Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Suspected Virus/Malware

  • 02-12-2009 9:25am
    #1
    christo82
    Registered Users, Registered Users 2 Posts: 737 ✭✭✭


    Sometimes when i try to open a new internet window(IE), a window comes up saying "Cannot find 'http://<garbage characters>'. Make sure the path or Internet address is correct." When I hit the OK button or 'X' button it opens a new Internet Explorer window. Is this a virus/malware, and how can I remove it? I ran an avg and Malwarebytes scan and deleted the few things that it found, but the window still comes up.

    Any help appreciated, thanks.


Comments

  • #2
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    got the mbam log ?


  • #3
    christo82
    Registered Users, Registered Users 2 Posts: 737 ✭✭✭christo82


    I have the log but the virus is stopping me getting to it at the moment. I have posted a HijackThis log to another forum to try and get help, but no one has responded yet. Hopefully someone can help. Everything MalwareBytes detected, I deleted yesterday, so it's probably not of any use because it didn't detect this particular problem. I will try and post it sometime soon.

    Thanks for your reply.


  • #4
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    which forum do you want help at, here or the other one ?


  • #5
    christo82
    Registered Users, Registered Users 2 Posts: 737 ✭✭✭christo82


    Well, the log from HijackThis is posted on bleepingcomputers, so it would be easier to work on that one because of all the problems I'm having now, but no one has responded yet.

    I just hope someone can help me soon.

    Thanks


  • #6
    christo82
    Registered Users, Registered Users 2 Posts: 737 ✭✭✭christo82


    Here is my hijackthis log for anyone who can help me:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:13:46, on 03/12/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16915)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Kontiki\KService.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\WINDOWS\zHotkey.exe
    C:\Program Files\eMachines Bay Reader\shwiconem.exe
    C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    C:\Program Files\McAfee.com\VSO\oasclnt.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    C:\Program Files\Kontiki\KHost.exe
    C:\Program Files\USB Disk Win98 Driver\Res.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Cyberlink\Shared Files\brs.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\KWorld Multimedia\PVR Plus\TVR\Scheduled.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\WinTV\Ir.exe
    C:\Program Files\BigFix\BigFix.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
    C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
    C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    C:\Program Files\KWorld Multimedia\PVR-TV 713X Utilities\P3XRCtl.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
    O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\eMachines Bay Reader\shwiconem.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
    O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
    O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
    O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
    O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [PVR Agent] C:\Program Files\KWorld Multimedia\PVR Plus\TVR\Scheduled.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Program Files\Octoshape Streaming Services\Chris\OctoshapeClient.exe" -inv:bootrun
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
    O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; InfoPath.1; OfficeLiveConnector.1.3; OfficeLivePatch.0.0; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.imagefap.com/clubs/index.php?cid=41&quot;
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe
    O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
    O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
    O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
    O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O4 - Global Startup: Remote Control.lnk = C:\Program Files\KWorld Multimedia\PVR-TV 713X Utilities\P3XRCtl.exe
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
    O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
    O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe (file missing)
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.msn.co.uk
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.ie/SnapfishActivia.cab
    O16 - DPF: {4F1D0C59-5ECC-4028-87F3-482191D2230F} (AxisRTPSrcFilter) - http://134.226.124.250/activex/AMC.cab
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1175885820812
    O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://217.114.115.192/activex/AMC.cab
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    O16 - DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} (BL_Camera) - http://druidphilip.viewnetcam.com/bl_camera.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://192.171.163.3/activex/AxisCamControl.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
    O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://148.61.63.218/activex/AMC.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by116fd.bay116.hotmail.msn.com/activex/HMAtchmt.ocx
    O16 - DPF: {FE92D9C3-4A69-4EC7-8651-1DC8531D0075} (TSBnwCam Control) - http://ip-caseville.greatlakescam.com/user/TSBnwCam.CAB
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Extensible Authentication Protocol Service EapHost HotKey Poller (EapHost HotKey Poller) - Unknown owner - C:\WINDOWS\system32\6to4svcu.exe (file missing)
    O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe (file missing)
    O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

    --
    End of file - 16837 bytes


  • Advertisement
  • #7
    christo82
    Registered Users, Registered Users 2 Posts: 737 ✭✭✭christo82


    And my MalwareBytes log also:

    Malwarebytes' Anti-Malware 1.41
    Database version: 3267
    Windows 5.1.2600 Service Pack 3

    01/12/2009 14:22:27
    mbam-log-2009-12-01 (14-22-27).txt

    Scan type: Quick Scan
    Objects scanned: 289109
    Time elapsed: 1 hour(s), 55 minute(s), 33 second(s)

    Memory Processes Infected: 1
    Memory Modules Infected: 1
    Registry Keys Infected: 30
    Registry Values Infected: 3
    Registry Data Items Infected: 2
    Folders Infected: 8
    Files Infected: 24

    Memory Processes Infected:
    C:\WINDOWS\Temp\_ex-08.exe (Trojan.Dropper) -> Unloaded process successfully.

    Memory Modules Infected:
    C:\Program Files\Save Tube Video Company\SaveTubeVideoBurn\MinBHO.dll (Adware.SkyMediaPack) -> Delete on reboot.

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\baidubar.tool (Trojan.Cinmus) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\baidubar.tool.1 (Trojan.Cinmus) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\baidubarx.bandie (Trojan.Cinmus) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\baidubarx.bandie.1 (Trojan.Cinmus) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\baidubarx.toolband (Trojan.Cinmus) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\baidubarx.toolband.1 (Trojan.Cinmus) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\minbho.showbarobj (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{27ba317e-7bbd-4ebe-a06a-47f076d9d6f7} (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{2574231f-9d6f-4b0e-9041-5dd7484564ad} (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{2863e737-dd3f-4280-9af8-e9e79c16f312} (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2863e737-dd3f-4280-9af8-e9e79c16f312} (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2863e737-dd3f-4280-9af8-e9e79c16f312} (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\minbho.showbarobj.1 (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{afd4ad01-58c1-47db-a404-fbe00a6c5486} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{77fef28e-eb96-44ff-b511-3185dea48697} (Trojan.Cinmus) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{a7f05ee4-0426-454f-8013-c41e3596e9e9} (Trojan.Cinmus) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{b580cf65-e151-49c3-b73f-70b13fca8e86} (Trojan.Cinmus) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3aa42713-5c1e-48e2-b432-d8bf420dd31d} (Rogue.AntiVirus2008) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{afd4ad01-58c1-47db-a404-fbe00a6c5486} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{77fef28e-eb96-44ff-b511-3185dea48697} (Trojan.Cinmus) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b580cf65-e151-49c3-b73f-70b13fca8e86} (Trojan.Cinmus) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{afd4ad01-58c1-47db-a404-fbe00a6c5486} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77fef28e-eb96-44ff-b511-3185dea48697} (Trojan.Cinmus) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a7f05ee4-0426-454f-8013-c41e3596e9e9} (Trojan.Cinmus) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\kbbar.kbbarband (Adware.7FaSSt) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\kbbar.kbbarband.1 (Adware.7FaSSt) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Baidu (Trojan.Cinmus) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\promoreg (Trojan.Dropper) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{b580cf65-e151-49c3-b73f-70b13fca8e86} (Trojan.Cinmus) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RList (Malware.Trace) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    C:\Documents and Settings\John\Application Data\Baidu (Trojan.Cinmus) -> Quarantined and deleted successfully.
    C:\Documents and Settings\John\Application Data\Baidu\Toolbar (Trojan.Cinmus) -> Quarantined and deleted successfully.
    C:\Documents and Settings\John\Application Data\Baidu\Toolbar\Custom Buttons (Trojan.Cinmus) -> Quarantined and deleted successfully.
    C:\Documents and Settings\John\Application Data\Baidu\Toolbar\DownloadTmp (Trojan.Cinmus) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Michael\Application Data\Baidu (Trojan.Cinmus) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Michael\Application Data\Baidu\Toolbar (Trojan.Cinmus) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Michael\Application Data\Baidu\Toolbar\Custom Buttons (Trojan.Cinmus) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Michael\Application Data\Baidu\Toolbar\DownloadTmp (Trojan.Cinmus) -> Quarantined and deleted successfully.

    Files Infected:
    C:\WINDOWS\Temp\_ex-08.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
    C:\Program Files\Save Tube Video Company\SaveTubeVideoBurn\MinBHO.dll (Adware.SkyMediaPack) -> Delete on reboot.
    C:\WINDOWS\system32\6to4svcu.exe (Spyware.Passwords) -> Delete on reboot.
    C:\WINDOWS\Temp\wpv471257453440.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Chris\Local Settings\Temp\TMP44.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
    C:\Documents and Settings\John\Local Settings\Temp\TMPA.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mary-Ann\Local Settings\Temp\TMPA.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Michael\Local Settings\Temp\TMP1A.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Chris\Local Settings\Temporary Internet Files\Content.IE5\WNK0UFSY\wcap[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully.
    C:\Documents and Settings\John\Application Data\Baidu\Toolbar\iexp.dat (Trojan.Cinmus) -> Quarantined and deleted successfully.
    C:\Documents and Settings\John\Application Data\Baidu\Toolbar\logex.dat (Trojan.Cinmus) -> Quarantined and deleted successfully.
    C:\Documents and Settings\John\Application Data\Baidu\Toolbar\medialog.dat (Trojan.Cinmus) -> Quarantined and deleted successfully.
    C:\Documents and Settings\John\Application Data\Baidu\Toolbar\namedsites.dat (Trojan.Cinmus) -> Quarantined and deleted successfully.
    C:\Documents and Settings\John\Application Data\Baidu\Toolbar\rc.dat (Trojan.Cinmus) -> Quarantined and deleted successfully.
    C:\Documents and Settings\John\Application Data\Baidu\Toolbar\Custom Buttons\custom.xml (Trojan.Cinmus) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Michael\Application Data\Baidu\Toolbar\iexp.dat (Trojan.Cinmus) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Michael\Application Data\Baidu\Toolbar\logex.dat (Trojan.Cinmus) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Michael\Application Data\Baidu\Toolbar\medialog.dat (Trojan.Cinmus) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Michael\Application Data\Baidu\Toolbar\namedsites.dat (Trojan.Cinmus) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Michael\Application Data\Baidu\Toolbar\rc.dat (Trojan.Cinmus) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Chris\Start Menu\Programs\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Chris\Application Data\wiaservg.log (Malware.Trace) -> Quarantined and deleted successfully.
    C:\Program Files\Shared\lib.sig (Adware.Deepdive) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\wpv201253131464.exe (Trojan.Agent) -> Quarantined and deleted successfully.


    Thanks


  • #8
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    you need to tell the guys over at BC that you are being helped already so that their time isn't wasted

    Please download GooredFix from one of the locations below and save it to your Desktop
    Download Mirror #1
    Download Mirror #2
    • Ensure all Firefox windows are closed.
    • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
    • When prompted to run the scan, click Yes.
    • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).



    Download ComboFix from one of these locations:

    Link 1
    Link 2


    * IMPORTANT !!! Save ComboFix.exe to your Desktop

    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on.

    • Double click on ComboFix.exe & follow the prompts.

    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    RcAuto1.gif


    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    whatnext.png


    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.


  • #9
    christo82
    Registered Users, Registered Users 2 Posts: 737 ✭✭✭christo82


    I have done both scans and informed other forum I am being helped here. Did take a long time for Combofix scan(1 and a half hours). During it, a window appeared saying 'Combofix has detected rootkit activity and needs to reboot the machine'; is this normal? Here is my Goored Log:

    GooredFix by jpshortstuff (27.11.09.1)
    Log created at 13:22 on 03/12/2009 (Chris)
    Firefox version 2.0.0.6 (en-GB)

    ========== GooredScan ==========


    ========== GooredLog ==========

    C:\Program Files\Mozilla Firefox\extensions\
    staff@hide-my-ip.com [10:50 26/07/2009]
    talkback@mozilla.org [21:10 21/08/2007]
    {972ce4c6-7e08-4474-a285-3208198ce6fd} [21:10 21/08/2007]
    {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [08:52 15/10/2007]
    {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [11:26 15/03/2008]
    {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [08:37 15/07/2008]
    {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} [10:19 29/11/2008]
    {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [11:12 28/12/2008]
    {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [10:11 17/04/2009]
    {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [09:09 09/09/2009]
    {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [14:41 01/12/2009]

    [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
    "{3f963a5b-e555-4543-90e2-c3908898db71}"="C:\Program Files\AVG\AVG8\Firefox" [09:27 10/08/2008]
    "{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [09:15 06/08/2009]
    "jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [10:18 29/11/2008]

    -=E.O.F=-


  • #10
    christo82
    Registered Users, Registered Users 2 Posts: 737 ✭✭✭christo82


    Here is my Combofix log:

    ComboFix 09-12-02.07 - Chris 03/12/2009 14:06.1.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.511.106 [GMT 0:00]
    Running from: c:\documents and settings\Chris\Desktop\ComboFix.exe
    * Resident AV is active

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\John\Favorites\videos.url
    c:\program files\Save Tube Video Company\SaveTubeVideoBurn\SaVEtubevideo.dll
    c:\program files\Shared
    c:\program files\WinPCap
    c:\program files\WinPCap\daemon_mgm.exe
    c:\program files\WinPCap\NetMonInstaller.exe
    c:\program files\WinPCap\npf_mgm.exe
    c:\program files\WinPCap\rpcapd.exe
    c:\recycler\S-1-5-21-329068152-1965331169-682003330-1003
    c:\recycler\S-1-5-21-3360843823-2045485262-534579850-1003
    c:\recycler\S-1-5-21-679383880-3442143225-1284630234-1003
    c:\windows\system32\1683530099.dat
    c:\windows\system32\drivers\npf.sys
    c:\windows\system32\Packet.dll
    c:\windows\system32\pthreadVC.dll
    c:\windows\system32\WanPacket.dll
    c:\windows\system32\wpcap.dll

    Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
    Restored copy from - Kitty ate it :p
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    \Legacy_EAPHOST_HOTKEY_POLLER
    \Legacy_NPF
    \Service_EapHost HotKey Poller
    \Service_NPF


    ((((((((((((((((((((((((( Files Created from 2009-11-03 to 2009-12-03 )))))))))))))))))))))))))))))))
    .

    2009-12-03 15:17 . 2009-12-03 15:17
    d-sh--w- c:\documents and settings\Chris\IETldCache
    2009-12-03 14:10 . 2009-12-03 14:10
    d-sh--w- c:\documents and settings\LocalService\IETldCache
    2009-12-03 13:25 . 2009-12-03 13:35
    d
    w- C:\32788R22FWJFW
    2009-12-03 12:53 . 2009-12-03 12:57
    dc-h--w- c:\windows\ie8
    2009-12-02 13:25 . 2009-12-02 13:25
    d
    w- c:\program files\Trend Micro
    2009-12-02 11:35 . 2009-12-02 11:35 117760 ----a-w- c:\documents and settings\Mary-Ann\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    2009-12-02 11:34 . 2009-12-02 11:34
    d
    w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2009-12-02 11:33 . 2009-12-02 11:33
    d
    w- c:\program files\SUPERAntiSpyware
    2009-12-02 11:33 . 2009-12-02 11:33
    d
    w- c:\documents and settings\Mary-Ann\Application Data\SUPERAntiSpyware.com
    2009-12-02 11:14 . 2009-12-02 11:14
    d
    w- c:\documents and settings\Mary-Ann\Application Data\Malwarebytes
    2009-12-01 18:42 . 2009-12-01 18:42
    d
    w- c:\documents and settings\Michael\Application Data\Malwarebytes
    2009-12-01 14:39 . 2009-12-01 14:39 152576 ----a-w- c:\documents and settings\John\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
    2009-12-01 14:39 . 2009-12-01 14:39 79488 ----a-w- c:\documents and settings\John\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
    2009-12-01 14:38 . 2009-12-01 14:38
    d
    w- c:\documents and settings\John\Application Data\NCH Software
    2009-12-01 14:31 . 2009-12-01 14:31
    d
    w- c:\documents and settings\John\Application Data\Malwarebytes
    2009-12-01 11:45 . 2009-12-01 11:45
    d
    w- c:\documents and settings\Chris\Application Data\Malwarebytes
    2009-12-01 11:44 . 2009-09-10 14:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-12-01 11:44 . 2009-12-01 11:44
    d
    w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-12-01 11:44 . 2009-09-10 14:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-12-01 11:44 . 2009-12-01 11:45
    d
    w- c:\program files\Malwarebytes' Anti-Malware
    2009-11-27 09:52 . 2009-11-06 11:45 2064152 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
    2009-11-27 09:52 . 2009-11-04 09:59 3513624 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
    2009-11-27 09:52 . 2009-11-04 09:59 2028312 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgtray.exe
    2009-11-25 11:42 . 2009-11-25 11:42
    d
    w- C:\videodvdmaker
    2009-11-25 11:42 . 2009-11-25 11:42
    d
    w- c:\documents and settings\Chris\Application Data\Video DVD Maker FREE
    2009-11-25 11:39 . 2009-11-25 11:40
    d
    w- c:\program files\Video DVD Maker
    2009-11-25 11:30 . 2009-11-25 11:34
    d
    w- c:\program files\Burn4Free
    2009-11-25 11:19 . 2009-11-25 11:51
    d
    w- c:\program files\CDBurnerXP
    2009-11-14 18:20 . 2009-12-02 20:54
    d
    w- c:\program files\J@CK TV
    2009-11-14 18:05 . 2009-11-14 18:05
    d
    w- c:\windows\J@CK TV
    2009-11-14 17:35 . 2009-11-14 17:35
    d
    w- c:\program files\Save Tube Video Company
    2009-11-08 16:02 . 2009-11-08 16:03 17217008 ----a-w- c:\documents and settings\John\Application Data\Real\Update\setup\rp\RealPlayerSPGold.exe
    2009-11-08 15:59 . 2009-11-08 15:59 64000 ----a-w- c:\documents and settings\John\Application Data\Real\Update\setup\RUP\inst_config\gcapi_dll.dll
    2009-11-08 15:59 . 2009-11-08 15:59 52288 ----a-w- c:\documents and settings\John\Application Data\Real\Update\setup\RUP\inst_config\gtapi.dll
    2009-11-08 15:59 . 2009-11-08 15:59 50688 ----a-w- c:\documents and settings\John\Application Data\Real\Update\setup\RUP\inst_config\fftbapi.dll
    2009-11-08 15:59 . 2009-11-08 15:59 114688 ----a-w- c:\documents and settings\John\Application Data\Real\Update\setup\RUP\inst_config\compat.dll
    2009-11-04 14:29 . 2009-11-04 17:44
    d
    w- C:\GILLIAN

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-12-03 15:30 . 2007-05-04 15:41
    d
    w- c:\documents and settings\All Users\Application Data\Kontiki
    2009-12-03 04:14 . 2008-05-09 00:06
    d
    w- c:\program files\PokerStars
    2009-12-02 20:37 . 2009-03-10 17:37 0 ----a-w- c:\documents and settings\Mary-Ann\Local Settings\Application Data\prvlcl.dat
    2009-12-02 11:32 . 2007-04-08 14:52
    d
    w- c:\program files\Common Files\Wise Installation Wizard
    2009-12-01 14:41 . 2007-04-06 19:20
    d
    w- c:\program files\Java
    2009-11-30 04:25 . 2007-11-08 22:49
    d
    w- c:\program files\Celtx
    2009-11-28 10:36 . 2007-10-24 10:00
    d
    w- c:\documents and settings\All Users\Application Data\DVD Shrink
    2009-11-23 13:23 . 2007-04-06 20:29
    d
    w- c:\documents and settings\All Users\Application Data\McAfee.com Personal Firewall
    2009-11-23 12:49 . 2007-04-06 19:19
    d
    w- c:\program files\Bazooka Scanner
    2009-10-25 10:35 . 2007-04-07 18:42
    d
    w- c:\documents and settings\Chris\Application Data\Azureus
    2009-10-23 11:08 . 2009-09-20 09:18
    d
    w- c:\program files\Vuze
    2009-10-23 10:01 . 2007-04-06 19:19
    d
    w- c:\program files\Azureus
    2009-10-11 04:17 . 2008-11-29 10:19 411368 ----a-w- c:\windows\system32\deploytk.dll
    2009-10-06 10:12 . 2008-02-08 22:12
    d
    w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
    2009-10-06 10:12 . 2008-02-08 22:10
    d
    w- c:\program files\NCH Swift Sound
    2009-10-06 09:58 . 2009-10-06 09:58
    d
    w- c:\documents and settings\All Users\Application Data\NCH Software
    2009-10-06 09:57 . 2009-10-06 09:57
    d
    w- c:\program files\NCH Software
    2009-10-06 09:57 . 2009-10-06 09:57
    d
    w- c:\documents and settings\Chris\Application Data\NCH Software
    2009-10-06 09:57 . 2009-04-03 10:45 2048 ----a-w- c:\windows\system32\Tr_sttool.dat
    2009-09-19 21:14 . 2009-09-19 21:13 5519752 ----a-w- c:\documents and settings\Michael\Application Data\TVU Networks\TVU AutoUpgrade\TVUPlayer2.4.7.2.exe
    2009-09-14 22:14 . 2009-09-14 22:14 8406648 ----a-w- c:\documents and settings\John\Application Data\Real\Update\setup\gtb_us\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
    2009-09-14 22:13 . 2009-09-14 22:13 10309448 ----a-w- c:\documents and settings\John\Application Data\Real\Update\setup\chr\ChromeInstaller.exe
    2009-09-11 14:18 . 2004-06-15 14:33 136192 ----a-w- c:\windows\system32\msv1_0.dll
    2009-09-09 09:07 . 2009-08-05 18:42 152576 ----a-w- c:\documents and settings\Chris\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
    2009-09-04 21:03 . 2004-06-15 14:33 58880 ----a-w- c:\windows\system32\msasn1.dll
    2007-07-26 19:52 . 2007-08-21 21:10 66408 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
    2007-07-26 19:52 . 2007-08-21 21:10 54112 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
    2007-07-26 19:52 . 2007-08-21 21:10 34688 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
    2007-07-26 19:52 . 2007-08-21 21:10 46456 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
    2007-07-26 19:52 . 2007-08-21 21:10 171880 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
    "kdx"="c:\program files\Kontiki\KHost.exe" [2007-04-23 1032640]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-12-15 155648]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
    "InCD"="c:\program files\Ahead\InCD\InCD.exe" [2006-03-23 1398272]
    "SunKistEM"="c:\program files\eMachines Bay Reader\shwiconem.exe" [2004-03-11 135168]
    "VSOCheckTask"="c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 151552]
    "VirusScan Online"="c:\program files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 163840]
    "OASClnt"="c:\program files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 53248]
    "MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-09-22 303104]
    "MCUpdateExe"="c:\progra~1\mcafee.com\agent\McUpdate.exe" [2006-01-11 212992]
    "MPFExe"="c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-11-11 1005096]
    "MPSExe"="c:\progra~1\mcafee.com\mps\mscifapp.exe" [2006-03-30 296488]
    "MSKAGENTEXE"="c:\progra~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-09-26 110592]
    "MSKDetectorExe"="c:\progra~1\McAfee\SPAMKI~1\MSKDetct.exe" [2006-11-07 1121280]
    "UVS10 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe" [2006-03-06 36864]
    "4oD"="c:\program files\Kontiki\KHost.exe" [2007-04-23 1032640]
    "USB Storage Toolbox"="c:\program files\USB Disk Win98 Driver\Res.EXE" [2005-09-14 65536]
    "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2008-01-22 81920]
    "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-10-11 62760]
    "BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2007-11-16 91432]
    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-11-27 2029336]
    "PVR Agent"="c:\program files\KWorld Multimedia\PVR Plus\TVR\Scheduled.exe" [2005-04-13 751104]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
    "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
    "CHotkey"="zHotkey.exe" - c:\windows\zHotkey.exe [2003-06-03 496640]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\Chris\Start Menu\Programs\Startup\
    Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
    Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-22 734872]
    AutoStart IR.lnk - c:\program files\WinTV\Ir.exe [2008-10-21 106551]
    BigFix.lnk - c:\program files\BigFix\BigFix.exe [2004-6-15 1742384]
    BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-5-17 661776]
    Device Detector 3.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2009-5-1 118784]
    Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-4-19 64864]
    Remote Control.lnk - c:\program files\KWorld Multimedia\PVR-TV 713X Utilities\P3XRCtl.exe [2008-9-11 57344]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2009-08-17 08:16 11952 ----a-w- c:\windows\system32\avgrsstx.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^Chris^Start Menu^Programs^Startup^J@CK TV.lnk]
    path=c:\documents and settings\Chris\Start Menu\Programs\Startup\J@CK TV.lnk
    backup=c:\windows\pss\J@CK TV.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Kontiki\\KService.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
    "c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
    "c:\\Program Files\\CyberLink\\PowerDirector\\PDR.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\Save Tube Video Company\\SaveTubeVideoBurn\\downloader.exe"=
    "c:\\Program Files\\SopCast\\SopCast.exe"=

    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/08/2008 09:28 335240]
    R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10/08/2008 09:28 108552]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/11/2009 08:43 9968]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23/11/2009 08:43 74480]
    R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [11/08/2008 09:14 908056]
    R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [10/08/2008 09:28 297752]
    R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [01/04/2009 18:29 54752]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 21:48 704864]
    S3 PhTVTune;Philips WDM TVTuner;c:\windows\system32\drivers\PhTVTune.sys [11/09/2008 20:19 28512]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23/11/2009 08:43 7408]
    .
    Contents of the 'Scheduled Tasks' folder

    2009-07-09 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

    2009-12-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3089717478-2898385862-2090695895-1009Core.job
    - c:\documents and settings\Mary\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-27 17:32]

    2009-12-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3089717478-2898385862-2090695895-1009UA.job
    - c:\documents and settings\Mary\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-27 17:32]

    2009-12-03 c:\windows\Tasks\User_Feed_Synchronization-{C3D03F10-885E-421E-B274-E5E3C94C4FA8}.job
    - c:\windows\system32\msfeedssync.exe [2006-10-17 04:31]
    .
    .
    Supplementary Scan
    .
    uStart Page = hxxp://www.google.ie/
    LSP: c:\windows\system32\mclsp.dll
    DPF: {4F1D0C59-5ECC-4028-87F3-482191D2230F} - hxxp://134.226.124.250/activex/AMC.cab
    DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://148.61.63.218/activex/AMC.cab
    DPF: {FE92D9C3-4A69-4EC7-8651-1DC8531D0075} - hxxp://ip-caseville.greatlakescam.com/user/TSBnwCam.CAB
    FF - ProfilePath - c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\nmyr175q.default\
    FF - prefs.js: browser.search.selectedEngine - GoogleFeed.net
    FF - prefs.js: browser.startup.homepage - hxxp://www.google-feed.net/?CID=2&PID=STV
    FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
    FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    .
    - - - - ORPHANS REMOVED - - - -

    WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
    WebBrowser-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file)
    HKCU-Run-Octoshape Streaming Services - c:\program files\Octoshape Streaming Services\Chris\OctoshapeClient.exe
    HKCU-Run-Messenger (Yahoo!) - c:\program files\Yahoo!\Messenger\YahooMessenger.exe
    AddRemove-DVD Label Maker - c:\program files\Acoustica CD Label Maker\cdlabel.exe UNINSTALL
    AddRemove-AOL Toolbar - c:\program files\AOL\AOL Toolbar 2.0\uninstall.exe
    AddRemove-BaiduBarX - c:\program files\Baidu\Toolbar\BaiduBarX.dll
    AddRemove-RealJukebox 1.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    AddRemove-RealPlayer 6.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-12-03 15:18
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
    "ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
    .
    DLLs Loaded Under Running Processes

    - - - - - - - > 'winlogon.exe'(908)
    c:\program files\SUPERAntiSpyware\SASWINLO.dll
    c:\windows\system32\Ati2evxx.dll

    - - - - - - - > 'lsass.exe'(964)
    c:\windows\system32\mclsp.dll
    c:\windows\system32\SPORDER.dll
    c:\windows\system32\mclsphlr\gdlsphlr.dll
    c:\windows\system32\McRtl32.dll

    - - - - - - - > 'explorer.exe'(2696)
    c:\progra~1\McAfee\SPAMKI~1\mskoeplg.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\OneX.DLL
    c:\windows\system32\eappprxy.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Other Running Processes
    .
    c:\windows\system32\Ati2evxx.exe
    c:\program files\Ahead\InCD\InCDsrv.exe
    c:\windows\system32\Ati2evxx.exe
    c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Common Files\EPSON\EBAPI\SAgent2.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Kontiki\KService.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\progra~1\AVG\AVG8\avgrsx.exe
    c:\progra~1\mcafee.com\vso\mcshield.exe
    c:\progra~1\AVG\AVG8\avgnsx.exe
    c:\progra~1\mcafee.com\agent\mctskshd.exe
    c:\progra~1\mcafee.com\vso\OasClnt.exe
    c:\program files\mcafee.com\shared\mghtml.exe
    c:\program files\CyberLink\Shared Files\RichVideo.exe
    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    c:\program files\AVG\AVG8\avgcsrvx.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\Windows Live\Contacts\wlcomm.exe
    c:\progra~1\McAfee.com\PERSON~1\MpfAgent.exe
    .
    **************************************************************************
    .
    Completion time: 2009-12-03 15:41 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-12-03 15:41

    Pre-Run: 8,468,221,952 bytes free
    Post-Run: 12,711,075,840 bytes free

    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

    - - End Of File - - B8C6B54AE73446783C1D9846F2F9BD21


    Thanks for your help


  • #11
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    hi

    Download TFC to your desktop
    • Open the file and close any other windows.
    • It will close all programs itself when run, make sure to let it run uninterrupted.
    • Click the Start button to begin the process. The program should not take long to finish its job
    • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean




    Please download Malwarebytes' Anti-Malware from Here

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






    Go to Kaspersky website and perform an online antivirus scan.
    1. Read through the requirements and privacy statement and click on Accept button.
    2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    3. When the downloads have finished, click on Settings.
    4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
        Spyware, Adware, Dialers, and other potentially dangerous programs
        Archives
        Mail databases
      [*]Click on My Computer under Scan.
      [*]Once the scan is complete, it will display the results. Click on View Scan Report.
      [*]You will see a list of infected items there. Click on Save Report As....
      [*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.


    5. Advertisement
    6. #12
      christo82
      Registered Users, Registered Users 2 Posts: 737 ✭✭✭christo82


      Sorry for the delay Actor. I only have the latest Malwarebytes log at the moment. my sister is writing an essay for college and has been on the computer a lot lately so haven't had time for Kaspersky scan. The problem has gone away now and Malwarebytes shows up no infections, but I will scan with Kaspersky as soon as I can. Thanks for your help.

      Malwarebytes' Anti-Malware 1.41
      Database version: 3267
      Windows 5.1.2600 Service Pack 3

      06/12/2009 09:40:05
      mbam-log-2009-12-06 (09-40-05).txt

      Scan type: Quick Scan
      Objects scanned: 165621
      Time elapsed: 15 minute(s), 1 second(s)

      Memory Processes Infected: 0
      Memory Modules Infected: 0
      Registry Keys Infected: 0
      Registry Values Infected: 0
      Registry Data Items Infected: 0
      Folders Infected: 0
      Files Infected: 0

      Memory Processes Infected:
      (No malicious items detected)

      Memory Modules Infected:
      (No malicious items detected)

      Registry Keys Infected:
      (No malicious items detected)

      Registry Values Infected:
      (No malicious items detected)

      Registry Data Items Infected:
      (No malicious items detected)

      Folders Infected:
      (No malicious items detected)

      Files Infected:
      (No malicious items detected)


    7. #13
      presotrader
      Registered Users, Registered Users 2 Posts: 56 ✭✭presotrader


      ... also try to get some realtime protection (anti-malware working in the background all the time), it's is likely that artifacts from the malware were left behind (known polymorph)


    Advertisement