We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Win 7 Security 2011 $59.95 - Urgent Help Please
Comments
-
Agree with russ, couple of possible iffy files there but a quick search doesn't give any info. It's looking a lot better now, but as a belt'n'braces I'd run dr web (very long scan, 10+hrs) which should finish it off....
https://www.freedrweb.com/download+cureit+free/?lng=en
download and save to desktop before running. It will auto-start a quick scan, stop this and set it off on a full one, then read/drink coffee/go to work/whatever. If you happen to be watching it and it finds something, click Yes to all (or whatever the wording is) and then you can leave it until it's finished
Post the log once done.
Thank you, again. I'll do that right now. The time involved doesn't trouble me - I'm just very grateful to have the problem sorted.
Crimson0 -
Thank you +++ to everyone who has helped me. As advised I ran the complete drweb scan after download it.
It came back (after a long and thorough search):
In this mode the following objects are scanned:
* Random access memory
* Startup objects
* Boot sectors of all disks
* All removable media
* All local disks
No viruses or suspicious objects were in the syster (RC=32).
Although my knowledge is not good this sounds very encouraging to me. Do you think I am at last (thanks to all your good advice) in the clear? If I am I would like to log in to my on line banking. I changed passwords etc to be on the safe side but I'm still a bit apprehensive.
It has been a major learning curve, to say the least, but I would never have managed without all the help I've been given in this forum - thank you all, once again.
Crimson - smiling at last!0 -
Deleted_User wrote: »I don't know what the consumer input software is, closed? Can you tell me what it is please and the reason it should be installed. If it is needed I'll be glad to use it but I'm worried about installing too many things in case they slow down my computer even more.
Thank you.
uninstall it.!!
> . !!!! ----> .0 -
Open notepad and copy/paste the text in RED below
File::
c:\windows\system32\drivers\75935382.sys
c:\windows\system32\drivers\7593538.sys
c:\windows\system32\drivers\75935381.sys
c:\windows\system32\drivers\63323272.sys
c:\windows\system32\drivers\6332327.sys
c:\windows\system32\drivers\63323271.sys
Save this as "CFScript" (FULL file will be 'CFScript.txt' EXACTLY as shown)
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply
(If SNAPSHOT is stupidly large, leave that part out)
Combofix should never take more that 30 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.:idea:0 -
-
consumer input!!
> . !!!! ----> .0 -
Deleted_User wrote: »I'm very sorry if I'm so vague, closed, but what is it I need to uninstall, p;lease?
Crimson
You've got a program on your computer called Consumer Input:
http://consumerinput.com/
removal instructions:
http://consumerinput.com/faq/#uninstall0 -
Question to others: I'm still baffled as to why malwarebytes didn't detect the malware although it supposedly does. So the question is, if malwarebytes is installed and with updated definitions, was there any point in running RKill? Would that have somehow stopped malwarebytes picking up on the malware for some obscure reason?0
-
malwarebyte's doesn't detect everything and most AV's miss rootkit's unless a rootkit scan is done.!!
> . !!!! ----> .0 -
Here is the log copied and pasted from ComboFix as advised by aliEnRIK. Will I have to try again or is this likely to be all right?
I am having to send it in two separate parts because it was too long and I was not allowed to submit it all at once.
"ComboFix 11-05-08.04 - Christine 09/05/2011 19:53:09.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.2940.1510 [GMT 1:00]
Running from: c:\users\Christine\Downloads\ComboFix.exe
Command switches used :: c:\users\Christine\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\drivers\6332327.sys"
"c:\windows\system32\drivers\63323271.sys"
"c:\windows\system32\drivers\63323272.sys"
"c:\windows\system32\drivers\7593538.sys"
"c:\windows\system32\drivers\75935381.sys"
"c:\windows\system32\drivers\75935382.sys"
.
.
((((((((((((((((((((((((( Files Created from 2011-04-09 to 2011-05-09 )))))))))))))))))))))))))))))))
.
.
2011-05-09 18:56 . 2011-05-09 18:56
d
w- c:\users\Default\AppData\Local\temp
2011-05-09 18:37 . 2011-04-11 00:21 8802128 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-05-09 18:37 . 2011-04-11 00:21 8802128 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F4F530C5-B516-4C8A-80E7-6EE171050D2F}\mpengine.dll
2011-05-09 13:01 . 2011-05-09 13:05
d
w- c:\users\Christine\DoctorWeb
2011-05-09 03:21 . 2011-05-09 03:21
d
w- c:\programdata\!SASCORE
2011-05-09 03:21 . 2011-05-09 03:21
d
w- c:\program files\SUPERAntiSpyware
2011-05-09 03:00 . 2011-05-09 03:08
d
w- c:\users\Christine\AppData\Roaming\Sammsoft
2011-05-09 01:53 . 2011-05-09 03:47
d
w- c:\programdata\Spybot - Search & Destroy
2011-05-09 01:53 . 2011-05-09 02:57
d
w- c:\program files (x86)\Spybot - Search & Destroy
2011-05-08 21:10 . 2011-05-08 23:04
d
w- c:\programdata\Kaspersky Lab
2011-05-08 21:03 . 2011-05-08 21:13
d
w- c:\users\Christine\AppData\Local\Google
2011-05-08 21:03 . 2011-05-08 22:08
d
w- c:\program files (x86)\Google
2011-05-08 19:52 . 2011-05-08 19:52 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-05-08 19:46 . 2011-05-09 04:10 20040 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-05-08 19:46 . 2011-05-08 19:46
d
w- c:\program files\Hitman Pro 3.5
2011-05-08 16:52 . 2011-05-08 16:52 601424
w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5DD56687-9C1C-4046-83CC-AC1B05514AFD}\gapaengine.dll
2011-05-08 16:51 . 2011-05-08 16:51
d
w- c:\program files (x86)\Microsoft Security Client
2011-05-08 16:51 . 2011-05-08 16:51
d
w- c:\program files\Microsoft Security Client
2011-05-08 15:27 . 2011-05-08 19:52
d
w- c:\programdata\Hitman Pro
2011-05-08 14:36 . 2011-05-08 14:36
d
w- c:\users\Christine\AppData\Roaming\SUPERAntiSpyware.com
2011-05-08 14:36 . 2011-05-08 14:36
d
w- c:\programdata\SUPERAntiSpyware.com
2011-05-08 13:46 . 2011-05-08 13:46
d
w- c:\program files (x86)\FileHippo.com
2011-05-08 13:41 . 2011-05-08 13:41
d
w- c:\users\Christine\AppData\Local\Apps
2011-05-08 13:25 . 2011-05-08 13:25 388096 ----a-r- c:\users\Christine\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-05-08 13:25 . 2011-05-08 13:25
d
w- c:\program files (x86)\Trend Micro
2011-05-08 13:07 . 2011-05-08 13:07
d
w- c:\program files (x86)\Common Files\Adobe
2011-05-07 23:06 . 2011-05-08 15:00 404128 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-07 23:03 . 2011-05-07 23:03 521448 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-07 23:03 . 2011-05-07 23:03
d
w- c:\program files\Java
2011-05-07 22:18 . 2011-05-07 22:18
d
w- c:\users\Christine\AppData\Roaming\Malwarebytes
2011-05-07 22:18 . 2011-05-07 22:18
d
w- c:\programdata\Malwarebytes
2011-05-07 22:18 . 2010-12-20 17:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-07 22:18 . 2011-05-07 22:18
d
w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-05-07 22:18 . 2010-12-20 17:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-05 18:34 . 2011-05-05 18:34
d
w- c:\windows\Cache
2011-05-05 18:34 . 2011-05-05 18:34 31 ---ha-w- c:\windows\UKCpInfo.sys
2011-04-29 13:33 . 2011-04-29 13:33 53248 ----a-r- c:\users\Christine\AppData\Roaming\Microsoft\Installer\{F97272B4-82C4-46B2-BCF1-C4D6E8CAB3E6}\ARPPRODUCTICON.exe
2011-04-29 13:33 . 2011-04-29 13:36
d
w- c:\users\Christine\AppData\Roaming\Avery
2011-04-28 14:25 . 2011-02-26 06:23 2870272 ----a-w- c:\windows\explorer.exe
2011-04-28 14:25 . 2011-02-26 05:33 2614784 ----a-w- c:\windows\SysWow64\explorer.exe
2011-04-28 14:23 . 2011-03-12 12:03 662528 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-28 14:23 . 2011-03-12 11:31 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-04-28 06:53 . 2011-03-11 06:23 1657216 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-04-28 06:53 . 2011-03-11 06:23 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-04-28 06:53 . 2011-03-11 06:23 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-04-28 06:53 . 2011-03-11 06:18 2566144 ----a-w- c:\windows\system32\esent.dll
2011-04-28 06:53 . 2011-03-11 06:23 187264 ----a-w- c:\windows\system32\drivers\storport.sys
2011-04-28 06:53 . 2011-03-11 06:23 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-04-28 06:53 . 2011-03-11 06:22 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-04-28 06:53 . 2011-03-11 06:22 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-04-28 06:53 . 2011-03-11 06:15 96768 ----a-w- c:\windows\system32\fsutil.exe
2011-04-28 06:53 . 2011-03-11 05:39 1686016 ----a-w- c:\windows\SysWow64\esent.dll
2011-04-28 06:53 . 2011-03-11 05:37 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
2011-04-28 06:51 . 2011-02-18 06:33 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-04-28 06:51 . 2011-02-18 05:33 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2011-04-27 13:17 . 2011-04-27 13:17
d
w- c:\users\Christine\AppData\Local\{AC8C9B89-3AC2-4810-BC20-B587CC43832B}
2011-04-17 14:23 . 2011-04-17 14:23
d
w- c:\users\Christine\AppData\Local\{264397D4-74C3-414A-9DB2-B6B8463D9B55}
2011-04-15 13:15 . 2011-02-24 06:30 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-04-15 13:15 . 2011-02-24 05:32 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-04-15 13:12 . 2011-03-03 03:58 3133440 ----a-w- c:\windows\system32\win32k.sys
2011-04-15 13:10 . 2011-03-11 06:19 1395712 ----a-w- c:\windows\system32\mfc42.dll
2011-04-15 13:10 . 2011-03-11 06:19 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2011-04-15 13:10 . 2011-03-11 05:40 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2011-04-15 13:10 . 2011-03-11 05:40 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
2011-04-15 13:09 . 2011-02-23 05:16 401920 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-15 13:09 . 2011-02-23 05:16 461312 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-15 13:09 . 2011-02-23 05:15 161792 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-15 13:07 . 2011-02-19 06:36 46080 ----a-w- c:\windows\system32\atmlib.dll
2011-04-15 13:07 . 2011-02-19 05:32 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2011-04-15 13:07 . 2011-02-19 04:13 367104 ----a-w- c:\windows\system32\atmfd.dll
2011-04-15 13:07 . 2011-02-19 03:37 294912 ----a-w- c:\windows\SysWow64\atmfd.dll
2011-04-15 13:04 . 2011-03-03 06:17 182272 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-04-15 13:04 . 2011-03-03 06:14 30208 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-04-15 13:04 . 2011-03-03 05:27 28672 ----a-w- c:\windows\SysWow64\dnscacheugc.exe
2011-04-15 13:03 . 2011-03-08 06:14 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-15 13:03 . 2011-03-08 05:38 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-04-15 13:02 . 2011-02-05 12:41 556928 ----a-w- c:\windows\system32\winresume.efi
2011-04-15 13:02 . 2011-02-05 12:41 640896 ----a-w- c:\windows\system32\winload.efi
2011-04-15 13:02 . 2011-02-05 12:41 20352 ----a-w- c:\windows\system32\kdusb.dll
2011-04-15 13:02 . 2011-02-05 12:41 19328 ----a-w- c:\windows\system32\kd1394.dll
2011-04-15 13:02 . 2011-02-05 12:41 17792 ----a-w- c:\windows\system32\kdcom.dll
2011-04-15 13:02 . 2011-02-05 12:39 603976 ----a-w- c:\windows\system32\winload.exe
2011-04-15 13:02 . 2011-02-05 12:39 518160 ----a-w- c:\windows\system32\winresume.exe
2011-04-15 13:00 . 2011-02-12 06:14 267776 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-04-15 12:59 . 2011-02-23 05:15 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-15 12:59 . 2011-02-23 05:15 286720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-15 12:59 . 2011-02-23 05:15 126464 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-15 12:59 . 2011-02-23 05:15 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-04-12 13:33 . 2011-04-12 13:33
d
w- c:\users\Christine\AppData\Local\{D2D142A0-0C54-4308-8B79-434892B28EA1}
0
![[Deleted User]](https://us-noi.v-cdn.net/6031891/uploads/defaultavatar/nFA7H6UNOO0N5.jpg)
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.2K Banking & Borrowing
- 253.6K Reduce Debt & Boost Income
- 454.3K Spending & Discounts
- 245.2K Work, Benefits & Business
- 600.9K Mortgages, Homes & Bills
- 177.5K Life & Family
- 259K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards