|
|
|
Want to buy virus/malware etc... prevention software?!
|
|
|
d4nnyboy
Junior Member
|
29. September 2008 @ 13:35 |
Link to this message
|
Im asking this on behalf of my mother :)
I personally dont use any software for protection, just windows firewall....im carful :)
But my mum's pc is a communal pc and its riddled with crap and popups gallore!!
I know there are free bits of software that prevents spyware etc but they are limited to what they can do.
So does anybody know of a program thats reasonably priced yet it protects, searches and destroys any nasty threats that can mess up me mums pc.
There are so many I wouldn't know where to begin to look for AV software
Any opinions and guidance will be great :)
|
|
Advertisement
|
|
|
|
Senior Member
|
30. September 2008 @ 00:51 |
Link to this message
|
Hi d4nnyboy
Antivirus and antispyware protection is extremely important. A firewall does not stop malware from coming through browser exploits or be bundled with software you download.
Before we begin the cleanup process and choose an antivirus for your mom's computer, it is important to do a little analysis first. We will analyze your computer with a tool called HijackThis.
Please download the HijackThis zip file. Save it onto a convenient place in your computer, and then unzip the file.
Rename HijackThis(.exe) to scanner(.exe).
Next, run scanner(.exe). A window will pop up.
? Click on the button which says Main Menu, then Do a system scan and save a logfile.
? Please wait for the scan to be completed.
? After the scan has completed, a text window will pop up. Please post the contents of this window here.
This will also be located at hijackthis(.txt) in the same folder that HijackThis was originally saved.
NOTE:: Do not fix anything using HijackThis, as this may also damage legitimate components of your computer.
Best Regards :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
|
d4nnyboy
Junior Member
|
30. September 2008 @ 10:05 |
Link to this message
|
|
ok! no problem,
Im familiar with hijack this, I will go round me mums later on today and get the diagnostic report from hijack this,
Thanks for your help :)
|
|
d4nnyboy
Junior Member
|
30. September 2008 @ 16:23 |
Link to this message
|
here it is:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:51:19, on 30/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\James\Desktop\HiJackThis\Scanner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: IP - {000051AF-07E2-461B-BA37-A2AF7E652E7D} - C:\Documents and Settings\All Users\Application Data\ipd\ipb.dll
O2 - BHO: (no name) - {114A72AF-007E-461D-89FF-864728C749C5} - C:\WINDOWS\system32\cbXPhiJa.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Rmn plugin - {47D92EB6-E52C-4cda-92A6-2369963F4913} - siemens32.dll (file missing)
O2 - BHO: (no name) - {514A5C49-0C7D-42c3-A71B-38864A269B7A} - C:\WINDOWS\system32\xnkhyleh.dll (file missing)
O2 - BHO: {aa3f8a59-261d-42d9-3034-6d2964bf7756} - {6577fb46-92d6-4303-9d24-d16295a8f3aa} - C:\WINDOWS\system32\vdlqnt.dll
O2 - BHO: (no name) - {70127B26-A7AD-4C9D-B749-A88960B24EAF} - C:\WINDOWS\system32\ljJCRklI.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [BM33aa9ccc] Rundll32.exe "C:\WINDOWS\system32\gpgdlrls.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: vdlqnt.dll,avgrsstx.dll
O20 - Winlogon Notify: cbXPhiJa - cbXPhiJa.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\WW91ciBVc2VyIE5hbWU\command.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Norman NJeeves - Unknown owner - C:\MadeSafe\bin\NJEEVES.EXE (file missing)
O23 - Service: Norman ZANDA - Unknown owner - C:\MadeSafe\Bin\Zanda.exe (file missing)
--
End of file - 5594 bytes
This message has been edited since posting. Last time this message was edited on 30. September 2008 @ 16:38
|
Senior Member
|
1. October 2008 @ 09:24 |
Link to this message
|
Hey d4nnyboy
Now, please download ComboFix.
With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.
Please disable all security programs, such as antiviruses, antispywares, and firewalls.
Also disable your internet connection.
? Run Combo-Fix.exe and follow the prompts.
**Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.
? Wait for the scan to be completed.
? If it requires a reboot, please do it.
? After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt)
Do not click on the ComoboFix window, as it may cause it to stall.
Also post a new HijackThis log.
Best Regards :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
|
d4nnyboy
Junior Member
|
1. October 2008 @ 16:01 |
Link to this message
|
|
i downloaded it, il go round me mums after work tomorrow and post the log,
thanks again
|
|
d4nnyboy
Junior Member
|
2. October 2008 @ 12:00 |
Link to this message
|
Here's combo-fix:
ComboFix 08-09-30.03 - James 2008-10-02 16:45:40.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.256 [GMT 1:00]
Running from: C:\Documents and Settings\James\Desktop\Combo-Fix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\DOCUME~1\James\LOCALS~1\Temp\tmp1.tmp
C:\Documents and Settings\Julie\Cookies\julie@a.fish4.co[1].txt
C:\Documents and Settings\Julie\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\WINDOWS\BM33aa9ccc.txt
C:\WINDOWS\BM33aa9ccc.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\alog.txt
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\system32\bnksbobe.ini
C:\WINDOWS\system32\gpgdlrls.dll
C:\WINDOWS\system32\inst.dat
C:\WINDOWS\system32\lyqmybda.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\MscID.dll
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pk.bin
C:\WINDOWS\system32\ps1.dat
C:\WINDOWS\system32\rc.dat
C:\WINDOWS\system32\tscjdyiw.ini
C:\WINDOWS\system32\vdlqnt.dll
C:\WINDOWS\system32\wiydjcst.dll
C:\WINDOWS\system32\xcbvcb(2).dll
C:\WINDOWS\system32\yayvVOfE.dll
C:\WINDOWS\system32\yayxvTNg.dll
C:\WINDOWS\uninstall_nmon.vbs
C:\WINDOWS\WW91ciBVc2VyIE5hbWU\
C:\WINDOWS\WW91ciBVc2VyIE5hbWU\\qq6Yw21pwZpVKHc1vqo.vbs
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_CMDSERVICE
-------\Legacy_MCHINJDRV
-------\Legacy_NETWORK_MONITOR
-------\Service_cmdService
-------\Service_Network Monitor
((((((((((((((((((((((((( Files Created from 2008-09-02 to 2008-10-02 )))))))))))))))))))))))))))))))
.
2008-10-02 16:43 . 2008-10-02 16:43 12,328 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2008-10-02 15:24 . 2008-10-02 15:24 123,904 --a------ C:\WINDOWS\system32\iasxdu.dll
2008-10-02 15:24 . 2008-10-02 15:24 123,904 --a------ C:\WINDOWS\system32\hpajyrce.dll
2008-10-02 15:23 . 2008-10-02 15:23 101,888 --a------ C:\WINDOWS\system32\hawmfhcg.dll
2008-10-02 15:23 . 2008-10-02 15:23 71,168 --a------ C:\WINDOWS\system32\ebobsknb.dll
2008-10-01 15:29 . 2008-10-01 15:29 268 --ah----- C:\sqmdata06.sqm
2008-10-01 15:29 . 2008-10-01 15:29 244 --ah----- C:\sqmnoopt06.sqm
2008-09-30 17:48 . 2008-09-30 17:48 268 --ah----- C:\sqmdata05.sqm
2008-09-30 17:48 . 2008-09-30 17:48 244 --ah----- C:\sqmnoopt05.sqm
2008-09-30 15:23 . 2008-09-30 15:23 268 --ah----- C:\sqmdata04.sqm
2008-09-30 15:23 . 2008-09-30 15:23 244 --ah----- C:\sqmnoopt04.sqm
2008-09-29 23:37 . 2008-09-29 23:37 244 --ah----- C:\sqmnoopt03.sqm
2008-09-29 23:37 . 2008-09-29 23:37 232 --ah----- C:\sqmdata03.sqm
2008-09-29 22:51 . 2008-09-29 22:51 268 --ah----- C:\sqmdata02.sqm
2008-09-29 22:51 . 2008-09-29 22:51 244 --ah----- C:\sqmnoopt02.sqm
2008-09-29 22:23 . 2008-09-29 22:23 <DIR> d-------- C:\Documents and Settings\James\Application Data\AdobeUM
2008-09-29 21:27 . 2008-09-29 21:27 244 --ah----- C:\sqmnoopt01.sqm
2008-09-29 21:27 . 2008-09-29 21:27 232 --ah----- C:\sqmdata01.sqm
2008-09-29 17:49 . 2008-09-29 17:50 <DIR> d-------- C:\Documents and Settings\James\Application Data\U3
2008-09-29 17:34 . 2008-07-18 22:07 270,880 --a------ C:\WINDOWS\system32\mucltui.dll
2008-09-29 17:34 . 2008-07-18 22:07 210,976 --a------ C:\WINDOWS\system32\muweb.dll
2008-09-29 17:03 . 2008-09-30 12:29 <DIR> d--h----- C:\$AVG8.VAULT$
2008-09-29 16:56 . 2008-09-29 17:45 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-09-29 16:56 . 2008-09-29 16:56 <DIR> d-------- C:\Program Files\AVG
2008-09-29 16:56 . 2008-09-29 16:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-09-29 16:56 . 2008-09-29 16:56 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-09-29 16:56 . 2008-09-29 16:56 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-09-29 16:56 . 2008-09-29 16:56 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-09-29 16:48 . 2008-09-29 16:48 67,584 --a------ C:\WINDOWS\inform.dat
2008-09-29 16:48 . 2008-09-29 16:48 1 --a------ C:\WINDOWS\system32\bb1.dat
2008-09-29 16:29 . 2008-09-29 16:29 <DIR> d-------- C:\Program Files\Java
2008-09-29 16:29 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-09-29 16:28 . 2008-09-29 16:28 <DIR> d-------- C:\Program Files\Common Files\Java
2008-09-29 16:04 . 2008-09-30 12:29 <DIR> d-------- C:\WINDOWS\system32\EV02
2008-09-24 20:38 . 2008-09-25 20:41 1,394 --a------ C:\WINDOWS\system32\bpkch.dat
2008-09-18 04:47 . 2008-09-18 04:47 1,199,270 --ahs---- C:\WINDOWS\system32\rvtstpdi.tmp
2008-09-17 01:46 . 2008-09-17 01:46 1,199,090 --ahs---- C:\WINDOWS\system32\hiqiecdk.tmp
2008-09-16 14:42 . 2008-07-18 22:07 29,728 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-09-15 19:48 . 2008-09-15 19:48 1,198,970 --ahs---- C:\WINDOWS\system32\eclhssqt.tmp
2008-09-13 14:12 . 2008-09-13 14:12 1,198,730 --ahs---- C:\WINDOWS\system32\pyfjvxlx.tmp
2008-09-12 13:26 . 2008-09-12 13:26 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\IBPlugin
2008-09-11 21:07 . 2008-09-11 21:07 1,198,646 --ahs---- C:\WINDOWS\system32\ecqqqvhr.tmp
2008-09-11 14:03 . 2008-09-11 14:03 1,192,886 --ahs---- C:\WINDOWS\system32\dmmdlmyy.tmp
2008-09-11 05:17 . 2008-09-11 05:17 <DIR> d-------- C:\Documents and Settings\Julie\Application Data\IBPlugin
2008-09-10 21:07 . 2008-09-29 17:26 1,473 --ahs---- C:\WINDOWS\system32\IlkRCJjl.ini2
2008-09-10 21:07 . 2008-09-29 17:28 1,473 --ahs---- C:\WINDOWS\system32\IlkRCJjl.ini
2008-09-10 21:02 . 2008-09-29 17:21 <DIR> d-------- C:\WINDOWS\system32\yb
2008-09-10 21:02 . 2008-09-29 17:21 <DIR> d-------- C:\WINDOWS\system32\wTR02
2008-09-10 21:02 . 2008-09-10 21:02 <DIR> d-------- C:\WINDOWS\system32\ftv
2008-09-10 21:02 . 2008-09-10 21:02 <DIR> d-------- C:\Documents and Settings\James\Application Data\IBPlugin
2008-09-10 21:02 . 2008-09-10 21:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Tarma Installer
2008-09-10 21:02 . 2008-09-10 21:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ipd
2008-09-10 21:01 . 2008-09-10 21:01 71 -ra------ C:\Documents and Settings\James\5309.bat
2008-09-10 16:56 . 2008-09-10 16:56 34 --a------ C:\WINDOWS\system32\_111881690A7D.sys
2008-09-10 16:55 . 2008-09-10 16:55 <DIR> d-------- C:\WINDOWS\system32\cuperlib
2008-09-10 16:55 . 2008-09-10 16:56 <DIR> d-------- C:\Program Files\CuperUtilities StartUp Manager
2008-09-10 16:55 . 2007-10-29 01:51 1,706,800 --a------ C:\WINDOWS\system32\gdiplus.dll
2008-09-10 16:55 . 2007-10-20 19:49 544,768 --a------ C:\WINDOWS\system32\wbocx.ocx
2008-09-10 16:55 . 2007-10-20 19:49 258,352 --a------ C:\WINDOWS\system32\unicows.dll
2008-09-10 16:55 . 2007-10-20 19:49 56,496 --a------ C:\WINDOWS\system32\wbhelp2.dll
2008-09-10 16:55 . 2007-10-20 19:49 33,968 --a------ C:\WINDOWS\system32\anim.dll
2008-09-10 16:55 . 2007-11-15 04:18 4,608 --a------ C:\WINDOWS\system32\W95INF32.DLL
2008-09-10 16:55 . 2007-11-15 04:18 2,272 --a------ C:\WINDOWS\system32\W95INF16.DLL
2008-09-10 16:55 . 2007-11-15 04:18 439 --a------ C:\WINDOWS\system32\shfolder.inf
2008-09-10 16:52 . 2008-09-10 16:52 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-09-10 16:52 . 2008-09-17 19:02 <DIR> d-------- C:\Documents and Settings\James\Contacts
2008-09-10 16:48 . 2008-09-10 16:58 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-09-10 16:44 . 2008-09-10 16:46 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-09-10 16:44 . 2008-09-10 16:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-09-10 16:36 . 2008-09-10 16:52 <DIR> d-------- C:\Program Files\Windows Live
2008-09-10 16:36 . 2008-09-10 16:36 268 --ah----- C:\sqmdata00.sqm
2008-09-10 16:36 . 2008-09-10 16:36 244 --ah----- C:\sqmnoopt00.sqm
2008-09-09 21:08 . 2008-09-09 21:08 <DIR> d-------- C:\Program Files\Lavalys
2008-09-09 20:25 . 2008-10-02 15:26 <DIR> d-------- C:\Documents and Settings\James\Application Data\Azureus
2008-09-09 20:19 . 2008-09-29 16:09 <DIR> d-------- C:\WINDOWS\system32\dt
2008-09-09 20:12 . 2008-09-29 22:47 <DIR> d-------- C:\Program Files\Azureus
2008-09-09 17:56 . 2008-09-10 16:44 <DIR> d-------- C:\Documents and Settings\James\Application Data\skypePM
2008-09-09 17:56 . 2008-09-09 17:56 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-09-09 17:53 . 2008-09-10 16:45 <DIR> d-------- C:\Documents and Settings\James\Application Data\Skype
2008-09-09 17:52 . 2008-09-09 17:52 <DIR> d-------- C:\Program Files\Skype
2008-09-09 17:52 . 2008-09-09 17:52 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-09-09 17:52 . 2008-09-09 17:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-09-09 16:43 . 2008-06-23 17:57 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-09-09 16:43 . 2007-04-17 10:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-09-09 16:43 . 2007-03-08 06:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-09-09 16:43 . 2008-06-23 17:57 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-09-09 16:43 . 2008-06-23 17:57 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-09-09 16:43 . 2008-06-23 17:57 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-09-09 16:43 . 2008-06-23 17:57 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-09-09 16:43 . 2008-06-23 17:57 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-09-09 16:43 . 2008-06-23 10:20 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-09-09 16:38 . 2008-09-09 16:38 <DIR> d-------- C:\WINDOWS\Sun
2008-09-09 01:29 . 2008-09-06 11:59 <DIR> d-------- C:\Documents and Settings\Julie\IXP000.TMP
2008-09-09 01:29 . 2008-10-01 12:32 <DIR> d-------- C:\Documents and Settings\Julie
2008-09-08 23:34 . 2008-09-08 23:34 <DIR> d-------- C:\Program Files\Unlocker
2008-09-08 23:34 . 2008-09-08 23:34 <DIR> d-------- C:\Documents and Settings\James\Application Data\Desktopicon
2008-09-08 23:18 . 2008-09-08 23:18 <DIR> d-------- C:\WINDOWS\WinRAR
2008-09-08 22:30 . 2008-09-08 22:30 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-09-08 22:30 . 2008-01-10 13:15 755,027 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-09-08 22:30 . 2007-09-04 17:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll
2008-09-08 22:27 . 2008-09-08 22:27 <DIR> d-------- C:\Documents and Settings\James\Application Data\vlc
2008-09-08 22:26 . 2008-09-08 22:26 <DIR> d-------- C:\Program Files\VideoLAN
2008-09-08 22:23 . 2008-09-08 22:24 <DIR> d-------- C:\Program Files\Winamp
2008-09-08 22:23 . 2008-09-08 22:24 <DIR> d-------- C:\Documents and Settings\James\Application Data\Winamp
2008-09-08 22:05 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-09-06 16:18 . 2004-05-21 05:04 79,622 --a------ C:\WINDOWS\system32\EBPMON24.DLL
2008-09-06 16:18 . 2003-05-21 02:27 64,000 --a------ C:\WINDOWS\system32\ECBTEG.DLL
2008-09-06 16:18 . 2000-06-07 01:01 34,304 --a------ C:\WINDOWS\system32\EBPCHP.DLL
2008-09-06 16:18 . 2003-07-16 13:14 31,744 --a------ C:\WINDOWS\system32\E_DCINST.DLL
2008-09-06 16:17 . 2008-09-06 16:18 <DIR> d-------- C:\Program Files\EPSON
2008-09-06 16:17 . 2008-09-06 16:17 <DIR> d-------- C:\EPSON
2008-09-06 16:12 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-09-06 16:12 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-09-06 16:06 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-09-06 16:06 . 2001-08-17 13:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-09-06 16:06 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-09-06 16:06 . 2001-08-17 14:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-06 11:44 --------- d-----w C:\Program Files\SiSLan
2008-09-06 11:35 --------- d-----w C:\Program Files\Google
2008-09-06 11:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-06 11:06 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-09-06 11:05 --------- d-----w C:\Program Files\Common Files\Adobe
2008-09-06 11:00 --------- d-----w C:\Program Files\microsoft frontpage
2008-07-18 21:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 21:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 21:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 21:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 21:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 21:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 21:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 21:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-09-06 171448]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-29 1234712]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=vdlqnt.dll,avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\javaw.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"19465:TCP"= 19465:TCP:BitComet 19465 TCP
"19465:UDP"= 19465:UDP:BitComet 19465 UDP
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-09-29 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-09-29 875288]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-29 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-09-29 76040]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cfa3184b-7f57-11dd-b4c6-000b6a2c0f12}]
\Shell\Auto\command - F:\Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3dfd96f-8e45-11dd-b4c9-000b6a2c0f12}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f252be06-7de9-11dd-b4be-000b6a2c0f12}]
\Shell\Auto\command - F:\Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9988775D-4368-4857-871A-D01D66CA3A71}]
rundll32 siemens32.dll,InitO
.
- - - - ORPHANS REMOVED - - - -
BHO-{114A72AF-007E-461D-89FF-864728C749C5} - C:\WINDOWS\system32\cbXPhiJa.dll
BHO-{6577fb46-92d6-4303-9d24-d16295a8f3aa} - C:\WINDOWS\system32\vdlqnt.dll
BHO-{70127B26-A7AD-4C9D-B749-A88960B24EAF} - C:\WINDOWS\system32\ljJCRklI.dll
HKLM-Run-BM33aa9ccc - C:\WINDOWS\system32\gpgdlrls.dll
ShellExecuteHooks-{114A72AF-007E-461D-89FF-864728C749C5} - C:\WINDOWS\system32\cbXPhiJa.dll
Notify-cbXPhiJa - cbXPhiJa.dll
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://google.co.uk/
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-02 16:49:44
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wpabaln.exe
.
**************************************************************************
.
Completion time: 2008-10-02 16:51:27 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-02 15:51:14
Pre-Run: 49,402,372,096 bytes free
Post-Run: 49,682,022,400 bytes free
272 --- E O F --- 2008-09-10 14:13:25
|
|
d4nnyboy
Junior Member
|
2. October 2008 @ 12:01 |
Link to this message
|
And heres the updated Hijack This:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:54:29, on 02/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wpabaln.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\James\Desktop\HiJackThis\Scanner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: vdlqnt.dll,avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\MadeSafe\bin\NJEEVES.EXE (file missing)
O23 - Service: Norman ZANDA - Unknown owner - C:\MadeSafe\Bin\Zanda.exe (file missing)
--
End of file - 4186 bytes
|
|
d4nnyboy
Junior Member
|
3. October 2008 @ 10:08 |
Link to this message
|
well im at me mums now typing this and iv not seen one pop up yet,
its looking good so far
My mother says thank you :)
Anyways thanks for all your help, now all i need to do is to find some good av software to keep it clean.
|
Senior Member
|
3. October 2008 @ 10:17 |
Link to this message
|
Hey d4nnyboy
From your logs, you are obviously not clean.
Please download Superantispyware Free and install it. Follow the prompts and reboot if required.
Launch Superantispyware Free either by running C:\Program Files\SUPERANTISPYWARE.exe or right-click on the SuperAntispyware icon in your task bar (it looks like a bug) and click on Scan for Spyware, Adware, Malware...
Configuring SuperAntispyware
? Click on Preferences.
? In the tab General and Startup, make sure the box Start SuperAntispyware when Windows starts is unchecked. This will prevent SuperAntispyware from starting everytime, because it may interfere with other fixes that may be run.
? Navigate to the tab Scanning Control.
? Make sure only these boxes are checked:
Close browsers before scanning
Scan for tracking cookies
Terminate memory threats before quarantining
Scan Alternate Data Streams
Use Kernel Direct File Access (recommended)
Use Kernel Direct Registry Access (recommended)
Use Direct Disk Access (recommended)
? Click on Close.
Updating SuperAntispyware
? At the main window, click on Check for Updates....
? Wait for SuperAntispyware to be fully updated.
Scanning Time
? Boot into safe mode by repeatedly pressing the F8 key after you press the power button. If safe mode does not work, tell me and do the scan in normal mode.
? Launch SuperAntispyware.
? At the main window, click on Scan your Computer....
? Make sure all drives (excluding CD drives) are checked, select Perform Complete Scan, and then click on Next.
? Wait for the scan to complete, and then click on Next>. This will quarantine and remove all detected items.
? Reboot your computer.
Post A Log
? Launch SuperAntispyware
? Click on Preferences
? Navigate to the tab Statistics/Logs.
? Choose the latest scan log, and the click on View Log....
? Copy and paste the contents of the log here in your next post.
Best Regards :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
|
d4nnyboy
Junior Member
|
3. October 2008 @ 12:48 |
Link to this message
|
Bummer!!
despite pop ups gone, still some crap left?!
im round me mums tomoz so il get right on it,
thanks very much for doing this, im very gratful :)
|
Senior Member
|
4. October 2008 @ 02:50 |
Link to this message
|
|
haha... you're welcome.
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
|
d4nnyboy
Junior Member
|
5. October 2008 @ 14:08 |
Link to this message
|
Heres the log from superantispyware:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 10/05/2008 at 06:56 PM
Application Version : 4.21.1004
Core Rules Database Version : 3589
Trace Rules Database Version: 1576
Scan type : Complete Scan
Total Scan Time : 01:34:43
Memory items scanned : 153
Memory threats detected : 0
Registry items scanned : 3387
Registry threats detected : 2
File items scanned : 34921
File threats detected : 59
Adware.Tracking Cookie
C:\DOCUME~1\James\LOCALS~1\Temp\Cookies\james@server.iad.liveperson[1].txt
C:\DOCUME~1\James\LOCALS~1\Temp\Cookies\james@revsci[1].txt
C:\DOCUME~1\James\LOCALS~1\Temp\Cookies\james@tradedoubler[2].txt
C:\DOCUME~1\James\LOCALS~1\Temp\Cookies\james@2o7[2].txt
C:\DOCUME~1\James\LOCALS~1\Temp\Cookies\james@media.adrevolver[1].txt
C:\DOCUME~1\James\LOCALS~1\Temp\Cookies\james@media.adrevolver[2].txt
C:\DOCUME~1\James\LOCALS~1\Temp\Cookies\james@doubleclick[2].txt
C:\DOCUME~1\James\LOCALS~1\Temp\Cookies\james@secure.partyaccount[1].txt
C:\DOCUME~1\James\LOCALS~1\Temp\Cookies\james@linksynergy[2].txt
C:\DOCUME~1\James\LOCALS~1\Temp\Cookies\james@serving-sys[1].txt
C:\DOCUME~1\James\LOCALS~1\Temp\Cookies\james@rotator.adjuggler[2].txt
C:\DOCUME~1\James\LOCALS~1\Temp\Cookies\james@mediaplex[1].txt
C:\DOCUME~1\James\LOCALS~1\Temp\Cookies\james@msnportal.112.2o7[1].txt
C:\DOCUME~1\James\LOCALS~1\Temp\Cookies\james@statcounter[1].txt
C:\DOCUME~1\James\LOCALS~1\Temp\Cookies\james@adopt.euroclick[1].txt
C:\DOCUME~1\James\LOCALS~1\Temp\Cookies\james@hitbox[2].txt
C:\DOCUME~1\James\LOCALS~1\Temp\Cookies\james@112.2o7[1].txt
C:\DOCUME~1\James\LOCALS~1\Temp\Cookies\james@partyaccount[1].txt
C:\DOCUME~1\James\LOCALS~1\Temp\Cookies\james@server.iad.liveperson[3].txt
C:\DOCUME~1\James\LOCALS~1\Temp\Cookies\james@bootcampmedia[1].txt
C:\DOCUME~1\James\LOCALS~1\Temp\Cookies\james@www.googleadservices[1].txt
C:\DOCUME~1\James\LOCALS~1\Temp\Cookies\james@fastclick[2].txt
C:\DOCUME~1\James\LOCALS~1\Temp\Cookies\james@apmebf[2].txt
C:\DOCUME~1\James\LOCALS~1\Temp\Cookies\james@adtech[1].txt
C:\DOCUME~1\James\LOCALS~1\Temp\Cookies\james@ad.doubleclick[1].txt
C:\DOCUME~1\James\LOCALS~1\Temp\Cookies\james@tribalfusion[2].txt
C:\DOCUME~1\James\LOCALS~1\Temp\Cookies\james@zedo[2].txt
C:\DOCUME~1\James\LOCALS~1\Temp\Cookies\james@uk.sitestat[1].txt
C:\DOCUME~1\James\LOCALS~1\Temp\Cookies\james@bs.serving-sys[2].txt
C:\DOCUME~1\James\LOCALS~1\Temp\Cookies\james@nextag[1].txt
C:\DOCUME~1\James\LOCALS~1\Temp\Cookies\james@adbrite[2].txt
C:\DOCUME~1\James\LOCALS~1\Temp\Cookies\james@ad.yieldmanager[1].txt
C:\DOCUME~1\James\LOCALS~1\Temp\Cookies\james@ads.addynamix[1].txt
C:\DOCUME~1\James\LOCALS~1\Temp\Cookies\james@reduxads.valuead[2].txt
C:\DOCUME~1\James\LOCALS~1\Temp\Cookies\james@advertising[1].txt
C:\DOCUME~1\James\LOCALS~1\Temp\Cookies\james@counter.bizhat[1].txt
C:\DOCUME~1\James\LOCALS~1\Temp\Cookies\james@specificclick[1].txt
C:\DOCUME~1\James\LOCALS~1\Temp\Cookies\james@clicktorrent[1].txt
C:\DOCUME~1\James\LOCALS~1\Temp\Cookies\james@stat.dealtime[1].txt
C:\DOCUME~1\James\LOCALS~1\Temp\Cookies\james@partypoker[2].txt
C:\DOCUME~1\James\LOCALS~1\Temp\Cookies\james@adrevolver[2].txt
C:\DOCUME~1\James\LOCALS~1\Temp\Cookies\james@imrworldwide[2].txt
C:\DOCUME~1\James\LOCALS~1\Temp\Cookies\james@statse.webtrendslive[2].txt
C:\DOCUME~1\James\LOCALS~1\Temp\Cookies\james@adviva[1].txt
C:\DOCUME~1\James\LOCALS~1\Temp\Cookies\james@www.googleadservices[2].txt
C:\DOCUME~1\James\LOCALS~1\Temp\Cookies\james@overture[1].txt
C:\DOCUME~1\James\LOCALS~1\Temp\Cookies\james@revsci[2].txt
C:\DOCUME~1\James\LOCALS~1\Temp\Cookies\james@e-2dj6wcmyejdjkao.stats.esomniture[2].txt
C:\DOCUME~1\James\LOCALS~1\Temp\Cookies\james@ehg-autotrader.hitbox[1].txt
C:\DOCUME~1\James\LOCALS~1\Temp\Cookies\james@atdmt[2].txt
Adware.JavaCore/NoDNS
HKLM\SOFTWARE\CLASSES\APPID\BHO_MYJAVACORE.DLL
HKLM\SOFTWARE\CLASSES\APPID\BHO_MYJAVACORE.DLL#AppID
Trojan.Unknown Origin
C:\QOOBOX\QUARANTINE\C\WINDOWS\UNINSTALL_NMON.VBS.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\WW91CIBVC2VYIE5HBWU\QQ6YW21PWZPVKHC1VQO.VBS.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BEA5311-80F1-4B11-A9DD-68CE4726B7C9}\RP42\A0017469.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BEA5311-80F1-4B11-A9DD-68CE4726B7C9}\RP45\A0019662.VBS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BEA5311-80F1-4B11-A9DD-68CE4726B7C9}\RP45\A0019672.VBS
Adware.Vundo Variant
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BEA5311-80F1-4B11-A9DD-68CE4726B7C9}\RP38\A0016407.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BEA5311-80F1-4B11-A9DD-68CE4726B7C9}\RP38\A0016408.DLL
Browser Hijacker.MJCore
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BEA5311-80F1-4B11-A9DD-68CE4726B7C9}\RP38\A0016432.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BEA5311-80F1-4B11-A9DD-68CE4726B7C9}\RP41\A0016667.DLL
|
Senior Member
|
6. October 2008 @ 07:50 |
Link to this message
|
Hey d4nnyboy
You're still infected.
Please disable all security programs, such as antiviruses, antispywares, and firewalls.
Also disable your internet connection.
Open Notepad and copy/paste the text in the code box below into it:
File::
C:\WINDOWS\system32\iasxdu.dll
C:\WINDOWS\system32\hpajyrce.dll
C:\WINDOWS\system32\hawmfhcg.dll
C:\WINDOWS\system32\ebobsknb.dll
C:\WINDOWS\system32\rvtstpdi.tmp
C:\WINDOWS\system32\hiqiecdk.tmp
C:\WINDOWS\system32\eclhssqt.tmp
C:\WINDOWS\system32\pyfjvxlx.tmp
C:\WINDOWS\system32\ecqqqvhr.tmp
C:\WINDOWS\system32\dmmdlmyy.tmp
C:\WINDOWS\system32\IlkRCJjl.ini2
C:\WINDOWS\system32\yb
C:\WINDOWS\system32\wTR02
C:\WINDOWS\system32\ftv
C:\WINDOWS\system32\IlkRCJjl.ini
C:\Documents and Settings\James\5309.bat
C:\WINDOWS\system32\_111881690A7D.sys
C:\WINDOWS\system32\dt
Folder::
C:\WINDOWS\system32\EV02
? Save this as CFScript.txt in the same folder as ComboFix.
? Then drag the CFScript.txt into Combo-Fix.exe.
? This will start ComboFix again. After reboot, (in case it asks to reboot), post the ComboFix log here. The log will be located at C:\ComboFix(.txt).
Do not click on the ComoboFix window, as it may cause it to stall.
I'll post more instructions next.
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
Senior Member
|
6. October 2008 @ 07:53 |
Link to this message
|
Please download Malwarebytes Anti-Malware and install it. Follow the prompts and reboot if required.
Launch Malwarebytes either by running C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe or double-click the Malwarebytes' Anti-Malware shortcut on your Desktop.
Configuring Malwarebytes
? Click on the tab Settings.
? Make sure only these boxes are checked:
Terminate Internet Explorer
Automatically save and display logfile after removal
Always scan memory objects
Always scan registry objects
Always scan filesystem
Always scan extra and heuristics objects
Updating Malwarebytes
? Click on the tab Update.
? Press the button Check for Updates
? Wait for Malwarebytes to be fully updated.
Scanning Time
? Click on the tab Scanner.
? Check Perform full scan and click on Scan
? Wait for the scan to complete, and then click on Show Results.
? Make sure all items are checked, then click on Remove Selected.
**If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If you are asked to restart the computer, please do so immediately.
Post A Log
? A text box will pop up after the removal process is over. Post the contents of the text here.
? If no text box pops up, launch Malwarebytes, and click on the tab Logs.
? The logs will appear as mbam-log-*date-*time.txt. Select the latest one, and then click on Open.
? Post the log here.
Note:: All the programs (i.e. SuperAntispyware, Malwarebytes) are among the best free antispywares out there. You can keep them on your mom's computer for protection even after we're done.
Best Regards :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
|
Peshtigo
Senior Member
|
6. October 2008 @ 08:26 |
Link to this message
|
Please remind me why you renamed the (exe) files.
|
Senior Member
|
6. October 2008 @ 08:34 |
Link to this message
|
|
@Peshtigo
I PM'ed you so as to not crowd up this thread.
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
|
d4nnyboy
Junior Member
|
9. October 2008 @ 16:32 |
Link to this message
|
|
Its all sorted!!!
I transfered her media onto my external hard drive and iv reinstalled windows xp. :)
everythings fine at last, iv installed them spyware programs that you gave me in those links too.
Thanks very much for the help youv'e been great :)
|
Senior Member
|
10. October 2008 @ 00:52 |
Link to this message
|
Hey d4nnyboy
Look here for more information on software to get: http://www.geekstogo.com/forum/index.php...&page=How_did_I
Also, I highly recommend both Antivir and Comodo, both of which are free, and while Antivir has the best detection among the antiviruses out there, Comodo is also one of the best firewalls.
Best Regards :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
Senior Member
|
11. October 2008 @ 10:24 |
Link to this message
|
This message has been edited since posting. Last time this message was edited on 11. October 2008 @ 10:26
|
Senior Member
|
12. October 2008 @ 02:22 |
Link to this message
|
|
Absolutely, Berryone
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
|
d4nnyboy
Junior Member
|
12. October 2008 @ 07:59 |
Link to this message
|
|
Awsome, il download them now
Thanks again
|
|
Advertisement
|
|
|
Senior Member
|
13. October 2008 @ 17:28 |
Link to this message
|
|
@ cdavfrew
Thanks
|
|
