We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
The Forum now has a brand new text editor, adding a bunch of handy features to use when creating posts. Read more in our how-to guide
Nasty Virus
Comments
-
Sorry!
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16506 BrowserJavaVersion: 10.5.0
Run by Lesley at 8:02:09 on 2013-10-08
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2046.559 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
AV: Emsisoft Anti-Malware *Enabled/Updated* {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
SP: Emsisoft Anti-Malware *Enabled/Updated* {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\IPSSVC.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Prey\platform\windows\cronsvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe
C:\Windows\system32\FsUsbExService.Exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Lenovo\PM Driver\PMSveH.exe
C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
c:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Samsung\AllShare Framework DMS\1.3.17\AllShareFrameworkManagerDMS.exe
C:\Program Files\Samsung\AllShare Framework DMS\1.3.17\AllShareFrameworkDMS.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Users\Lesley\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\AD-AWA~1\AdAware.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\sdclt.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Lesley\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lesley\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lesley\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lesley\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lesley\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lesley\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lesley\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lesley\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lesley\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lesley\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Lesley\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lesley\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Users\Lesley\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
mDefault_Page_URL = hxxp://lenovo.live.com
uURLSearchHooks: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - <orphaned>
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: CPwmIEBrowserHelper Object: {F040E541-A427-4CF7-85D8-75E3E0F476C5} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [MusicManager] "c:\users\lesley\appdata\local\programs\google\musicmanager\MusicManager.exe"
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LanguageShortcut] "c:\program files\lenovo multimedia center\powerdvd\language\Language.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Windows Mobile-based device management] c:\windows\windowsmobile\wmdSync.exe
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Ad-Aware Antivirus] "c:\program files\ad-aware antivirus\AdAwareLauncher" --windows-run
mRun: [emsisoft anti-malware] "c:\program files\emsisoft anti-malware\a2guard.exe" /d=60
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office14\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\users\lesley\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: Se&nd to OneNote - c:\progra~1\mi1933~1\office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\lenovo\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\lenovo\bluetooth software\btsendto_ie.htm
IE: {0045D4BC-5189-4b67-969C-83BB1906C421} - {0FE81B52-73FA-425F-8F06-3F32451AC73F} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\lenovo\bluetooth software\btsendto_ie.htm
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{B974278D-CFCA-4400-9B3C-365E05058F38} : DHCPNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\puresp3.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
============= SERVICES / DRIVERS ===============
.
R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-10-6 13560]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-6-18 211560]
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\emsisoft anti-malware\a2ddax86.sys [2013-10-7 22056]
R1 a2injectiondriver;a2injectiondriver;c:\program files\emsisoft anti-malware\a2dix86.sys [2013-10-7 38248]
R1 a2util;a-squared Malware-IDS utility driver;c:\program files\emsisoft anti-malware\a2util32.sys [2013-10-7 14432]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2007-2-19 13744]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608]
R2 a2AntiMalware;Emsisoft Anti-Malware 8.0 - Service;c:\program files\emsisoft anti-malware\a2service.exe [2013-10-7 4153784]
R2 Ad-Aware Service;Ad-Aware Service;c:\program files\ad-aware antivirus\AdAwareService.exe [2013-6-13 1236336]
R2 AllShare Framework DMS;AllShare Framework DMS;c:\program files\samsung\allshare framework dms\1.3.17\AllShareFrameworkManagerDMS.exe [2013-8-23 401800]
R2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe [2011-2-15 19968]
R2 FNF5SVC;Fn+F5 Service;c:\program files\lenovo\hotkey\FnF5svc.exe [2007-5-11 54832]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2010-7-14 21504]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2011-11-16 238952]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 107392]
R3 a2acc;a2acc;c:\program files\emsisoft anti-malware\a2accx86.sys [2013-10-7 57944]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-2-8 179712]
R3 cleanhlp;cleanhlp;c:\program files\emsisoft anti-malware\cleanhlp32.sys [2013-10-7 50200]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2011-11-16 36608]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-6-20 295376]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2007-5-22 30336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-13 418376]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-6-19 701512]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2013-5-7 83864]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2013-5-7 20032]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-6-19 22856]
S3 smtmoser;USB Device for Legacy Serial Communication (T-Mobile);c:\windows\system32\drivers\smtmoser.sys [2011-7-30 108416]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2013-5-7 181912]
.
=============== File Associations ===============
.
FileExt: .reg: regfile=regedit.exe "%1" [UserChoice]
FileExt: .inf: inffile=c:\windows\system32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2013-10-08 06:23:03 7328304 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{cd84563d-a213-4198-be2c-9c1c8d1bc3a1}\mpengine.dll
2013-10-07 19:39:14
d
w- c:\program files\Emsisoft Anti-Malware
2013-10-07 06:41:00
d-sh--w- C:\found.002
2013-10-06 14:57:19
d
w- c:\programdata\Ad-Aware Antivirus
2013-10-06 14:57:10
d
w- c:\users\lesley\appdata\roaming\LavasoftStatistics
2013-10-06 14:53:29
d
w- c:\program files\Panda Security
2013-10-06 14:40:12
d
w- c:\program files\Ad-Aware Antivirus
2013-10-06 14:38:28
d
w- c:\programdata\Downloaded Installations
2013-10-06 14:33:43 44424 ----a-w- c:\windows\system32\sbbd.exe
2013-10-06 14:33:43 13560 ----a-w- c:\windows\system32\drivers\gfibto.sys
2013-10-06 14:33:20
d
w- c:\users\lesley\appdata\roaming\Ad-Aware Antivirus
2013-10-06 09:42:08
d
w- c:\programdata\Licenses
2013-10-06 09:41:59 129872 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2013-10-06 09:41:54
d
w- c:\program files\SpywareBlaster
2013-10-06 08:14:14 7328304
w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-10-04 18:31:58
d
w- c:\program files\iPod
2013-10-04 18:31:44
d
w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-09-26 17:52:26
d
w- c:\program files\WinDirStat
2013-09-14 12:54:05
d
w- c:\users\lesley\Samsung Link
2013-09-14 12:49:48
d
w- C:\Upload
2013-09-14 12:48:33
d
w- c:\users\lesley\.swt
2013-09-13 22:04:04 3723656 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-09-11 23:54:34 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-09-11 23:54:33 615936 ----a-w- c:\windows\system32\themeui.dll
2013-09-11 23:54:32 2049536 ----a-w- c:\windows\system32\win32k.sys
2013-09-11 18:58:58 718712
w- c:\programdata\microsoft\microsoft antimalware\definition updates\{0fa05fb0-0662-42c0-9122-4b89c8d5de4e}\gapaengine.dll
.
==================== Find3M ====================
.
2013-10-08 07:02:35 29 ----a-w- c:\windows\system32\TempWmicBatchFile.bat
2013-09-19 20:04:45 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-19 20:04:44 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-31 10:00:20 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-07-31 09:52:44 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-07-31 09:52:34 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-07-31 09:48:43 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-07-31 09:48:09 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-07-31 09:45:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-07-23 18:18:54 46592 ----a-w- c:\windows\system32\boost_thread-vc90-mt-1_47.dll
2013-07-23 18:18:46 38912 ----a-w- c:\windows\system32\boost_date_time-vc90-mt-1_47.dll
2013-07-23 18:18:42 704000 ----a-w- c:\windows\system32\boost_regex-vc90-mt-1_47.dll
2013-07-23 18:18:40 227840 ----a-w- c:\windows\system32\boost_serialization-vc90-mt-1_47.dll
2013-07-23 18:18:38 130048 ----a-w- c:\windows\system32\boost_filesystem-vc90-mt-1_47.dll
2013-07-23 18:18:38 12800 ----a-w- c:\windows\system32\boost_system-vc90-mt-1_47.dll
2013-07-20 09:07:04 606 ----a-w- c:\windows\uninstallstickies.bat
2013-07-17 19:41:34 2048 ----a-w- c:\windows\system32\tzres.dll
2013-07-10 09:47:00 783360 ----a-w- c:\windows\system32\rpcrt4.dll
2006-05-03 11:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 12:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 14:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll
.
============= FINISH: 8:04:50.50 ===============0 -
Uninstall all these first:
http://windows.microsoft.com/en-us/windows/uninstall-change-program#uninstall-change-program=windows-vista
Ad-Aware Antivirus
Emsisoft Anti-Malware
Java(TM) 7 Update 5
Spybot - Search & Destroy
SUPERAntiSpyware0 -
OK they've all gone.....0
-
Download aswMBR and save it to your Desktop.
http://files.avast.com/files/rootkit-scanner/aswmbr.exe- Right click aswMBR.exe & choose "Run as Administrator" to run it.
- Click YES to the prompt to download Avast virus definitions
- When the virus definitions have downloaded, click the Scan button.
- Wait till the scan reports "Scan finished successfully"
- Click Save log & save the log to your desktop.
- Click OK
- Two files will be created, aswMBR.txt & a file named MBR.dat
- Click EXIT.
- Copy & Paste the contents of aswMBR.txt into your next reply.
0 -
This could take some time! It's been scanning my calibre library for about 35 minutes and is only up to J :shocked:0
-
I went to bed at midnight due to early start and left scan running......got up this morning and windows has installed updates and restarted :mad: I'll start again then............0
-
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-10-09 05:15:21
05:15:21.803 OS Version: Windows 6.0.6002 Service Pack 2
05:15:21.804 Number of processors: 2 586 0xF0D
05:15:21.806 ComputerName: LESLEY-PC UserName: Lesley
05:15:23.788 Initialize success
05:15:53.092 AVAST engine defs: 13100800
05:16:30.187 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
05:16:30.191 Disk 0 Vendor: WDC_WD16 08.0 Size: 152627MB BusType: 3
05:16:30.341 Disk 0 MBR read successfully
05:16:30.346 Disk 0 MBR scan
05:16:30.388 Disk 0 unknown MBR code
05:16:30.405 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 5888 MB offset 2048
05:16:30.464 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 146737 MB offset 12060672
05:16:30.500 Disk 0 scanning sectors +312578048
05:16:30.620 Disk 0 scanning C:\Windows\system32\drivers
05:17:08.958 Service scanning
05:17:43.732 Service MpKslf60efe13 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CD84563D-A213-4198-BE2C-9C1C8D1BC3A1}\MpKslf60efe13.sys **LOCKED** 32
05:18:25.847 Modules scanning
05:18:58.478 Disk 0 trace - called modules:
05:18:58.878 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
05:18:58.884 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x863f9270]
05:18:58.890 3 CLASSPNP.SYS[88aaf8b3] -> nt!IofCallDriver -> [0x85222810]
05:18:58.898 5 acpi.sys[82e496bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x85228030]
05:19:00.130 AVAST engine scan C:\Windows
05:19:11.949 AVAST engine scan C:\Windows\system32
05:27:13.816 AVAST engine scan C:\Windows\system32\drivers
05:27:50.332 AVAST engine scan C:\Users\Lesley
06:47:51.608 AVAST engine scan C:\ProgramData
07:15:19.503 Scan finished successfully
07:19:32.430 Disk 0 MBR has been saved successfully to "C:\Users\Lesley\Desktop\MBR.dat"
07:19:32.642 The log file has been saved successfully to "C:\Users\Lesley\Desktop\aswMBR.txt"0 -
Everything looks ok. Update and run a quick scan with mbam. Post the log if it detects anything.0
-
Thanks will do.....MBAM worried me a bit because it's given me clean scans all the way through.....SuperAntiSpyware was the only one that picked it up :T0
-
Malwarebytes Anti-Malware (PRO) 1.75.0.1300
https://www.malwarebytes.org
Database version: v2013.10.09.01
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Lesley :: LESLEY-PC [administrator]
Protection: Enabled
09/10/2013 07:53:00
MBAM-log-2013-10-09 (08-21-46).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 205884
Time elapsed: 20 minute(s),
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 1
HKCU\Software\1ClickDownload (PUP.Optional.1ClickDownload.A) -> No action taken.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 2
C:\Users\Lesley\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\Lesley\AppData\Roaming\OpenCandy\55537FF5CD6C48A1A6D1076F5145F527 (PUP.Optional.OpenCandy) -> No action taken.
Files Detected: 2
C:\Users\Lesley\Downloads\PetrolPricesSetup.exe (PUP.Optional.Inbox) -> No action taken.
C:\Users\Lesley\AppData\Roaming\OpenCandy\55537FF5CD6C48A1A6D1076F5145F527\TuneUpUtilities2013-2200340_en-GB.exe (PUP.Optional.OpenCandy) -> No action taken.
(end)0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 353.5K Banking & Borrowing
- 254.2K Reduce Debt & Boost Income
- 455.1K Spending & Discounts
- 246.6K Work, Benefits & Business
- 603K Mortgages, Homes & Bills
- 178.1K Life & Family
- 260.6K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards