Junior Member
[Resolved] Please help my PC says I have 34 viruses! :-( Something strange has happened to my PC..as soon as I logged off the internet I get a Security Warning pop up that says:- "Application cannot be executed. The file hpzipm12.exe is infected. Do you want to activate your antivirus software now?"
I haven't clicked yes or no because i've never seen this message before..and i can't get rid of it either because everytime I try and press clt alt del it just doesnt appear! Then this Anti Virus System Pro Alert appears which I know for sure I have never downloaded..it says I have 34 viruses on my PC! It keeps saying im getting attacks from different ports.
Please please help me im getting really worried :-( :-( :-(
Thank u xoxo
Senior Member
DO NOT click on anything. DO NOT accept any downloads.
Please download ComboFix from Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
[list=1][*]Please, never rename Combofix unless instructed.[*]Close any open browsers.[*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE. If Combofix asks you to install Recovery Console, please allow it.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
- Double click on combofix.exe & follow the prompts.
- When finished, it will produce a report for you.
- Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
Make sure, you re-enable your security programs, when you're done with Combofix.
DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
Download HijackThis:
HijackThis - Trend Micro USA
by clicking on Download HijackThis Installer
Install, and run it.
Post HijackTHis log.
Do NOT attempt to fix anything!
NOTE. If you're using Vista, right click on HijackThis, and click Run as Administrator
Junior Member
Thank you for getting back to me so quickly :-)
Here it is:
ComboFix 09-11-23.06 - Compaq_Owner 24/11/2009 19:18.6.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.511.168 [GMT 0:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\Compaq_Owner\Local Settings\Application Data\fttpdl
c:\documents and settings\Compaq_Owner\Local Settings\Application Data\fttpdl\mkxmsysguard.exe
c:\windows\system32\ps2.bat
.
((((((((((((((((((((((((( Files Created from 2009-10-24 to 2009-11-24 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-11-23 20:35 . 2009-04-29 22:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-18 21:44 . 2008-10-14 22:38 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Image Zone Express
2009-11-08 23:29 . 2008-10-03 14:21 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-10-11 10:43 . 2009-10-11 10:43 17632 ----a-w- c:\documents and settings\Family Computer\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-11 10:42 . 2005-03-31 04:55 -------- d-----w- c:\program files\Easy Internet signup
2009-09-25 05:56 . 2004-08-04 12:00 662016 ------w- c:\windows\system32\wininet.dll
2009-09-25 05:56 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-09-11 14:33 . 2004-08-04 12:00 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 14:54 . 2009-05-01 17:43 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 14:53 . 2009-05-01 17:43 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 20:45 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2008-09-21 20:31 . 2008-09-21 20:31 389203 ----a-w- c:\program files\CE.dll
2008-09-21 20:31 . 2008-09-21 20:31 144656 ----a-w- c:\program files\WebLink.dll
2008-09-21 20:31 . 2008-09-21 20:31 1103120 ----a-w- c:\program files\Synchronize.dll
2008-08-08 21:14 . 2008-08-08 21:14 66371 ----a-w- c:\program files\BlackBerry_Desktop_Software_Help.chm
2008-08-08 21:14 . 2008-08-08 21:14 5319 ----a-w- c:\program files\readme.txt
2008-05-15 18:05 . 2008-05-15 18:05 59904 ----a-w- c:\program files\zlib1.dll
2008-05-15 18:05 . 2008-05-15 18:05 172032 ----a-w- c:\program files\mimepp_core.dll
2008-05-15 18:05 . 2008-05-15 18:05 4456 ----a-w- c:\program files\configurationupgrade.xml
2008-05-15 18:05 . 2008-05-15 18:05 4300 ----a-w- c:\program files\conn_install.cfg
2008-05-15 18:05 . 2008-05-15 18:05 2256896 ----a-w- c:\program files\ilsync.dll
2008-05-15 18:05 . 2008-05-15 18:05 1483 ----a-w- c:\program files\configurationupgrade.dtd
2008-05-15 18:05 . 2008-05-15 18:05 10424 ----a-w- c:\program files\System.dtd
2008-05-15 18:05 . 2008-05-15 18:05 26694 ----a-r- c:\program files\blackberry.ico
2009-07-14 00:16 . 2009-07-14 00:16 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-07-14 00:16 . 2009-07-14 00:16 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
((((((((((((((((((((((((((((( SnapShot_2009-11-24_18.58.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-24 19:16 . 2009-11-24 19:16 16384 c:\windows\Temp\Perflib_Perfdata_84.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2009-01-26 39408]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"acbpfjwy"="c:\documents and settings\Compaq_Owner\Local Settings\Application Data\fttpdl\mkxmsysguard.exe" [BU]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-02-24 5537792]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-03-31 180269]
"acbpfjwy"="c:\documents and settings\Compaq_Owner\Local Settings\Application Data\fttpdl\mkxmsysguard.exe" [BU]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-17 10:30 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [03/10/2008 14:21 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [03/10/2008 14:21 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [03/10/2008 14:21 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [03/10/2008 14:21 297752]
.
Contents of the 'Scheduled Tasks' folder
2009-08-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementary Scan -------
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: skills-arena.co.uk\www
Trusted Zone: skills-arena.com\www
Trusted Zone: skillsarena.co.uk\www
Trusted Zone: skillsarena.com\www
FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\c6x4hwuf.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
.
- - - - ORPHANS REMOVED - - - -
AddRemove-HijackThis - j:\software components\HijackThis.exe
AddRemove-KBD - c:\hp\KBD\KBD.EXE uninstalled
AddRemove-NVIDIA Drivers - c:\windows\system32\NVUNINST.EXE UninstallGUI
AddRemove-PS2 - c:\windows\system32\ps2.exe uninstall
AddRemove-RealJukebox 1.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
AddRemove-RealPlayer 6.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
AddRemove-{2FCE4FC5-6930-40E7-A4F1-F862207424EF} - c:\program files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe REMOVEALL
AddRemove-{91810AFC-A4F8-4EBA-A5AA-B198BBC81144} - c:\program files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe REMOVEALL
************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-11-24 19:24
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2632)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-11-24 19:25
ComboFix-quarantined-files.txt 2009-11-24 19:25
ComboFix2.txt 2009-07-17 20:01
ComboFix3.txt 2009-07-15 17:55
ComboFix4.txt 2009-05-12 22:45
ComboFix5.txt 2009-11-24 18:52
Pre-Run: 109,248,905,216 bytes free
Post-Run: 109,213,638,656 bytes free
- - End Of File - - 090481B37B0F710510E53A6CF40378B7
Thanxs
Junior Member
Oh & Hijack This Log too:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:30:34, on 24/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, News, Sport, Music, Movies, Money, Cars, Shopping, Windows Live from MSN UK
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=127.0.0.1:5555
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\s wg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [acbpfjwy] C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\fttpdl\mkxmsysguard.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [acbpfjwy] C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\fttpdl\mkxmsysguard.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: www.skills-arena.co.uk
O15 - Trusted Zone: www.skills-arena.com
O15 - Trusted Zone: Homepage | Skills Arena
O15 - Trusted Zone: Homepage | Skills Arena
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 5186 bytes
Thanxs
Senior Member
I can see, this is 2nd Combofix run. I'd like to see previous log.
Junior Member
The first time I tried Combofix it didn't work-it just froze and then the computer re-started & didnt post a log which is why I did it again. :-(
Senior Member
I see...
1. Please open Notepad
- Click Start , then Run
- Type notepad .exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:File:: c:\documents and settings\Compaq_Owner\Local Settings\Application Data\fttpdl\mkxmsysguard.exe Folder:: Driver:: Registry:: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "acbpfjwy"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "acbpfjwy"=- RegLockDel::
3. Save the above as CFScript.txt
4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
- Combofix.txt
- A new HijackThis log.
Junior Member
Combofix
ComboFix 09-11-23.06 - Compaq_Owner 26/11/2009 0:47.7.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.511.338 [GMT 0:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Compaq_Owner\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FILE ::
"c:\documents and settings\Compaq_Owner\Local Settings\Application Data\fttpdl\mkxmsysguard.exe"
.
((((((((((((((((((((((((( Files Created from 2009-10-26 to 2009-11-26 )))))))))))))))))))))))))))))))
.
2009-11-25 18:23 . 2009-11-05 19:04 2064152 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-11-25 18:23 . 2009-11-02 18:04 3513624 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2009-11-25 18:23 . 2009-11-02 18:04 2028312 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgtray.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-11-23 20:35 . 2009-04-29 22:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-18 21:44 . 2008-10-14 22:38 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Image Zone Express
2009-11-08 23:29 . 2008-10-03 14:21 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-10-11 10:43 . 2009-10-11 10:43 17632 ----a-w- c:\documents and settings\Family Computer\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-11 10:42 . 2005-03-31 04:55 -------- d-----w- c:\program files\Easy Internet signup
2009-09-25 05:56 . 2004-08-04 12:00 662016 ------w- c:\windows\system32\wininet.dll
2009-09-25 05:56 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-09-11 14:33 . 2004-08-04 12:00 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 14:54 . 2009-05-01 17:43 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 14:53 . 2009-05-01 17:43 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 20:45 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2008-09-21 20:31 . 2008-09-21 20:31 389203 ----a-w- c:\program files\CE.dll
2008-09-21 20:31 . 2008-09-21 20:31 144656 ----a-w- c:\program files\WebLink.dll
2008-09-21 20:31 . 2008-09-21 20:31 1103120 ----a-w- c:\program files\Synchronize.dll
2008-08-08 21:14 . 2008-08-08 21:14 66371 ----a-w- c:\program files\BlackBerry_Desktop_Software_Help.chm
2008-08-08 21:14 . 2008-08-08 21:14 5319 ----a-w- c:\program files\readme.txt
2008-05-15 18:05 . 2008-05-15 18:05 59904 ----a-w- c:\program files\zlib1.dll
2008-05-15 18:05 . 2008-05-15 18:05 172032 ----a-w- c:\program files\mimepp_core.dll
2008-05-15 18:05 . 2008-05-15 18:05 4456 ----a-w- c:\program files\configurationupgrade.xml
2008-05-15 18:05 . 2008-05-15 18:05 4300 ----a-w- c:\program files\conn_install.cfg
2008-05-15 18:05 . 2008-05-15 18:05 2256896 ----a-w- c:\program files\ilsync.dll
2008-05-15 18:05 . 2008-05-15 18:05 1483 ----a-w- c:\program files\configurationupgrade.dtd
2008-05-15 18:05 . 2008-05-15 18:05 10424 ----a-w- c:\program files\System.dtd
2008-05-15 18:05 . 2008-05-15 18:05 26694 ----a-r- c:\program files\blackberry.ico
2009-07-14 00:16 . 2009-07-14 00:16 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-07-14 00:16 . 2009-07-14 00:16 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
((((((((((((((((((((((((((((( SnapShot_2009-11-24_18.58.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-25 18:20 . 2009-11-25 18:20 16384 c:\windows\Temp\Perflib_Perfdata_624.dat
- 2008-07-14 11:09 . 2009-07-14 11:03 46080 c:\windows\system32\tzchange.exe
+ 2008-07-14 11:09 . 2009-10-28 15:07 46080 c:\windows\system32\tzchange.exe
- 2008-10-06 23:30 . 2008-07-08 13:02 17272 c:\windows\system32\spmsg.dll
+ 2008-10-06 23:30 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll
+ 2009-11-25 00:37 . 2009-11-25 00:37 32768 c:\windows\Installer\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}\icon.exe
+ 2009-11-25 00:37 . 2009-11-25 00:37 969728 c:\windows\Installer\126ae3a.msi
+ 2009-11-25 00:37 . 2009-11-25 00:37 429568 c:\windows\Installer\126ae33.msi
+ 2009-07-21 00:03 . 2009-07-21 00:03 1348432 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf34 5378f_4.20.9876.0_x-ww_a621d1d5\msxml4.dll
+ 2009-08-19 17:07 . 2009-08-19 17:07 1415000 c:\windows\system32\msxml6.dll
+ 2009-07-21 00:05 . 2009-07-21 00:05 1348432 c:\windows\system32\msxml4.dll
+ 2004-08-04 12:00 . 2009-07-31 04:57 1172480 c:\windows\system32\msxml3.dll
+ 2004-08-04 12:00 . 2009-07-31 04:57 1172480 c:\windows\system32\dllcache\msxml3.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2009-01-26 39408]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-02-24 5537792]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-03-31 180269]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-17 10:30 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [03/10/2008 14:21 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [03/10/2008 14:21 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [03/10/2008 14:21 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [03/10/2008 14:21 297752]
.
Contents of the 'Scheduled Tasks' folder
2009-08-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementary Scan -------
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: skills-arena.co.uk\www
Trusted Zone: skills-arena.com\www
Trusted Zone: skillsarena.co.uk\www
Trusted Zone: skillsarena.com\www
FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\c6x4hwuf.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np32asw.dll
.
************************************************** ************************
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(372)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-11-26 00:54
ComboFix-quarantined-files.txt 2009-11-26 00:53
ComboFix2.txt 2009-11-24 19:25
ComboFix3.txt 2009-07-17 20:01
ComboFix4.txt 2009-07-15 17:55
ComboFix5.txt 2009-11-26 00:46
Pre-Run: 109,136,732,160 bytes free
Post-Run: 109,102,731,264 bytes free
Hijack This
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:57:49, on 26/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, News, Sport, Music, Movies, Money, Cars, Shopping, Windows Live from MSN UK
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=127.0.0.1:5555
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\s wg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: www.skills-arena.co.uk
O15 - Trusted Zone: www.skills-arena.com
O15 - Trusted Zone: Homepage | Skills Arena
O15 - Trusted Zone: Homepage | Skills Arena
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 4903 bytes
- - End Of File - - 9B952904A80E7FF9A9A4D21CB9A93EE0
Thanxs!
Senior Member
Uninstall Combofix:
Go Start > Run [Vista users, go Start>"Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall"
Restart computer.
================================================== =============
Print these instructions out.
NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe
***VERY IMPORTANT! Make sure, you update Superantispyware, and Malwarebytes before running the scans.***
STEP 1. Download SUPERAntiSpyware Free for Home Users:
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!
* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: SUPERAntiSpyware.com - Database Definition Information.)
* Close SUPERAntiSpyware.
PHYSICALLY DISCONNECT FROM THE INTERNET
Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen
* Open SUPERAntiSpyware.
* Click Scan your Computer... button.
* Click Scanning Preferences/Control Center... button.
* Under General and Startup tab, make sure, Start SUPERAntiSpyware when Windows starts option is UN-checked.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):
- Close browsers before scanning.
- Terminate memory threats before quarantining.
* Click the Close button to leave the control center screen.
* On the left, make sure you check C:\Fixed Drive.
* On the right, choose Perform Complete Scan.
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.
* Make sure everything has a checkmark next to it and click Next.
* A notification will appear that Quarantine and Removal is Complete. Click OK and then click the Finish button to return to the main menu.
* If asked if you want to reboot, click Yes.
* To retrieve the removal information after reboot, launch SUPERAntispyware again.
- Click Preferences, then click the Statistics/Logs tab.
- Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
- If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
- Please copy and paste the Scan Log results in your next reply.
* Click Close to exit the program.
Post SUPERAntiSpyware log.
RECONNECT TO THE INTERNET
RESTART COMPUTER!
STEP 2. Download Malwarebytes' Anti-Malware: Malwarebytes.org to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)
************************************************** ****************************************
Due to a bug in Malwarebytes, you may see in MBAM's log following entries:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\a tapi (Rootkit)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\a tapi (Rootkit)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\atapi (Rootkit)
DO NOT remove those entries!
If you do, your computer will become UN-bootable.
The issue has been fixed in the latest MBAM update, so, it's EXTREMELY important, you update MBAM before you run it.
************************************************** **************************************
* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.
The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
RESTART COMPUTER!
STEP 3.
Post fresh HijackThis log.
NOTE. If you're using Vista, right click on HijackThis, and click Run as Administrator
Do NOT attempt to "fix" anything!
DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
Junior Member
Here they are:
Malwarebytes' Anti-Malware 1.41
Database version: 3245
Windows 5.1.2600 Service Pack 2
28/11/2009 01:45:05
mbam-log-2009-11-28 (01-45-05).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 182176
Time elapsed: 27 minute(s), 42 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Qoobox\Quarantine\C\Documents and Settings\Compaq_Owner\Local Settings\Application Data\fttpdl\mkxmsysguard.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D8696F73-2D76-412A-A981-4300C43EF86F}\RP108\A0017933.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!
Generated 11/28/2009 at 01:05 AM
Application Version : 4.31.1000
Core Rules Database Version : 3925
Trace Rules Database Version: 1978
Scan type : Complete Scan
Total Scan Time : 02:35:51
Memory items scanned : 198
Memory threats detected : 0
Registry items scanned : 5425
Registry threats detected : 0
File items scanned : 72479
File threats detected : 4
Trojan.Downloader-Gen/Suspicious
C:\COMBOFIX\MBR.CFXXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D8696F73-2D76-412A-A981-4300C43EF86F}\RP108\A0018046.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D8696F73-2D76-412A-A981-4300C43EF86F}\RP110\A0018270.EXE
C:\WINDOWS\MBR.EXE
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:50:16, on 28/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, News, Sport, Music, Movies, Money, Cars, Shopping, Windows Live from MSN UK
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=127.0.0.1:5555
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\s wg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: www.skills-arena.co.uk
O15 - Trusted Zone: www.skills-arena.com
O15 - Trusted Zone: Homepage | Skills Arena
O15 - Trusted Zone: Homepage | Skills Arena
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 5239 bytes
Thanxs u!x
