We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Fraud defence centre
Comments
-
Avast won't let me open the link0
-
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by HP_Owner at 22:53:54 on 2012-05-13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.503.112 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe0 -
============= Pseudo HJT Report ===============
.
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=Q105&bd=pavilion&pf=desktop
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
TB: HP view: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\HPDTLK02.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [HPHUPD06] c:\program files\hp\{aac4fc36-8f89-4587-8dd3-ebc57c83374d}\hphupd06.exe
mRun: [HPHmon06] c:\windows\system32\hphmon06.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [Home Theater SchSvr] "c:\program files\common files\intervideo\schsvr\SchSvr.exe"
mRun: [WINREMOTE] "c:\program files\intervideo\common\bin\WinRemote.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [VTTimer] VTTimer.exe
mRun: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1267457086250
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{5DFCF418-BEE4-44E4-83AE-13834CF4DF86} : DhcpNameServer = 192.168.0.1
Notify: igfxcui - igfxsrvc.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.0 -
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-8-14 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-3-1 337880]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-3-1 20696]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-27 44768]
R3 PhTVTune;ASUS WDM TV Tuner;c:\windows\system32\drivers\PhTVTune.sys [2005-1-1 24544]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-3-31 116648]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-3-31 116648]
.
=============== Created Last 30 ================
.
2012-05-13 19:35:45 388096 ----a-r- c:\documents and settings\hp_owner\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-05-13 14:54:50
d--h--w- c:\documents and settings\all users\application data\Common Files
2012-05-13 14:54:26
d
w- c:\documents and settings\all users\application data\MFAData
2012-04-29 14:23:44
d
w- c:\documents and settings\hp_owner\local settings\application data\MicroVision Applications
.
==================== Find3M ====================
.
2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 13:10:58 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 12:35:52 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-04 14:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-06 23:15:19 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:03:51 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01:32 1469440
w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40 385024 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 22:57:07.73 ===============0 -
managed to do it thanks0
-
That looks ok. The "red boxes" that came up - were they avast?
Do this, again it should only take a minute or two.
Download this and save it to your desktop.
http://public.avast.com/~gmerek/aswMBR.exe
When you've downloaded it...- Double click aswMBR.exe to run it
- Click NO if prompted to scan with Avast virus definitions
- Change the AVscan set to NONE, click the Scan button.
- When the scan reports "Scan finished successfully", click Save log & save the log to your desktop.
- Click OK when prompted. aswMBR.txt & MBR.dat will be appear on your desktop.
- Click EXIT.
- Copy & paste the contents of aswMBR.txt & post it here.
0 - Double click aswMBR.exe to run it
-
sorry the red boxes of warnings were from when the malware bytes had finished it's scan.
Bear with me i'm a female and not very technical, but a wizz with a iron. lol0 -
No problem - I'm crap with an iron.....
0 -
swMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-13 23:12:43
23:12:43.187 OS Version: Windows 5.1.2600 Service Pack 3
23:12:43.187 Number of processors: 1 586 0x401
23:12:43.187 ComputerName: MLCL2427 UserName: HP_Owner
23:12:45.156 Initialize success
23:12:49.890 AVAST engine defs: 12051301
23:13:11.078 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
23:13:11.078 Disk 0 Vendor: SAMSUNG_SP1213C SV100-30 Size: 114498MB BusType: 3
23:13:11.093 Disk 0 MBR read successfully
23:13:11.093 Disk 0 MBR scan
23:13:11.109 Disk 0 unknown MBR code
23:13:11.109 Disk 0 Partition 1 00 0B FAT32 RECOVERY 4702 MB offset 63
23:13:11.109 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 109782 MB offset 9631440
23:13:11.125 Disk 0 scanning sectors +234465840
23:13:11.203 Disk 0 scanning C:\WINDOWS\system32\drivers
23:13:25.875 Service scanning
23:13:38.062 Modules scanning
23:13:44.906 Disk 0 trace - called modules:
23:13:44.921 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
23:13:45.265 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82d82ab8]
23:13:45.265 3 CLASSPNP.SYS[f8633fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x82d83d98]
23:13:45.609 AVAST engine scan C:\WINDOWS
23:13:51.671 AVAST engine scan C:\WINDOWS\system32
23:16:07.328 AVAST engine scan C:\WINDOWS\system32\drivers
23:16:21.203 AVAST engine scan C:\Documents and Settings\HP_Owner
23:17:18.859 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\HP_Owner\My Documents\MBR.dat"
23:17:18.875 The log file has been saved successfully to "C:\Documents and Settings\HP_Owner\My Documents\aswMBR.txt"0 -
All looks good.
See if you can do this again. Make sure you highlight & copy all that is inside the codebox, from cmd right through to log.txt, but don't include code:
Go to start > run and copy then paste this into the run box and click ok.cmd /c dir "C:\Documents and Settings\HP_Owner\Local Settings\Application Data\winNet3xx" >Log.txt&Log.txt&del Log.txt
It should take only a few seconds. Post the log that opens. If a notepad file doesn't open - let me know.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351.4K Banking & Borrowing
- 253.3K Reduce Debt & Boost Income
- 453.8K Spending & Discounts
- 244.4K Work, Benefits & Business
- 599.6K Mortgages, Homes & Bills
- 177.1K Life & Family
- 257.9K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.2K Discuss & Feedback
- 37.6K Read-Only Boards