We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Virus doing my head in help plz!!
nikki702
Posts: 1,098 Forumite
in Techie Stuff
After struggling with that system tools virus today I installed avast it keeps coming up with this
Im getting so fed up now can someone help please?
Thanks
Im getting so fed up now can someone help please?
Thanks
0
Comments
-
Try kasperskys rootkit killer -
http://support.kaspersky.com/viruses/solutions?qid=208280684
if that fails try sophos -
http://www.sophos.com/products/free-tools/sophos-anti-rootkit.html
have you run malwarebytes?:idea:0 -
I ran malwarebytes today and it said no bad files found...
I am going to try the kaspersky one now thanks
0 -
Was malwarebytes upto date and was it a FULL scan you ran?:idea:0
-
It was updated yesterday and the scan was a full scan took more than 2 hours :eek:0
-
Kaspersky seemed to work, I picked cure.. rebooted, scanned again and it didnt find it
I am waiting for the next problem now im sure there will be one lol
Thanks for your help 0 -
Id recommend a scan with combofix too. Id also reset the HOSTS file
Download HostsXpert
http://www.softpedia.com/progDownload/Hoster-Download-27041.html
and then follow the below steps.
* Unzip HostsXpert.zip
* It will create a folder named HostsXpert in whatever folder you extract it to.
* Run HostsXpert.exe by double clicking on it.
* click the Make Writeable? button.
* click Restore Microsoft's Hosts File and then click OK.
* Click the X to exit the program
...........................................................
Please run COMBOFIX
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Shut down your anti virus
Follow the simple instructions it gives
Post the COMPLETE log it creates here (Split into sections if need be) ~ if there are loads of 'SNAPSHOT' pages then leave them out
If it comes up with a RENAMING error then RIGHT click the exe file and RENAME and call it QWERTY (Making the complete file name 'QWERTY.exe') Or SAVE as 'QWERTY' on download
(If no log comes up or you lose it, COMBOFIX.TXT can be found in C drive):idea:0 -
Hi, I had exactly the same problem here :mad:
MalwareBytes found nothing
Avast flashed up that warning, but wouldn't fix it. :mad:
If I follow the instrucitons you have provided, although I think a fix I found on avast fixed it, but it wont hurt doing another scan to make sure.
Ill do the hosts file, and run combi fix, would it be rude to post my combi fix log here, or should I create my own thread ??0 -
rockin_plumber wrote: »Hi, I had exactly the same problem here :mad:
MalwareBytes found nothing
Avast flashed up that warning, but wouldn't fix it. :mad:
If I follow the instrucitons you have provided, although I think a fix I found on avast fixed it, but it wont hurt doing another scan to make sure.
Ill do the hosts file, and run combi fix, would it be rude to post my combi fix log here, or should I create my own thread ??
Please create your own thread
Mixing results can be very confuxing at times:idea:0 -
Alienrik.. here is the combofix log....0
-
ComboFix 11-02-28.02 - Nicola 28/02/2011 22:19:18.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.1278.728 [GMT 0:00]
Running from: c:\documents and settings\Nicola\My Documents\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Nicola\Local Settings\Application Data\{C4858422-3930-4C0E-8AAA-712BCBDE5AF3}
c:\documents and settings\Nicola\Local Settings\Application Data\{C4858422-3930-4C0E-8AAA-712BCBDE5AF3}\chrome.manifest
c:\documents and settings\Nicola\Local Settings\Application Data\{C4858422-3930-4C0E-8AAA-712BCBDE5AF3}\chrome\content\_cfg.js
c:\documents and settings\Nicola\Local Settings\Application Data\{C4858422-3930-4C0E-8AAA-712BCBDE5AF3}\chrome\content\overlay.xul
c:\documents and settings\Nicola\Local Settings\Application Data\{C4858422-3930-4C0E-8AAA-712BCBDE5AF3}\install.rdf
C:\test.txt
c:\windows\Fonts\acrsec.fon
c:\windows\system32\twunk_32.exe
.
((((((((((((((((((((((((( Files Created from 2011-01-28 to 2011-02-28 )))))))))))))))))))))))))))))))
.
2011-02-28 15:28 . 2011-02-23 14:54 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-02-28 15:28 . 2011-02-23 14:56 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-28 15:28 . 2011-02-23 14:55 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-28 15:28 . 2011-02-23 14:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-02-28 15:28 . 2011-02-23 14:55 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-02-28 15:28 . 2011-02-23 14:55 102232 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-02-28 15:28 . 2011-02-23 14:55 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-02-28 15:28 . 2011-02-23 14:54 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-02-28 15:28 . 2011-02-23 15:04 40648 ----a-w- c:\windows\avastSS.scr
2011-02-28 15:28 . 2011-02-23 15:04 190016 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-28 15:27 . 2011-02-28 15:27
d
w- c:\program files\AVAST Software
2011-02-28 15:27 . 2011-02-28 15:27
d
w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-02-28 15:11 . 2011-02-28 15:11
d
w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2011-02-28 14:10 . 2011-02-28 14:10
d
w- c:\documents and settings\Nicola\Local Settings\Application Data\Secunia PSI
2011-02-28 12:29 . 2011-02-28 12:29
d
w- c:\documents and settings\Nicola\Application Data\Trusteer
2011-02-28 12:28 . 2011-02-28 12:28
d
w- c:\program files\Trusteer
2011-02-28 12:24 . 2011-02-28 12:24
d
w- c:\documents and settings\All Users\Application Data\Trusteer
2011-02-28 12:17 . 2011-02-28 12:17
d
w- c:\program files\Secunia
2011-02-27 12:10 . 2011-02-27 12:11
d
w- c:\documents and settings\Nicola\Local Settings\Application Data\Deployment
2011-02-27 10:47 . 2011-02-27 10:47
d
w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-02-27 10:45 . 2011-02-27 10:45
d
w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2011-02-27 10:40 . 2005-09-20 09:31 135168 ----a-w- c:\windows\system32\igfxres.dll
2011-02-27 10:28 . 2004-08-12 14:03 6144 -c--a-w- c:\windows\system32\dllcache\pmxgl.dll
2011-02-27 10:27 . 2004-08-12 13:57 72192 -c--a-w- c:\windows\system32\dllcache\fxscom.dll
2011-02-27 10:24 . 2004-08-12 13:58 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2011-02-27 10:24 . 2004-08-12 13:58 16384 ----a-w- c:\program files\Internet Explorer\Connection Wizard\isignup.exe
2011-02-27 10:06 . 2004-08-12 14:06 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2011-02-27 10:06 . 2004-08-12 14:06 24661 ----a-w- c:\windows\system32\spxcoins.dll
2011-02-27 10:06 . 2004-08-12 13:58 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2011-02-27 10:06 . 2004-08-12 13:58 13312 ----a-w- c:\windows\system32\irclass.dll
2011-02-27 10:06 . 2004-08-12 13:58 13753 ----a-r- c:\windows\SET189.tmp
2011-02-27 10:06 . 2004-08-12 14:02 1086058 ----a-r- c:\windows\SET17D.tmp
2011-02-27 10:06 . 2004-08-12 14:06 1042903 ----a-r- c:\windows\SET17A.tmp
2011-02-27 09:52 . 2011-02-27 09:52
d
w- c:\windows\dell
2011-02-27 08:25 . 2011-02-27 11:38
d
w- c:\documents and settings\All Users\Application Data\pOeFdPa06300
2011-02-10 16:15 . 2011-02-10 16:15 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-20 18:09 . 2008-09-30 06:48 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 18:08 . 2008-09-30 06:49 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
2011-02-23 15:04 814160 ----a-w- c:\program files\AVAST Software\Avast\aswWebRepIE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}"= "c:\program files\AVAST Software\Avast\aswWebRepIE.dll" [2011-02-23 814160]
[HKEY_CLASSES_ROOT\clsid\{8e5e2654-ad2d-48bf-ac2d-d17f00898d06}]
[HKEY_CLASSES_ROOT\Avast.WrcBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{CD3AF781-AF1F-4400-9A30-15470BE43AD9}]
[HKEY_CLASSES_ROOT\Avast.WrcBar]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-12 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 44032]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-31 385024]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-12 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Nokia Ovi Suite.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Nokia Ovi Suite.lnk
backup=c:\windows\pss\Nokia Ovi Suite.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Secunia PSI Tray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
backup=c:\windows\pss\Secunia PSI Tray.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Nicola^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Nicola\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2007-02-28 22:06 2321600 ----a-w- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-27 18:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
2009-08-31 11:25 623960 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2004-08-12 13:55 110592 ----a-w- c:\windows\SYSTEM32\bthprops.cpl
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-12 13:56 15360 ----a-w- c:\windows\SYSTEM32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-09-20 09:35 94208 ----a-w- c:\windows\SYSTEM32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-02-19 13:10 267048 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
2006-06-27 15:21 1449984 ----a-w- c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-01-31 23:13 385024 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2004-10-25 14:23 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
2010-08-29 18:41 160328 ----a-w- c:\program files\Siber Systems\AI RoboForm\robotaskbaricon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-02-22 03:25 144784 ----a-w- c:\program files\Java\jre1.6.0_05\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2009-09-04 13:49 1994480 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2009-11-13 11:31 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2006-06-21 17:14 35328 ----a-w- c:\program files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Messenger\\MSMSGS.EXE"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\StubInstaller.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\SYSTEM32\\dlbtcoms.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\WINDOWS\\PCHEALTH\\HELPCTR\\BINARIES\\helpctr.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"22694:TCP"= 22694:TCP:BitComet 22694 TCP
"22694:UDP"= 22694:UDP:BitComet 22694 UDP
"25584:TCP"= 25584:TCP:BitComet 25584 TCP
"25584:UDP"= 25584:UDP:BitComet 25584 UDP
R0 RapportKELL;RapportKELL;c:\windows\SYSTEM32\DRIVERS\RapportKELL.sys [10/02/2011 16:15 53816]
R1 aswSnx;aswSnx;c:\windows\SYSTEM32\DRIVERS\aswSnx.sys [28/02/2011 15:28 371544]
R1 aswSP;aswSP;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [28/02/2011 15:28 301528]
R1 RapportCerberus_23775;RapportCerberus_23775;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus_23775.sys [10/02/2011 16:22 54072]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [10/02/2011 16:15 63160]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [10/02/2011 16:15 156344]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [04/09/2009 13:50 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [04/09/2009 13:49 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [28/02/2011 15:28 19544]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [10/02/2011 16:15 821048]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [10/01/2011 14:24 993848]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [10/01/2011 14:24 399416]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [13/11/2009 11:31 92008]
R3 PSI;PSI;c:\windows\SYSTEM32\DRIVERS\psi_mf.sys [01/09/2010 08:30 15544]
S0 gptbzgd;gptbzgd; [x]
S0 sptd;sptd;c:\windows\SYSTEM32\DRIVERS\sptd.sys [27/09/2009 22:08 722416]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [27/07/2010 19:56 136176]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\SYSTEM32\DRIVERS\nmwcdnsu.sys [23/04/2008 21:32 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\SYSTEM32\DRIVERS\nmwcdnsuc.sys [23/04/2008 21:32 8320]
S3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso.sys [10/02/2011 16:22 18872]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [04/09/2009 13:50 7408]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
2011-02-28 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-12 22:00]
2011-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-27 19:56]
2011-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-27 19:56]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.yahoo.co.uk/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: &eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} - hxxp://www.mypixmania.com/uk/uk/importer/MypixUploader.cab
DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} - hxxp://sell.autotrader.co.uk/uk-ola/common/TraderMediaX.cab
DPF: {9C88EF87-3AA0-40AE-890C-4F260E8C3ABB} - file://c:\williamhillinstallation\WHVHR.ocx
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
FF - ProfilePath - c:\documents and settings\Nicola\Application Data\Mozilla\Firefox\Profiles\adax62ls.default\
FF - prefs.js: browser.search.selectedEngine - Big Snap
FF - prefs.js: browser.startup.homepage - https://www.yahoo.co.uk
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: AI Roboform Toolbar for Firefox: {22119944-ED35-4ab1-910B-E619EA06A115} - c:\program files\Siber Systems\AI RoboForm\Firefox
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-DAEMON Tools Pro Agent - c:\program files\DAEMON Tools Pro\DTProAgent.exe
MSConfigStartUp-DVDLauncher - c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
MSConfigStartUp-HP Software Update - c:\program files\HP\HP Software Update\HPWuSchd2.exe
MSConfigStartUp-hpqSRMon - c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe
MSConfigStartUp-NSLauncher - c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe
MSConfigStartUp-PCMService - c:\program files\Dell\Media Experience\PCMService.exe
MSConfigStartUp-servises - c:\windows\system32\servises.exe
MSConfigStartUp-UpdateManager - c:\program files\Common Files\Sonic\Update Manager\sgtray.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-28 22:37
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
DLLs Loaded Under Running Processes
- - - - - - - > 'winlogon.exe'(788)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
- - - - - - - > 'explorer.exe'(4028)
c:\windows\system32\shdoclc.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\program files\Nokia\PC Connectivity Solution\ConnAPI.DLL
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\browselc.dll
c:\program files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
c:\program files\Microsoft Office\Office12\1033\GrooveIntlResource.dll
.
Other Running Processes
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\dlbtcoms.exe
c:\program files\Flip Video\FlipShare\FlipShareService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2011-02-28 22:49:49 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-28 22:49
Pre-Run: 27,981,164,544 bytes free
Post-Run: 28,511,842,304 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - D1D5D3D028A65A3326A04095736ADB6F0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351.7K Banking & Borrowing
- 253.4K Reduce Debt & Boost Income
- 454K Spending & Discounts
- 244.7K Work, Benefits & Business
- 600.1K Mortgages, Homes & Bills
- 177.3K Life & Family
- 258.4K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.2K Discuss & Feedback
- 37.6K Read-Only Boards