Jump to content

captain5678

Honorary Members
 View Profile  See their activity

  • Posts

    22

  • Joined

  • Last visited

Reputation

0 Neutral
  1. captain5678
    Results of screen317's Security Check version 0.99.76 Windows XP Service Pack 3 x86 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials `````````Anti-malware/Other Utilities Check:````````` Out of date HijackThis installed! SpywareBlaster 5.0 Malwarebytes Anti-Malware version 1.75.0.1300 HijackThis 2.0.2 Java 6 Update 29 Java version out of Date! Adobe Reader 9 Adobe Reader out of Date! Adobe Reader 10.1.8 Adobe Reader out of Date! ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 6% ````````````````````End of Log``````````````````````
  2. captain5678
    I ran AdwCaleaner again and it came back clean. I then ran Malwarebytes, which also came back with no detections... Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.11.08.10 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Euan :: EILEEN [administrator] 09/11/2013 00:12:05 mbam-log-2013-11-09 (00-12-05).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 290809 Time elapsed: 23 minute(s), 7 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) There doesn't seem to be anything apparently wrong with the running of the pc, although I haven't really used it to do anything particularly taxing. Thanks.
  3. captain5678
    Hi MrC, I ran AdwCleaner. It seemed to scan ok, although I was surprised that it only took about 1 minute to complete (after the length of time it took the previous scans I was expecting a bit longer!). The log file AdwCleaner[R0].txt file appeared. I clicked clean. The pc rebooted, but on restart, there was no AdwCleaner[s0].txt file. It didn't open automatically and it doesn't appear in the C:\AdwCleaner folder. I have included AdwCleaner[R0].txt below in case that is of help... # AdwCleaner v3.011 - Report created 08/11/2013 at 23:29:56 # Updated 03/11/2013 by Xplode # Operating System : Microsoft Windows XP Service Pack 3 (32 bits) # Username : Euan - EILEEN # Running from : C:\Documents and Settings\Euan\Desktop\AdwCleaner.exe # Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKCU\Software\IGearSettings Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKCU\Software\YahooPartnerToolbar Key Found : HKLM\SOFTWARE\Classes\AppID\Launcher.EXE Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1 Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1 Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3} Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Found : HKLM\Software\Viewpoint ***** [ Browsers ] ***** -\\ Internet Explorer v8.0.6001.18702 ************************* AdwCleaner[R0].txt - [2768 octets] - [08/11/2013 23:29:56] ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2828 octets] ########## Should I continue with Malwarebytes now? Thanks!
  4. captain5678
    Hi MrC, I ran Combofix, taking roughly 2h50 to complete. Here's the log... ComboFix 13-11-07.01 - Euan 08/11/2013 20:10:01.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.510.212 [GMT 0:00] Running from: c:\documents and settings\Euan\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} AV: ZoneAlarm Security Suite Antivirus *Disabled/Outdated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF} FW: ZoneAlarm Security Suite Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\SJK\WINDOWS c:\windows\system32\regobj.dll c:\windows\system32\SET100.tmp c:\windows\system32\SET101.tmp c:\windows\system32\SET102.tmp c:\windows\system32\SET103.tmp c:\windows\system32\SET104.tmp c:\windows\system32\SET105.tmp c:\windows\system32\SET107.tmp c:\windows\system32\SET108.tmp c:\windows\system32\SET109.tmp c:\windows\system32\SET10B.tmp c:\windows\system32\SET10C.tmp c:\windows\system32\SET10D.tmp c:\windows\system32\SET10E.tmp c:\windows\system32\SET10F.tmp c:\windows\system32\SET110.tmp c:\windows\system32\SET111.tmp c:\windows\system32\SET112.tmp c:\windows\system32\SET113.tmp c:\windows\system32\SET115.tmp c:\windows\system32\SET116.tmp c:\windows\system32\SET117.tmp c:\windows\system32\SET11B.tmp c:\windows\system32\SET11D.tmp c:\windows\system32\SET17A.tmp c:\windows\system32\SET17C.tmp c:\windows\system32\SET17D.tmp c:\windows\system32\SET183.tmp c:\windows\system32\SET184.tmp c:\windows\system32\SET185.tmp c:\windows\system32\SET188.tmp c:\windows\system32\SET18A.tmp c:\windows\system32\SET18B.tmp c:\windows\system32\SET18D.tmp c:\windows\system32\SET18E.tmp c:\windows\system32\SET193.tmp c:\windows\system32\SET1A.tmp c:\windows\system32\SET1B.tmp c:\windows\system32\SET1C.tmp c:\windows\system32\SET1D.tmp c:\windows\system32\SET1E.tmp c:\windows\system32\SET1F.tmp c:\windows\system32\SET20.tmp c:\windows\system32\SET21.tmp c:\windows\system32\SET22.tmp c:\windows\system32\SET23.tmp c:\windows\system32\SET24.tmp c:\windows\system32\SET25.tmp c:\windows\system32\SET26.tmp c:\windows\system32\SET27.tmp c:\windows\system32\SET28.tmp c:\windows\system32\SET29.tmp c:\windows\system32\SET2A.tmp c:\windows\system32\SET2B.tmp c:\windows\system32\SET2C.tmp c:\windows\system32\SET2D.tmp c:\windows\system32\SET2E.tmp c:\windows\system32\SET2E4.tmp c:\windows\system32\SET2E5.tmp c:\windows\system32\SET2E6.tmp c:\windows\system32\SET2E7.tmp c:\windows\system32\SET2ED.tmp c:\windows\system32\SET2EE.tmp c:\windows\system32\SET2EF.tmp c:\windows\system32\SET2F.tmp c:\windows\system32\SET2F2.tmp c:\windows\system32\SET2F4.tmp c:\windows\system32\SET2F6.tmp c:\windows\system32\SET2FB.tmp c:\windows\system32\SET30.tmp c:\windows\system32\SET31.tmp c:\windows\system32\SET32.tmp c:\windows\system32\SET33.tmp c:\windows\system32\SET34.tmp c:\windows\system32\SET35.tmp c:\windows\system32\SET36.tmp c:\windows\system32\SET37.tmp c:\windows\system32\SET38.tmp c:\windows\system32\SET39.tmp c:\windows\system32\SET3A.tmp c:\windows\system32\SET3B.tmp c:\windows\system32\SET3C.tmp c:\windows\system32\SET3D.tmp c:\windows\system32\SET3E.tmp c:\windows\system32\SET3F.tmp c:\windows\system32\SET40.tmp c:\windows\system32\SET41.tmp c:\windows\system32\SET42.tmp c:\windows\system32\SET43.tmp c:\windows\system32\SET44.tmp c:\windows\system32\SET45.tmp c:\windows\system32\SET46.tmp c:\windows\system32\SET47.tmp c:\windows\system32\SET48.tmp c:\windows\system32\SET49.tmp c:\windows\system32\SET4A.tmp c:\windows\system32\SET4B.tmp c:\windows\system32\SET4C.tmp c:\windows\system32\SET4D.tmp c:\windows\system32\SET4E.tmp c:\windows\system32\SET4F.tmp c:\windows\system32\SET50.tmp c:\windows\system32\SET51.tmp c:\windows\system32\SET52.tmp c:\windows\system32\SET53.tmp c:\windows\system32\SET54.tmp c:\windows\system32\SET55.tmp c:\windows\system32\SET56.tmp c:\windows\system32\SET57.tmp c:\windows\system32\SET58.tmp c:\windows\system32\SET59.tmp c:\windows\system32\SET5A.tmp c:\windows\system32\SET5B.tmp c:\windows\system32\SET5C.tmp c:\windows\system32\SET5D.tmp c:\windows\system32\SET5E.tmp c:\windows\system32\SET5F.tmp c:\windows\system32\SET60.tmp c:\windows\system32\SET61.tmp c:\windows\system32\SET62.tmp c:\windows\system32\SET63.tmp c:\windows\system32\SET64.tmp c:\windows\system32\SET65.tmp c:\windows\system32\SET66.tmp c:\windows\system32\SET67.tmp c:\windows\system32\SET68.tmp c:\windows\system32\SET69.tmp c:\windows\system32\SET6A.tmp c:\windows\system32\SET6B.tmp c:\windows\system32\SET6C.tmp c:\windows\system32\SET6D.tmp c:\windows\system32\SET6E.tmp c:\windows\system32\SET6F.tmp c:\windows\system32\SET70.tmp c:\windows\system32\SET71.tmp c:\windows\system32\SET72.tmp c:\windows\system32\SET73.tmp c:\windows\system32\SET74.tmp c:\windows\system32\SET75.tmp c:\windows\system32\SET76.tmp c:\windows\system32\SET77.tmp c:\windows\system32\SET78.tmp c:\windows\system32\SET79.tmp c:\windows\system32\SET7A.tmp c:\windows\system32\SET7B.tmp c:\windows\system32\SET7C.tmp c:\windows\system32\SET7D.tmp c:\windows\system32\SET7E.tmp c:\windows\system32\SET7F.tmp c:\windows\system32\SET80.tmp c:\windows\system32\SET81.tmp c:\windows\system32\SET82.tmp c:\windows\system32\SET83.tmp c:\windows\system32\SET84.tmp c:\windows\system32\SET85.tmp c:\windows\system32\SET86.tmp c:\windows\system32\SET87.tmp c:\windows\system32\SET88.tmp c:\windows\system32\SET89.tmp c:\windows\system32\SET8A.tmp c:\windows\system32\SET8B.tmp c:\windows\system32\SET8C.tmp c:\windows\system32\SET8D.tmp c:\windows\system32\SET8E.tmp c:\windows\system32\SET8F.tmp c:\windows\system32\SET90.tmp c:\windows\system32\SET91.tmp c:\windows\system32\SET92.tmp c:\windows\system32\SET93.tmp c:\windows\system32\SET94.tmp c:\windows\system32\SET95.tmp c:\windows\system32\SET96.tmp c:\windows\system32\SET97.tmp c:\windows\system32\SET98.tmp c:\windows\system32\SET99.tmp c:\windows\system32\SET9A.tmp c:\windows\system32\SET9B.tmp c:\windows\system32\SET9C.tmp c:\windows\system32\SET9D.tmp c:\windows\system32\SET9E.tmp c:\windows\system32\SET9F.tmp c:\windows\system32\SETA0.tmp c:\windows\system32\SETA1.tmp c:\windows\system32\SETA2.tmp c:\windows\system32\SETA3.tmp c:\windows\system32\SETA4.tmp c:\windows\system32\SETA5.tmp c:\windows\system32\SETA6.tmp c:\windows\system32\SETA7.tmp c:\windows\system32\SETA8.tmp c:\windows\system32\SETAA.tmp c:\windows\system32\SETAB.tmp c:\windows\system32\SETAD.tmp c:\windows\system32\SETAE.tmp c:\windows\system32\SETAF.tmp c:\windows\system32\SETB0.tmp c:\windows\system32\SETB1.tmp c:\windows\system32\SETB2.tmp c:\windows\system32\SETB3.tmp c:\windows\system32\SETB6.tmp c:\windows\system32\SETB7.tmp c:\windows\system32\SETB9.tmp c:\windows\system32\SETBA.tmp c:\windows\system32\SETBB.tmp c:\windows\system32\SETBC.tmp c:\windows\system32\SETBD.tmp c:\windows\system32\SETBE.tmp c:\windows\system32\SETBF.tmp c:\windows\system32\SETC2.tmp c:\windows\system32\SETC3.tmp c:\windows\system32\SETC5.tmp c:\windows\system32\SETC6.tmp c:\windows\system32\SETC8.tmp c:\windows\system32\SETC9.tmp c:\windows\system32\SETCE.tmp c:\windows\system32\SETD3.tmp c:\windows\system32\SETD5.tmp c:\windows\system32\SETD6.tmp c:\windows\system32\SETDC.tmp c:\windows\system32\SETDD.tmp c:\windows\system32\SETDE.tmp c:\windows\system32\SETE1.tmp c:\windows\system32\SETE3.tmp c:\windows\system32\SETE5.tmp c:\windows\system32\SETE9.tmp c:\windows\system32\SETEA.tmp c:\windows\system32\SETEC.tmp c:\windows\system32\SETED.tmp c:\windows\system32\SETF1.tmp c:\windows\system32\SETF2.tmp c:\windows\system32\SETF4.tmp c:\windows\system32\SETF5.tmp c:\windows\system32\SETF6.tmp c:\windows\system32\SETF7.tmp c:\windows\system32\SETF9.tmp c:\windows\system32\SETFA.tmp c:\windows\system32\SETFB.tmp c:\windows\system32\SETFC.tmp c:\windows\system32\SETFD.tmp c:\windows\system32\SETFE.tmp c:\windows\wininit.ini . . ((((((((((((((((((((((((( Files Created from 2013-10-08 to 2013-11-08 ))))))))))))))))))))))))))))))) . . 2013-11-08 17:27 . 2013-11-08 17:27 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth 2013-11-05 23:31 . 2013-10-14 06:39 7796464 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F04EBF08-20F9-4602-AE02-0EABD432AC0D}\mpengine.dll 2013-11-05 19:53 . 2013-11-05 23:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable) 2013-11-04 23:03 . 2013-11-05 19:52 105176 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2013-11-04 23:02 . 2013-11-05 19:51 47064 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2013-10-11 10:31 . 2013-10-11 10:31 -------- d-----w- c:\documents and settings\EMK\Application Data\Windows Desktop Search . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-11-04 19:05 . 2012-04-12 20:16 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-11-04 19:05 . 2011-07-12 20:51 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-09-23 18:33 . 2004-08-04 05:00 920064 ----a-w- c:\windows\system32\wininet.dll 2013-09-23 18:33 . 2004-08-04 05:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2013-09-23 18:33 . 2004-08-04 05:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2013-09-23 18:33 . 2004-08-04 05:00 18944 ----a-w- c:\windows\system32\corpol.dll 2013-09-23 18:06 . 2004-08-04 05:00 385024 ----a-w- c:\windows\system32\html.iec 2013-09-05 05:02 . 2013-09-29 19:39 7328304 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-08-29 01:31 . 2004-08-04 05:00 1878656 ----a-w- c:\windows\system32\win32k.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928] "IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939] "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2006-06-29 110592] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-28 198160] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-08-12 995176] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe /startup [2008-5-26 123904] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LUMIX Simple Viewer.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\LUMIX Simple Viewer.lnk backup=c:\windows\pss\LUMIX Simple Viewer.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher] 2004-10-12 16:54 57344 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-12-13 17:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService] 2004-04-11 20:15 290816 -c----w- c:\program files\Dell\Media Experience\PCMService.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-11-29 17:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray] 2009-09-28 18:44 222728 ----a-w- c:\program files\Real\RealPlayer\realplay.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . R1 MpKslbb08b574;MpKslbb08b574;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{050977AE-EF92-4890-A703-ED579F5AF2BB}\MpKslbb08b574.sys [x] R2 gupdate1c9ed306e0f9d60;Google Update Service (gupdate1c9ed306e0f9d60);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-14 133104] R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-06-21 162408] R3 ADMXGHMD;ADMXGHMD;c:\docume~1\Euan\LOCALS~1\Temp\ADMXGHMD.exe [x] R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-11-02 36608] R3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [2011-06-13 267568] R3 RapportIaso;RapportIaso;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso.sys [2013-04-02 55448] R3 v800bus;Sony Ericsson V800-Vodafone 802SE driver (WDM);c:\windows\system32\DRIVERS\v800bus.sys [2004-08-09 52416] R3 v800mdfl;Sony Ericsson V800-Vodafone 802SE USB WMC Modem Filter;c:\windows\system32\DRIVERS\v800mdfl.sys [2004-08-09 6160] R3 v800mdm;Sony Ericsson V800-Vodafone 802SE USB WMC Modem Driver;c:\windows\system32\DRIVERS\v800mdm.sys [2004-08-09 84544] R3 v800mgmt;Sony Ericsson V800-Vodafone 802SE USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\v800mgmt.sys [2004-08-09 77760] R3 v800obex;Sony Ericsson V800-Vodafone 802SE USB WMC OBEX Interface;c:\windows\system32\DRIVERS\v800obex.sys [2004-08-09 75584] . . Contents of the 'Scheduled Tasks' folder . 2013-11-08 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 19:05] . 2013-09-23 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-07-25 12:34] . 2013-11-08 c:\windows\Tasks\ConfigExec.job - c:\program files\Microsoft Fix it Center\MatsApi.dll [2011-06-13 21:09] . 2013-11-05 c:\windows\Tasks\DataUpload.job - c:\program files\Microsoft Fix it Center\MatsApi.dll [2011-06-13 21:09] . 2013-11-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-14 20:40] . 2013-11-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-14 20:40] . 2005-03-10 c:\windows\Tasks\ISP signup reminder 1.job - c:\windows\system32\OOBE\OOBEBALN.EXE [2004-08-04 00:12] . . ------- Supplementary Scan ------- . uStart Page = https://login.yahoo.com/config/login_verify2?&.src=ym uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 . - - - - ORPHANS REMOVED - - - - . HKLM-Run-NPSStartup - (no file) SafeBoot-57656704.sys SafeBoot-Wdf01000.sys MSConfigStartUp-CTFMON - (no file) MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_05\bin\jusched.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-11-08 20:32 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . Completion time: 2013-11-08 20:39:01 ComboFix-quarantined-files.txt 2013-11-08 20:38 . Pre-Run: 23,062,097,920 bytes free Post-Run: 23,717,298,176 bytes free . - - End Of File - - DBD524756500A7441787108162230967 B16A2359F4962B0C622D81A1C1F4B703 Thanks!
  5. captain5678
    Hi MrC, I must have misunderstood post number 2 where it says "...make sure the following items are functional, Internet Explorer, Windows update, Windows firewall". I have therefore updated Windows Defender and some other Windows updates. Should I still continue with Combofix? With thanks.
  6. captain5678
    Hi MrC, The first scan by MBAR found one malware item. After Cleanup and reboot, a further scan came back clean. I have attached two pairs of log files here (one created after each running of MBAR). Each scan took the best part of three hours to complete - is that normal? I have updated my Antivirus (Microsoft Security Essentials/Windows Defender) and am about to perform Windows update. Are there any other checks you would like me to do, or any other scans/procedures you think I should perform? Thanks! mbar-log-2013-11-04 (23-03-54).txt system-log.txt mbar-log-2013-11-05 (19-53-26).txt system-log.txt
  7. captain5678
    It has been running for over 2h30 now, but it is definitely doing something as it has found 1 malware so far. I have to sleep now, so I'll check it has finished in the morning before I go to work.
  8. captain5678
    It's running now. One hour gone so far...I guess it will take quite a while, although there is no 'progress' bar to tell me how far on it is. I may just have to leave it to run overnight, as it's nearly bedtime here in Europe!
  9. captain5678
    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 27-09-2013 01 Ran by Euan at 2013-11-04 22:56:37 Run:1 Running from C:\Documents and Settings\Euan\Desktop\farbar Boot Mode: Normal ============================================== Content of fixlist: ***************** HKLM\...\Run: [MSC] - "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey HKCU\...\Run: [Google Update*] - [x] U2 *etadpug; "C:\Program Files\Google\Desktop\Install\{3dc32db7-d17b-333f-d167-0e5d453a1c2e}\ \ \???\{3dc32db7-d17b-333f-d167-0e5d453a1c2e}\GoogleUpdate.exe" S1 fbvldaqz; \??\C:\WINDOWS\system32\drivers\fbvldaqz.sys [x] C:\Documents and Settings\Euan\Local Settings\Application Data\Google\Desktop\Install C:\WINDOWS\system32\drivers\fbvldaqz.sys C:\Program Files\Google\Desktop\Install C:\Documents and Settings\Euan\settings.dat ***************** HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MSC => Value was restored successfully. HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update* => Value deleted successfully. *etadpug => Service deleted successfully. fbvldaqz => Service deleted successfully. C:\Documents and Settings\Euan\Local Settings\Application Data\Google\Desktop\Install => Moved successfully. "C:\WINDOWS\system32\drivers\fbvldaqz.sys " => File/Directory not found. C:\Program Files\Google\Desktop\Install => Moved successfully. C:\Documents and Settings\Euan\settings.dat => Moved successfully. ==== End of Fixlog ====
  10. captain5678
    Hi MrC, Further to the PM you sent me earlier today, please find rerun of FRST... Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-09-2013 01 (ATTENTION: ====> FRST version is 38 days old and could be outdated) Ran by Euan (administrator) on EILEEN on 04-11-2013 18:18:50 Running from C:\Documents and Settings\Euan\Desktop\farbar Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe (Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe (Intel Corporation) C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (Sonic Solutions) C:\WINDOWS\system32\dla\tfswctrl.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (RealNetworks, Inc.) C:\Program Files\Common Files\Real\Update_OB\realsched.exe (Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [soundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe [1404928 2004-10-14] (Analog Devices, Inc.) HKLM\...\Run: [intelMeM] - C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe [221184 2003-09-03] (Intel Corporation) HKLM\...\Run: [dla] - C:\WINDOWS\system32\dla\tfswctrl.exe [122939 2004-08-13] (Sonic Solutions) HKLM\...\Run: [updateManager] - C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [110592 2006-06-29] (Sonic Solutions) HKLM\...\Run: [NPSStartup] - [x] HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421160 2010-12-13] (Apple Inc.) HKLM\...\Run: [TkBellExe] - C:\Program Files\Common Files\Real\Update_OB\realsched.exe [198160 2009-09-28] (RealNetworks, Inc.) HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [421888 2010-11-29] (Apple Inc.) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-02] (Research In Motion Limited) HKLM\...\Run: [MSC] - "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey <===== ATTENTION (File name is altered) HKLM\...\Run: [igfxhkcmd] - C:\WINDOWS\system32\hkcmd.exe [ ] () HKLM\...\Run: [igfxpers] - C:\WINDOWS\system32\igfxpers.exe [114688 2005-09-20] (Intel Corporation) HKLM\...\Policies\Explorer: [NoCDBurning] 0 HKCU\...\Run: [skype] - C:\Program Files\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.) HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path) MountPoints2: {53189a35-4646-11e2-8b26-001111dfcd46} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL drivers\setup.exe HKU\EMK\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [ 2008-04-14] (Microsoft Corporation) HKU\EMK\...\Run: [MSKAGENTEXE] - C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe HKU\SJK\...\Run: [MSKAGENTEXE] - C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe HKU\SJK\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [ 2010-11-29] (Apple Inc.) HKU\SJK\...\Run: [spybotSD TeaTimer] - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/login_verify2?&.src=ym SearchScopes: HKCU - DefaultScope {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://uk.search.yahoo.com/search?fr=mcafee&p={searchTerms} SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://uk.search.yahoo.com/search?fr=mcafee&p={searchTerms} BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll No File BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions) BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll No File BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) Toolbar: HKCU -&Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} http://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll No File Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~3\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll No File Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~3\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll No File [ ] ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation) Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll" Winsock: Catalog5 03 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll" Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.) Winsock: Catalog9 01 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 02 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 03 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 04 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 05 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 06 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 07 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 08 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 09 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 10 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 11 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 12 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 13 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 14 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 15 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 16 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 17 mswsock.dll File Not found (Microsoft Corporation) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt ========================== Services (Whitelisted) ================= S2 gupdate1c9ed306e0f9d60; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-06-14] (Google Inc.) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-06-20] (Microsoft Corporation) S3 NetSvc; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [143360 2003-12-17] (Intel® Corporation) S3 ADMXGHMD; C:\DOCUME~1\Euan\LOCALS~1\Temp\ADMXGHMD.exe [x] R2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" S3 Microsoft Office Groove Audit Service; "C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe" [x] S3 odserv; "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE" [x] S2 vsmon; C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe -service [x] U2 *etadpug; "C:\Program Files\Google\Desktop\Install\{3dc32db7-d17b-333f-d167-0e5d453a1c2e}\ \ \???\{3dc32db7-d17b-333f-d167-0e5d453a1c2e}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess) ==================== Drivers (Whitelisted) ==================== R2 drvnddm; C:\Windows\System32\drivers\drvnddm.sys [40544 2004-08-13] (Sonic Solutions) S3 FsUsbExDisk; C:\WINDOWS\system32\FsUsbExDisk.SYS [36608 2009-11-02] () R3 ialm; C:\Windows\System32\DRIVERS\ialmnt5.sys [1302332 2005-09-20] (Intel Corporation) R3 IntelC51; C:\Windows\System32\DRIVERS\IntelC51.sys [1233525 2004-03-05] (Intel Corporation) R3 IntelC52; C:\Windows\System32\DRIVERS\IntelC52.sys [647929 2004-03-05] (Intel Corporation) R3 IntelC53; C:\Windows\System32\DRIVERS\IntelC53.sys [61157 2004-06-15] (Intel Corporation) R3 mohfilt; C:\Windows\System32\DRIVERS\mohfilt.sys [37048 2004-03-05] (Intel Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [211560 2013-06-18] (Microsoft Corporation) R3 pfc; C:\Windows\System32\drivers\pfc.sys [21248 2003-09-20] (Padus, Inc.) S3 RapportIaso; c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso.sys [55448 2013-04-02] (Trusteer Ltd.) R3 senfilt; C:\Windows\System32\drivers\senfilt.sys [732928 2004-09-17] (Creative Technology Ltd.) S3 SONYPVU1; C:\Windows\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation) R1 sscdbhk5; C:\Windows\System32\drivers\sscdbhk5.sys [5627 2004-07-14] (Sonic Solutions) R1 ssrtln; C:\Windows\System32\drivers\ssrtln.sys [23545 2004-07-14] (Sonic Solutions) R2 tfsnboio; C:\Windows\System32\dla\tfsnboio.sys [25723 2004-08-13] (Sonic Solutions) R2 tfsncofs; C:\Windows\System32\dla\tfsncofs.sys [34843 2004-08-13] (Sonic Solutions) R2 tfsndrct; C:\Windows\System32\dla\tfsndrct.sys [4123 2004-08-13] (Sonic Solutions) R2 tfsndres; C:\Windows\System32\dla\tfsndres.sys [2239 2004-08-13] (Sonic Solutions) R2 tfsnifs; C:\Windows\System32\dla\tfsnifs.sys [86202 2004-08-13] (Sonic Solutions) R2 tfsnopio; C:\Windows\System32\dla\tfsnopio.sys [14715 2004-08-13] (Sonic Solutions) R2 tfsnpool; C:\Windows\System32\dla\tfsnpool.sys [6363 2004-08-13] (Sonic Solutions) R2 tfsnudf; C:\Windows\System32\dla\tfsnudf.sys [98714 2004-08-13] (Sonic Solutions) R2 tfsnudfa; C:\Windows\System32\dla\tfsnudfa.sys [100603 2004-08-13] (Sonic Solutions) S3 v800bus; C:\Windows\System32\DRIVERS\v800bus.sys [52416 2004-08-09] (MCCI) S3 v800mdfl; C:\Windows\System32\DRIVERS\v800mdfl.sys [6160 2004-08-09] (MCCI) S3 v800mdm; C:\Windows\System32\DRIVERS\v800mdm.sys [84544 2004-08-09] (MCCI) S3 v800mgmt; C:\Windows\System32\DRIVERS\v800mgmt.sys [77760 2004-08-09] (MCCI) S3 v800obex; C:\Windows\System32\DRIVERS\v800obex.sys [75584 2004-08-09] (MCCI) R1 vsdatant; C:\Windows\System32\vsdatant.sys [394952 2007-11-14] (Zone Labs, LLC) S3 bvrp_pci; No ImagePath S1 fbvldaqz; \??\C:\WINDOWS\system32\drivers\fbvldaqz.sys [x] S1 MpKslbb08b574; \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{050977AE-EF92-4890-A703-ED579F5AF2BB}\MpKslbb08b574.sys [x] U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) S0 srescan; system32\ZoneLabs\srescan.sys [x] S3 wanatw; system32\DRIVERS\wanatw4.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-11 10:31 - 2013-10-11 10:31 - 00000000 ____D C:\Documents and Settings\EMK\Application Data\Windows Desktop Search ==================== One Month Modified Files and Folders ======= 2013-11-04 18:18 - 2013-09-29 23:17 - 00000000 ____D C:\Documents and Settings\Euan\Desktop\farbar 2013-11-04 18:12 - 2009-07-01 10:13 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2013-11-04 18:04 - 2013-05-31 09:32 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2013-11-04 17:27 - 2005-02-18 17:50 - 01993417 _____ C:\WINDOWS\WindowsUpdate.log 2013-11-04 16:59 - 2005-02-18 17:47 - 00002206 _____ C:\WINDOWS\system32\WPA.DBL 2013-11-04 16:58 - 2012-05-06 22:26 - 00000616 ____H C:\WINDOWS\Tasks\ConfigExec.job 2013-11-04 16:58 - 2005-02-18 17:51 - 00001529 _____ C:\SMax.log 2013-11-04 16:57 - 2009-07-01 10:13 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2013-11-04 16:57 - 2005-02-18 17:49 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2013-11-04 15:13 - 2005-02-18 17:49 - 00032558 _____ C:\WINDOWS\SchedLgU.Txt 2013-11-04 15:10 - 2005-03-12 22:09 - 00000278 ___SH C:\Documents and Settings\Euan\NTUSER.INI 2013-11-04 15:10 - 2005-03-12 22:09 - 00000000 ____D C:\Documents and Settings\Euan 2013-10-29 23:26 - 2012-05-06 22:26 - 00000580 ____H C:\WINDOWS\Tasks\DataUpload.job 2013-10-29 22:25 - 2005-02-18 17:49 - 00546586 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2013-10-12 23:53 - 2010-06-10 12:44 - 00000215 _____ C:\WINDOWS\wiadebug.log 2013-10-12 23:53 - 2010-06-10 12:44 - 00000050 _____ C:\WINDOWS\wiaservc.log 2013-10-12 23:51 - 2013-04-13 17:28 - 00000000 ____D C:\Documents and Settings\Euan\Desktop\Files 2013-10-12 21:46 - 2005-03-12 23:50 - 00006144 _____ C:\Documents and Settings\Euan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-10-12 21:31 - 2005-03-18 01:15 - 00000000 ____D C:\Documents and Settings\Euan\My Documents\My Received Files 2013-10-12 21:17 - 2008-01-08 18:13 - 00000000 ____D C:\Documents and Settings\Euan\Shared 2013-10-11 12:49 - 2005-03-26 14:42 - 00000178 ___SH C:\Documents and Settings\SJK\NTUSER.INI 2013-10-11 12:49 - 2005-03-26 14:41 - 00000000 ____D C:\Documents and Settings\SJK 2013-10-11 12:44 - 2008-02-22 15:29 - 00000000 ____D C:\Documents and Settings\SJK\Application Data\Adobe 2013-10-11 12:41 - 2005-03-10 23:04 - 00000278 ___SH C:\Documents and Settings\EMK\NTUSER.INI 2013-10-11 12:27 - 2008-08-20 19:46 - 00107736 _____ C:\Documents and Settings\EMK\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2013-10-11 12:11 - 2005-06-11 09:00 - 00010240 _____ C:\Documents and Settings\EMK\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-10-11 10:31 - 2013-10-11 10:31 - 00000000 ____D C:\Documents and Settings\EMK\Application Data\Windows Desktop Search Files to move or delete: ==================== ZeroAccess: C:\Documents and Settings\Euan\Local Settings\Application Data\Google\Desktop\Install ZeroAccess: C:\Program Files\Google\Desktop\Install C:\Documents and Settings\Euan\settings.dat Some content of TEMP: ==================== C:\Documents and Settings\Euan\Local Settings\Temp\SkypeSetup.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================ I have also included a new addition.txt as an attachment. Thanks!
  11. captain5678
    Hello Ron, Thanks for checking in with me. I am still in the process of transferring/backing up files. Can I ask, if I decide to reinstall the os, do I have to completely wipe the drive first then reinstall with the discs, or can I perform a Dell factory reset? Also, if I transfer my files back on to the pc after reinstalling, is there any way I can be sure that there are no infected files amongst them? Thanks!
  12. captain5678
    Hi MrC, I am away from home at the moment so cannot work on the pc until next week. Do you need to close this thread or can you keep it open?
  13. captain5678
    Hi MrC, Thanks for your continued support. I apologise for not replying to your last post. Having read the info relating to the rootkit/backdoor, I will probably reformat and reinstall, although I need to check I have been given the discs. If I don't have the discs, I will try to clean as well as I can. Either way, I'll let you know (and probably ask for help!).
  14. captain5678
    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-09-2013 01 Ran by hk (administrator) on abc on 30-09-2013 00:21:17 Running from C:\Documents and Settings\hk\Desktop\farbar Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe (Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe (Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe (Intel Corporation) C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (Sonic Solutions) C:\WINDOWS\system32\dla\tfswctrl.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (RealNetworks, Inc.) C:\Program Files\Common Files\Real\Update_OB\realsched.exe (Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [soundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe [1404928 2004-10-14] (Analog Devices, Inc.) HKLM\...\Run: [intelMeM] - C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe [221184 2003-09-03] (Intel Corporation) HKLM\...\Run: [dla] - C:\WINDOWS\system32\dla\tfswctrl.exe [122939 2004-08-13] (Sonic Solutions) HKLM\...\Run: [updateManager] - C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [110592 2006-06-30] (Sonic Solutions) HKLM\...\Run: [NPSStartup] - [x] HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421160 2010-12-13] (Apple Inc.) HKLM\...\Run: [TkBellExe] - C:\Program Files\Common Files\Real\Update_OB\realsched.exe [198160 2009-09-28] (RealNetworks, Inc.) HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [421888 2010-11-29] (Apple Inc.) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-02] (Research In Motion Limited) HKLM\...\Run: [MSC] - "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey <===== ATTENTION (File name is altered) HKLM\...\Run: [igfxhkcmd] - C:\WINDOWS\system32\hkcmd.exe [ ] () HKLM\...\Run: [igfxpers] - C:\WINDOWS\system32\igfxpers.exe [114688 2005-09-20] (Intel Corporation) HKLM\...\Policies\Explorer: [NoCDBurning] 0 HKCU\...\Run: [skype] - C:\Program Files\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.) HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path) MountPoints2: {53189a35-4646-11e2-8b26-001111dfcd46} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL drivers\setup.exe HKU\EMK\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [ 2008-04-14] (Microsoft Corporation) HKU\EMK\...\Run: [MSKAGENTEXE] - C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe HKU\SJK\...\Run: [MSKAGENTEXE] - C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe HKU\SJK\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [ 2010-11-29] (Apple Inc.) HKU\SJK\...\Run: [spybotSD TeaTimer] - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/login_verify2?&.src=ym SearchScopes: HKCU - DefaultScope {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://uk.search.yahoo.com/search?fr=mcafee&p={searchTerms} SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://uk.search.yahoo.com/search?fr=mcafee&p={searchTerms} BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll No File BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions) BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll No File BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) Toolbar: HKCU -&Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} http://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll No File Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~3\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll No File Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~3\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll No File [ ] ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation) Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll" Winsock: Catalog5 03 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll" Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.) Winsock: Catalog9 01 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 02 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 03 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 04 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 05 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 06 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 07 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 08 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 09 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 10 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 11 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 12 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 13 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 14 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 15 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 16 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 17 mswsock.dll File Not found (Microsoft Corporation) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 ========================== Services (Whitelisted) ================= S2 gupdate1c9ed306e0f9d60; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-06-14] (Google Inc.) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-06-20] (Microsoft Corporation) S3 NetSvc; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [143360 2003-12-17] (Intel® Corporation) S3 ADMXGHMD; C:\DOCUME~1\hk\LOCALS~1\Temp\ADMXGHMD.exe [x] R2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" S3 Microsoft Office Groove Audit Service; "C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe" [x] S3 odserv; "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE" [x] S2 vsmon; C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe -service [x] U2 *etadpug; "C:\Program Files\Google\Desktop\Install\{3dc32db7-d17b-333f-d167-0e5d453a1c2e}\ \ \???\{3dc32db7-d17b-333f-d167-0e5d453a1c2e}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess) ==================== Drivers (Whitelisted) ==================== R2 drvnddm; C:\Windows\System32\drivers\drvnddm.sys [40544 2004-08-13] (Sonic Solutions) S3 FsUsbExDisk; C:\WINDOWS\system32\FsUsbExDisk.SYS [36608 2009-11-02] () R3 ialm; C:\Windows\System32\DRIVERS\ialmnt5.sys [1302332 2005-09-20] (Intel Corporation) R3 IntelC51; C:\Windows\System32\DRIVERS\IntelC51.sys [1233525 2004-03-05] (Intel Corporation) R3 IntelC52; C:\Windows\System32\DRIVERS\IntelC52.sys [647929 2004-03-05] (Intel Corporation) R3 IntelC53; C:\Windows\System32\DRIVERS\IntelC53.sys [61157 2004-06-15] (Intel Corporation) R3 mohfilt; C:\Windows\System32\DRIVERS\mohfilt.sys [37048 2004-03-05] (Intel Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [211560 2013-06-18] (Microsoft Corporation) R3 pfc; C:\Windows\System32\drivers\pfc.sys [21248 2003-09-20] (Padus, Inc.) S3 RapportIaso; c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso.sys [55448 2013-04-03] (Trusteer Ltd.) R3 senfilt; C:\Windows\System32\drivers\senfilt.sys [732928 2004-09-17] (Creative Technology Ltd.) S3 SONYPVU1; C:\Windows\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation) R1 sscdbhk5; C:\Windows\System32\drivers\sscdbhk5.sys [5627 2004-07-14] (Sonic Solutions) R1 ssrtln; C:\Windows\System32\drivers\ssrtln.sys [23545 2004-07-14] (Sonic Solutions) R2 tfsnboio; C:\Windows\System32\dla\tfsnboio.sys [25723 2004-08-13] (Sonic Solutions) R2 tfsncofs; C:\Windows\System32\dla\tfsncofs.sys [34843 2004-08-13] (Sonic Solutions) R2 tfsndrct; C:\Windows\System32\dla\tfsndrct.sys [4123 2004-08-13] (Sonic Solutions) R2 tfsndres; C:\Windows\System32\dla\tfsndres.sys [2239 2004-08-13] (Sonic Solutions) R2 tfsnifs; C:\Windows\System32\dla\tfsnifs.sys [86202 2004-08-13] (Sonic Solutions) R2 tfsnopio; C:\Windows\System32\dla\tfsnopio.sys [14715 2004-08-13] (Sonic Solutions) R2 tfsnpool; C:\Windows\System32\dla\tfsnpool.sys [6363 2004-08-13] (Sonic Solutions) R2 tfsnudf; C:\Windows\System32\dla\tfsnudf.sys [98714 2004-08-13] (Sonic Solutions) R2 tfsnudfa; C:\Windows\System32\dla\tfsnudfa.sys [100603 2004-08-13] (Sonic Solutions) S3 v800bus; C:\Windows\System32\DRIVERS\v800bus.sys [52416 2004-08-09] (MCCI) S3 v800mdfl; C:\Windows\System32\DRIVERS\v800mdfl.sys [6160 2004-08-09] (MCCI) S3 v800mdm; C:\Windows\System32\DRIVERS\v800mdm.sys [84544 2004-08-09] (MCCI) S3 v800mgmt; C:\Windows\System32\DRIVERS\v800mgmt.sys [77760 2004-08-09] (MCCI) S3 v800obex; C:\Windows\System32\DRIVERS\v800obex.sys [75584 2004-08-09] (MCCI) R1 vsdatant; C:\Windows\System32\vsdatant.sys [394952 2007-11-14] (Zone Labs, LLC) S3 bvrp_pci; No ImagePath S1 fbvldaqz; \??\C:\WINDOWS\system32\drivers\fbvldaqz.sys [x] U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) S0 srescan; system32\ZoneLabs\srescan.sys [x] S3 wanatw; system32\DRIVERS\wanatw4.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-09-30 00:20 - 2013-09-30 00:20 - 00000000 ____D C:\FRST 2013-09-30 00:17 - 2013-09-30 00:19 - 00000000 ____D C:\Documents and Settings\hk\Desktop\farbar 2013-09-29 23:42 - 2013-09-29 23:42 - 04119392 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\hk\Desktop\tdsskiller.exe 2013-09-29 20:13 - 2013-09-29 20:13 - 00090112 _____ C:\WINDOWS\Minidump\Mini092913-01.dmp 2013-09-28 02:04 - 2013-09-28 02:04 - 00090112 _____ C:\WINDOWS\Minidump\Mini092813-03.dmp 2013-09-28 02:01 - 2013-09-28 02:01 - 00090112 _____ C:\WINDOWS\Minidump\Mini092813-02.dmp 2013-09-28 01:52 - 2013-09-28 01:52 - 00090112 _____ C:\WINDOWS\Minidump\Mini092813-01.dmp 2013-09-27 23:42 - 2013-09-27 23:42 - 00090112 _____ C:\WINDOWS\Minidump\Mini092713-01.dmp 2013-09-27 23:41 - 2013-09-29 20:12 - 00000000 _____ C:\WINDOWS\system32\TrueSight.sys 2013-09-27 23:40 - 2013-09-29 20:11 - 00000000 ____D C:\Documents and Settings\hk\Desktop\RK_Quarantine 2013-09-27 23:38 - 2013-09-27 23:39 - 00922112 _____ C:\Documents and Settings\hk\Desktop\RogueKiller.exe 2013-09-27 18:52 - 2013-09-27 19:03 - 00009584 _____ C:\Documents and Settings\hk\Desktop\dds.txt 2013-09-27 18:52 - 2013-09-27 18:52 - 00021461 _____ C:\Documents and Settings\hk\Desktop\attach.txt 2013-09-27 18:47 - 2013-09-27 18:48 - 00688992 ____R (Swearware) C:\Documents and Settings\hk\Desktop\dds.scr 2013-09-20 19:50 - 2013-09-20 19:51 - 00012858 _____ C:\WINDOWS\KB2870699-IE8.log 2013-09-20 19:48 - 2013-09-20 19:48 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876315$ 2013-09-20 19:48 - 2013-09-20 19:48 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876217$ 2013-09-20 19:47 - 2013-09-20 19:47 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2864063$ 2013-09-20 19:35 - 2013-09-20 19:48 - 00010909 _____ C:\WINDOWS\KB2876315.log 2013-09-20 19:35 - 2013-09-20 19:48 - 00009925 _____ C:\WINDOWS\KB2864063.log 2013-09-20 19:35 - 2013-09-20 19:48 - 00009911 _____ C:\WINDOWS\KB2876217.log 2013-09-09 23:33 - 2013-09-09 23:33 - 00000042 _____ C:\Documents and Settings\hk\Desktop\flickr1.txt 2013-09-08 19:41 - 2013-09-08 19:41 - 00000052 _____ C:\Documents and Settings\hk\Desktop\Windows virus scan 080913.txt 2013-09-08 19:38 - 2013-09-08 19:41 - 00000000 ____D C:\WINDOWS\system32\MpEngineStore 2013-09-07 18:36 - 2013-09-07 18:51 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Real 2013-09-07 18:29 - 2013-09-07 18:35 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat 2013-09-07 18:20 - 2013-09-07 18:20 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Adobe ==================== One Month Modified Files and Folders ======= 2013-09-30 00:20 - 2013-09-30 00:20 - 00000000 ____D C:\FRST 2013-09-30 00:19 - 2013-09-30 00:17 - 00000000 ____D C:\Documents and Settings\hk\Desktop\farbar 2013-09-30 00:12 - 2009-07-01 11:13 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2013-09-30 00:04 - 2013-05-31 10:32 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2013-09-29 23:48 - 2005-02-18 18:51 - 00001531 _____ C:\SMax.log 2013-09-29 23:47 - 2012-05-06 23:26 - 00000616 ____H C:\WINDOWS\Tasks\ConfigExec.job 2013-09-29 23:47 - 2005-02-18 18:50 - 01710237 _____ C:\WINDOWS\WindowsUpdate.log 2013-09-29 23:46 - 2005-02-18 18:47 - 00002206 _____ C:\WINDOWS\system32\WPA.DBL 2013-09-29 23:45 - 2009-07-01 11:13 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2013-09-29 23:45 - 2005-02-18 18:49 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2013-09-29 23:44 - 2005-02-18 18:49 - 00032534 _____ C:\WINDOWS\SchedLgU.Txt 2013-09-29 23:43 - 2005-03-12 23:09 - 00000278 ___SH C:\Documents and Settings\hk\NTUSER.INI 2013-09-29 23:43 - 2005-03-12 23:09 - 00000000 ____D C:\Documents and Settings\hk 2013-09-29 23:42 - 2013-09-29 23:42 - 04119392 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\hk\Desktop\tdsskiller.exe 2013-09-29 20:14 - 2009-11-13 18:25 - 00000000 ____D C:\Documents and Settings\hk\Application Data\Skype 2013-09-29 20:13 - 2013-09-29 20:13 - 00090112 _____ C:\WINDOWS\Minidump\Mini092913-01.dmp 2013-09-29 20:13 - 2005-04-24 23:24 - 00000000 ____D C:\WINDOWS\Minidump 2013-09-29 20:12 - 2013-09-27 23:41 - 00000000 _____ C:\WINDOWS\system32\TrueSight.sys 2013-09-29 20:11 - 2013-09-27 23:40 - 00000000 ____D C:\Documents and Settings\hk\Desktop\RK_Quarantine 2013-09-28 02:04 - 2013-09-28 02:04 - 00090112 _____ C:\WINDOWS\Minidump\Mini092813-03.dmp 2013-09-28 02:01 - 2013-09-28 02:01 - 00090112 _____ C:\WINDOWS\Minidump\Mini092813-02.dmp 2013-09-28 01:52 - 2013-09-28 01:52 - 00090112 _____ C:\WINDOWS\Minidump\Mini092813-01.dmp 2013-09-28 01:49 - 2012-12-15 03:23 - 00000462 _____ C:\Documents and Settings\hk\Application Data\Rim.Transcoder.Exception.log 2013-09-28 01:49 - 2012-12-15 01:30 - 00000308 _____ C:\Documents and Settings\hk\Application Data\Rim.DesktopHelper.Exception.log 2013-09-28 01:49 - 2012-12-15 01:29 - 00000462 _____ C:\Documents and Settings\hk\Application Data\Rim.Desktop.Exception.log 2013-09-28 00:14 - 2013-04-13 18:28 - 00000000 ____D C:\Documents and Settings\hk\Desktop\Files 2013-09-27 23:46 - 2005-02-18 18:49 - 00546586 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2013-09-27 23:42 - 2013-09-27 23:42 - 00090112 _____ C:\WINDOWS\Minidump\Mini092713-01.dmp 2013-09-27 23:39 - 2013-09-27 23:38 - 00922112 _____ C:\Documents and Settings\hk\Desktop\RogueKiller.exe 2013-09-27 23:26 - 2012-05-06 23:26 - 00000580 ____H C:\WINDOWS\Tasks\DataUpload.job 2013-09-27 19:04 - 2012-04-12 21:16 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2013-09-27 19:04 - 2011-07-12 21:51 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2013-09-27 19:03 - 2013-09-27 18:52 - 00009584 _____ C:\Documents and Settings\hk\Desktop\dds.txt 2013-09-27 18:52 - 2013-09-27 18:52 - 00021461 _____ C:\Documents and Settings\hk\Desktop\attach.txt 2013-09-27 18:48 - 2013-09-27 18:47 - 00688992 ____R (Swearware) C:\Documents and Settings\hk\Desktop\dds.scr 2013-09-23 11:54 - 2008-10-28 23:15 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job 2013-09-23 01:25 - 2006-11-24 02:38 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB924270$ 2013-09-22 00:59 - 2012-05-04 19:08 - 00327680 _____ C:\WINDOWS\system32\config\WindowsPowerShell.evt 2013-09-22 00:14 - 2009-03-11 02:17 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB959772_WM11$ 2013-09-20 19:53 - 2004-08-10 14:08 - 00360136 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2013-09-20 19:51 - 2013-09-20 19:50 - 00012858 _____ C:\WINDOWS\KB2870699-IE8.log 2013-09-20 19:51 - 2010-06-10 13:05 - 01074402 _____ C:\WINDOWS\FaxSetup.log 2013-09-20 19:51 - 2010-06-10 13:05 - 00923198 _____ C:\WINDOWS\setupapi.log 2013-09-20 19:51 - 2010-06-10 13:05 - 00538766 _____ C:\WINDOWS\ocgen.log 2013-09-20 19:51 - 2010-06-10 13:05 - 00415179 _____ C:\WINDOWS\tsoc.log 2013-09-20 19:51 - 2010-06-10 13:05 - 00357741 _____ C:\WINDOWS\comsetup.log 2013-09-20 19:51 - 2010-06-10 13:05 - 00219539 _____ C:\WINDOWS\ntdtcsetup.log 2013-09-20 19:51 - 2010-06-10 13:05 - 00169560 _____ C:\WINDOWS\iis6.log 2013-09-20 19:51 - 2010-06-10 13:05 - 00060280 _____ C:\WINDOWS\ocmsn.log 2013-09-20 19:51 - 2010-06-10 13:05 - 00054428 _____ C:\WINDOWS\msgsocm.log 2013-09-20 19:51 - 2010-06-10 13:05 - 00001374 _____ C:\WINDOWS\imsins.log 2013-09-20 19:50 - 2010-08-11 17:54 - 00066023 _____ C:\WINDOWS\updspapi.log 2013-09-20 19:50 - 2010-03-08 22:59 - 00000000 ____D C:\WINDOWS\ie8updates 2013-09-20 19:48 - 2013-09-20 19:48 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876315$ 2013-09-20 19:48 - 2013-09-20 19:48 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876217$ 2013-09-20 19:48 - 2013-09-20 19:35 - 00010909 _____ C:\WINDOWS\KB2876315.log 2013-09-20 19:48 - 2013-09-20 19:35 - 00009925 _____ C:\WINDOWS\KB2864063.log 2013-09-20 19:48 - 2013-09-20 19:35 - 00009911 _____ C:\WINDOWS\KB2876217.log 2013-09-20 19:48 - 2010-06-10 13:05 - 00001374 _____ C:\WINDOWS\imsins.BAK 2013-09-20 19:47 - 2013-09-20 19:47 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2864063$ 2013-09-20 19:44 - 2004-08-10 14:04 - 00000603 _____ C:\WINDOWS\WIN.INI 2013-09-20 19:42 - 2013-08-28 01:42 - 00000000 ____D C:\WINDOWS\system32\MRT 2013-09-20 19:38 - 2005-05-11 12:42 - 76725432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2013-09-20 19:19 - 2012-03-31 17:17 - 00002347 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk 2013-09-20 19:18 - 2005-03-30 01:47 - 00000000 ____D C:\Program Files\Common Files\Adobe 2013-09-20 14:58 - 2006-10-15 03:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB924496$ 2013-09-18 21:45 - 2007-08-16 02:55 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB921503$ 2013-09-09 23:33 - 2013-09-09 23:33 - 00000042 _____ C:\Documents and Settings\hk\Desktop\flickr1.txt 2013-09-09 23:16 - 2005-02-18 18:40 - 00000000 ____D C:\WINDOWS\Resources 2013-09-08 22:49 - 2011-02-10 23:57 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2485376$ 2013-09-08 19:41 - 2013-09-08 19:41 - 00000052 _____ C:\Documents and Settings\hk\Desktop\Windows virus scan 080913.txt 2013-09-08 19:41 - 2013-09-08 19:38 - 00000000 ____D C:\WINDOWS\system32\MpEngineStore 2013-09-08 00:31 - 2011-03-09 22:08 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2479943$ 2013-09-07 19:17 - 2005-08-20 22:18 - 00000000 ____D C:\WINDOWS\Sun 2013-09-07 18:51 - 2013-09-07 18:36 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Real 2013-09-07 18:35 - 2013-09-07 18:29 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat 2013-09-07 18:20 - 2013-09-07 18:20 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Adobe 2013-09-07 18:14 - 2008-01-10 00:39 - 00000000 ____D C:\Documents and Settings\hk\Local Settings\Application Data\Google 2013-09-07 18:14 - 2008-01-10 00:38 - 00000000 ____D C:\Program Files\Google Files to move or delete: ==================== ZeroAccess: C:\Documents and Settings\hk\Local Settings\Application Data\Google\Desktop\Install ZeroAccess: C:\Program Files\Google\Desktop\Install C:\Documents and Settings\hk\settings.dat Some content of TEMP: ==================== C:\Documents and Settings\hk\Local Settings\Temp\SkypeSetup.exe C:\Documents and Settings\hk\Local Settings\Temp\{B750A925-EACD-4FFC-853A-6CCACEF7B872}.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================ I have changed the username and in the log files, just in case you were wondering. Thanks! Addition.txt
  15. captain5678
    Hi MrC, I ran TDSSKiller. There was one malware object found, but it did not give the option to cure, so I selected skip as suggested. I have attached the two log files. Thanks! Captain. TDSSKiller.3.0.0.10_29.09.2013_23.43.03_log.txt TDSSKiller.3.0.0.10_29.09.2013_23.47.33_log.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.