Tools > Internet Options > Advanced > Reset Settings, and see if that helps for starters.
There are lots of entries ending in (no file) in the log, safe to tick and fix them
You need to run the mcafee removal tool.
Looking at the hjt log, it may require some further work after you've run combofix.
O4 - HKLM\..\Run: [Tpugugawopikebeg] rundll32.exe "C:\WINDOWS\ayodaribiy.dll",Startup
looks decidedly iffy, but do t'other stuff first..........Gettin' There, Wherever There is......
I have a dodgy "i" key, so ignore spelling errors due to "i" issues, ...I blame Apple
0 -
ComboFix 10-12-18.01 - Administrator 19/12/2010 9:33.2.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.446.265 [GMT 0:00]
Running from: c:\documents and settings\Administrator\My Documents\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Mark\Application Data\Adobe\AdobeUpdate .exe
c:\documents and settings\Mark\Application Data\Adobe\plugs
c:\documents and settings\Mark\Application Data\Zyof
c:\documents and settings\Mark\Application Data\Zyof\ipwaz.oso
c:\documents and settings\Mark\Application Data\Zyof\ipwaz.tmp
c:\documents and settings\Mark\Local Settings\Application Data\{E72D751A-184A-4778-AC34-BA4F1C17964F}
c:\documents and settings\Mark\Local Settings\Application Data\{E72D751A-184A-4778-AC34-BA4F1C17964F}\chrome.manifest
c:\documents and settings\Mark\Local Settings\Application Data\{E72D751A-184A-4778-AC34-BA4F1C17964F}\chrome\content\_cfg.js
c:\documents and settings\Mark\Local Settings\Application Data\{E72D751A-184A-4778-AC34-BA4F1C17964F}\chrome\content\overlay.xul
c:\documents and settings\Mark\Local Settings\Application Data\{E72D751A-184A-4778-AC34-BA4F1C17964F}\install.rdf
c:\documents and settings\Mark\Start Menu\Programs\System Tool
c:\documents and settings\NetworkService\Application Data\pnmfzy.dat
c:\windows\ayodaribiy.dll
c:\windows\system32\3904425501.dat
c:\windows\system32\csftxctl.ocx
c:\windows\system32\zlibwapi.dll
.
((((((((((((((((((((((((( Files Created from 2010-11-19 to 2010-12-19 )))))))))))))))))))))))))))))))
.
2010-12-18 16:27 . 2010-12-18 16:27
d
w- c:\documents and settings\Administrator
2010-12-18 15:52 . 2010-12-18 18:57
d
w- c:\documents and settings\All Users\Application Data\gGkJj06511
2010-12-16 14:43 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-16 14:41 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2010-11-27 13:57 . 2009-02-24 18:42 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2010-11-27 13:57 . 2010-11-27 13:57
d
w- c:\program files\MagicDisc
2010-11-27 13:51 . 2010-11-27 13:51
d
w- c:\program files\Common Files\Macrovision Shared
2010-11-27 13:50 . 2010-12-15 18:52
d
w- c:\documents and settings\All Users\Application Data\Rosetta Stone
2010-11-27 13:50 . 2010-11-27 13:50
d
w- c:\program files\Rosetta Stone
2010-11-27 13:16 . 2010-11-27 13:17
d
w- c:\documents and settings\Mark\Downloads
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 17:42 . 2008-10-26 18:13 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-29 17:42 . 2008-10-26 18:13 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-18 18:12 . 2004-10-18 08:27 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 00:34 . 2004-08-04 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:34 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-11-06 00:34 . 2004-08-04 12:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-06 00:34 . 2004-08-04 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-11-03 12:25 . 2004-08-04 12:00 389120 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2004-08-04 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2004-08-04 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2004-08-04 12:00 1853312 ----a-w- c:\windows\system32\win32k.sys
2005-07-09 07:48 . 2005-07-09 07:48 10562512 -c--a-w- c:\program files\GoogleEarth.exe
2005-06-23 19:35 . 2005-06-14 20:39 6818440 -c--a-w- c:\program files\MicrosoftAntiSpywareInstall.exe
.
Sigcheck
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . 9425B72F40257B45D45D24773273DAD0 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9425B72F40257B45D45D24773273DAD0 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-13 . ACCF5A9A1FFAA490F33DBA1C632B95E1 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
[-] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[-] 2006-01-13 . 583E063FDC888CA30D05C2724B0D7EF4 . 359808 . . [5.1.2600.2827] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[-] 2005-05-25 . 88763A98A4C26C409741B4AA162720C9 . 359808 . . [5.1.2600.2685] . . c:\windows\$NtUninstallKB913446$\tcpip.sys
[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893066$\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-02-26 65024]
"VTTimer"="VTTimer.exe" [2004-01-15 49152]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2003-11-10 406016]
"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
"EPSON Stylus CX3600 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE" [2004-03-04 98304]
"gcasServ"="c:\program files\Microsoft AntiSpyware\gcasServ.exe" [2005-06-15 473928]
"DataLayer"="c:\program files\Common Files\PCSuite\DataLayer\DataLayer.exe" [2005-06-07 819712]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2005-06-29 176128]
"COMODO SafeSurf"="c:\program files\COMODO\SafeSurf\cssurf.exe" [2008-10-29 278264]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-31 149280]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Mark\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2010-11-27 576000]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\cssdll32.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BTModemProtection]
2005-05-16 11:56 1573 ----a-w- c:\windows\system32\BTModemProtection.lnk
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBPhone4Skype]
2006-08-22 09:35 208896 ----a-w- c:\program files\MAX-DECT PHONE\USBPhone4Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=
S0 gweo;gweo;c:\windows\system32\drivers\kvqxtk.sys --> c:\windows\system32\drivers\kvqxtk.sys [?]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [29/10/2008 08:26 165584]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [29/10/2008 08:26 17744]
S2 LIFDHIGW;LIFDHIGW;\??\c:\windows\system32\lifdhigw.dzq --> c:\windows\system32\lifdhigw.dzq [?]
S3 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe [21/05/2008 11:42 64000]
S3 ModemProtection;ModemProtection;c:\windows\system32\ModemProtection.sys [25/04/2005 18:20 13157]
S3 MusCDriverV32;MusCDriverV32;c:\windows\system32\drivers\MusCDriverV32.sys [05/01/2008 13:21 513152]
S3 MusCVideo32;MusCVideo32;c:\windows\system32\drivers\MusCVideo32.sys [05/01/2008 13:21 3768]
S3 V0260VID;Live! Cam Vista IM;c:\windows\system32\drivers\V0260Vid.sys [17/02/2007 10:25 178913]
.
Contents of the 'Scheduled Tasks' folder
.
.
Supplementary Scan
.
mStart Page = hxxp://www.koower.com/
mSearch Bar = about:blank
DPF: {55A548B3-AFA8-41E3-8057-FD24931C6388} - hxxp://216.87.37.188/app/FXCtrl.cab
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-McAfee Guardian - c:\program files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
HKLM-Run-COMODO Firewall Pro - c:\program files\COMODO\Firewall\cfp.exe
HKLM-Run-Tpugugawopikebeg - c:\windows\ayodaribiy.dll
SafeBoot-AVG Anti-Spyware Driver
SafeBoot-AVG Anti-Spyware Guard
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-19 09:43
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LIFDHIGW]
"ImagePath"="\??\c:\windows\system32\lifdhigw.dzq"
.
LOCKED REGISTRY KEYS
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
DLLs Loaded Under Running Processes
- - - - - - - > 'winlogon.exe'(564)
c:\windows\system32\cssdll32.dll
- - - - - - - > 'lsass.exe'(620)
c:\windows\system32\cssdll32.dll
.
Completion time: 2010-12-19 09:49:33
ComboFix-quarantined-files.txt 2010-12-19 09:49
ComboFix2.txt 2008-10-27 21:39
Pre-Run: 26,073,620,480 bytes free
Post-Run: 26,318,893,056 bytes free
- - End Of File - - BD2C19E50406550BA6C163F300F601560 -
its removed some stuff, let AlienRik take a read when he's back online as he may advise you to remove some more files manuallyEx forum ambassador
Long term forum member0 -
theres also some windows updates to do but under no circumstance allow the system to install any until we are sure its cleanEx forum ambassador
Long term forum member0 -
Set to see hidden files and folders -
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/hiddenfiles.mspx
Open malwarebytes
Goto MORE TOOLS
then RUN TOOL
search for and destroy this file (If it exists)
c:\windows\system32\lifdhigw.dzq:idea:0 -
Hi
It can't find that file - says it doesn't exist0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.4K Banking & Borrowing
- 253.7K Reduce Debt & Boost Income
- 454.4K Spending & Discounts
- 245.4K Work, Benefits & Business
- 601.3K Mortgages, Homes & Bills
- 177.6K Life & Family
- 259.3K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards