Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 24

Thread: Right media prob dds & attach logs

  1. #11
    Member
    Join Date
    May 2010
    Posts
    95

    Default

    ComboFix 11-07-02.03 - Owner 03/07/2011 21:15:38.1.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1214.901 [GMT 1:00]
    Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-06-03 to 2011-07-03 )))))))))))))))))))))))))))))))
    .
    .
    2011-06-22 19:53 . 2011-06-22 19:53 -------- d-----w- c:\documents and settings\Owner\Application Data\Radialpoint
    2011-06-22 19:26 . 2011-05-29 08:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-06-22 19:26 . 2011-05-29 08:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-06-22 19:26 . 2011-06-22 19:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-06-22 07:56 . 2011-06-22 18:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2011-06-22 07:56 . 2011-06-22 07:56 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2011-06-16 18:28 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-05-02 15:31 . 2009-11-04 23:14 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-04-29 16:19 . 2004-08-04 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-04-25 16:11 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-04-25 16:11 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-04-25 16:11 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-04-25 12:01 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
    2011-04-21 13:37 . 2004-08-04 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
    "SoundMan"="SOUNDMAN.EXE" [2005-05-17 77824]
    "VTTimer"="VTTimer.exe" [2005-03-08 53248]
    "VTTrayp"="VTtrayp.exe" [2005-11-01 163840]
    "ServiceManager.exe"="c:\program files\Virgin Media\Service Manager\ServiceManager.exe" [2011-03-25 4371768]
    "DHSClient.exe"="c:\program files\Virgin Media\Digital Home Support\DHSClient.exe" [2011-03-23 2032952]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "RunNarrator"="Narrator.exe" [2008-04-14 53760]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HsdService]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
    @="Service"
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\Virgin Media\\Service Manager\\ServicepointService.exe"=
    .
    R2 HsdService;HsdService;c:\program files\Virgin Media\Digital Home Support\HsdService.exe [22/06/2011 20:53 1406264]
    R2 ServicepointService;ServicepointService;c:\program files\Virgin Media\Service Manager\ServicepointService.exe [15/05/2011 14:57 689464]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-07-03 c:\windows\Tasks\User_Feed_Synchronization-{856F1492-D9BC-4EB2-8133-AEF1E52C2B58}.job
    - c:\windows\system32\msfeedssync.exe [2009-03-08 04:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://bbc.co.uk/news
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
    Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Notify-avgrsstarter - avgrsstx.dll
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-07-03 21:19
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(664)
    c:\windows\system32\WININET.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\IEFRAME.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2011-07-03 21:21:27
    ComboFix-quarantined-files.txt 2011-07-03 20:21
    .
    Pre-Run: 20,599,586,816 bytes free
    Post-Run: 21,524,733,952 bytes free
    .
    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
    [spybotsd]
    timeout.old=30
    .
    - - End Of File - - 5BCBFE7B1A4BD6C62E470A142E47AFEE


    .
    DDS (Ver_2011-06-12.02) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by Owner at 21:22:15 on 2011-07-03
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1214.862 [GMT 1:00]
    .
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Virgin Media\Digital Home Support\HsdService.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\system32\VTtrayp.exe
    C:\Program Files\Virgin Media\Digital Home Support\DHSClient.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://bbc.co.uk/news
    uURLSearchHooks: H - No File
    mURLSearchHooks: H - No File
    BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
    BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
    mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
    mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
    mRun: [SoundMan] SOUNDMAN.EXE
    mRun: [VTTimer] VTTimer.exe
    mRun: [VTTrayp] VTtrayp.exe
    mRun: [ServiceManager.exe] "c:\program files\virgin media\service manager\ServiceManager.exe" /AUTORUN
    mRun: [DHSClient.exe] "c:\program files\virgin media\digital home support\DHSClient.exe" /AUTORUN
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    dRunOnce: [RunNarrator] Narrator.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
    TCP: Interfaces\{CA9EBB3F-A647-4A93-BE91-B284B9509627} : DhcpNameServer = 194.168.4.100 194.168.8.100
    Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R2 HsdService;HsdService;c:\program files\virgin media\digital home support\HsdService.exe [2011-6-22 1406264]
    R2 ServicepointService;ServicepointService;c:\program files\virgin media\service manager\ServicepointService.exe [2011-5-15 689464]
    .
    =============== Created Last 30 ================
    .
    2011-07-03 20:14:45 -------- d-sha-r- C:\cmdcons
    2011-07-03 20:13:13 98816 ----a-w- c:\windows\sed.exe
    2011-07-03 20:13:13 518144 ----a-w- c:\windows\SWREG.exe
    2011-07-03 20:13:13 256000 ----a-w- c:\windows\PEV.exe
    2011-07-03 20:13:13 208896 ----a-w- c:\windows\MBR.exe
    2011-06-22 19:53:59 -------- d-----w- c:\documents and settings\owner\application data\Radialpoint
    2011-06-22 19:26:25 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-06-22 19:26:24 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-06-22 19:26:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-06-22 07:56:21 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2011-06-22 07:56:21 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
    2011-06-16 18:28:15 105472 -c----w- c:\windows\system32\dllcache\mup.sys
    .
    ==================== Find3M ====================
    .
    2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-04-25 16:11:11 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-04-25 16:11:11 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-04-25 12:01:22 385024 ----a-w- c:\windows\system32\html.iec
    2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys
    .
    ============= FINISH: 21:22:31.32 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-06-12.02)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 04/11/2009 23:18:35
    System Uptime: 03/07/2011 21:10:16 (0 hours ago)
    .
    Motherboard: FUJITSU SIEMENS | | AMILO PRO V2030
    Processor: Intel(R) Celeron(R) M processor 1.40GHz | Socket 478 | 1396/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 27 GiB total, 20.069 GiB free.
    D: is FIXED (NTFS) - 10 GiB total, 1.758 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description: PCI Simple Communications Controller
    Device ID: PCI\VEN_1106&DEV_3068&SUBSYS_109B1734&REV_80\3&61AAA01&0&8E
    Manufacturer:
    Name: PCI Simple Communications Controller
    PNP Device ID: PCI\VEN_1106&DEV_3068&SUBSYS_109B1734&REV_80\3&61AAA01&0&8E
    Service:
    .
    ==== System Restore Points ===================
    .
    RP89: 26/03/2011 14:43:21 - System Checkpoint
    RP90: 04/04/2011 20:32:29 - System Checkpoint
    RP91: 08/04/2011 20:46:34 - System Checkpoint
    RP92: 11/04/2011 19:33:54 - System Checkpoint
    RP93: 12/04/2011 19:49:17 - System Checkpoint
    RP94: 14/04/2011 19:51:57 - System Checkpoint
    RP95: 15/04/2011 19:58:00 - System Checkpoint
    RP96: 16/04/2011 16:35:28 - Software Distribution Service 3.0
    RP97: 21/04/2011 20:53:38 - System Checkpoint
    RP98: 26/04/2011 21:53:05 - Software Distribution Service 3.0
    RP99: 29/04/2011 12:55:33 - System Checkpoint
    RP100: 02/05/2011 18:12:47 - System Checkpoint
    RP101: 08/05/2011 21:58:03 - System Checkpoint
    RP102: 10/05/2011 18:14:37 - System Checkpoint
    RP103: 11/05/2011 20:35:15 - Avg8 Update
    RP104: 11/05/2011 21:06:09 - Software Distribution Service 3.0
    RP105: 22/05/2011 15:25:11 - System Checkpoint
    RP106: 24/05/2011 19:22:43 - System Checkpoint
    RP107: 30/05/2011 19:37:07 - System Checkpoint
    RP108: 02/06/2011 18:20:20 - System Checkpoint
    RP109: 03/06/2011 20:00:48 - System Checkpoint
    RP110: 06/06/2011 19:16:03 - System Checkpoint
    RP111: 10/06/2011 00:17:18 - System Checkpoint
    RP112: 14/06/2011 19:53:48 - System Checkpoint
    RP113: 16/06/2011 19:47:23 - Software Distribution Service 3.0
    RP114: 18/06/2011 12:00:11 - System Checkpoint
    RP115: 19/06/2011 15:00:44 - System Checkpoint
    RP116: 21/06/2011 19:54:12 - System Checkpoint
    RP117: 22/06/2011 20:10:49 - Removed AVG 8.5
    RP118: 22/06/2011 20:13:03 - Removed AVG 8.5
    RP119: 22/06/2011 20:14:13 - Removed AVG 8.5
    RP120: 22/06/2011 21:00:51 - Removed AVG 8.5
    RP121: 24/06/2011 19:50:21 - System Checkpoint
    RP122: 26/06/2011 19:14:51 - System Checkpoint
    RP123: 03/07/2011 19:18:35 - Removed AVG 8.5
    .
    ==== Installed Programs ======================
    .
    AAC Decoder
    Adobe Flash Player 10 ActiveX
    Adobe Reader 6.0.1
    Adobe Shockwave Player 11.5
    Advanced SystemCare 3
    AutoUpdate
    DivX Codec
    DivX Converter
    DivX Player
    DivX Plus DirectShow Filters
    DivX Plus Web Player
    DivX Version Checker
    H.264 Decoder
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB976002-v5)
    Hotfix for Windows XP (KB981793)
    Malwarebytes' Anti-Malware version 1.51.0.1200
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Office Professional Edition 2003
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    MKV Splitter
    Pop-Up Stopper Free Edition
    Radialpoint Security Advisor 2.5.19
    Realtek AC'97 Audio
    RPS CRT
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Spybot - Search & Destroy
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    VC80CRTRedist - 8.0.50727.4053
    VIA Rhine-Family Fast Ethernet Adapter
    VIA/S3G Display Driver
    Virgin Media Digital Home Support 2.1.27
    Virgin Media Service Manager 3.7.47
    WebFldrs XP
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3
    WinRAR archiver
    .
    ==== End Of File ===========================

  2. #12
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi again,


    Open notepad and copy/paste the text in the quotebox below into it:

    Code:
    DDS::
    BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
    TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

    Save this as
    CFScript

    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.



    Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
    Then post the resultant log.


    Uninstall old Adobe Reader versions and get the latest one (Adobe Reader 10.1) here or get Foxit Reader here. Make sure you don't (unless you want to) install toolbar if choose Foxit Reader! You may also check free readers introduced here.


    * Go here to run an online scanner from ESET.
    • Note: You will need to use Internet explorer for this scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Click Start
    • Make sure that the option Remove found threats is UNchecked.
    • Click Scan
    • Wait for the scan to finish.


    Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log. Still symptoms left?
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  3. #13
    Member
    Join Date
    May 2010
    Posts
    95

    Default

    I have no firewall in place seen as avg was uninstalled for this purpose, should I install a anti virus/firewall at this stage? I am worried of picking up another bug! My ISP (Virgin Media) have supplied me with there own firewall not sure if I should install that? Computer is alot quicker, however I have still the windows defender icon showing. Not sure whether that is the genuine one of the fake one cos it only appeared after I picked up the bug

    ComboFix 11-07-03.01 - Owner 03/07/2011 23:20:56.2.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1214.855 [GMT 1:00]
    Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-06-03 to 2011-07-03 )))))))))))))))))))))))))))))))
    .
    .
    2011-06-22 19:53 . 2011-06-22 19:53 -------- d-----w- c:\documents and settings\Owner\Application Data\Radialpoint
    2011-06-22 19:26 . 2011-05-29 08:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-06-22 19:26 . 2011-05-29 08:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-06-22 19:26 . 2011-06-22 19:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-06-22 07:56 . 2011-06-22 18:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2011-06-22 07:56 . 2011-06-22 07:56 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2011-06-16 18:28 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-05-02 15:31 . 2009-11-04 23:14 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-04-29 16:19 . 2004-08-04 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-04-25 16:11 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-04-25 16:11 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-04-25 16:11 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-04-25 12:01 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
    2011-04-21 13:37 . 2004-08-04 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
    "SoundMan"="SOUNDMAN.EXE" [2005-05-17 77824]
    "VTTimer"="VTTimer.exe" [2005-03-08 53248]
    "VTTrayp"="VTtrayp.exe" [2005-11-01 163840]
    "ServiceManager.exe"="c:\program files\Virgin Media\Service Manager\ServiceManager.exe" [2011-03-25 4371768]
    "DHSClient.exe"="c:\program files\Virgin Media\Digital Home Support\DHSClient.exe" [2011-03-23 2032952]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "RunNarrator"="Narrator.exe" [2008-04-14 53760]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HsdService]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
    @="Service"
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\Virgin Media\\Service Manager\\ServicepointService.exe"=
    .
    R2 HsdService;HsdService;c:\program files\Virgin Media\Digital Home Support\HsdService.exe [22/06/2011 20:53 1406264]
    R2 ServicepointService;ServicepointService;c:\program files\Virgin Media\Service Manager\ServicepointService.exe [15/05/2011 14:57 689464]
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - MBAMSwissArmy
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-07-03 c:\windows\Tasks\User_Feed_Synchronization-{856F1492-D9BC-4EB2-8133-AEF1E52C2B58}.job
    - c:\windows\system32\msfeedssync.exe [2009-03-08 04:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://bbc.co.uk/news
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
    Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-07-03 23:24
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(3900)
    c:\windows\system32\WININET.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\IEFRAME.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2011-07-03 23:25:37
    ComboFix-quarantined-files.txt 2011-07-03 22:25
    ComboFix2.txt 2011-07-03 20:21
    .
    Pre-Run: 21,507,997,696 bytes free
    Post-Run: 21,509,210,112 bytes free
    .
    - - End Of File - - 0EF8560B4814C7C164662170F171FFFE

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-06-12.02)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 04/11/2009 23:18:35
    System Uptime: 04/07/2011 00:02:13 (0 hours ago)
    .
    Motherboard: FUJITSU SIEMENS | | AMILO PRO V2030
    Processor: Intel(R) Celeron(R) M processor 1.40GHz | Socket 478 | 1407/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 27 GiB total, 19.693 GiB free.
    D: is FIXED (NTFS) - 10 GiB total, 1.758 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description: PCI Simple Communications Controller
    Device ID: PCI\VEN_1106&DEV_3068&SUBSYS_109B1734&REV_80\3&61AAA01&0&8E
    Manufacturer:
    Name: PCI Simple Communications Controller
    PNP Device ID: PCI\VEN_1106&DEV_3068&SUBSYS_109B1734&REV_80\3&61AAA01&0&8E
    Service:
    .
    ==== System Restore Points ===================
    .
    RP89: 26/03/2011 14:43:21 - System Checkpoint
    RP90: 04/04/2011 20:32:29 - System Checkpoint
    RP91: 08/04/2011 20:46:34 - System Checkpoint
    RP92: 11/04/2011 19:33:54 - System Checkpoint
    RP93: 12/04/2011 19:49:17 - System Checkpoint
    RP94: 14/04/2011 19:51:57 - System Checkpoint
    RP95: 15/04/2011 19:58:00 - System Checkpoint
    RP96: 16/04/2011 16:35:28 - Software Distribution Service 3.0
    RP97: 21/04/2011 20:53:38 - System Checkpoint
    RP98: 26/04/2011 21:53:05 - Software Distribution Service 3.0
    RP99: 29/04/2011 12:55:33 - System Checkpoint
    RP100: 02/05/2011 18:12:47 - System Checkpoint
    RP101: 08/05/2011 21:58:03 - System Checkpoint
    RP102: 10/05/2011 18:14:37 - System Checkpoint
    RP103: 11/05/2011 20:35:15 - Avg8 Update
    RP104: 11/05/2011 21:06:09 - Software Distribution Service 3.0
    RP105: 22/05/2011 15:25:11 - System Checkpoint
    RP106: 24/05/2011 19:22:43 - System Checkpoint
    RP107: 30/05/2011 19:37:07 - System Checkpoint
    RP108: 02/06/2011 18:20:20 - System Checkpoint
    RP109: 03/06/2011 20:00:48 - System Checkpoint
    RP110: 06/06/2011 19:16:03 - System Checkpoint
    RP111: 10/06/2011 00:17:18 - System Checkpoint
    RP112: 14/06/2011 19:53:48 - System Checkpoint
    RP113: 16/06/2011 19:47:23 - Software Distribution Service 3.0
    RP114: 18/06/2011 12:00:11 - System Checkpoint
    RP115: 19/06/2011 15:00:44 - System Checkpoint
    RP116: 21/06/2011 19:54:12 - System Checkpoint
    RP117: 22/06/2011 20:10:49 - Removed AVG 8.5
    RP118: 22/06/2011 20:13:03 - Removed AVG 8.5
    RP119: 22/06/2011 20:14:13 - Removed AVG 8.5
    RP120: 22/06/2011 21:00:51 - Removed AVG 8.5
    RP121: 24/06/2011 19:50:21 - System Checkpoint
    RP122: 26/06/2011 19:14:51 - System Checkpoint
    RP123: 03/07/2011 19:18:35 - Removed AVG 8.5
    RP124: 03/07/2011 23:27:03 - Removed Adobe Reader 6.0.1
    RP125: 03/07/2011 23:30:20 - Installed Adobe Reader X (10.1.0).
    .
    ==== Installed Programs ======================
    .
    AAC Decoder
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Reader X (10.1.0)
    Adobe Shockwave Player 11.5
    Advanced SystemCare 3
    AutoUpdate
    DivX Codec
    DivX Converter
    DivX Player
    DivX Plus DirectShow Filters
    DivX Plus Web Player
    DivX Version Checker
    ESET Online Scanner v3
    H.264 Decoder
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB976002-v5)
    Hotfix for Windows XP (KB981793)
    Malwarebytes' Anti-Malware version 1.51.0.1200
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Office Professional Edition 2003
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    MKV Splitter
    Pop-Up Stopper Free Edition
    Radialpoint Security Advisor 2.5.19
    Realtek AC'97 Audio
    RPS CRT
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Spybot - Search & Destroy
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    VC80CRTRedist - 8.0.50727.4053
    VIA Rhine-Family Fast Ethernet Adapter
    VIA/S3G Display Driver
    Virgin Media Digital Home Support 2.1.27
    Virgin Media Service Manager 3.7.47
    WebFldrs XP
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3
    WinRAR archiver
    .
    ==== Event Viewer Messages From Past Week ========
    .
    03/07/2011 23:27:25, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
    .
    ==== End Of File ===========================

    .
    DDS (Ver_2011-06-12.02) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by Owner at 0:03:54 on 2011-07-04
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1214.871 [GMT 1:00]
    .
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Virgin Media\Digital Home Support\HsdService.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\system32\VTtrayp.exe
    C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe
    C:\Program Files\Virgin Media\Digital Home Support\DHSClient.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Virgin Media\Security Advisor\SecurityAdvisorLogic.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://bbc.co.uk/news
    uURLSearchHooks: H - No File
    mURLSearchHooks: H - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
    mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
    mRun: [SoundMan] SOUNDMAN.EXE
    mRun: [VTTimer] VTTimer.exe
    mRun: [VTTrayp] VTtrayp.exe
    mRun: [ServiceManager.exe] "c:\program files\virgin media\service manager\ServiceManager.exe" /AUTORUN
    mRun: [DHSClient.exe] "c:\program files\virgin media\digital home support\DHSClient.exe" /AUTORUN
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    dRunOnce: [RunNarrator] Narrator.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
    TCP: Interfaces\{CA9EBB3F-A647-4A93-BE91-B284B9509627} : DhcpNameServer = 194.168.4.100 194.168.8.100
    Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R2 HsdService;HsdService;c:\program files\virgin media\digital home support\HsdService.exe [2011-6-22 1406264]
    R2 ServicepointService;ServicepointService;c:\program files\virgin media\service manager\ServicepointService.exe [2011-5-15 689464]
    .
    =============== Created Last 30 ================
    .
    2011-07-03 22:30:04 -------- d-----w- c:\program files\ESET
    2011-07-03 22:29:06 -------- d-----w- c:\documents and settings\owner\local settings\application data\Adobe
    2011-07-03 20:14:45 -------- d-sha-r- C:\cmdcons
    2011-07-03 20:13:13 98816 ----a-w- c:\windows\sed.exe
    2011-07-03 20:13:13 518144 ----a-w- c:\windows\SWREG.exe
    2011-07-03 20:13:13 256000 ----a-w- c:\windows\PEV.exe
    2011-07-03 20:13:13 208896 ----a-w- c:\windows\MBR.exe
    2011-06-22 19:53:59 -------- d-----w- c:\documents and settings\owner\application data\Radialpoint
    2011-06-22 19:26:25 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-06-22 19:26:24 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-06-22 19:26:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-06-22 07:56:21 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2011-06-22 07:56:21 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
    2011-06-16 18:28:15 105472 -c----w- c:\windows\system32\dllcache\mup.sys
    2011-06-06 11:55:30 183696 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
    .
    ==================== Find3M ====================
    .
    2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-04-25 16:11:11 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-04-25 16:11:11 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-04-25 12:01:22 385024 ----a-w- c:\windows\system32\html.iec
    2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys
    .
    ============= FINISH: 0:05:00.04 ===============

  4. #14
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    I have no firewall in place seen as avg was uninstalled for this purpose, should I install a anti virus/firewall at this stage?
    Windows own firewall should activate itself when 3rd party firewall is uninstalled.

    I have still the windows defender icon showing.
    Could you take a screenshot of that?
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  5. #15
    Member
    Join Date
    May 2010
    Posts
    95

    Default

    Looking at it again it is genuine copy but icon has now disappeared. Am I infection free? should I proceed to install a firewall or leave it? any u recommend that doesnt slow my machine loads and conflicts with everything going

  6. #16
    Member
    Join Date
    May 2010
    Posts
    95

    Default

    and thank you for your help, do i not need to remove combofix?

  7. #17
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Well congrats, it appears your system is all clean Are you still noticing any problems? If not, it's time to secure your system to prevent against further intrusions.


    THESE STEPS ARE VERY IMPORTANT

    Let's reset system restore
    Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

    1. Turn off System Restore.
    On the Desktop, right-click My Computer.
    Click Properties.
    Click the System Restore tab.
    Check Turn off System Restore.
    Click Apply, and then click OK.

    2. Reboot.

    3. Turn ON System Restore.
    On the Desktop, right-click My Computer.
    Click Properties.
    Click the System Restore tab.
    UN-Check *Turn off System Restore*.
    Click Apply, and then click OK.
    NOTE: only do this ONCE,NOT on a regular basis


    Now lets uninstall ComboFix:
    • Click START then RUN
    • Now copy-paste Combofix /uninstall in the runbox and click OK



    UPDATING WINDOWS AND INTERNET EXPLORER

    IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site to get the critical updates.

    If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.


    Make your Internet Explorer more secure

    This can be done by following these simple instructions:
    From within Internet Explorer click on the Tools menu and then click on Options.
    Click once on the Security tab
    Click once on the Internet icon so it becomes highlighted.
    Click once on the Custom Level button.
    Change the Download signed ActiveX controls to Prompt
    Change the Download unsigned ActiveX controls to Disable
    Change the Initialize and script ActiveX controls not marked as safe to Disable
    Change the Installation of desktop items to Prompt
    Change the Launching programs and files in an IFRAME to Prompt
    Change the Navigate sub-frames across different domains to Prompt
    When all these settings have been made, click on the OK button.
    If it prompts you as to whether or not you want to save the settings, press the Yes button.
    Next press the Apply button and then the OK to exit the Internet Properties page.



    The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.

    • Download and run Secunia Personal Software Inspector (PSI) and fix its findings. Leave the program installed so you'll stay alarmed about vulnerable components in future too.
    • Get Anti Virus Software and keep it updated - Most AVs will update automatically, but if not I would recommend making updating the AV the first job every time the PC is connected to the internet. An AV that is using defs that are seven days old is not going to be much protection. If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out. Good free antivirus programs are:
      Antivir
      Avast!
      Good commercial ones are from:
      Kaspersky and
      ESET
    • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For more info, check this webpage out.
      If you don't have a 3rd party firewall or a router behind NAT then I recommend getting one. I recommend either Online Armor Free or Comodo Firewall Pro (If you choose Comodo: Uncheck during installation Install Comodo HopSurf.., Make Comodo my default search provider and Make Comodo Search my homepage and install firewall ONLY!). Both providers have support forums that help with configuration related questions.



    Just a final reminder for you. I am trying to stress these two points.
    UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
    Make sure all of your security programs are up to date.
    Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


    Once again, please post and tell me how things are going with your system... problems etc.

    Have a great day,
    Blade
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  8. #18
    Member
    Join Date
    May 2010
    Posts
    95

    Default

    Done above, using comodo firewall, avast & secunia, however I have noticed my web browsing specifically has slowed down in terms of time it takes to load up pages and is more prone to these pages crashing. I suspect its cos the firewall wants to check everything I do. Anything I can do?

  9. #19
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Could be the firewall yes. If you have a router in NAT mode enabled in use then you won't necessarily need 3rd party firewall installed.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  10. #20
    Member
    Join Date
    May 2010
    Posts
    95

    Default

    Apologies for sounding silly but I do not understand what nat mode enabled means or how I go finding this information out. I have a router/modem built in one from my isp, virgin media

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •