We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

Please help me sort out my computer probs - HJT added

Options
13

Comments

  • Browntoa
    Browntoa Posts: 49,602 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    Download and Run ComboFix
    • Download this file from below:

      Here
    • Disconnect from the Internet, than disable your anti-virus and any real-time anti-spyware monitors that are running ( right clicking while hovering over the icon for each on the bottom right of your screen should give that option).
    • Then double click combofix.exe & follow the prompts.
    • When finished, it shall produce a log for you. Post that log in your next reply
    Note 1: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
    Note 2:Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet. (a reboot while do this if you do not know how to do so manually)
    Ex forum ambassador

    Long term forum member
  • Browntoa
    Browntoa Posts: 49,602 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    also fix these in hijackthis

    O2 - BHO: (no name) - !!7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file

    O4 - HKLM\..\Run: [qwmfnqn] c:\windows\system32\qwmfnqn.exe qwmfnqn
    Ex forum ambassador

    Long term forum member
  • Browntoa
    Browntoa Posts: 49,602 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    I'm off out for an hour now but i'll come back to this thread as soon as I'm back
    Ex forum ambassador

    Long term forum member
  • polki
    polki Posts: 548 Forumite
    Part of the Furniture 500 Posts
    Sorry for the delay. I am going round in circles trying to restore Norton who appear to have woken up to the fact that there is a problem.

    In the meantime here are the results
    ComboFix 07-08-29.3 - "USER J" 2007-08-29 10:07:32.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.163 [GMT 1:00]
    * Created a new restore point

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    C:\DOCUME~1\USER a\ResErrors.log
    C:\DOCUME~1\USER J~1\ResErrors.log
    C:\DOCUME~1\USER PG~1\ResErrors.log
    C:\WINDOWS\system32\qwmfnqn.dat
    C:\WINDOWS\system32\qwmfnqn.exe
    C:\WINDOWS\system32\qwmfnqn_nav.dat
    C:\WINDOWS\system32\qwmfnqn_navps.dat

    ((((((((((((((((((((((((( Files Created from 2007-07-28 to 2007-08-29 )))))))))))))))))))))))))))))))

    2007-08-29 10:04 51,200 --a

    C:\WINDOWS\nircmd.exe
    2007-08-28 19:53 5,608 --a
    C:\WINDOWS\system32\tmp.reg
    2007-08-28 19:51 53,248 --a
    C:\WINDOWS\system32\Process.exe
    2007-08-28 19:51 51,200 --a
    C:\WINDOWS\system32\dumphive.exe
    2007-08-28 19:51 288,417 --a
    C:\WINDOWS\system32\SrchSTS.exe
    2007-08-27 22:06 <DIR> d
    C:\DOCUME~1\USER J~1\.housecall6.6
    2007-08-27 21:35 <DIR> d
    C:\WINDOWS\system32\ActiveScan
    2007-08-26 23:17 <DIR> d
    C:\DOCUME~1\ADMINI~1\APPLIC~1\SUPERUSER aiSpyware.com
    2007-08-26 23:16 <DIR> d
    C:\DOCUME~1\ADMINI~1\APPLIC~1\SymUSER aec
    2007-08-26 23:16 <DIR> d
    C:\DOCUME~1\ADMINI~1\APPLIC~1\Apple Computer
    2007-08-26 22:54 <DIR> d
    C:\DOCUME~1\USER a\APPLIC~1\SUPERUSER aiSpyware.com
    2007-08-26 07:21 <DIR> d
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    2007-08-26 06:50 <DIR> d
    C:\WINDOWS\pss
    2007-08-26 06:35 <DIR> d
    C:\Program Files\Windows Defender
    2007-08-26 06:26 <DIR> d
    C:\Program Files\CCleaner
    2007-08-26 06:19 <DIR> d
    C:\Program Files\Lavasoft
    2007-08-26 06:19 <DIR> d
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
    2007-08-26 06:05 <DIR> d
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERUSER aiSpyware.com
    2007-08-26 06:04 <DIR> d
    C:\Program Files\SUPERUSER aiSpyware
    2007-08-26 06:04 <DIR> d
    C:\DOCUME~1\USER J~1\APPLIC~1\SUPERUSER aiSpyware.com
    2007-08-26 05:59 <DIR> d
    C:\Program Files\Common Files\Wise Installation Wizard
    2007-08-24 07:54 <DIR> d
    C:\DOCUME~1\USER a\APPLIC~1\AVSystemCare
    2007-08-24 07:18 <DIR> d--hs---- C:\GA6P
    2007-08-24 07:17 8,704 --a
    C:\WINDOWS\system32\SpOrder.dll
    2007-08-24 07:03 <DIR> d
    C:\DOCUME~1\USER PG~1\APPLIC~1\AVSystemCare
    2007-08-24 07:02 24,064 --a
    C:\WINDOWS\system32\msxml3a.dll
    2007-08-23 20:23 <DIR> d
    C:\DOCUME~1\USER PG~1\APPLIC~1\Leadertech
    2007-08-22 21:58 <DIR> d
    C:\Program Files\winamp
    2007-08-22 21:37 <DIR> d
    C:\Program Files\Trend Micro
    2007-08-16 20:00 <DIR> d
    C:\Program Files\Windows Media Connect 2
    2007-08-16 19:57 <DIR> d
    C:\WINDOWS\system32\drivers\UMDF
    2007-08-14 05:45 <DIR> d
    C:\DOCUME~1\ALLUSE~1\SymUSER aec Temporary Files
    2007-08-05 16:52 88 --a
    C:\TEMP\acl.bat
    2007-08-05 16:52 <DIR> d
    C:\TEMP
    2007-08-05 16:49 <DIR> d
    C:\Program Files\Kelloggs Art Attack
    2007-08-04 16:56 144 --a
    C:\DOCUME~1\USER A~1\APPLIC~1\wklnhst.dat
    2007-07-30 08:48 <DIR> d
    C:\DOCUME~1\LOCALS~1\APPLIC~1\FaxCtr

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    2007-08-28 09:15
    d
    C:\Program Files\QuickTime
    2007-08-28 09:11
    d
    C:\Program Files\Lexmark Fax Solutions
    2007-08-28 09:11
    d
    C:\Program Files\Lexmark 3400 Series
    2007-08-28 09:06
    d
    C:\Program Files\iTunes
    2007-08-28 08:58
    d
    C:\Program Files\Common Files\LightScribe
    2007-08-28 08:55
    d
    C:\Program Files\Apoint2K
    2007-08-24 06:53
    d
    C:\Program Files\Common Files\SymUSER aec Shared
    2007-08-24 06:53
    d
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\SymUSER aec
    2007-08-24 06:48
    d
    C:\Program Files\SymUSER aec
    2007-08-22 19:01
    d
    C:\Program Files\Motive
    2007-08-22 19:01
    d
    C:\Program Files\Common Files\Motive
    2007-08-10 19:39
    d
    C:\Program Files\lx_cats
    2007-08-07 06:32
    d
    C:\Program Files\BingoCafeUK
    2007-08-05 16:49
    d--h
    C:\Program Files\InstallShield Installation Information
    2007-08-01 17:28
    d
    C:\DOCUME~1\USER a\APPLIC~1\Google
    2007-07-30 19:19 92504 --a
    C:\WINDOWS\system32\dllcache\cdm.dll
    2007-07-30 19:19 92504 --a
    C:\WINDOWS\system32\cdm.dll
    2007-07-30 19:19 549720 --a
    C:\WINDOWS\system32\wuapi.dll
    2007-07-30 19:19 549720 --a
    C:\WINDOWS\system32\dllcache\wuapi.dll
    2007-07-30 19:19 53080 --a
    C:\WINDOWS\system32\wuauclt.exe
    2007-07-30 19:19 53080 --a
    C:\WINDOWS\system32\dllcache\wuauclt.exe
    2007-07-30 19:19 43352 --a
    C:\WINDOWS\system32\wups2.dll
    2007-07-30 19:19 325976 --a
    C:\WINDOWS\system32\wucltui.dll
    2007-07-30 19:19 325976 --a
    C:\WINDOWS\system32\dllcache\wucltui.dll
    2007-07-30 19:19 271224 --a
    C:\WINDOWS\system32\mucltui.dll
    2007-07-30 19:19 207736 --a
    C:\WINDOWS\system32\muweb.dll
    2007-07-30 19:19 203096 --a
    C:\WINDOWS\system32\wuweb.dll
    2007-07-30 19:19 203096 --a
    C:\WINDOWS\system32\dllcache\wuweb.dll
    2007-07-30 19:19 1712984 --a
    C:\WINDOWS\system32\wuaueng.dll
    2007-07-30 19:19 1712984 --a
    C:\WINDOWS\system32\dllcache\wuaueng.dll
    2007-07-30 19:18 33624 --a
    C:\WINDOWS\system32\wups.dll
    2007-07-30 19:18 33624 --a
    C:\WINDOWS\system32\dllcache\wups.dll
    2007-07-30 08:35
    d
    C:\DOCUME~1\USER a\APPLIC~1\FaxCtr
    2007-07-25 17:09
    d
    C:\Program Files\Google
    2007-07-21 18:52
    d
    C:\Program Files\Windows Live Toolbar
    2007-07-21 18:45
    d
    C:\Program Files\eMule
    2007-07-19 07:59 3583488 --a
    C:\WINDOWS\system32\dllcache\mshtml.dll
    2007-07-17 20:08
    d
    C:\DOCUME~1\USER A~1\APPLIC~1\SymUSER aec
    2007-07-13 00:31 765952 --a
    C:\WINDOWS\system32\dllcache\vgx.dll
    2007-06-27 15:34 823808 --a
    C:\WINDOWS\system32\dllcache\wininet.dll
    2007-06-27 15:34 671232 --a
    C:\WINDOWS\system32\dllcache\mstime.dll
    2007-06-27 15:34 6058496 --a
    C:\WINDOWS\system32\dllcache\ieframe.dll
    2007-06-27 15:34 52224 --a
    C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    2007-06-27 15:34 477696 --a
    C:\WINDOWS\system32\dllcache\mshtmled.dll
    2007-06-27 15:34 459264 --a
    C:\WINDOWS\system32\dllcache\msfeeds.dll
    2007-06-27 15:34 44544
    C:\WINDOWS\system32\dllcache\iernonce.dll
    2007-06-27 15:34 384512
    C:\WINDOWS\system32\dllcache\iedkcs32.dll
    2007-06-27 15:34 383488 --a
    C:\WINDOWS\system32\dllcache\ieapfltr.dll
    2007-06-27 15:34 27648 --a
    C:\WINDOWS\system32\dllcache\jsproxy.dll
    2007-06-27 15:34 267776 --a
    C:\WINDOWS\system32\dllcache\iertutil.dll
    2007-06-27 15:34 232960
    C:\WINDOWS\system32\dllcache\webcheck.dll
    2007-06-27 15:34 230400
    C:\WINDOWS\system32\dllcache\ieaksie.dll
    2007-06-27 15:34 193024 --a
    C:\WINDOWS\system32\dllcache\msrating.dll
    2007-06-27 15:34 153088
    C:\WINDOWS\system32\dllcache\ieakeng.dll
    2007-06-27 15:34 132608 --a
    C:\WINDOWS\system32\dllcache\extmgr.dll
    2007-06-27 15:34 124928
    C:\WINDOWS\system32\dllcache\advpack.dll
    2007-06-27 15:34 1152000 --a
    C:\WINDOWS\system32\dllcache\urlmon.dll
    2007-06-27 15:34 105984
    C:\WINDOWS\system32\dllcache\url.dll
    2007-06-27 15:34 102400
    C:\WINDOWS\system32\dllcache\occache.dll
    2007-06-27 09:27 63488
    C:\WINDOWS\system32\dllcache\ie4uinit.exe
    2007-06-27 09:27 625152
    C:\WINDOWS\system32\dllcache\iexplore.exe
    2007-06-27 09:27 13824 --a
    C:\WINDOWS\system32\dllcache\ieudinit.exe
    2007-06-27 08:00 161792
    C:\WINDOWS\system32\dllcache\ieakui.dll
    2007-06-26 07:08 1104896 --a
    C:\WINDOWS\system32\msxml3.dll
    2007-06-26 07:08 1104896 --a
    C:\WINDOWS\system32\dllcache\msxml3.dll
    2007-06-19 14:31 282112 --a
    C:\WINDOWS\system32\gdi32.dll
    2007-06-19 14:31 282112 --a
    C:\WINDOWS\system32\dllcache\gdi32.dll
    2007-06-13 11:23 1033216 --a
    C:\WINDOWS\explorer.exe
    2007-06-13 11:23 1033216
    C:\WINDOWS\system32\dllcache\explorer.exe
    2007-06-11 23:51 10834944 --a
    C:\WINDOWS\system32\dllcache\wmp.dll

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-12-13 15:43]
    "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-12-13 15:38]
    "SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 13:48]
    "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-08-06 08:27]
    "AGRSMMSG"="AGRSMMSG.exe" [2004-08-24 12:20 C:\WINDOWS\AGRSMMSG.exe]
    "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2005-02-08 17:38]
    "hpWirelessAssistUSER a"="C:\Program Files\hpq\HP Wireless AssistUSER a\HP Wireless AssistUSER a.exe" [2005-04-11 15:21]
    "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
    "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 13:54]
    "eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 13:24]
    "Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-09-07 16:28]
    "SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2005-01-24 20:58]
    "EPSON Stylus C48 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I091.exe" [2005-05-16 19:00]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-02-23 15:45]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-04-12 16:57]
    "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50]
    "lxcymon.exe"="C:\Program Files\Lexmark 3400 Series\lxcymon.exe" [2006-01-25 17:02]
    "EzPrint"="C:\Program Files\Lexmark 3400 Series\ezprint.exe" [2006-02-07 06:10]
    "FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2006-02-02 09:11]
    "LXCYCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll" [2005-12-01 19:38]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:00]
    "SUPERUSER aiSpyware"="C:\Program Files\SUPERUSER aiSpyware\SUPERUSER aiSpyware.exe" [2007-06-21 14:06]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "!!5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERUSER aiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERUSER aiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERUSER aiSpyware\SASWINLO.dll
    R3 lxcy_device;lxcy_device;C:\WINDOWS\system32\lxcycoms.exe -service
    R3 wg111nd5;NETGEAR WG111 802.11g Wireless USB Adapter Driver;C:\WINDOWS\system32\DRIVERS\wg111nd5.sys
    *Newly Created Service* - CATCHME
    Contents of the 'Scheduled Tasks' folder
    2007-08-29 08:19:30 C:\WINDOWS\Tasks\MP Scheduled Scan.job - C:\Program Files\Windows Defender\MpCmdRun.exe
    2007-08-29 09:11:00 C:\WINDOWS\Tasks\SymUSER aec NetDetect.job - C:\Program Files\SymUSER aec\LiveUpdate\NDetect.exe
    **************************************************************************
    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-08-29 10:11:40
    Windows 5.1.2600 Service Pack 2 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????7?9?0?5??P???? ???B???????????????B? ??????
    LXCYCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    **************************************************************************
    Completion time: 2007-08-29 10:13:06
    C:\ComboFix-quarUSER ained-files.txt ... 2007-08-29 10:12
    --- E O F ---
  • Browntoa
    Browntoa Posts: 49,602 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    pop ups ???

    or all quiet ??
    Ex forum ambassador

    Long term forum member
  • polki
    polki Posts: 548 Forumite
    Part of the Furniture 500 Posts
    Browntoa wrote: »
    also fix these in hijackthis

    O2 - BHO: (no name) - !!7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file

    O4 - HKLM\..\Run: [qwmfnqn] c:\windows\system32\qwmfnqn.exe qwmfnqn

    Will do this now.
  • Browntoa
    Browntoa Posts: 49,602 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    I'd run ccleaner

    www.ccleaner.com

    to clean up your temp files

    you may find that

    c:\windows\system32\qwmfnqn.exe

    has gone
    Ex forum ambassador

    Long term forum member
  • polki
    polki Posts: 548 Forumite
    Part of the Furniture 500 Posts
    Yes - c:\windows\system32\qwmfnqn.exe
    has gone.

    Have deleted the other file. Do you want to see the hijackthis report.

    Things seem to be running smoother now.
  • polki
    polki Posts: 548 Forumite
    Part of the Furniture 500 Posts
    No popups!

    I have tried a couple of sites guaranteed to trigger a response.

    Do you think it is now safe? How can I be sure?

    Thank you so much for your patience.
  • Browntoa
    Browntoa Posts: 49,602 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    post a fresh hijackthis log for me to double check

    those Items I got you to delete were the offending items which "hands up" I missed the first time :o:o

    the superantispyware log came up clean and the Smitfraud + combifix should have laid the rest to bed

    at some point do a full scan with Nortons after updating ( I take it your subscription is up to date)
    Ex forum ambassador

    Long term forum member
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 350.9K Banking & Borrowing
  • 253.1K Reduce Debt & Boost Income
  • 453.5K Spending & Discounts
  • 243.9K Work, Benefits & Business
  • 598.7K Mortgages, Homes & Bills
  • 176.9K Life & Family
  • 257.2K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 37.6K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.