Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
Please download Malwarebytes' Anti-Malware from one of these sites:
Rename the setup file, mbam-setup.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename mbam-setup.exe to tool.exe> click save.
1. Double Click tool.exe to install the application.
2. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
3. If an update is found, it will download and install the latest version.
4. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient.
5. When the scan is complete, click OK, then Show Results to view the results.
6. Make sure that everything found is checked, and click Remove Selected.
7. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
8. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
9. Copy&Paste the entire report in your next reply.
If Malwarebytes installed but will not run navigate to this folder:C:\Programs Files\Malwarebytes' AntiMalware
Rename all the .exe files in the MAlwarebytes' Anti-Malware folder and try to run it again.
Please download and install the latest version of HijackThis v2.0.2:
Download the "HijackThis" Installer from this link:
Hijack ThisRename the setup file, HJTInstall.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename HJTInstall.exe to tools.exe> click save.
1. Save " tools.exe" to your desktop.
2. Double click on tools.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
0 
Well depends on your browser.Settings for stops popups can be done on in your Internet Options / IE Firefox etc...
Also some security softwares had this options or a stand alone popup blocker.
But also maybe your system was hack with this type of treat.There are several types of popups so it's important that one know which one you want to get rid of. The most common are windows that pop up over (or pop up and then get placed under) a Web page when it is opened (or sometimes when closed or some action is taken). These are generally controlled by Javascript code in the requested Web page. There are several ways to stop most, if not all, of them:
* Turn Javascript execution off. While effective, since many pages use Javascript for display enhancement purposes today doing this will greatly diminish your browsing experience.
* Use a software program. There are many software programs that basically sit between your Internet connection and the Web browser. They identify incoming Javascript designed to call up Web addresses as pop ups or pop unders and disable that code or simply set it aside instead of sending it to the browser. Most of these programs install themselves as part of the browser. There are far too many to list here. Please use a search such as http://www.google.com/search?q=popu...
* Install a browser bar that includes a pop up blocker and does other useful things as well. The Google browser bar for Internet Explorer allows you to easily search the Google site and, as a bonus, has a form filler and pop up blocker included in the options. (I use this bar all the time and find it very handy.) There are other toolbars as well which you can find with a search; be careful, however, some install "spyware." For their toolbar and other free software, see the Google site...
* Use a browser that has pop up blocking built into the browser code. The Mozilla-based browsers have this capability and have the advantage of being free. There are others as well. And, Internet Explorer 7 includes such code. You can find information about the Mozilla browsers at http://www.mozilla.org/
0
Hi Folks i did the HT log file for you, here goes - log:Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:52:32, on 14/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: NormalRunning processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\SOUNDMAN.exe
C:\WINDOWS\system32\LVCOMSX.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Documents and Settings\mark\My Documents\alisha's funky file\PDVDServ.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Internet Explorer\IEXPLORE.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Internet Explorer\IEXPLORE.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\AVG\AVG8\aAvgApi.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\mark\Desktop\HJTInstall.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Documents and Settings\mark\My Documents\alisha's funky file\PDVDServ.exe"
O4 - HKLM\..\Run: [Love default global mess] C:\Documents and Settings\All Users\Application Data\great coal love default\ace love.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\ARO.exe -rem
O4 - HKCU\..\Run: [free software] C:\DOCUME~1\mark\APPLIC~1\FORDSA~1\media keep flap.exe
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~2.exe -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB5; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.1.4322; .NET CLR 2.0.50727)" -"http://www.habbo.co.uk/client"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\mark\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.moove.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binar...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?lin...
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binar...
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binar...
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay107.hotmail.msn.c...
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/re...
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microso...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/M...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binar...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar...
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MSN Music Mediabar) - http://sib1.od2.com/common/musicman...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/g...
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msncha...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binar...
O16 - DPF: {FFC0A381-8145-4CFD-A768-A2259776C179} (PTV xVectorMap Plugin 3.1) - http://xvectormap.ptv.de/xvectormap...
O17 - HKLM\System\CCS\Services\Tcpip\..\{4076D876-B1D9-4431-AFBD-7793F59CD303}: NameServer = 62.24.218.223 62.24.218.222
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\KService\KService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe--
End of file - 12179 bytes
0
Malwarebytes' Anti-Malware 1.33
Database version: 1743
Windows 5.1.2600 Service Pack 314/02/2009 21:17:31
mbam-log-2009-02-14 (21-17-31).txtScan type: Full Scan (C:\|)
Objects scanned: 160780
Time elapsed: 2 hour(s), 2 minute(s), 35 second(s)Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0Memory Processes Infected:
(No malicious items detected)Memory Modules Infected:
(No malicious items detected)Registry Keys Infected:
(No malicious items detected)Registry Values Infected:
(No malicious items detected)Registry Data Items Infected:
(No malicious items detected)Folders Infected:
(No malicious items detected)Files Infected:
(No malicious items detected)
0
Please download ComboFix to the desktop from one of the following links:
Combofix is a powerful tool so follow the instructions exactly or you could damage your computer.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with Combofix and remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.In your case to run Combofix do the following:
1. Go offline turn off your AVG antivirus, Ad-Aware and any other antispyware that you may have.
2. Run Combofix by double clicking the combofix.exe icon on your desktop and save its log.
3. Restart the computer to get the antivirus running again but leave the antispyware programs off until we get the computer cleaned.
4. Post the Combofix log.
Remember to re-enable the protection again afterwards before connecting to the Internet.
0
Problem! it's not letting me download combofix??, there is a windows error propt that say's "cannot replce combofix with combofix[1]
0
Go to start> run> type in combofix /u (note the space after combofix is needed> then press enter. This will uninstall combofix if it was installed so give it a minute to run.
These instructions are different from the others so pay close attentions to them.
Please download ComboFix to the desktop from one of the following links:
Rename the setup file, combofix.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename combofix.exe to toolb.exe> click save.
Combofix is a powerful tool so follow the instructions exactly or you could damage your computer.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with Combofix and remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.In your case to run Combofix do the following:
1. Go offline turn off your AVG antivirus, and any other antispyware that you may have.
2. Run Combofix by double clicking the toolb.exe icon on your desktop and save its log.
3. Restart the computer to get the antivirus running again but leave the antispyware programs off until we get the computer cleaned.
4. Post the Combofix log.
0
Sorry i've restarted it and all seems to be co operating now, i'll now run a combofix scan, back in a while.
0
****Combofix log ****
ComboFix 09-02-12.03 - mark 2009-02-15 3:00:10.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.155 [GMT 0:00]
Running from: c:\documents and settings\mark\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
FW: Norton Internet Worm Protection *disabled*
* Created a new restore point
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:\documents and settings\mark\Favorites\Download programs.url
c:\documents and settings\mark\Favorites\Games.url
c:\documents and settings\mark\Favorites\Translator.url
c:\documents and settings\mark\Favorites\Videos.url
c:\documents and settings\mark\Start Menu\Programs\Download programs.url
c:\documents and settings\mark\Start Menu\Programs\Games.url
c:\documents and settings\mark\Start Menu\Programs\Translator.url
c:\documents and settings\mark\Start Menu\Programs\Videos.url
c:\windows\IE4 Error Log.txt
c:\windows\system32\ipflr.dll.
((((((((((((((((((((((((( Files Created from 2009-01-15 to 2009-02-15 )))))))))))))))))))))))))))))))
.2009-02-13 18:36 . 2009-02-13 18:39 <DIR> d-------- c:\program files\SpywareBlaster
2009-02-12 21:09 . 2009-02-13 18:32 <DIR> d--h----- C:\$AVG8.VAULT$
2009-02-12 02:03 . 2009-02-15 00:53 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-02-12 02:03 . 2009-02-12 02:03 <DIR> d-------- c:\program files\AVG
2009-02-12 02:03 . 2009-02-15 02:29 <DIR> d-------- c:\documents and settings\mark\Application Data\AVGTOOLBAR
2009-02-12 02:03 . 2009-02-13 14:42 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-02-12 02:03 . 2009-02-12 02:03 325,128 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-02-12 02:03 . 2009-02-12 02:03 107,272 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-02-12 02:03 . 2009-02-12 02:03 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-02-06 19:15 . 2009-02-06 19:15 <DIR> d-------- c:\program files\IObit
2009-02-06 19:15 . 2009-02-06 19:15 <DIR> d-------- c:\documents and settings\mark\Application Data\IObit
2009-02-06 13:08 . 2009-02-05 23:55 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-02-05 23:55 . 2009-02-05 23:55 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-02-05 23:52 . 2009-02-05 23:52 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-05 09:47 . 2009-02-05 09:47 <DIR> d-------- c:\program files\fordsavetitle
2009-02-05 09:47 . 2009-02-05 09:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\great coal love default
2009-02-05 09:46 . 2009-02-05 09:46 <DIR> d-------- c:\program files\Messenger Plus! Live
2009-02-05 09:46 . 2009-02-05 09:46 <DIR> d-------- c:\program files\Circle Deelopement
2009-02-01 19:51 . 2009-02-01 19:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\CyberLink
2009-01-31 01:35 . 2009-01-31 01:35 <DIR> d-------- c:\documents and settings\mark\Application Data\Sammsoft
2009-01-30 16:43 . 2009-02-06 19:14 <DIR> d-------- c:\program files\VS Revo Group
2009-01-30 16:43 . 2009-01-30 16:43 <DIR> d-------- c:\documents and settings\mark\Application Data\VSRevoGroup
2009-01-30 15:52 . 2009-01-30 15:52 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-30 15:52 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-30 15:52 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-30 15:44 . 2009-01-30 15:44 <DIR> d-------- c:\program files\Advanced Registry Optimizer
2009-01-30 15:18 . 2009-01-30 15:18 <DIR> d-------- c:\documents and settings\mark\Application Data\Malwarebytes
2009-01-30 15:18 . 2009-01-30 15:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-29 14:04 . 2009-01-29 14:04 <DIR> d-------- c:\program files\Enigma Software Group
2009-01-24 17:28 . 2008-04-14 00:12 159,232 --a------ c:\windows\system32\ptpusd.dll
2009-01-24 17:28 . 2008-04-13 18:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2009-01-24 17:28 . 2008-04-13 18:45 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2009-01-24 17:28 . 2001-08-17 22:36 5,632 --a------ c:\windows\system32\ptpusb.dll.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-15 03:05 --------- d-----w c:\program files\Steam
2009-02-14 19:20 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-02-08 00:22 --------- d-----w c:\documents and settings\mark\Application Data\CyberLink
2009-02-05 23:52 --------- d-----w c:\program files\Lavasoft
2009-02-05 09:48 --------- d-----w c:\documents and settings\mark\Application Data\fordsavetitle
2009-02-03 19:16 --------- d-----w c:\program files\Shockwave.com
2009-02-03 15:32 --------- d-----w c:\program files\MSN Messenger
2009-01-30 23:40 --------- d-----w c:\program files\XoftSpySE
2009-01-25 00:41 --------- d-----w c:\program files\Microsoft Games
2009-01-25 00:37 --------- d-----w c:\program files\Common Files\Blizzard Entertainment
2009-01-10 15:57 31 ----a-w c:\documents and settings\mark\jagex_runescape_preferences.dat
2008-12-27 10:10 --------- d-----w c:\program files\Google
2008-12-24 09:16 --------- d-----w c:\program files\Java
2008-12-24 03:47 --------- d-----w c:\program files\Windows Live
2008-12-24 03:46 --------- d-----w c:\program files\Yahoo!
2008-12-24 03:46 --------- d-----w c:\program files\Windows Live Toolbar
2008-12-24 03:45 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2008-12-24 03:45 --------- d-----w c:\program files\QuickTime
2008-12-24 03:45 --------- d-----w c:\program files\Microsoft AntiSpyware
2008-12-24 03:45 --------- d-----w c:\program files\KService
2008-12-24 03:45 --------- d-----w c:\program files\Full Marks
2008-12-24 03:45 --------- d-----w c:\program files\DivX
2008-12-24 03:45 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-24 03:44 --------- d-----w c:\program files\MTV Virtual World
2008-12-23 21:39 --------- d-----w c:\documents and settings\mark\Application Data\Sports Interactive
2008-12-23 21:38 --------- d-----w c:\documents and settings\All Users\Application Data\Sports Interactive
2008-12-23 21:06 --------- d--h--w c:\program files\Zero G Registry
2008-12-23 21:05 --------- d-----w c:\program files\Sports Interactive
2007-03-17 17:44 32 ----a-r c:\documents and settings\All Users\hash.dat
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-22 68856]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-09-26 206184]
"Steam"="c:\program files\Steam\Steam.exe" [2008-12-23 1410296]
"AROReminder"="c:\program files\Advanced Registry Optimizer\ARO.exe" [2008-08-22 2084480]
"free software"="c:\docume~1\mark\APPLIC~1\FORDSA~1\media keep flap.exe" [2009-02-05 675840]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-01-09 2262352][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-08-25 4554752]
"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
"LVCOMSX"="c:\windows\system32\LVCOMSX.exe" [2004-10-08 221184]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-26 185896]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-24 136600]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-07-28 282624]
"RemoteControl"="c:\documents and settings\mark\My Documents\alisha's funky file\PDVDServ.exe" [2004-11-02 32768]
"Love default global mess"="c:\documents and settings\All Users\Application Data\great coal love default\ace love.exe" [2009-02-15 933888]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-02-05 509784]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-12 1601304]
"nwiz"="nwiz.exe" [2004-08-25 c:\windows\system32\nwiz.exe]
"CARPService"="carpserv.exe" [2003-06-11 c:\windows\system32\carpserv.exe]
"SoundMan"="SOUNDMAN.EXE" [2003-08-15 c:\windows\SOUNDMAN.EXE][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.exe" [2008-04-14 15360][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-12 02:03 10520 c:\windows\system32\avgrsstx.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\[u]0[/u]SsiEfr.e\[u]0[/u]SsiEfr.e\[u]0[/u]lsdelete[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\system32\\ccapp.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\WINDOWS\\kdx\\KHost.exe"=
"c:\\Program Files\\KService\\KService.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\moove\\_adv.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\football manager 2009\\fm.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-02-05 64160]
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [2004-10-18 77312]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-02-12 325128]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-02-12 107272]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-12 298264]
S2 BT848;AVerMedia, AVerTV WDM Video Capture;c:\windows\system32\drivers\BT848.sys --> c:\windows\system32\drivers\BT848.sys [?]
S2 BTTUNER;AVerMedia, AVerTV WDM TvTuner;c:\windows\system32\drivers\bttuner.sys [2005-01-10 22016]
S2 BTXBAR;AVerMedia, AVerTV WDM Crossbar;c:\windows\system32\drivers\btxbar.sys [2005-01-10 13312]
S3 HwIOctl;HwIOctl;\??\c:\bios\HwIOctl.sys --> c:\bios\HwIOctl.sys [?]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 950096]
S3 PhTVTune;Cap7134 TVTuner;c:\windows\system32\drivers\PhTVTune.sys [2005-01-17 34880][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{11279969-b550-11dc-b688-000e506b1751}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.exe Shell32.DLL,ShellExec_RunDLL http://www.mgae.com/keylauncher/?co...[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3dd2fb0-c290-11dc-b69e-000e506b1751}]
\Shell\AutoRun\command - J:\InstallTomTomHOME.exe
.
Contents of the 'Scheduled Tasks' folder2009-02-15 c:\windows\Tasks\AA53D46091C44AA4.job
- c:\docume~1\mark\applic~1\fordsa~1\eachhelp64.exe [2009-02-05 09:48]2009-02-12 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-05 23:55]2007-04-08 c:\windows\Tasks\MP Scheduled Quick Scan.job
- c:\program files\Microsoft Windows OneCare Live\Antivirus\MpCmdRun.exe []2009-02-11 c:\windows\Tasks\Norton PC Checkup WeekDay Scanner.job
- c:\program files\norton pc checkup\PC_Checkup.exe []2009-02-08 c:\windows\Tasks\Norton PC Checkup Weekend Scanner.job
- c:\program files\norton pc checkup\PC_Checkup.exe []2009-02-15 c:\windows\Tasks\User_Feed_Synchronization-{7D89D521-FF0D-4E97-BE32-1B4DE8987684}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 10:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uLocal Page = \blank.htm
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJxdm035YYGB&fl=0&ptb=y_clZppCGXVw.hGFqdsZsw&url=http://www.uk.ask.com/web&q={searchTerms}&l=zj&o=sb
mStart Page = hxxp://www.google.co.uk/
uInternet Connection Wizard,ShellNext = hxxp://www.microsoft.com
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\mark\Start Menu\Programs\IMVU\Run IMVU.lnk
Trusted Zone: moove.com
TCP: {4076D876-B1D9-4431-AFBD-7793F59CD303} = 62.24.218.223 62.24.218.222
Handler: ms-its51 - {F6F1E82D-DE4D-11D2-875C-0000F8105754} - c:\program files\Common Files\Microsoft Shared\Information Retrieval\itss51.dll
DPF: {FFC0A381-8145-4CFD-A768-A2259776C179} - hxxp://xvectormap.ptv.de/xvectormap/PTVxVectorMap31.cab
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-15 03:04:58
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------[HKEY_LOCAL_MACHINE\software\Classes\.application\bootstrap]
@DACL=(02 0000)
@="bootstrap.application.1"
.
r Running Proce
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.exe
c:\windows\system32\nvsvc32.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2009-02-15 3:09:29 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-15 03:08:56Pre-Run: 161,067,925,504 bytes free
Post-Run: 161,408,204,800 bytes freeWindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect239 --- E O F --- 2009-02-12 02:42:15
0
You have an infection called lop, we will need to uninstall it manually.
Open notepad and copy and paste everything between the X’s:
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
%systemdrive%
cd C:\WINDOWS\Tasks
attrib -r -s -h AA53D46091C44AA4.job
del AA53D46091C44AA4.job
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Save this as remjob.bat , choose to save it as *all files and place it on your desktop.Doubleclick on remjob.bat. A doswindow will open and close again, this is normal.
Open Notepad and copy/paste everything between the X's into it and make sure the first word (such as KILLALL, File, Folder, Registry etc.) is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
KILLALL::
File::
c:\windows\Tasks\AA53D46091C44AA4.job
c:\docume~1\mark\applic~1\fordsa~1\eachhelp64.exe
c:\docume~1\mark\APPLIC~1\FORDSA~1\media keep flap.exe
c:\documents and settings\All Users\Application Data\great coal love default\ace love.exeFolder::
c:\documents and settings\All Users\Application Data\great coal love default
c:\documents and settings\mark\Application Data\fordsavetitle
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"free software"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Love default global mess"=-
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red symbol on your desktop) if combofix does not auto start click "run".Please post the log that is produced.
0
slight problem.... when i tried to put the CFScript.txt into combofix it wasn't accepting whatsoever i have got rid of it again like i did last time, shall i try installing combofix again then if succesfull drag CFScript.txt into it, will this work?
0
Like before i've managed to sort it, i had actually made a short cut for combofix and it didn't like it so had to do it all again, anyway thanks for the patience, here is the log of that particular file;
ComboFix 09-02-12.03 - mark 2009-02-15 4:31:44.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.187 [GMT 0:00]
Running from: c:\documents and settings\mark\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\mark\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
FW: Norton Internet Worm Protection *disabled*
* Created a new restore pointFILE ::
c:\docume~1\mark\applic~1\fordsa~1\eachhelp64.exe
c:\docume~1\mark\APPLIC~1\FORDSA~1\media keep flap.exe
c:\documents and settings\All Users\Application Data\great coal love default\ace love.exe
c:\windows\Tasks\AA53D46091C44AA4.job
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:\docume~1\mark\applic~1\fordsa~1\eachhelp64.exe
c:\docume~1\mark\APPLIC~1\FORDSA~1\media keep flap.exe
c:\documents and settings\All Users\Application Data\great coal love default
c:\documents and settings\All Users\Application Data\great coal love default\ace love.dat
c:\documents and settings\All Users\Application Data\great coal love default\ace love.exe
c:\documents and settings\mark\Application Data\fordsavetitle
c:\documents and settings\mark\Application Data\fordsavetitle\[u]0[/u]
c:\documents and settings\mark\Application Data\fordsavetitle\35B8417B
c:\documents and settings\mark\Application Data\fordsavetitle\aztnqqjg.exe
c:\documents and settings\mark\Application Data\fordsavetitle\eachhelp64.exe
c:\documents and settings\mark\Application Data\fordsavetitle\live face bash admin.exe
c:\documents and settings\mark\Application Data\fordsavetitle\media keep flap.exe.
((((((((((((((((((((((((( Files Created from 2009-01-15 to 2009-02-15 )))))))))))))))))))))))))))))))
.2009-02-13 18:36 . 2009-02-13 18:39 <DIR> d-------- c:\program files\SpywareBlaster
2009-02-12 21:09 . 2009-02-13 18:32 <DIR> d--h----- C:\$AVG8.VAULT$
2009-02-12 02:03 . 2009-02-15 00:53 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-02-12 02:03 . 2009-02-12 02:03 <DIR> d-------- c:\program files\AVG
2009-02-12 02:03 . 2009-02-15 02:29 <DIR> d-------- c:\documents and settings\mark\Application Data\AVGTOOLBAR
2009-02-12 02:03 . 2009-02-13 14:42 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-02-12 02:03 . 2009-02-12 02:03 325,128 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-02-12 02:03 . 2009-02-12 02:03 107,272 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-02-12 02:03 . 2009-02-12 02:03 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-02-06 19:15 . 2009-02-06 19:15 <DIR> d-------- c:\program files\IObit
2009-02-06 19:15 . 2009-02-06 19:15 <DIR> d-------- c:\documents and settings\mark\Application Data\IObit
2009-02-06 13:08 . 2009-02-05 23:55 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-02-05 23:55 . 2009-02-05 23:55 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-02-05 23:52 . 2009-02-05 23:52 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-05 09:47 . 2009-02-05 09:47 <DIR> d-------- c:\program files\fordsavetitle
2009-02-05 09:46 . 2009-02-05 09:46 <DIR> d-------- c:\program files\Messenger Plus! Live
2009-02-05 09:46 . 2009-02-05 09:46 <DIR> d-------- c:\program files\Circle Deelopement
2009-02-01 19:51 . 2009-02-01 19:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\CyberLink
2009-01-31 01:35 . 2009-01-31 01:35 <DIR> d-------- c:\documents and settings\mark\Application Data\Sammsoft
2009-01-30 16:43 . 2009-02-06 19:14 <DIR> d-------- c:\program files\VS Revo Group
2009-01-30 16:43 . 2009-01-30 16:43 <DIR> d-------- c:\documents and settings\mark\Application Data\VSRevoGroup
2009-01-30 15:52 . 2009-01-30 15:52 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-30 15:52 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-30 15:52 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-30 15:44 . 2009-01-30 15:44 <DIR> d-------- c:\program files\Advanced Registry Optimizer
2009-01-30 15:18 . 2009-01-30 15:18 <DIR> d-------- c:\documents and settings\mark\Application Data\Malwarebytes
2009-01-30 15:18 . 2009-01-30 15:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-29 14:04 . 2009-01-29 14:04 <DIR> d-------- c:\program files\Enigma Software Group
2009-01-24 17:28 . 2008-04-14 00:12 159,232 --a------ c:\windows\system32\ptpusd.dll
2009-01-24 17:28 . 2008-04-13 18:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2009-01-24 17:28 . 2008-04-13 18:45 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2009-01-24 17:28 . 2001-08-17 22:36 5,632 --a------ c:\windows\system32\ptpusb.dll.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-15 04:36 --------- d-----w c:\program files\Steam
2009-02-14 19:20 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-02-08 00:22 --------- d-----w c:\documents and settings\mark\Application Data\CyberLink
2009-02-05 23:52 --------- d-----w c:\program files\Lavasoft
2009-02-03 19:16 --------- d-----w c:\program files\Shockwave.com
2009-02-03 15:32 --------- d-----w c:\program files\MSN Messenger
2009-01-30 23:40 --------- d-----w c:\program files\XoftSpySE
2009-01-25 00:41 --------- d-----w c:\program files\Microsoft Games
2009-01-25 00:37 --------- d-----w c:\program files\Common Files\Blizzard Entertainment
2009-01-10 15:57 31 ----a-w c:\documents and settings\mark\jagex_runescape_preferences.dat
2008-12-27 10:10 --------- d-----w c:\program files\Google
2008-12-24 09:16 --------- d-----w c:\program files\Java
2008-12-24 03:47 --------- d-----w c:\program files\Windows Live
2008-12-24 03:46 --------- d-----w c:\program files\Yahoo!
2008-12-24 03:46 --------- d-----w c:\program files\Windows Live Toolbar
2008-12-24 03:45 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2008-12-24 03:45 --------- d-----w c:\program files\QuickTime
2008-12-24 03:45 --------- d-----w c:\program files\Microsoft AntiSpyware
2008-12-24 03:45 --------- d-----w c:\program files\KService
2008-12-24 03:45 --------- d-----w c:\program files\Full Marks
2008-12-24 03:45 --------- d-----w c:\program files\DivX
2008-12-24 03:45 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-24 03:44 --------- d-----w c:\program files\MTV Virtual World
2008-12-23 21:39 --------- d-----w c:\documents and settings\mark\Application Data\Sports Interactive
2008-12-23 21:38 --------- d-----w c:\documents and settings\All Users\Application Data\Sports Interactive
2008-12-23 21:06 --------- d--h--w c:\program files\Zero G Registry
2008-12-23 21:05 --------- d-----w c:\program files\Sports Interactive
2007-03-17 17:44 32 ----a-r c:\documents and settings\All Users\hash.dat
.((((((((((((((((((((((((((((( SnapShot@2009-02-15_ 3.07.53.64 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-15 04:35:37 16,384 ----atw c:\windows\temp\Perflib_Perfdata_678.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-22 68856]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-09-26 206184]
"Steam"="c:\program files\Steam\Steam.exe" [2008-12-23 1410296]
"AROReminder"="c:\program files\Advanced Registry Optimizer\ARO.exe" [2008-08-22 2084480]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-01-09 2262352][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-08-25 4554752]
"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
"LVCOMSX"="c:\windows\system32\LVCOMSX.exe" [2004-10-08 221184]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-26 185896]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-24 136600]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-07-28 282624]
"RemoteControl"="c:\documents and settings\mark\My Documents\alisha's funky file\PDVDServ.exe" [2004-11-02 32768]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-02-05 509784]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-12 1601304]
"nwiz"="nwiz.exe" [2004-08-25 c:\windows\system32\nwiz.exe]
"CARPService"="carpserv.exe" [2003-06-11 c:\windows\system32\carpserv.exe]
"SoundMan"="SOUNDMAN.EXE" [2003-08-15 c:\windows\SOUNDMAN.EXE][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.exe" [2008-04-14 15360][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-12 02:03 10520 c:\windows\system32\avgrsstx.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\[u]0[/u]SsiEfr.e\[u]0[/u]SsiEfr.e\[u]0[/u]lsdelete[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\system32\\ccapp.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\WINDOWS\\kdx\\KHost.exe"=
"c:\\Program Files\\KService\\KService.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\moove\\_adv.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\football manager 2009\\fm.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-02-05 64160]
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [2004-10-18 77312]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-02-12 325128]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-02-12 107272]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-12 298264]
S2 BT848;AVerMedia, AVerTV WDM Video Capture;c:\windows\system32\drivers\BT848.sys --> c:\windows\system32\drivers\BT848.sys [?]
S2 BTTUNER;AVerMedia, AVerTV WDM TvTuner;c:\windows\system32\drivers\bttuner.sys [2005-01-10 22016]
S2 BTXBAR;AVerMedia, AVerTV WDM Crossbar;c:\windows\system32\drivers\btxbar.sys [2005-01-10 13312]
S3 HwIOctl;HwIOctl;\??\c:\bios\HwIOctl.sys --> c:\bios\HwIOctl.sys [?]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 950096]
S3 PhTVTune;Cap7134 TVTuner;c:\windows\system32\drivers\PhTVTune.sys [2005-01-17 34880][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{11279969-b550-11dc-b688-000e506b1751}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.exe Shell32.DLL,ShellExec_RunDLL http://www.mgae.com/keylauncher/?co...[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3dd2fb0-c290-11dc-b69e-000e506b1751}]
\Shell\AutoRun\command - J:\InstallTomTomHOME.exe
.
Contents of the 'Scheduled Tasks' folder2009-02-12 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-05 23:55]2007-04-08 c:\windows\Tasks\MP Scheduled Quick Scan.job
- c:\program files\Microsoft Windows OneCare Live\Antivirus\MpCmdRun.exe []2009-02-11 c:\windows\Tasks\Norton PC Checkup WeekDay Scanner.job
- c:\program files\norton pc checkup\PC_Checkup.exe []2009-02-08 c:\windows\Tasks\Norton PC Checkup Weekend Scanner.job
- c:\program files\norton pc checkup\PC_Checkup.exe []2009-02-15 c:\windows\Tasks\User_Feed_Synchronization-{7D89D521-FF0D-4E97-BE32-1B4DE8987684}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 10:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uLocal Page = \blank.htm
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJxdm035YYGB&fl=0&ptb=y_clZppCGXVw.hGFqdsZsw&url=http://www.uk.ask.com/web&q={searchTerms}&l=zj&o=sb
mStart Page = hxxp://www.google.co.uk/
uInternet Connection Wizard,ShellNext = hxxp://www.microsoft.com
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\mark\Start Menu\Programs\IMVU\Run IMVU.lnk
Trusted Zone: moove.com
TCP: {4076D876-B1D9-4431-AFBD-7793F59CD303} = 62.24.139.7 62.24.139.6
Handler: ms-its51 - {F6F1E82D-DE4D-11D2-875C-0000F8105754} - c:\program files\Common Files\Microsoft Shared\Information Retrieval\itss51.dll
DPF: {FFC0A381-8145-4CFD-A768-A2259776C179} - hxxp://xvectormap.ptv.de/xvectormap/PTVxVectorMap31.cab
.**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-15 04:35:48
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------[HKEY_LOCAL_MACHINE\software\Classes\.application\bootstrap]
@DACL=(02 0000)
@="bootstrap.application.1"
.
r Running Proce
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.exe
c:\windows\system32\nvsvc32.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
.
**************************************************************************
.
Completion time: 2009-02-15 4:40:21 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-15 04:39:54
ComboFix2.txt 2009-02-15 04:26:51
ComboFix3.txt 2009-02-15 03:09:32Pre-Run: 161,392,418,816 bytes free
Post-Run: 161,381,015,552 bytes free231 --- E O F --- 2009-02-12 02:42:15
0
Go to start> control panel> add/remove programs and uninstall these programs if found:
Messenger Plus! Live
Circle Deelopement
Open Notepad and copy/paste everything between the X's into it and make sure the first word (such as KILLALL, File, Folder, Registry etc.) is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
KILLALL::
Folder::
c:\program files\fordsavetitle
c:\program files\Messenger Plus! Live
c:\program files\Circle Deelopement
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red symbol on your desktop) if combofix does not auto start click "run".Please post the log that is produced.
0
Sorry for the late reply had to get some sleep as it was nearly 5 am, here is the log as you requested;
ComboFix 09-02-12.03 - mark 2009-02-15 11:36:50.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.243 [GMT 0:00]
Running from: c:\documents and settings\mark\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\mark\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
FW: Norton Internet Worm Protection *disabled*
* Created a new restore point
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:\program files\Circle Deelopement
c:\program files\Circle Deelopement\Uninstall.exe
c:\program files\fordsavetitle
c:\program files\Messenger Plus! Live
c:\program files\Messenger Plus! Live\Detoured.dll
c:\program files\Messenger Plus! Live\Events Style Sheet.xsl
c:\program files\Messenger Plus! Live\lame_enc.dll
c:\program files\Messenger Plus! Live\Languages\Lng_Arabic.ini
c:\program files\Messenger Plus! Live\Languages\Lng_ChineseSimplified.ini
c:\program files\Messenger Plus! Live\Languages\Lng_ChineseTraditional.ini
c:\program files\Messenger Plus! Live\Languages\Lng_Danish.ini
c:\program files\Messenger Plus! Live\Languages\Lng_Default.ini
c:\program files\Messenger Plus! Live\Languages\Lng_Dutch.ini
c:\program files\Messenger Plus! Live\Languages\Lng_Estonian.ini
c:\program files\Messenger Plus! Live\Languages\Lng_Finnish.ini
c:\program files\Messenger Plus! Live\Languages\Lng_French.ini
c:\program files\Messenger Plus! Live\Languages\Lng_German.ini
c:\program files\Messenger Plus! Live\Languages\Lng_Greek.ini
c:\program files\Messenger Plus! Live\Languages\Lng_Hebrew.ini
c:\program files\Messenger Plus! Live\Languages\Lng_Hungarian.ini
c:\program files\Messenger Plus! Live\Languages\Lng_Italian.ini
c:\program files\Messenger Plus! Live\Languages\Lng_Japanese.ini
c:\program files\Messenger Plus! Live\Languages\Lng_Korean.ini
c:\program files\Messenger Plus! Live\Languages\Lng_Norwegian.ini
c:\program files\Messenger Plus! Live\Languages\Lng_Portuguese.ini
c:\program files\Messenger Plus! Live\Languages\Lng_Spanish.ini
c:\program files\Messenger Plus! Live\Languages\Lng_Swedish.ini
c:\program files\Messenger Plus! Live\Languages\Lng_Thai.ini
c:\program files\Messenger Plus! Live\Languages\Lng_Turkish.ini
c:\program files\Messenger Plus! Live\libsndfile.dll
c:\program files\Messenger Plus! Live\Log Viewer.exe
c:\program files\Messenger Plus! Live\MPScripts.dll
c:\program files\Messenger Plus! Live\MPSkins.dll
c:\program files\Messenger Plus! Live\MPTools.exe
c:\program files\Messenger Plus! Live\MsgPlusLive.dll
c:\program files\Messenger Plus! Live\MsgPlusLiveRes.dll
c:\program files\Messenger Plus! Live\MsgPlusLoader.dll
c:\program files\Messenger Plus! Live\Uninstall.exe.
((((((((((((((((((((((((( Files Created from 2009-01-15 to 2009-02-15 )))))))))))))))))))))))))))))))
.2009-02-13 18:36 . 2009-02-13 18:39 <DIR> d-------- c:\program files\SpywareBlaster
2009-02-12 21:09 . 2009-02-13 18:32 <DIR> d--h----- C:\$AVG8.VAULT$
2009-02-12 02:03 . 2009-02-15 00:53 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-02-12 02:03 . 2009-02-12 02:03 <DIR> d-------- c:\program files\AVG
2009-02-12 02:03 . 2009-02-15 02:29 <DIR> d-------- c:\documents and settings\mark\Application Data\AVGTOOLBAR
2009-02-12 02:03 . 2009-02-13 14:42 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-02-12 02:03 . 2009-02-12 02:03 325,128 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-02-12 02:03 . 2009-02-12 02:03 107,272 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-02-12 02:03 . 2009-02-12 02:03 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-02-06 19:15 . 2009-02-06 19:15 <DIR> d-------- c:\program files\IObit
2009-02-06 19:15 . 2009-02-06 19:15 <DIR> d-------- c:\documents and settings\mark\Application Data\IObit
2009-02-06 13:08 . 2009-02-05 23:55 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-02-05 23:55 . 2009-02-05 23:55 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-02-05 23:52 . 2009-02-05 23:52 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-01 19:51 . 2009-02-01 19:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\CyberLink
2009-01-31 01:35 . 2009-01-31 01:35 <DIR> d-------- c:\documents and settings\mark\Application Data\Sammsoft
2009-01-30 16:43 . 2009-02-06 19:14 <DIR> d-------- c:\program files\VS Revo Group
2009-01-30 16:43 . 2009-01-30 16:43 <DIR> d-------- c:\documents and settings\mark\Application Data\VSRevoGroup
2009-01-30 15:52 . 2009-01-30 15:52 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-30 15:52 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-30 15:52 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-30 15:44 . 2009-01-30 15:44 <DIR> d-------- c:\program files\Advanced Registry Optimizer
2009-01-30 15:18 . 2009-01-30 15:18 <DIR> d-------- c:\documents and settings\mark\Application Data\Malwarebytes
2009-01-30 15:18 . 2009-01-30 15:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-29 14:04 . 2009-01-29 14:04 <DIR> d-------- c:\program files\Enigma Software Group
2009-01-24 17:28 . 2008-04-14 00:12 159,232 --a------ c:\windows\system32\ptpusd.dll
2009-01-24 17:28 . 2008-04-13 18:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2009-01-24 17:28 . 2008-04-13 18:45 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2009-01-24 17:28 . 2001-08-17 22:36 5,632 --a------ c:\windows\system32\ptpusb.dll.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-15 11:42 --------- d-----w c:\program files\Steam
2009-02-14 19:20 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-02-08 00:22 --------- d-----w c:\documents and settings\mark\Application Data\CyberLink
2009-02-05 23:52 --------- d-----w c:\program files\Lavasoft
2009-02-03 19:16 --------- d-----w c:\program files\Shockwave.com
2009-02-03 15:32 --------- d-----w c:\program files\MSN Messenger
2009-01-30 23:40 --------- d-----w c:\program files\XoftSpySE
2009-01-25 00:41 --------- d-----w c:\program files\Microsoft Games
2009-01-25 00:37 --------- d-----w c:\program files\Common Files\Blizzard Entertainment
2009-01-10 15:57 31 ----a-w c:\documents and settings\mark\jagex_runescape_preferences.dat
2008-12-27 10:10 --------- d-----w c:\program files\Google
2008-12-24 09:16 --------- d-----w c:\program files\Java
2008-12-24 03:47 --------- d-----w c:\program files\Windows Live
2008-12-24 03:46 --------- d-----w c:\program files\Yahoo!
2008-12-24 03:46 --------- d-----w c:\program files\Windows Live Toolbar
2008-12-24 03:45 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2008-12-24 03:45 --------- d-----w c:\program files\QuickTime
2008-12-24 03:45 --------- d-----w c:\program files\Microsoft AntiSpyware
2008-12-24 03:45 --------- d-----w c:\program files\KService
2008-12-24 03:45 --------- d-----w c:\program files\Full Marks
2008-12-24 03:45 --------- d-----w c:\program files\DivX
2008-12-24 03:45 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-24 03:44 --------- d-----w c:\program files\MTV Virtual World
2008-12-23 21:39 --------- d-----w c:\documents and settings\mark\Application Data\Sports Interactive
2008-12-23 21:38 --------- d-----w c:\documents and settings\All Users\Application Data\Sports Interactive
2008-12-23 21:06 --------- d--h--w c:\program files\Zero G Registry
2008-12-23 21:05 --------- d-----w c:\program files\Sports Interactive
2007-03-17 17:44 32 ----a-r c:\documents and settings\All Users\hash.dat
.((((((((((((((((((((((((((((( SnapShot@2009-02-15_ 3.07.53.64 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-15 11:41:28 16,384 ----atw c:\windows\temp\Perflib_Perfdata_6b0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-22 68856]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-09-26 206184]
"Steam"="c:\program files\Steam\Steam.exe" [2008-12-23 1410296]
"AROReminder"="c:\program files\Advanced Registry Optimizer\ARO.exe" [2008-08-22 2084480]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-01-09 2262352][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-08-25 4554752]
"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
"LVCOMSX"="c:\windows\system32\LVCOMSX.exe" [2004-10-08 221184]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-26 185896]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-24 136600]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-07-28 282624]
"RemoteControl"="c:\documents and settings\mark\My Documents\alisha's funky file\PDVDServ.exe" [2004-11-02 32768]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-02-05 509784]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-12 1601304]
"nwiz"="nwiz.exe" [2004-08-25 c:\windows\system32\nwiz.exe]
"CARPService"="carpserv.exe" [2003-06-11 c:\windows\system32\carpserv.exe]
"SoundMan"="SOUNDMAN.EXE" [2003-08-15 c:\windows\SOUNDMAN.EXE][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.exe" [2008-04-14 15360][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-12 02:03 10520 c:\windows\system32\avgrsstx.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\[u]0[/u]SsiEfr.e\[u]0[/u]SsiEfr.e\[u]0[/u]lsdelete[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\system32\\ccapp.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\WINDOWS\\kdx\\KHost.exe"=
"c:\\Program Files\\KService\\KService.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\moove\\_adv.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\football manager 2009\\fm.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-02-05 64160]
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [2004-10-18 77312]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-02-12 325128]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-02-12 107272]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-12 298264]
S2 BT848;AVerMedia, AVerTV WDM Video Capture;c:\windows\system32\drivers\BT848.sys --> c:\windows\system32\drivers\BT848.sys [?]
S2 BTTUNER;AVerMedia, AVerTV WDM TvTuner;c:\windows\system32\drivers\bttuner.sys [2005-01-10 22016]
S2 BTXBAR;AVerMedia, AVerTV WDM Crossbar;c:\windows\system32\drivers\btxbar.sys [2005-01-10 13312]
S3 HwIOctl;HwIOctl;\??\c:\bios\HwIOctl.sys --> c:\bios\HwIOctl.sys [?]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 950096]
S3 PhTVTune;Cap7134 TVTuner;c:\windows\system32\drivers\PhTVTune.sys [2005-01-17 34880][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{11279969-b550-11dc-b688-000e506b1751}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.exe Shell32.DLL,ShellExec_RunDLL http://www.mgae.com/keylauncher/?co...[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3dd2fb0-c290-11dc-b69e-000e506b1751}]
\Shell\AutoRun\command - J:\InstallTomTomHOME.exe
.
Contents of the 'Scheduled Tasks' folder2009-02-12 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-05 23:55]2007-04-08 c:\windows\Tasks\MP Scheduled Quick Scan.job
- c:\program files\Microsoft Windows OneCare Live\Antivirus\MpCmdRun.exe []2009-02-11 c:\windows\Tasks\Norton PC Checkup WeekDay Scanner.job
- c:\program files\norton pc checkup\PC_Checkup.exe []2009-02-08 c:\windows\Tasks\Norton PC Checkup Weekend Scanner.job
- c:\program files\norton pc checkup\PC_Checkup.exe []2009-02-15 c:\windows\Tasks\User_Feed_Synchronization-{7D89D521-FF0D-4E97-BE32-1B4DE8987684}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 10:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uLocal Page = \blank.htm
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJxdm035YYGB&fl=0&ptb=y_clZppCGXVw.hGFqdsZsw&url=http://www.uk.ask.com/web&q={searchTerms}&l=zj&o=sb
mStart Page = hxxp://www.google.co.uk/
uInternet Connection Wizard,ShellNext = hxxp://www.microsoft.com
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\mark\Start Menu\Programs\IMVU\Run IMVU.lnk
Trusted Zone: moove.com
Handler: ms-its51 - {F6F1E82D-DE4D-11D2-875C-0000F8105754} - c:\program files\Common Files\Microsoft Shared\Information Retrieval\itss51.dll
DPF: {FFC0A381-8145-4CFD-A768-A2259776C179} - hxxp://xvectormap.ptv.de/xvectormap/PTVxVectorMap31.cab
.**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-15 11:41:34
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------[HKEY_LOCAL_MACHINE\software\Classes\.application\bootstrap]
@DACL=(02 0000)
@="bootstrap.application.1"
.
r Running Proce
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.exe
c:\windows\system32\nvsvc32.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
.
**************************************************************************
.
Completion time: 2009-02-15 11:46:40 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-15 11:46:18
ComboFix2.txt 2009-02-15 04:40:22
ComboFix3.txt 2009-02-15 04:26:51
ComboFix4.txt 2009-02-15 03:09:32Pre-Run: 161,361,403,904 bytes free
Post-Run: 161,331,380,224 bytes free249 --- E O F --- 2009-02-12 02:42:15
0
If you reinstall Messenger Plus do not install any add-ons if ask.
Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.
Download ATF Cleaner from this link:
http://www.majorgeeks.com/ATF_Cleaner_d4949.html
Run ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.Run an online scan with Kaspersky from the following link:
Kaspersky Online ScannerNote: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component
1. Click Accept, when prompted to download and install the program files and database of malware definitions.
2. Click Run at the Security prompt.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take several minutes.
3.Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
4. Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
5. Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
6. Click View scan report at the bottom.
7. Click the Save Report As... button.
8. Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.
**Note**To optimize scanning time and produce a more sensible report for review:
Close any open programs.
Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.
0
****kaspersky log****
----------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, February 15, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, February 15, 2009 12:45:43
Records in database: 1799409
----------------------Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yesScan area - My Computer:
C:\
D:\
F:\
G:\
H:\
I:\Scan statistics:
Files scanned: 76866
Threat name: 13
Infected objects: 28
Suspicious objects: 0
Duration of the scan: 01:44:13
File name / Threat name / Threats count
C:\Documents and Settings\mark\Application Data\iolo\SafetyNet\Manual\{3AD6CF01-96C4-43B7-B5C1-93152CBDC21C}\{0A789B26-226D-4D13-8BA3-907CB42B47F7}.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.l 1
C:\Documents and Settings\mark\Application Data\iolo\SafetyNet\Manual\{3AD6CF01-96C4-43B7-B5C1-93152CBDC21C}\{0EEC5288-F720-4317-910B-9F900707A4D5}.SCR Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1
C:\Documents and Settings\mark\Application Data\iolo\SafetyNet\Manual\{3AD6CF01-96C4-43B7-B5C1-93152CBDC21C}\{0FACB76F-AB36-484D-AB58-0D179D20CDF5}.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1
C:\Documents and Settings\mark\Application Data\iolo\SafetyNet\Manual\{3AD6CF01-96C4-43B7-B5C1-93152CBDC21C}\{316EBC23-60D4-4FBC-9D05-921D48DDF09A}.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.bc 1
C:\Documents and Settings\mark\Application Data\iolo\SafetyNet\Manual\{3AD6CF01-96C4-43B7-B5C1-93152CBDC21C}\{346F14F6-A674-4DBC-9962-518FF96E115A}.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.i 1
C:\Documents and Settings\mark\Application Data\iolo\SafetyNet\Manual\{3AD6CF01-96C4-43B7-B5C1-93152CBDC21C}\{348B6775-75E3-4782-B232-A6E83E56A72D}.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.bc 1
C:\Documents and Settings\mark\Application Data\iolo\SafetyNet\Manual\{3AD6CF01-96C4-43B7-B5C1-93152CBDC21C}\{3CA0202E-2CE1-46A0-9DEC-C4EB9C720A29}.exe Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.a 1
C:\Documents and Settings\mark\Application Data\iolo\SafetyNet\Manual\{3AD6CF01-96C4-43B7-B5C1-93152CBDC21C}\{514EFE04-58B3-4A9A-A49F-CF01CAE7C5A7}.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.af 1
C:\Documents and Settings\mark\Application Data\iolo\SafetyNet\Manual\{3AD6CF01-96C4-43B7-B5C1-93152CBDC21C}\{5A010210-E9E8-47C6-9684-E1615BBB5C87}.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1
C:\Documents and Settings\mark\Application Data\iolo\SafetyNet\Manual\{3AD6CF01-96C4-43B7-B5C1-93152CBDC21C}\{68727C3D-7F7B-48E3-A437-DDE89004AAC6}.exe Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1
C:\Documents and Settings\mark\Application Data\iolo\SafetyNet\Manual\{3AD6CF01-96C4-43B7-B5C1-93152CBDC21C}\{8391AD0A-E350-468D-BCAB-0B7A08DC3646}.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.aq 1
C:\Documents and Settings\mark\Application Data\iolo\SafetyNet\Manual\{3AD6CF01-96C4-43B7-B5C1-93152CBDC21C}\{8EB89BDF-B241-46D3-BB2D-3C6EE1960548}.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.bc 1
C:\Documents and Settings\mark\Application Data\iolo\SafetyNet\Manual\{3AD6CF01-96C4-43B7-B5C1-93152CBDC21C}\{A261C9D8-CC3C-48AF-96C4-693F41BC3EDC}.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.as 1
C:\Documents and Settings\mark\Application Data\iolo\SafetyNet\Manual\{3AD6CF01-96C4-43B7-B5C1-93152CBDC21C}\{A3034C3F-60B5-4C77-8843-B3B50EF847E1}.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.au 1
C:\Documents and Settings\mark\Application Data\iolo\SafetyNet\Manual\{3AD6CF01-96C4-43B7-B5C1-93152CBDC21C}\{B59D4435-E3CF-4851-AC82-59303F16DB05}.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.ax 1
C:\Documents and Settings\mark\Application Data\iolo\SafetyNet\Manual\{3AD6CF01-96C4-43B7-B5C1-93152CBDC21C}\{BB0AFDB3-C327-47A2-BFE3-A165E9A5C680}.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.as 1
C:\Documents and Settings\mark\Application Data\iolo\SafetyNet\Manual\{3AD6CF01-96C4-43B7-B5C1-93152CBDC21C}\{BC2AF47F-6B49-4B38-9FBF-363F4C80BD6B}.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.at 1
C:\Documents and Settings\mark\Application Data\iolo\SafetyNet\Manual\{3AD6CF01-96C4-43B7-B5C1-93152CBDC21C}\{C133661C-FC4D-4444-ADBB-0A42D21B37C1}.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.ad 1
C:\Documents and Settings\mark\Application Data\iolo\SafetyNet\Manual\{3AD6CF01-96C4-43B7-B5C1-93152CBDC21C}\{C6C30947-7E27-49F8-B07E-B37641A12862}.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.au 1
C:\Documents and Settings\mark\Application Data\iolo\SafetyNet\Manual\{3AD6CF01-96C4-43B7-B5C1-93152CBDC21C}\{CC9C7703-02DA-4A33-B375-AE607AC53D9A}.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1
C:\Documents and Settings\mark\Application Data\iolo\SafetyNet\Manual\{3AD6CF01-96C4-43B7-B5C1-93152CBDC21C}\{CFF17A5E-393E-4C0B-8488-D7A2784DC0C3}.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.bc 1
C:\Documents and Settings\mark\Application Data\iolo\SafetyNet\Manual\{3AD6CF01-96C4-43B7-B5C1-93152CBDC21C}\{DFAC5058-2F15-4C6E-A56B-EFAB94E76461}.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.au 1
C:\Documents and Settings\mark\Application Data\iolo\SafetyNet\Manual\{3AD6CF01-96C4-43B7-B5C1-93152CBDC21C}\{E235C33B-AB52-4F65-8BF0-5D46951F7B95}.exe Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.au 1
C:\Documents and Settings\mark\Application Data\iolo\SafetyNet\Manual\{3AD6CF01-96C4-43B7-B5C1-93152CBDC21C}\{E93F735C-B061-4A87-AE3E-65EC9647E404}.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1
C:\Documents and Settings\mark\Application Data\iolo\SafetyNet\Manual\{3AD6CF01-96C4-43B7-B5C1-93152CBDC21C}\{F0AA30AB-09B7-4821-83CD-F7C814E83376}.exe Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.au 1
C:\Documents and Settings\mark\Application Data\iolo\SafetyNet\Manual\{3AD6CF01-96C4-43B7-B5C1-93152CBDC21C}\{F75F44FF-1CFB-46A8-A148-F9B727893576}.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.an 1
C:\Documents and Settings\mark\Application Data\iolo\SafetyNet\Manual\{3AD6CF01-96C4-43B7-B5C1-93152CBDC21C}\{F7D0C434-F15D-4FDD-BE41-218DDB9DABE6}.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.au 1
C:\Documents and Settings\mark\Application Data\iolo\SafetyNet\Manual\{3AD6CF01-96C4-43B7-B5C1-93152CBDC21C}\{FDF4E740-673A-45A8-B39D-2DC10FB9B1D2}.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1The selected area was scanned.
0
Navigate to and delete the contents of this folder but not the folder itself:
C:\Documents and Settings\mark\Application Data\iolo\SafetyNet\Manual
Empty the recyle bin.
Your computer appears to be clean other than the above exception.
Go to start> run> type in combofix /u (note the space after combofix) then press enter> run. This will uninstall combofix so give the uninstaller a minute to run.Go to start> control panel> add/remove programs and uninstall these programs:
Hijack This
Malwarebytes
Kaspersky
You should keep AFT Cleaner and run it weekly.
You should consider adding "Spywareblaster" to your arsenol of antispyware tools, you can download it from this link SpywareblasterJust download it,install it, and update it. Its free and runs in the background, so you don't actually run it, and re-writes malicious script before it can install on your computer. Look for updates weekly as there is no auto-update on the free version.
How is the computer operating?
0
Ithink i've removed file C:\Documents and Settings\mark\Application Data\iolo\SafetyNet\Manual however i'm not certain, i'm also hoving problems trying to uninstall Combofix /u, when i type this start/run it keeps asking me do i want to run this file rather then uninstall it, can i uninstall it elsewhere or just simply remove it (dlete) from the desktop?
0
Oopps sorry, okay uninstalled it and HJT, do i really have to uninstall Malwarebytes? i often do scans with this and find it good.
Computer seems to be working loads better so cheers for the help. One last problems still persists and it's a script one that always pops up on forums etc it reads - the microsoft error prompt,and in it says " a runtime error has accrued. Do you wish to debug? Line 7 Eorror:document.getBlementById(...)'is null or not an object"
If i select yes then it gives me a break option that i have no idea on what to do so i've always selected no but it is annoying how it pops up all the time.
0
**UPDATE** went into script page and selected the site/s that I was using and it has cured that problem - stroke of luck if you ask me but all is fine and the computer is running like a dream - top top marks for all this hard work, thanks Mark.
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
