We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
I have a serious infection
Options
Comments
-
I've left Highjack open in-case i need to delete anything. Anyone see anything i should be concerned about?0
-
Can you post the portion of the combofix log with the sections before the "reg loading points"
Those are "Files Created" & "Find3m", also a portion of the last bit of "Other deletions" after all the c:\users\Kev B\spkpod stuff.0 -
Log looks in pretty good shape, except for one major thing, No Antivirus Loaded !!!!
http://www.filehippo.com/download_avast_antivirus/
bin ares as planned, and you may want to investigate this:-
http://www.fanhow.com/answers/question-944-What-is-InstallIQ-Updater
Once done, give it a cleanup (CCleaner, both scans again) and see how it's running
sleep time for me, will check back tomoz ......Gettin' There, Wherever There is......
I have a dodgy "i" key, so ignore spelling errors due to "i" issues, ...I blame Apple
0 -
Can you post the portion of the combofix log with the sections before the "reg loading points"
Those are "Files Created" & "Find3m", also a portion of the last bit of "Other deletions" after all the c:\users\Kev B\spkpod stuff.
well spotted, missed the fact they weren't there in the midst of all the other carp...bad me
......Gettin' There, Wherever There is......
I have a dodgy "i" key, so ignore spelling errors due to "i" issues, ...I blame Apple0 -
-
Do you mean these bits?
c:\windows\$NtUninstallKB27942$\1694282492
c:\windows\$NtUninstallKB27942$\2328041498\@
c:\windows\$NtUninstallKB27942$\2328041498\bckfg.tmp
c:\windows\$NtUninstallKB27942$\2328041498\cfg.ini
c:\windows\$NtUninstallKB27942$\2328041498\Desktop.ini
c:\windows\$NtUninstallKB27942$\2328041498\keywords
c:\windows\$NtUninstallKB27942$\2328041498\kwrd.dll
c:\windows\$NtUninstallKB27942$\2328041498\L\xadqgnnk
c:\windows\$NtUninstallKB27942$\2328041498\U\00000001.@
c:\windows\$NtUninstallKB27942$\2328041498\U\00000002.@
c:\windows\$NtUninstallKB27942$\2328041498\U\80000000.@
c:\windows\$NtUninstallKB27942$\2328041498\U\80000032.@
c:\windows\437830538
c:\windows\system32\fbc851b9.exe
\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-08-27 to 2011-09-27 )))))))))))))))))))))))))))))))
.
.
2011-09-27 20:45 . 2011-09-27 20:45
d
w- c:\users\Default\AppData\Local\temp
2011-09-27 19:30 . 2011-09-27 19:30 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{298E49A8-35FB-4712-AD05-D47AAE93359C}\offreg.dll
2011-09-27 19:25 . 2009-07-13 23:11 80896 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2011-09-27 15:53 . 2011-09-12 23:14 7269712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{298E49A8-35FB-4712-AD05-D47AAE93359C}\mpengine.dll
2011-09-26 22:11 . 2011-09-27 18:33 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-09-26 22:11 . 2011-09-26 22:11
d
w- c:\program files\Hitman Pro 3.5
2011-09-26 22:11 . 2011-09-26 22:11
d
w- c:\programdata\Hitman Pro
2011-09-26 17:11 . 2011-09-26 17:11 159744 --sh--r- C:\siauh.exe
2011-09-26 15:12 . 2011-09-26 15:18
d
w- c:\users\Kev B\AppData\Roaming\LimeRunner
2011-09-26 12:52 . 2011-09-26 12:52
d
w- c:\windows\Sun
2011-09-24 11:01 . 2011-09-24 11:01
d
w- c:\users\Kev B\AppData\Local\WinZip
2011-09-24 10:41 . 2011-07-08 07:31 781272 ----a-w- c:\program files\Mozilla Firefox\sqlite3.dll
2011-09-24 10:41 . 2011-09-24 10:41
d
w- c:\programdata\Premium
2011-09-24 10:41 . 2011-09-24 10:41
d
w- c:\programdata\InstallMate
2011-09-24 10:14 . 2011-09-24 10:14
d
w- c:\program files\Adobe Media Player
2011-09-24 10:12 . 2011-09-24 10:12
d
w- c:\program files\Common Files\Adobe AIR
2011-09-23 17:38 . 2011-09-23 17:38
d
w- c:\users\Kev B\AppData\Roaming\Thinstall
2011-09-23 09:15 . 2011-09-27 12:26
d
w- c:\windows\Downloaded Installations
2011-09-14 00:51 . 2011-09-14 00:51
d
w- c:\users\Kev B\AppData\Roaming\Media Player Classic
2011-09-09 01:10 . 2011-09-09 01:10
d
w- c:\programdata\Macrovision
2011-09-09 01:10 . 2002-01-05 06:10 57344
w- c:\windows\system32\mfc70enu.dll
2011-09-09 01:10 . 2011-09-09 01:10
d
w- c:\program files\Common Files\Macromedia Shared
2011-09-09 01:10 . 2011-09-09 01:10
d
w- c:\program files\Common Files\Macromedia
2011-09-09 01:09 . 2011-09-09 01:09
d
w- c:\program files\Macromedia
2011-09-05 17:04 . 2011-09-05 17:04 183696 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-09-03 14:31 . 2011-09-03 14:31
d
w- c:\users\Kev B\AppData\Roaming\Birdstep Technology
2011-09-03 14:31 . 2011-09-03 14:31
d
w- c:\programdata\Birdstep Technology
2011-09-03 14:29 . 2011-09-03 14:29
d
w- c:\program files\3 Mobile Broadband
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-27 10:24 . 2011-02-24 17:16 108544 ----a-w- c:\windows\system32\drivers\cdrom.sys
2011-09-24 09:54 . 2011-06-04 23:16 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-31 16:00 . 2010-10-14 12:15 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-22 04:54 . 2011-08-10 09:55 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-16 04:27 . 2011-08-10 09:55 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 04:15 . 2011-08-10 09:55 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 09:55 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 09:55 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 09:55 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 09:55 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 09:55 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 09:55 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 09:55 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 09:55 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 09:55 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 09:55 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 09:55 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 09:55 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 09:55 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 09:55 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 09:55 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 09:55 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 09:55 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 09:55 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 09:55 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 09:55 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 09:55 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 09:55 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 09:55 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-16 02:17 . 2011-08-10 09:55 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17 . 2011-08-10 09:55 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17 . 2011-08-10 09:55 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17 . 2011-08-10 09:55 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-09 04:29 . 2011-08-24 15:35 2048 ----a-w- c:\windows\system32\tzres.dll
2011-07-09 02:30 . 2011-08-10 09:55 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-07-08 07:31 . 2011-08-03 23:48 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.0 -
Log looks in pretty good shape, except for one major thing, No Antivirus Loaded !!!!
http://www.filehippo.com/download_avast_antivirus/
bin ares as planned, and you may want to investigate this:-
http://www.fanhow.com/answers/question-944-What-is-InstallIQ-Updater
Once done, give it a cleanup (CCleaner, both scans again) and see how it's running
sleep time for me, will check back tomoz
Ran Ccleaner nothing reported.. flushed the resolver cache and give it a hard boot. Start up was pretty good and windows is on wizz at the min. Running very nice... .0 -
Do you mean these bits?
Yes. Combofix has removed ZeroAccess from the bit you've psoted there. There's also a couple of stragglers.2011-09-26 17:11 . 2011-09-26 17:11 159744 --sh--r- C:\siauh.exe
2011-09-26 15:12 . 2011-09-26 15:18
d
w- c:\users\Kev B\AppData\Roaming\LimeRunner
http://vil.nai.com/vil/content/v_596722.htm0 -
would you believe it.. i just had a cpl of redirects come up..0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351.1K Banking & Borrowing
- 253.2K Reduce Debt & Boost Income
- 453.6K Spending & Discounts
- 244.1K Work, Benefits & Business
- 599.1K Mortgages, Homes & Bills
- 177K Life & Family
- 257.5K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards