Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Your system is infected message

  • 14-08-2009 10:06am
    #1
    Closed Accounts Posts: 390 ✭✭


    Hi i'll give a little background:

    I use Avira Antivirus software for virus protection when online.
    Recently someone at home clicked some link and the antivirus program started detecting loads of trojan viruses and askin to either delete or quarantine these etc. So I clicked delete on all of those - but I think it was too late as a big red x was appearing in the corner of the screen and a message came up saying windows is infected click here to install something that will help it - so clicking there was doing nothing (possibly the message was the virus itself) and i ran a full system scan which found nothing.
    Then I installed the latest version of antivirus but as computer froze i just turned it off.

    When i turned it on windows failed to start and a message asked do you want to go back to the last time it was all working fine? I clicked that and windows loaded and a message in the corner said malicious software has been removed?
    Also a warning that the firewall is turned off - so i turned it on.

    Then i started another full system scan and decided to turn on the internet, 30 seconds later that message came up again that your computer is infected and the firewall is turned off! so I shut off the internet connection and the system scan found 7 viruses all of which were moved to quarantine and then i deleted them.

    Any good antivirus software that you guys know of that I could run to catch this thing? I don't think the virus is gone yet :(


Comments

  • Registered Users, Registered Users 2 Posts: 8,382 ✭✭✭petes


    Install malwarebytes and run that.

    Also never click on any popups. Ever. No matter what they say.


  • Closed Accounts Posts: 390 ✭✭idunnoutellme


    oh i know that - but i also think i know who the culprit is who clicked on something ugh. many thanks i'll try that.


  • Closed Accounts Posts: 390 ✭✭idunnoutellme


    Hi again,

    I've tried malwarebytes - it is very good for the detections now i have to say. It solved the problem temporarily - until i turned on the internet and the can of worms opened up again.
    There is some executable virus in the system folder which i cannot remove.
    Everytime i do it appears again :(
    The trojan horses that get in once i turn on the internet disable any security features - firewall etc and kill the antivirus program :(

    I guess there isnt anything left but to get the backup disk and reboot the whole thing?


  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    hi

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**
    1. If you are using Firefox, make sure that your download settings are as follows:
      • Tools->Options->Main tab
      • Set to "Always ask me where to Save the files".
    2. During the download, rename Combofix to Combo-Fix as follows:

      CF_download_FF.gif

      CF_download_rename.gif

    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    7. Double click on combo-Fix.exe & follow the prompts.
    8. When finished, it will produce a report for you.
    9. Please post the "C:\Combo-Fix.txt" for further review.
    **Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**


  • Closed Accounts Posts: 390 ✭✭idunnoutellme


    Hi ASJ - here's the report:

    ComboFix 09-08-19.0C - Catherine 20/08/2009 19:25.1.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.3.1251.7.1033.18.447.234 [GMT 1:00]
    Running from: c:\documents and settings\Catherine\Desktop\Combo-Fix.exe
    AV: avast! antivirus 4.8.1335 [VPS 090820-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\All Users\Desktop\avast! Antivirus.lnk
    c:\documents and settings\LocalService\Application Data\Microsoft\Internet Explorer\Quick Launch\PC_Antispyware2010.lnk
    c:\documents and settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd
    c:\documents and settings\LocalService\Start Menu\Programs\PC_Antispyware2010
    c:\documents and settings\LocalService\Start Menu\Programs\PC_Antispyware2010\PC_Antispyware2010.lnk
    c:\documents and settings\LocalService\Start Menu\Programs\PC_Antispyware2010\Uninstall.lnk
    c:\recycler\S-1-5-21-3302864472-1465077461-2199518539-1003
    C:\smp.bat
    c:\windows\system32\_000006_.tmp.dll
    c:\windows\system32\_000013_.tmp.dll
    c:\windows\system32\braviax.exe
    c:\windows\system32\dllcache\figaro.sys
    c:\windows\system32\dzgtactx.dll

    Infected copy of c:\windows\system32\drivers\ntfs.sys was found and disinfected
    Restored copy from - c:\system volume information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP746\A0254057.sys

    Infected copy of c:\windows\system32\drivers\beep.sys was found and disinfected
    Restored copy from - c:\system volume information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP756\A0259314.sys

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    \Legacy_IPRIP
    \Service_Iprip


    ((((((((((((((((((((((((( Files Created from 2009-07-20 to 2009-08-20 )))))))))))))))))))))))))))))))
    .

    2009-08-20 17:53 . 2009-08-20 18:49 3141664 --sha-w- c:\windows\system32\drivers\fidbox.dat
    2009-08-15 07:26 . 2009-08-20 17:55 29184 ----a-w- c:\windows\system32\dllcache\beep.sys
    2009-08-15 07:12 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2009-08-15 07:12 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2009-08-15 07:12 . 2009-02-05 20:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2009-08-15 07:12 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
    2009-08-15 07:12 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2009-08-15 07:12 . 2009-02-05 20:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2009-08-15 07:12 . 2009-02-05 20:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2009-08-15 07:12 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2009-08-15 07:12 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
    2009-08-15 07:12 . 2009-08-15 07:12
    d
    w- c:\program files\Alwil Software
    2009-08-15 06:58 . 2009-08-15 06:58
    d
    w- c:\program files\Avira
    2009-08-15 06:21 . 2009-08-15 06:22
    d
    w- c:\windows\system32\XPSViewer
    2009-08-15 06:21 . 2009-08-15 06:21
    d
    w- c:\program files\MSBuild
    2009-08-15 06:21 . 2009-08-15 06:21
    d
    w- c:\program files\Reference Assemblies
    2009-08-15 06:06 . 2008-07-06 12:06 89088
    w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
    2009-08-15 06:06 . 2008-07-06 12:06 575488
    w- c:\windows\system32\xpsshhdr.dll
    2009-08-15 06:06 . 2008-07-06 12:06 575488
    w- c:\windows\system32\dllcache\xpsshhdr.dll
    2009-08-15 06:06 . 2008-07-06 12:06 1676288
    w- c:\windows\system32\xpssvcs.dll
    2009-08-15 06:06 . 2008-07-06 12:06 1676288
    w- c:\windows\system32\dllcache\xpssvcs.dll
    2009-08-15 06:06 . 2008-07-06 12:06 117760
    w- c:\windows\system32\prntvpt.dll
    2009-08-15 06:06 . 2008-07-06 10:50 597504
    w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
    2009-08-15 06:06 . 2009-08-15 06:21
    d
    w- C:\99c166ac603671a1763a
    2009-08-15 06:05 . 2009-08-15 06:40
    d
    w- c:\windows\SxsCaPendDel
    2009-08-14 18:52 . 2009-08-14 18:52
    d
    w- c:\documents and settings\Catherine\Application Data\Malwarebytes
    2009-08-14 18:52 . 2009-08-03 12:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-08-14 18:51 . 2009-08-14 18:51
    d
    w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-08-14 18:51 . 2009-08-03 12:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-08-14 18:51 . 2009-08-14 18:52
    d
    w- c:\program files\Malwarebytes' Anti-Malware
    2009-08-12 22:11 . 2009-07-28 15:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2009-08-12 20:28 . 2009-08-12 20:28 619584 ----a-w- c:\windows\system32\dllcache\ntfs.sys
    2009-08-12 17:53 . 2009-07-10 13:27 1315328
    w- c:\windows\system32\dllcache\msoe.dll
    2009-08-05 09:01 . 2009-08-05 09:01 204800
    w- c:\windows\system32\dllcache\mswebdvd.dll
    2009-07-28 18:22 . 2008-06-17 07:37 176128 ----a-w- c:\documents and settings\Makar\Application Data\Mozilla\Firefox\Profiles\rfmzsl91.default\extensions\LGBExec@liveglobalbid.com\components\nplgbexc.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-08-20 18:55 . 2007-05-06 18:26
    d
    w- c:\documents and settings\Catherine\Application Data\Skype
    2009-08-20 18:49 . 2009-08-20 17:53 37892 --sha-w- c:\windows\system32\drivers\fidbox.idx
    2009-08-15 07:00 . 2005-10-14 19:11 80640 ----a-w- c:\documents and settings\Catherine\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-08-12 22:22 . 2007-07-28 18:44
    d
    w- c:\documents and settings\Catherine\Application Data\vmntoolbar
    2009-08-05 09:01 . 2004-08-10 16:38 204800 ----a-w- c:\windows\system32\mswebdvd.dll
    2009-07-17 19:01 . 2009-07-17 19:01 58880 ----a-w- c:\windows\system32\SET46.tmp
    2009-07-17 19:01 . 2004-08-10 16:37 58880 ----a-w- c:\windows\system32\atl.dll
    2009-07-13 22:43 . 2004-08-10 16:38 286208 ----a-w- c:\windows\system32\wmpdxm.dll
    2009-06-29 16:12 . 2004-08-10 16:38 827392 ----a-w- c:\windows\system32\wininet.dll
    2009-06-29 16:12 . 2004-08-10 16:37 78336 ----a-w- c:\windows\system32\ieencode.dll
    2009-06-29 16:12 . 2004-08-10 16:37 17408 ----a-w- c:\windows\system32\corpol.dll
    2009-06-26 21:55 . 2007-08-16 21:48
    d
    w- c:\program files\Quickpay
    2009-06-25 08:25 . 2009-06-25 08:25 56832 ----a-w- c:\windows\system32\SET14.tmp
    2009-06-25 08:25 . 2009-06-25 08:25 54272 ----a-w- c:\windows\system32\SET13.tmp
    2009-06-25 08:25 . 2009-06-25 08:25 301568 ----a-w- c:\windows\system32\SET17.tmp
    2009-06-25 08:25 . 2009-06-25 08:25 147456 ----a-w- c:\windows\system32\SET15.tmp
    2009-06-25 08:25 . 2009-06-25 08:25 136192 ----a-w- c:\windows\system32\SET16.tmp
    2009-06-25 08:25 . 2004-08-10 16:38 54272 ----a-w- c:\windows\system32\wdigest.dll
    2009-06-25 08:25 . 2004-08-10 16:38 56832 ----a-w- c:\windows\system32\secur32.dll
    2009-06-25 08:25 . 2004-08-10 16:38 147456 ----a-w- c:\windows\system32\schannel.dll
    2009-06-25 08:25 . 2004-08-10 16:38 136192 ----a-w- c:\windows\system32\msv1_0.dll
    2009-06-25 08:25 . 2004-08-10 16:37 730112 ----a-w- c:\windows\system32\lsasrv.dll
    2009-06-25 08:25 . 2004-08-10 16:37 301568 ----a-w- c:\windows\system32\kerberos.dll
    2009-06-24 11:18 . 2004-08-10 16:37 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2009-06-16 14:36 . 2004-08-10 16:38 119808 ----a-w- c:\windows\system32\t2embed.dll
    2009-06-16 14:36 . 2004-08-10 16:37 81920 ----a-w- c:\windows\system32\fontsub.dll
    2009-06-15 20:58 . 2009-06-15 20:58 10459688 ----a-w- c:\documents and settings\All Users\Application Data\Sage\SBD Software Updates\Installed\Quickpayv9_2bUpdate.exe
    2009-06-12 12:31 . 2004-08-10 16:38 76288 ----a-w- c:\windows\system32\telnet.exe
    2009-06-10 14:13 . 2004-08-10 16:37 84992 ----a-w- c:\windows\system32\avifil32.dll
    2009-06-10 08:19 . 2004-08-10 16:54 2066432 ----a-w- c:\windows\system32\mstscax.dll
    2009-06-10 06:14 . 2004-08-10 16:38 132096 ----a-w- c:\windows\system32\wkssvc.dll
    2009-06-03 19:09 . 2004-08-10 16:38 1291264 ----a-w- c:\windows\system32\quartz.dll
    2008-04-08 09:10 . 2008-04-08 09:02 24 --sh--w- c:\windows\S766F619A.tmp
    .

    Sigcheck

    [-] 2009-08-20 17:55 29184 03578D7FAEB514545F3AB36FFA0790CA c:\windows\system32\dllcache\beep.sys

    c:\windows\system32\drivers\beep.sys ... is missing !!
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"= "c:\program files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" [2008-07-23 57344]

    [HKEY_CLASSES_ROOT\clsid\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
    "MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-03-30 25263144]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-24 68856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-03-10 180269]
    "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
    "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "ForceClassicControlPanel"= 1 (0x1)

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
    backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UpdatesDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%ProgramFiles%\\AOL 9.0\\aol.exe"=
    "%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\WINDOWS\\system32\\mshearts.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\MSN Messenger\\livecall.exe"=
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
    "3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)

    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [15/08/2009 08:12 114768]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [15/08/2009 08:12 20560]
    R3 Cap713x;Cap713x Video Capture;c:\windows\system32\drivers\Cap713x.sys [10/03/2005 11:36 671104]
    S3 bDMusicb;bDMusicb;\??\c:\docume~1\CATHER~1\LOCALS~1\Temp\bDMusicb.sys --> c:\docume~1\CATHER~1\LOCALS~1\Temp\bDMusicb.sys [?]
    S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [17/11/2007 16:11 10976]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
    .
    Contents of the 'Scheduled Tasks' folder

    2009-08-11 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 14:42]
    .
    - - - - ORPHANS REMOVED - - - -

    HKCU-Run-BitTorrent - c:\program files\BitTorrent\bittorrent.exe
    Notify-st3d - c:\windows\system32\st3d.dll
    SafeBoot-Wdf01000.sys


    .
    Supplementary Scan
    .
    uStart Page = hxxp://www.google.com
    mStart Page = hxxp://www.google.com
    IE: &Search
    FF - ProfilePath - c:\documents and settings\Catherine\Application Data\Mozilla\Firefox\Profiles\b61as866.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava11.dll
    FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava12.dll
    FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava13.dll
    FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava14.dll
    FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava32.dll
    FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJPI150_03.dll
    FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPOJI610.dll
    FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
    FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-08-20 19:52
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    DLLs Loaded Under Running Processes

    - - - - - - - > 'explorer.exe'(788)
    c:\windows\system32\WININET.dll
    c:\progra~1\WINDOW~2\wmpband.dll
    c:\windows\system32\IEFRAME.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Other Running Processes
    .
    c:\program files\Alwil Software\Avast4\aswUpdSv.exe
    c:\program files\Alwil Software\Avast4\ashServ.exe
    c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
    c:\program files\Norton GoBack\GBPoll.exe
    c:\windows\system32\scardsvr.exe
    c:\windows\system32\tcpsvcs.exe
    c:\windows\system32\slserv.exe
    c:\windows\system32\snmp.exe
    c:\program files\Common Files\Symantec Shared\Security Center\symwsc.exe
    c:\program files\Alwil Software\Avast4\ashMaiSv.exe
    c:\program files\Alwil Software\Avast4\ashWebSv.exe
    c:\program files\Common Files\Teleca Shared\CapabilityManager.exe
    c:\windows\system32\wscntfy.exe
    c:\program files\Skype\Plugin Manager\skypePM.exe
    c:\program files\Common Files\Teleca Shared\Generic.exe
    c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    .
    **************************************************************************
    .
    Completion time: 2009-08-20 20:05 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-08-20 19:05

    Pre-Run: 64,084,611,072 bytes free
    Post-Run: 75,425,181,696 bytes free

    232 --- E O F --- 2009-08-20 18:17


  • Advertisement
  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    minxie make your own topic please

    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    3. Open notepad and copy/paste the text in the quotebox below into it:
    File::
    FCopy::
    c:\windows\system32\dllcache\beep.sys | c:\windows\system32\drivers\beep.sys
    KillAll::
    Folder::

    Registry::

    Driver::

    Save this as CFScript.txt, in the same location as ComboFix.exe


    CFScriptB-4.gif

    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.



    Please download OTM
    • Save it to your desktop.
    • Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
    • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
      :Processes
      
      :Services
      
      :Reg
      
      :Files
      c:\windows\system32\SET*.tmp
      
      :Commands
      [purity]
      [emptytemp]
      [Reboot]
      
    • Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
    • Click the red Moveit! button.
    • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
    • Close OTM and reboot your PC.
    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


  • Closed Accounts Posts: 390 ✭✭idunnoutellme


    OTM log file: (I have since rebooted the computer)

    All processes killed
    ========== PROCESSES ==========
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    c:\windows\system32\SET13.tmp moved successfully.
    c:\windows\system32\SET14.tmp moved successfully.
    c:\windows\system32\SET15.tmp moved successfully.
    c:\windows\system32\SET16.tmp moved successfully.
    c:\windows\system32\SET17.tmp moved successfully.
    c:\windows\system32\SET46.tmp moved successfully.
    c:\windows\system32\SET50.tmp moved successfully.
    c:\windows\system32\SET62.tmp moved successfully.
    c:\windows\system32\SET7E.tmp moved successfully.
    c:\windows\system32\SET84.tmp moved successfully.
    c:\windows\system32\SET87.tmp moved successfully.
    c:\windows\system32\SET8A.tmp moved successfully.
    c:\windows\system32\SET9A.tmp moved successfully.
    c:\windows\system32\SETA0.tmp moved successfully.
    c:\windows\system32\SETAF.tmp moved successfully.
    c:\windows\system32\SETB2.tmp moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: All Users

    User: C
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 1025062 bytes
    ->Java cache emptied: 9550827 bytes
    ->FireFox cache emptied: 77542322 bytes

    User: D

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: Guest
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: LocalService
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
    ->Temp folder emptied: 65536 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: M
    File delete failed. C:\Documents and Settings\M\Local Settings\Temp\hsperfdata_M\2512 scheduled to be deleted on reboot.
    ->Temp folder emptied: 65536 bytes
    ->Temporary Internet Files folder emptied: 13526274 bytes
    ->Java cache emptied: 8716519 bytes
    ->FireFox cache emptied: 67050402 bytes

    User: N
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 78991 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
    ->Temporary Internet Files folder emptied: 65603 bytes

    User: Owner

    %systemdrive% .tmp files removed: 0 bytes
    C:\WINDOWS\msdownld.tmp folder deleted successfully.
    %systemroot% .tmp files removed: 19593 bytes
    %systemroot%\System32 .tmp files removed: 2577 bytes
    File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_5a0.dat scheduled to be deleted on reboot.
    Windows Temp folder emptied: 16384 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 169.52 mb


    OTM by OldTimer - Version 3.0.0.6 log created on 08222009_125913

    Files moved on Reboot...
    File move failed. C:\Documents and Settings\M\Local Settings\Temp\hsperfdata_M\2512 scheduled to be moved on reboot.
    File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
    C:\WINDOWS\temp\Perflib_Perfdata_5a0.dat moved successfully.

    Registry entries deleted on Reboot...

    AND ComboFix output:

    ComboFix 09-08-19.0C - Catherine 22/08/2009 12:27.2.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.3.1251.7.1033.18.447.184 [GMT 1:00]
    Running from: c:\documents and settings\Catherine\Desktop\Combo-Fix.exe
    Command switches used :: c:\documents and settings\Catherine\Desktop\CFScript.txt
    AV: avast! antivirus 4.8.1335 [VPS 090821-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    .
    FCopy

    c:\windows\system32\dllcache\beep.sys --> c:\windows\system32\drivers\beep.sys
    .
    ((((((((((((((((((((((((( Files Created from 2009-07-22 to 2009-08-22 )))))))))))))))))))))))))))))))
    .

    2009-08-22 11:27 . 2004-08-04 14:00 4224 ----a-w- c:\windows\system32\drivers\beep.sys
    2009-08-22 11:27 . 2004-08-04 14:00 4224 ----a-w- c:\windows\system32\dllcache\beep.sys
    2009-08-20 17:53 . 2009-08-20 18:49 3141664 --sha-w- c:\windows\system32\drivers\fidbox.dat
    2009-08-15 07:12 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2009-08-15 07:12 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2009-08-15 07:12 . 2009-02-05 20:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2009-08-15 07:12 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
    2009-08-15 07:12 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2009-08-15 07:12 . 2009-02-05 20:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2009-08-15 07:12 . 2009-02-05 20:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2009-08-15 07:12 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2009-08-15 07:12 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
    2009-08-15 07:12 . 2009-08-15 07:12
    d
    w- c:\program files\Alwil Software
    2009-08-15 06:58 . 2009-08-15 06:58
    d
    w- c:\program files\Avira
    2009-08-15 06:21 . 2009-08-15 06:22
    d
    w- c:\windows\system32\XPSViewer
    2009-08-15 06:21 . 2009-08-15 06:21
    d
    w- c:\program files\MSBuild
    2009-08-15 06:21 . 2009-08-15 06:21
    d
    w- c:\program files\Reference Assemblies
    2009-08-15 06:06 . 2008-07-06 12:06 89088
    w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
    2009-08-15 06:06 . 2008-07-06 12:06 575488
    w- c:\windows\system32\xpsshhdr.dll
    2009-08-15 06:06 . 2008-07-06 12:06 575488
    w- c:\windows\system32\dllcache\xpsshhdr.dll
    2009-08-15 06:06 . 2008-07-06 12:06 1676288
    w- c:\windows\system32\xpssvcs.dll
    2009-08-15 06:06 . 2008-07-06 12:06 1676288
    w- c:\windows\system32\dllcache\xpssvcs.dll
    2009-08-15 06:06 . 2008-07-06 12:06 117760
    w- c:\windows\system32\prntvpt.dll
    2009-08-15 06:06 . 2008-07-06 10:50 597504
    w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
    2009-08-15 06:06 . 2009-08-15 06:21
    d
    w- C:\99c166ac603671a1763a
    2009-08-15 06:05 . 2009-08-15 06:40
    d
    w- c:\windows\SxsCaPendDel
    2009-08-14 18:52 . 2009-08-14 18:52
    d
    w- c:\documents and settings\Catherine\Application Data\Malwarebytes
    2009-08-14 18:52 . 2009-08-03 12:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-08-14 18:51 . 2009-08-14 18:51
    d
    w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-08-14 18:51 . 2009-08-03 12:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-08-14 18:51 . 2009-08-14 18:52
    d
    w- c:\program files\Malwarebytes' Anti-Malware
    2009-08-12 22:11 . 2009-07-28 15:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2009-08-12 20:28 . 2009-08-12 20:28 619584 ----a-w- c:\windows\system32\dllcache\ntfs.sys
    2009-08-12 17:53 . 2009-07-10 13:27 1315328
    w- c:\windows\system32\dllcache\msoe.dll
    2009-08-05 09:01 . 2009-08-05 09:01 204800
    w- c:\windows\system32\dllcache\mswebdvd.dll
    2009-07-28 18:22 . 2008-06-17 07:37 176128 ----a-w- c:\documents and settings\Makar\Application Data\Mozilla\Firefox\Profiles\rfmzsl91.default\extensions\LGBExec@liveglobalbid.com\components\nplgbexc.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-08-22 11:40 . 2007-05-06 18:26
    d
    w- c:\documents and settings\Catherine\Application Data\Skype
    2009-08-20 18:49 . 2009-08-20 17:53 37892 --sha-w- c:\windows\system32\drivers\fidbox.idx
    2009-08-15 07:00 . 2005-10-14 19:11 80640 ----a-w- c:\documents and settings\Catherine\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-08-12 22:22 . 2007-07-28 18:44
    d
    w- c:\documents and settings\Catherine\Application Data\vmntoolbar
    2009-08-05 09:01 . 2004-08-10 16:38 204800 ----a-w- c:\windows\system32\mswebdvd.dll
    2009-07-17 19:01 . 2009-07-17 19:01 58880 ----a-w- c:\windows\system32\SET46.tmp
    2009-07-17 19:01 . 2004-08-10 16:37 58880 ----a-w- c:\windows\system32\atl.dll
    2009-07-13 22:43 . 2004-08-10 16:38 286208 ----a-w- c:\windows\system32\wmpdxm.dll
    2009-06-29 16:12 . 2004-08-10 16:38 827392 ----a-w- c:\windows\system32\wininet.dll
    2009-06-29 16:12 . 2004-08-10 16:37 78336 ----a-w- c:\windows\system32\ieencode.dll
    2009-06-29 16:12 . 2004-08-10 16:37 17408 ----a-w- c:\windows\system32\corpol.dll
    2009-06-26 21:55 . 2007-08-16 21:48
    d
    w- c:\program files\Quickpay
    2009-06-25 08:25 . 2009-06-25 08:25 56832 ----a-w- c:\windows\system32\SET14.tmp
    2009-06-25 08:25 . 2009-06-25 08:25 54272 ----a-w- c:\windows\system32\SET13.tmp
    2009-06-25 08:25 . 2009-06-25 08:25 301568 ----a-w- c:\windows\system32\SET17.tmp
    2009-06-25 08:25 . 2009-06-25 08:25 147456 ----a-w- c:\windows\system32\SET15.tmp
    2009-06-25 08:25 . 2009-06-25 08:25 136192 ----a-w- c:\windows\system32\SET16.tmp
    2009-06-25 08:25 . 2004-08-10 16:38 54272 ----a-w- c:\windows\system32\wdigest.dll
    2009-06-25 08:25 . 2004-08-10 16:38 56832 ----a-w- c:\windows\system32\secur32.dll
    2009-06-25 08:25 . 2004-08-10 16:38 147456 ----a-w- c:\windows\system32\schannel.dll
    2009-06-25 08:25 . 2004-08-10 16:38 136192 ----a-w- c:\windows\system32\msv1_0.dll
    2009-06-25 08:25 . 2004-08-10 16:37 730112 ----a-w- c:\windows\system32\lsasrv.dll
    2009-06-25 08:25 . 2004-08-10 16:37 301568 ----a-w- c:\windows\system32\kerberos.dll
    2009-06-24 11:18 . 2004-08-10 16:37 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2009-06-16 14:36 . 2004-08-10 16:38 119808 ----a-w- c:\windows\system32\t2embed.dll
    2009-06-16 14:36 . 2004-08-10 16:37 81920 ----a-w- c:\windows\system32\fontsub.dll
    2009-06-15 20:58 . 2009-06-15 20:58 10459688 ----a-w- c:\documents and settings\All Users\Application Data\Sage\SBD Software Updates\Installed\Quickpayv9_2bUpdate.exe
    2009-06-12 12:31 . 2004-08-10 16:38 76288 ----a-w- c:\windows\system32\telnet.exe
    2009-06-10 14:13 . 2004-08-10 16:37 84992 ----a-w- c:\windows\system32\avifil32.dll
    2009-06-10 08:19 . 2004-08-10 16:54 2066432 ----a-w- c:\windows\system32\mstscax.dll
    2009-06-10 06:14 . 2004-08-10 16:38 132096 ----a-w- c:\windows\system32\wkssvc.dll
    2009-06-03 19:09 . 2004-08-10 16:38 1291264 ----a-w- c:\windows\system32\quartz.dll
    2008-04-08 09:10 . 2008-04-08 09:02 24 --sh--w- c:\windows\S766F619A.tmp
    .

    ((((((((((((((((((((((((((((( SnapShot@2009-08-20_18.54.08 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-08-22 11:09 . 2009-08-22 11:09 16384 c:\windows\Temp\Perflib_Perfdata_5a0.dat
    + 2009-08-22 11:39 . 2009-08-22 11:39 16384 c:\windows\Temp\Perflib_Perfdata_1e8.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"= "c:\program files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" [2008-07-23 57344]

    [HKEY_CLASSES_ROOT\clsid\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
    "MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-03-30 25263144]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-24 68856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-03-10 180269]
    "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
    "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "ForceClassicControlPanel"= 1 (0x1)

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
    backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UpdatesDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%ProgramFiles%\\AOL 9.0\\aol.exe"=
    "%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\WINDOWS\\system32\\mshearts.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\MSN Messenger\\livecall.exe"=
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
    "3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)

    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [15/08/2009 08:12 114768]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [15/08/2009 08:12 20560]
    R3 Cap713x;Cap713x Video Capture;c:\windows\system32\drivers\Cap713x.sys [10/03/2005 11:36 671104]
    S3 bDMusicb;bDMusicb;\??\c:\docume~1\CATHER~1\LOCALS~1\Temp\bDMusicb.sys --> c:\docume~1\CATHER~1\LOCALS~1\Temp\bDMusicb.sys [?]
    S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [17/11/2007 16:11 10976]
    S3 ntportio;ntportio;\??\c:\documents and settings\Makar\Desktop\New Folder\semc\ntportio.sys --> c:\documents and settings\Makar\Desktop\New Folder\semc\ntportio.sys [?]
    S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\w300mgmt.sys [16/10/2006 18:10 87824]
    S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;c:\windows\system32\drivers\w300obex.sys [16/10/2006 18:10 85696]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
    .
    Contents of the 'Scheduled Tasks' folder

    2009-08-11 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 14:42]
    .
    .
    Supplementary Scan
    .
    uStart Page = hxxp://www.google.com
    mStart Page = hxxp://www.google.com
    IE: &Search
    FF - ProfilePath - c:\documents and settings\Catherine\Application Data\Mozilla\Firefox\Profiles\b61as866.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava11.dll
    FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava12.dll
    FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava13.dll
    FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava14.dll
    FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava32.dll
    FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJPI150_03.dll
    FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPOJI610.dll
    FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
    FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-08-22 12:39
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    DLLs Loaded Under Running Processes

    - - - - - - - > 'explorer.exe'(1492)
    c:\windows\system32\WININET.dll
    c:\progra~1\WINDOW~2\wmpband.dll
    c:\windows\system32\IEFRAME.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Other Running Processes
    .
    c:\program files\Alwil Software\Avast4\aswUpdSv.exe
    c:\program files\Alwil Software\Avast4\ashServ.exe
    c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
    c:\program files\Norton GoBack\GBPoll.exe
    c:\windows\system32\scardsvr.exe
    c:\windows\system32\tcpsvcs.exe
    c:\windows\system32\snmp.exe
    c:\program files\Common Files\Symantec Shared\Security Center\symwsc.exe
    c:\program files\Common Files\Teleca Shared\CapabilityManager.exe
    c:\windows\system32\wscntfy.exe
    c:\program files\Skype\Plugin Manager\skypePM.exe
    c:\program files\Common Files\Teleca Shared\Generic.exe
    c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    .
    **************************************************************************
    .
    Completion time: 2009-08-22 12:53 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-08-22 11:53
    ComboFix2.txt 2009-08-20 19:05

    Pre-Run: 75,428,114,432 bytes free
    Post-Run: 75,376,263,168 bytes free

    214 --- E O F --- 2009-08-20 18:17



    I turned off all the anti virus processes, but combo fix reboots the computer automatically, and once it switches on AVASt starts up automatically.
    The only way to make sure that they are all switched off is to uninstall any antivirus programs I have - is it safe to do that though?


  • Closed Accounts Posts: 3 pete looni


    I think you should ignore all the marketing replies you have been receiving from antivirus program dealers.

    If you really want to get rid of little nasties, then U need to do it by hand or get a decent non-windows scanner.

    I recommend backup all your files, then either buy a new hardrive and start all over again with all original os and driver discs, or else run a serious multi-sweep wiper/randomiser over your old hard drive. Also flush the bios and pull out the battery for a good 24 hours, and/or pin the bios memory eraser just to be sure.

    good luck ! Would like to know how it turns out if u email me?


  • Closed Accounts Posts: 390 ✭✭idunnoutellme


    hi pete
    thanks for that
    i actually think its all working fine now those programs seem to have cleaned the computer up
    i also installed a thing called system mechanic and it fixed few other problems i was having and everything seems to be working fine i'm not getting any virus warnings or icons

    thanks anyway


  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    hi

    Download TFC to your desktop
    • Open the file and close any other windows.
    • It will close all programs itself when run, make sure to let it run uninterrupted.
    • Click the Start button to begin the process. The program should not take long to finish its job
    • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean




    Please download Malwarebytes' Anti-Malware from Here

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






    Go to Kaspersky website and perform an online antivirus scan.
    1. Read through the requirements and privacy statement and click on Accept button.
    2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    3. When the downloads have finished, click on Settings.
    4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
        Spyware, Adware, Dialers, and other potentially dangerous programs
        Archives
        Mail databases
      [*]Click on My Computer under Scan.
      [*]Once the scan is complete, it will display the results. Click on View Scan Report.
      [*]You will see a list of infected items there. Click on Save Report As....
      [*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.


    5. Advertisement
    Advertisement