vin3e Posted December 20, 2012 Share Posted December 20, 2012 As requested by all,@dcs18 That was exactly the first thing I did. Scanned it with MB and it found Trojan.FakeMS. When removed and rebooted, an error popped up with an error could not find dll.@tinzy It was FakeMS. Like above, I scanned and removed. Did I do that wrong?There was much panic today because my work computer contained lots of sensitive data. I accidentally clicked on the fake download link when I was trying to convert a YT video to MP3.Silly me.Now I am scared to restart just incase, what other programs or procedures should I do to feel at peace before my big Xmas break.Kindest regards,Vincent - NSANE MOST AMAZING MEMBER Link to comment Share on other sites More sharing options...
dcs18 Posted December 20, 2012 Share Posted December 20, 2012 Yeah, I always advise against scanning RansomWare first.What I suggest is to use Msconfig to try to prevent it from starting up with Windows and then rebooting before attempting to scan it with your resident security system.The most effective alternative would be to scan with an off-line scanner.Would also ask you to disable System Restore with immediate effect. Link to comment Share on other sites More sharing options...
emerglines Posted December 20, 2012 Share Posted December 20, 2012 Download this tool and make a scan , post the log file here and i will see whats wrong , post what Dll file error appears either .Hijackthis : http://sourceforge.net/projects/hjt/ Link to comment Share on other sites More sharing options...
vin3e Posted December 20, 2012 Author Share Posted December 20, 2012 Awww. Will do. Love you all nsanee's Link to comment Share on other sites More sharing options...
dcs18 Posted December 20, 2012 Share Posted December 20, 2012 Think I read in the shoutbox that you used MBAM to perform the scan - it would be most effective if MBAM is used from Safe Mode. ;) Link to comment Share on other sites More sharing options...
vin3e Posted December 20, 2012 Author Share Posted December 20, 2012 Here we go ladies. Much love. Also I dont know how to link a post to a user :DLogfile of Trend Micro HijackThis v2.0.4Scan saved at 13:17:15, on 20/12/2012Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\Symantec\pcAnywhere\awhost32.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Google\Update\GoogleUpdate.exeC:\Program Files\Java\jre7\bin\jqs.exeC:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\HPZipm12.exeC:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exeC:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exeC:\Program Files\Sophos\AutoUpdate\ALsvc.exeC:\Program Files\Sophos\Remote Management System\RouterNT.exeC:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exeC:\Program Files\SUPERAntiSpyware\SASCORE.EXEC:\WINDOWS\Explorer.EXEC:\Program Files\Trusteer\Rapport\bin\RapportService.exeC:\Documents and Settings\user7\Application Data\Dropbox\bin\Dropbox.exeC:\WINDOWS\system32\mstsc.exeC:\Program Files\Opera\opera.exeC:\Documents and Settings\user7\Desktop\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://cba.wrapadviser.co.uk/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKUS\S-1-5-21-363711710-550246839-1264113135-1146\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'user13')O4 - HKUS\S-1-5-21-363711710-550246839-1264113135-1146\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User 'user13')O4 - HKUS\S-1-5-21-363711710-550246839-1264113135-1146\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (User 'user13')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Startup: Dropbox.lnk = C:\Documents and Settings\user7\Application Data\Dropbox\bin\Dropbox.exeO4 - Startup: runctf.lnk = C:\WINDOWS\system32\rundll32.exeO8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.htmlO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cabO16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com//activex/ractrl.cab?lmi=928O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = carolinebanks.localO17 - HKLM\Software\..\Telephony: DomainName = carolinebanks.localO17 - HKLM\System\CCS\Services\Tcpip\..\{E12482E6-DCFE-4AF7-8882-B21CBE906E47}: NameServer = 192.169.1.13,192.170.1.1O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = carolinebanks.localO17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = carolinebanks.localO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO20 - AppInit_DLLs: C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLLO22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dllO22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dllO23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXEO23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exeO23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exeO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeO23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeO23 - Service: Symantec pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXEO23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXEO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exeO23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXEO23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exeO23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exeO23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Limited - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exeO23 - Service: Sophos Anti-Virus (SAVService) - Sophos Limited - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exeO23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exeO23 - Service: Sophos Agent - Sophos Limited - C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exeO23 - Service: Sophos AutoUpdate Service - Sophos Limited - C:\Program Files\Sophos\AutoUpdate\ALsvc.exeO23 - Service: Sophos Message Router - Sophos Limited - C:\Program Files\Sophos\Remote Management System\RouterNT.exeO23 - Service: Sophos Web Control Service - Sophos Limited - C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exeO23 - Service: Sophos Web Intelligence Service (swi_service) - Sophos Limited - C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exeO23 - Service: Sophos Web Intelligence Update (swi_update) - Sophos Limited - C:\Documents and Settings\All Users\Application Data\Sophos\Web Intelligence\swi_update.exe--End of file - 9313 bytes Link to comment Share on other sites More sharing options...
vin3e Posted December 20, 2012 Author Share Posted December 20, 2012 Sorry! Edit: Double postingEDIT 2: @dcs18 Couldnt get into Safe Mode because we use wireless keyboard and no wired ones available at the time. But I will do again in safemode if you advise :)Last scan took 3/4hours - Slow work pcs :( Link to comment Share on other sites More sharing options...
dcs18 Posted December 20, 2012 Share Posted December 20, 2012 With only a wireless keyboard, it's possible to go into Safe Mode by using (WinKey + R) and then typing MsConfig followed by jabbing the Enter key. ;) Link to comment Share on other sites More sharing options...
emerglines Posted December 20, 2012 Share Posted December 20, 2012 O4 - Startup: runctf.lnk = C:\WINDOWS\system32\rundll32.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupIn hijackthis check those two lines and push the fix button and mad another scan and post it here Link to comment Share on other sites More sharing options...
vin3e Posted December 20, 2012 Author Share Posted December 20, 2012 Ta daa - Also much love <3Logfile of Trend Micro HijackThis v2.0.4Scan saved at 13:27:47, on 20/12/2012Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\Symantec\pcAnywhere\awhost32.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Google\Update\GoogleUpdate.exeC:\Program Files\Java\jre7\bin\jqs.exeC:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\HPZipm12.exeC:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exeC:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exeC:\Program Files\Sophos\AutoUpdate\ALsvc.exeC:\Program Files\Sophos\Remote Management System\RouterNT.exeC:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exeC:\Program Files\SUPERAntiSpyware\SASCORE.EXEC:\WINDOWS\Explorer.EXEC:\Program Files\Trusteer\Rapport\bin\RapportService.exeC:\Documents and Settings\user7\Application Data\Dropbox\bin\Dropbox.exeC:\WINDOWS\system32\mstsc.exeC:\Program Files\Opera\opera.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Documents and Settings\user7\Desktop\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://cba.wrapadviser.co.uk/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dllO4 - HKUS\S-1-5-21-363711710-550246839-1264113135-1146\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'user13')O4 - HKUS\S-1-5-21-363711710-550246839-1264113135-1146\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User 'user13')O4 - HKUS\S-1-5-21-363711710-550246839-1264113135-1146\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (User 'user13')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Startup: Dropbox.lnk = C:\Documents and Settings\user7\Application Data\Dropbox\bin\Dropbox.exeO8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.htmlO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cabO16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com//activex/ractrl.cab?lmi=928O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = carolinebanks.localO17 - HKLM\Software\..\Telephony: DomainName = carolinebanks.localO17 - HKLM\System\CCS\Services\Tcpip\..\{E12482E6-DCFE-4AF7-8882-B21CBE906E47}: NameServer = 192.169.1.13,192.170.1.1O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = carolinebanks.localO17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = carolinebanks.localO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO20 - AppInit_DLLs: C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLLO22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dllO22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dllO23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXEO23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exeO23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exeO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeO23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeO23 - Service: Symantec pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXEO23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXEO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exeO23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXEO23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exeO23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exeO23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Limited - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exeO23 - Service: Sophos Anti-Virus (SAVService) - Sophos Limited - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exeO23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exeO23 - Service: Sophos Agent - Sophos Limited - C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exeO23 - Service: Sophos AutoUpdate Service - Sophos Limited - C:\Program Files\Sophos\AutoUpdate\ALsvc.exeO23 - Service: Sophos Message Router - Sophos Limited - C:\Program Files\Sophos\Remote Management System\RouterNT.exeO23 - Service: Sophos Web Control Service - Sophos Limited - C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exeO23 - Service: Sophos Web Intelligence Service (swi_service) - Sophos Limited - C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exeO23 - Service: Sophos Web Intelligence Update (swi_update) - Sophos Limited - C:\Documents and Settings\All Users\Application Data\Sophos\Web Intelligence\swi_update.exe--End of file - 9212 bytes Link to comment Share on other sites More sharing options...
emerglines Posted December 20, 2012 Share Posted December 20, 2012 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://cba.wrapadviser.co.uk/O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = carolinebanks.localO17 - HKLM\Software\..\Telephony: DomainName = carolinebanks.localO17 - HKLM\System\CCS\Services\Tcpip\..\{E12482E6-DCFE-4AF7-8882-B21CBE906E47}: NameServer = 192.169.1.13,192.170.1.1O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = carolinebanks.localO17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = carolinebanks.localMake as the past step : check does lines and push fix button if dosn't work and appears the same result in hijackthis please download this tool : http://technet.microsoft.com/en-us/sysinternals/bb963902.aspxand i will show you where to find and delete :) Link to comment Share on other sites More sharing options...
vin3e Posted December 20, 2012 Author Share Posted December 20, 2012 I cant delete those! That is my company XD Link to comment Share on other sites More sharing options...
psyko666 Posted December 20, 2012 Share Posted December 20, 2012 Couldn't HitmanPro maybe be a kinda help ?! (Kickstart) Link to comment Share on other sites More sharing options...
vin3e Posted December 20, 2012 Author Share Posted December 20, 2012 Thanks everyone. I appreciate the love. I'll karma whore you all. Link to comment Share on other sites More sharing options...
emerglines Posted December 20, 2012 Share Posted December 20, 2012 So whats the matter here please ? if a Dll error i will show you how to fix it just like this :in cmd write regsvr32 /u "the dirictory where the file is" or go to msconfig and uncheck it and reboot thats it :) Link to comment Share on other sites More sharing options...
vin3e Posted December 20, 2012 Author Share Posted December 20, 2012 Its fixed! :wub: Link to comment Share on other sites More sharing options...
dcs18 Posted December 20, 2012 Share Posted December 20, 2012 Its fixed! :wub:You can also perform a manual check to clean the debris. ;) Link to comment Share on other sites More sharing options...
emerglines Posted December 20, 2012 Share Posted December 20, 2012 Its fixed! :wub: Happy :) ! Always use a manual scan as dcs18 said :) Link to comment Share on other sites More sharing options...
cruelsister Posted December 20, 2012 Share Posted December 20, 2012 The main problem here is the use of Sophos. This has to be about the worst choice for an Enterprise security solution. Comodo Endpoint blows it away in ease of setup and definitely in malware prevention. And it is much. much cheaper. Link to comment Share on other sites More sharing options...
Ambrocious Posted December 20, 2012 Share Posted December 20, 2012 I was gonna say, download Kaspersky Rescue Disk. Burn it to disk. Put it in your computer, make sure it's set to boot first from the CD drive. It will take care of ransomware just fine. Link to comment Share on other sites More sharing options...
Whi5t1eR Posted December 21, 2012 Share Posted December 21, 2012 WOW... how not to help someone, a little knowledge is a very dangerous thing. Opps, did i say that out loud Link to comment Share on other sites More sharing options...
tipo Posted December 21, 2012 Share Posted December 21, 2012 use comodo cleaning essentials next time.http://www.comodo.com/business-security/network-protection/cleaning_essentials.php Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.