Jump to content

stevieb

Members
 View Profile  See their activity

  • Posts

    8

  • Joined

  • Last visited

 Content Type 

Everything posted by stevieb

  1. stevieb
    Looking good, no google redirect in place and seems to be running faster. Also found a tool to do uninstall cleanup on the F-Secure site!
  2. stevieb
    Running again GooredFix v1.92 by jpshortstuff Log created at 22:11 on 14/05/2009 running Option #2 (Pauline & Steve) Firefox version 3.0.4 (en-GB) (Subsequent Run) =====Goored Deletions===== =====Dumping Registry Values===== [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.4\extensions] "Plugins"="C:\Program Files\Mozilla Firefox\plugins" [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.4\extensions] "Components"="C:\Program Files\Mozilla Firefox\components" [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions] "{B7082FAA-CB62-4872-9106-E42DD88EDE45}"="C:\Program Files\McAfee\SiteAdvisor" [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions] "{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions] "jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff"
  3. stevieb
    Done, here is the log GooredFix v1.92 by jpshortstuff Log created at 21:57 on 14/05/2009 running Option #2 (Pauline & Steve) Firefox version 3.0.4 (en-GB) =====Goored Deletions===== C:\Program Files\Mozilla Firefox\extensions\{CD7248BA-3D38-4453-81F9-C70A5A847B4C} ->Backing up folder... Done. ->Emptying folder... Done. ->Deleting folder... Done. C:\Program Files\Mozilla Firefox\extensions\{982AC37D-6744-4622-9A0E-265FF7F3DC98} ->Backing up folder... Done. ->Emptying folder... Done. ->Deleting folder... Done. C:\Program Files\Mozilla Firefox\extensions\{6DF7560A-E6F1-4046-910A-6AE0274531C5} ->Backing up folder... Done. ->Emptying folder... Done. ->Deleting folder... Done. C:\Program Files\Mozilla Firefox\extensions\{3BDA2A1C-95B9-4387-8249-042C1B79E793} ->Backing up folder... Done. ->Emptying folder... Done. ->Deleting folder... Done. C:\Program Files\Mozilla Firefox\extensions\{1B5520F5-DA12-477A-814C-0C0FD41620F7} ->Backing up folder... Done. ->Emptying folder... Done. ->Deleting folder... Done.
  4. stevieb
    Here is the Combofix log this time ComboFix 09-05-13.02 - Pauline & Steve 14/05/2009 21:24.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.392 [GMT 10:00] Running from: c:\documents and settings\Pauline & Steve\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Pauline & Steve\Desktop\CFScript.txt AV: F-Secure Anti-Virus 8.10 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15} AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} FW: Optus Internet Security Suite 2008 7.00 *enabled* {D4747503-0346-49EB-9262-997542F79BF4} FILE :: C:\flow.exe C:\tpkupw.bat c:\windows\system32\hazluottjrfk.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\flow.exe C:\tpkupw.bat c:\windows\system32\hazluottjrfk.exe . ((((((((((((((((((((((((( Files Created from 2009-04-14 to 2009-05-14 ))))))))))))))))))))))))))))))) . 2009-05-14 11:19 . 2009-05-14 11:19 -------- d-----w c:\windows\LastGood 2009-05-13 21:46 . 2009-05-13 21:46 -------- d-----w c:\program files\Windows Live SkyDrive 2009-05-12 21:40 . 2009-05-12 21:40 -------- d-----w c:\program files\Trend Micro 2009-05-11 09:12 . 2004-08-03 21:00 35328 ----a-w c:\windows\system32\dllcache\notiflag.exe 2009-05-11 09:12 . 2004-08-03 21:00 99840 ----a-w c:\windows\system32\dllcache\helphost.exe 2009-05-11 09:12 . 2004-08-03 21:00 21504 ----a-w c:\windows\system32\dllcache\brpinfo.dll 2009-05-10 10:47 . 2009-05-10 10:47 -------- d-----w c:\documents and settings\Pauline & Steve\Application Data\URSoft 2009-05-10 10:46 . 2009-05-10 11:19 -------- d-----w c:\program files\Your Uninstaller 2008 2009-05-10 09:51 . 2009-05-10 09:51 -------- d-----w c:\program files\VS Revo Group 2009-05-10 09:19 . 2009-05-10 09:19 -------- d-----w c:\documents and settings\Pauline & Steve\Application Data\Malwarebytes 2009-05-10 09:19 . 2009-04-06 05:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-05-10 09:19 . 2009-04-06 05:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-05-10 09:19 . 2009-05-10 09:19 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes 2009-05-10 09:19 . 2009-05-10 09:19 -------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-05-05 14:00 . 2009-05-05 14:02 -------- d-----w c:\program files\Norton Security Scan 2009-05-05 13:55 . 2008-12-10 22:38 159600 ----a-w c:\windows\system32\drivers\pctgntdi.sys 2009-05-05 13:54 . 2009-03-06 06:45 130424 ----a-w c:\windows\system32\drivers\PCTCore.sys 2009-05-05 13:54 . 2008-12-18 02:16 73840 ----a-w c:\windows\system32\drivers\PCTAppEvent.sys 2009-05-05 13:53 . 2009-05-05 13:56 -------- d-----w c:\program files\Common Files\PC Tools 2009-05-05 13:53 . 2008-12-10 02:36 64392 ----a-w c:\windows\system32\drivers\pctplsg.sys 2009-05-05 13:53 . 2009-05-05 13:53 -------- d-----w c:\documents and settings\Pauline & Steve\Application Data\PC Tools 2009-05-05 13:53 . 2009-05-05 13:53 -------- d-----w c:\documents and settings\All Users\Application Data\PC Tools 2009-05-05 13:53 . 2009-05-14 10:33 -------- d-----w c:\program files\Spyware Doctor 2009-05-05 13:50 . 2009-05-14 03:08 -------- d-----w c:\documents and settings\All Users\Application Data\Google Updater 2009-05-03 06:43 . 2009-05-03 06:43 -------- d-----w c:\windows\system32\config\systemprofile\Application Data\SACore 2009-05-02 02:22 . 2009-05-02 02:22 -------- d-----w c:\documents and settings\LocalService\Application Data\SACore 2009-05-02 02:17 . 2009-05-02 02:17 -------- d-----w c:\documents and settings\All Users\Application Data\SiteAdvisor 2009-05-02 02:12 . 2009-04-09 03:58 40552 ----a-w c:\windows\system32\drivers\mfesmfk.sys 2009-05-02 02:12 . 2009-04-09 03:58 35272 ----a-w c:\windows\system32\drivers\mfebopk.sys 2009-05-02 02:12 . 2009-04-09 03:58 79880 ----a-w c:\windows\system32\drivers\mfeavfk.sys 2009-05-02 02:12 . 2009-04-09 04:23 120136 ----a-w c:\windows\system32\drivers\Mpfp.sys 2009-05-02 02:11 . 2009-05-02 02:12 -------- d-----w c:\program files\Common Files\McAfee 2009-05-02 02:11 . 2009-05-02 02:11 -------- d-----w c:\program files\McAfee.com 2009-05-02 02:10 . 2009-05-08 08:18 -------- d-----w c:\program files\McAfee 2009-05-02 01:59 . 2009-04-09 03:57 34216 ----a-w c:\windows\system32\drivers\mferkdk.sys 2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w c:\windows\system32\GPhotos.scr 2009-04-18 15:04 . 2009-04-18 15:13 -------- d-----w c:\program files\YSB Tax Calendar 2009-04-16 22:26 . 2009-04-16 22:26 -------- d-----w c:\documents and settings\Isabella & Charlotte\Application Data\F-Secure 2009-04-15 10:02 . 2009-02-06 10:39 35328 ------w c:\windows\system32\dllcache\sc.exe 2009-04-15 10:02 . 2009-02-09 12:10 401408 ------w c:\windows\system32\dllcache\rpcss.dll 2009-04-15 10:02 . 2009-02-06 11:11 110592 ------w c:\windows\system32\dllcache\services.exe 2009-04-15 10:02 . 2009-02-09 12:10 473600 ------w c:\windows\system32\dllcache\fastprox.dll 2009-04-15 10:02 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe 2009-04-15 10:02 . 2009-02-09 12:10 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll 2009-04-15 10:02 . 2009-02-09 12:10 729088 ------w c:\windows\system32\dllcache\lsasrv.dll 2009-04-15 10:02 . 2009-02-09 12:10 617472 ------w c:\windows\system32\dllcache\advapi32.dll 2009-04-15 10:02 . 2009-02-09 12:10 714752 ------w c:\windows\system32\dllcache\ntdll.dll 2009-04-15 09:58 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll 2009-04-15 09:58 . 2008-04-21 12:08 215552 ------w c:\windows\system32\dllcache\wordpad.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-13 11:56 . 2007-05-17 06:03 53400 ----a-w c:\documents and settings\Isabella & Charlotte\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-05-12 08:50 . 2007-12-16 10:15 53400 ----a-w c:\windows\system32\GDIPFONTCACHEV1.DAT 2009-05-11 14:31 . 2008-11-11 12:35 -------- d-----w c:\program files\Optus Internet Security Suite 2009-05-11 09:19 . 2008-07-13 01:19 -------- d-----w c:\program files\Legacy Interactive 2009-05-10 11:19 . 2007-07-08 07:22 -------- d-----w c:\program files\Common Files\Apple 2009-05-05 14:06 . 2008-08-30 14:25 -------- d-----w c:\program files\Common Files\Symantec Shared 2009-05-05 13:51 . 2006-10-18 13:31 -------- d-----w c:\program files\Google 2009-05-01 19:45 . 2008-11-11 14:00 110738 ----a-w c:\program files\OPTUS 2009-04-28 09:38 . 2009-03-11 13:02 33408 ----a-w c:\windows\system32\drivers\fsbts.sys 2009-04-14 08:47 . 2009-04-14 08:47 -------- d-----w c:\program files\Uniblue 2009-04-14 08:44 . 2008-06-12 13:34 -------- d-----w c:\program files\SpywareBlaster 2009-04-09 03:58 . 2009-04-09 03:58 214024 ----a-w c:\windows\system32\drivers\mfehidk.sys 2009-03-28 03:30 . 2009-03-28 03:30 -------- d-----w c:\program files\Microsoft Works 2009-03-19 09:18 . 2009-03-19 09:16 -------- d-----w c:\program files\iTunes 2009-03-19 09:16 . 2009-03-19 09:16 -------- d-----w c:\program files\iPod 2009-03-19 09:09 . 2009-03-19 09:09 -------- d-----w c:\program files\Bonjour 2009-03-19 09:06 . 2009-03-19 09:04 -------- d-----w c:\program files\QuickTime 2009-03-19 08:48 . 2009-03-19 08:43 -------- d-----w c:\program files\Safari 2009-03-06 14:22 . 2004-08-10 04:51 284160 ----a-w c:\windows\system32\pdh.dll 2009-03-03 00:18 . 2004-08-10 04:51 826368 ----a-w c:\windows\system32\wininet.dll 2009-02-20 18:09 . 2004-08-10 04:51 78336 ----a-w c:\windows\system32\ieencode.dll . ((((((((((((((((((((((((((((( SnapShot@2009-05-14_10.44.30 ))))))))))))))))))))))))))))))))))))))))) . + 2009-05-14 11:14 . 2009-05-14 11:14 16384 c:\windows\Temp\Perflib_Perfdata_7c8.dat + 2004-08-10 04:57 . 2009-05-14 11:14 227208 c:\windows\system32\FNTCACHE.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-05 39408] "Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-04-30 2329936] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-07-21 98304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-07-21 86016] "Persistence"="c:\windows\system32\igfxpers.exe" [2006-07-21 81920] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 843776] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-07 122940] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-27 136600] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-04-20 645328] "McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-04-09 1176808] "ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-12-08 1173384] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck smrgdf c:\documents and settings\Isabella & Charlotte\Application Data\iolo\ [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 2000 Series.lnk] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "PDEngine"=3 (0x3) "PDAgent"=2 (0x2) "ioloSystemService"=2 (0x2) "ioloFileInfoList"=2 (0x2) "ERSvc"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Media Player\\wmplayer.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [11/03/2009 11:02 PM 33408] R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [11/11/2008 10:37 PM 79904] R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [5/05/2009 11:54 PM 130424] R2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [17/03/2006 7:25 PM 65536] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2/05/2009 12:16 PM 210216] R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [5/05/2009 11:53 PM 348752] R2 smp_lpt;smp_lpt;c:\windows\system32\drivers\smp_LPT.sys [23/06/2008 4:53 PM 37928] R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3/11/2006 7:19 PM 13592] R3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\drivers\urvpndrv.sys [4/11/2003 12:43 PM 28304] S1 F-Secure HIPS;F-Secure HIPS;\??\c:\program files\Optus Internet Security Suite\HIPS\drivers\fshs.sys --> c:\program files\Optus Internet Security Suite\HIPS\drivers\fshs.sys [?] S3 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\c:\program files\Optus Internet Security Suite\Anti-Virus\minifilter\fsgk.sys --> c:\program files\Optus Internet Security Suite\Anti-Virus\minifilter\fsgk.sys [?] S3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltw2k.sys [31/08/2007 4:50 PM 10768] S3 FSORSPClient;F-Secure ORSP Client;"c:\program files\Optus Internet Security Suite\ORSP Client\fsorsp.exe" --> c:\program files\Optus Internet Security Suite\ORSP Client\fsorsp.exe [?] S4 F-Secure Filter;F-Secure File System Filter;\??\c:\program files\Optus Internet Security Suite\Anti-Virus\Win2K\FSfilter.sys --> c:\program files\Optus Internet Security Suite\Anti-Virus\Win2K\FSfilter.sys [?] S4 F-Secure Recognizer;F-Secure File System Recognizer;\??\c:\program files\Optus Internet Security Suite\Anti-Virus\Win2K\FSrec.sys --> c:\program files\Optus Internet Security Suite\Anti-Virus\Win2K\FSrec.sys [?] S4 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe --> c:\program files\iolo\common\lib\ioloServiceManager.exe [?] S4 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe --> c:\program files\iolo\common\lib\ioloServiceManager.exe [?] --- Other Services/Drivers In Memory --- *Deregistered* - mchInjDrv [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{61287488-c41f-11dc-8848-0012c96bcb57}] \Shell\AutoRun\command - E:\LaunchU3.exe -a . Contents of the 'Scheduled Tasks' folder 2009-05-14 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-02 13:50] 2009-05-02 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-05-02 22:57] 2009-05-02 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-05-02 22:57] 2009-05-14 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 09:20] 2009-05-08 c:\windows\Tasks\Norton Security Scan for Pauline & Steve.job - c:\program files\Norton Security Scan\Nss.exe [2008-09-18 10:20] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.msn.com uInternet Connection Wizard,ShellNext = hxxp://www.google.com.au/ig/dell?hl=en&client=dell-row-rel&channel=au&ibd=6061018 uInternet Settings,ProxyServer = proxy.iprimus.com.au:8080 uInternet Settings,ProxyOverride = *.iprimus.com.au;*.primustel.com.au;*.primus.com.au;192.*;172.*;127.*;<local>;*.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 LSP: c:\program files\Optus Internet Security Suite\FSPS\program\FSLSP.DLL FF - ProfilePath - c:\documents and settings\Pauline & Steve\Application Data\Mozilla\Firefox\Profiles\vjvgwqhn.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.slatteryit.com.au/mpm-thankyou.html?message=|http://www.commbank.com.au/|http://redbigot.info/Members/Champagne-Sparkling.htm|http://www.boccaccio.com.au/prod1917.htm|http://www.bundaleerwines.com.au/index.php?id=12|http://www.dsr.nsw.gov.au/sydneyacademy/program.asp?Code=1055 FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll FF - plugin: c:\program files\Common-Use Signing Interface\bin\npCsiPlugin.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdjvu.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMGWRAP.DLL FF - plugin: c:\program files\Mozilla Firefox\plugins\NPuroamHost.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-14 21:27 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-324456753-2853923158-1365374836-1006\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'lsass.exe'(884) c:\program files\Optus Internet Security Suite\FSPS\program\FSLSP.DLL . Completion time: 2009-05-14 21:29 ComboFix-quarantined-files.txt 2009-05-14 11:29 ComboFix2.txt 2009-05-14 10:46 Pre-Run: 28,846,727,168 bytes free Post-Run: 28,824,809,472 bytes free Current=2 Default=2 Failed=4 LastKnownGood=3 Sets=1,2,3,4 248 --- E O F --- 2009-05-13 17:14
  5. stevieb
    Actually I have tried to uninstall the F-Secure Antivirus (which is same as Optus Internet Security Suite), first via Add/Remove programs then using an uninstaller, still appears to have left remnants. Not sure how I can get rid of these!
  6. stevieb
    Here is the log frpm Combofix ComboFix 09-05-13.02 - Pauline & Steve 14/05/2009 20:41.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.405 [GMT 10:00] Running from: c:\documents and settings\Pauline & Steve\Desktop\ComboFix.exe AV: F-Secure Anti-Virus 8.10 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15} AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} FW: Optus Internet Security Suite 2008 7.00 *enabled* {D4747503-0346-49EB-9262-997542F79BF4} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\clofghls.dll c:\windows\system32\aliases.ini c:\windows\system32\c.txt c:\windows\system32\mirc.ini c:\windows\system32\remote.ini c:\windows\system32\s.txt c:\windows\system32\x64 . ((((((((((((((((((((((((( Files Created from 2009-04-14 to 2009-05-14 ))))))))))))))))))))))))))))))) . 2009-05-13 21:46 . 2009-05-13 21:46 -------- d-----w c:\program files\Windows Live SkyDrive 2009-05-12 21:40 . 2009-05-12 21:40 -------- d-----w c:\program files\Trend Micro 2009-05-11 17:01 . 2009-05-11 17:01 -------- d-----w c:\windows\LastGood 2009-05-11 09:12 . 2004-08-03 21:00 35328 ----a-w c:\windows\system32\dllcache\notiflag.exe 2009-05-11 09:12 . 2004-08-03 21:00 99840 ----a-w c:\windows\system32\dllcache\helphost.exe 2009-05-11 09:12 . 2004-08-03 21:00 21504 ----a-w c:\windows\system32\dllcache\brpinfo.dll 2009-05-10 10:47 . 2009-05-10 10:47 -------- d-----w c:\documents and settings\Pauline & Steve\Application Data\URSoft 2009-05-10 10:46 . 2009-05-10 11:19 -------- d-----w c:\program files\Your Uninstaller 2008 2009-05-10 09:51 . 2009-05-10 09:51 -------- d-----w c:\program files\VS Revo Group 2009-05-10 09:19 . 2009-05-10 09:19 -------- d-----w c:\documents and settings\Pauline & Steve\Application Data\Malwarebytes 2009-05-10 09:19 . 2009-04-06 05:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-05-10 09:19 . 2009-04-06 05:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-05-10 09:19 . 2009-05-10 09:19 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes 2009-05-10 09:19 . 2009-05-10 09:19 -------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-05-05 14:00 . 2009-05-05 14:02 -------- d-----w c:\program files\Norton Security Scan 2009-05-05 13:55 . 2008-12-10 22:38 159600 ----a-w c:\windows\system32\drivers\pctgntdi.sys 2009-05-05 13:54 . 2009-03-06 06:45 130424 ----a-w c:\windows\system32\drivers\PCTCore.sys 2009-05-05 13:54 . 2008-12-18 02:16 73840 ----a-w c:\windows\system32\drivers\PCTAppEvent.sys 2009-05-05 13:53 . 2009-05-05 13:56 -------- d-----w c:\program files\Common Files\PC Tools 2009-05-05 13:53 . 2008-12-10 02:36 64392 ----a-w c:\windows\system32\drivers\pctplsg.sys 2009-05-05 13:53 . 2009-05-05 13:53 -------- d-----w c:\documents and settings\Pauline & Steve\Application Data\PC Tools 2009-05-05 13:53 . 2009-05-05 13:53 -------- d-----w c:\documents and settings\All Users\Application Data\PC Tools 2009-05-05 13:53 . 2009-05-14 10:33 -------- d-----w c:\program files\Spyware Doctor 2009-05-05 13:50 . 2009-05-14 03:08 -------- d-----w c:\documents and settings\All Users\Application Data\Google Updater 2009-05-03 06:43 . 2009-05-03 06:43 -------- d-----w c:\windows\system32\config\systemprofile\Application Data\SACore 2009-05-02 02:22 . 2009-05-02 02:22 -------- d-----w c:\documents and settings\LocalService\Application Data\SACore 2009-05-02 02:17 . 2009-05-02 02:17 -------- d-----w c:\documents and settings\All Users\Application Data\SiteAdvisor 2009-05-02 02:12 . 2009-04-09 03:58 40552 ----a-w c:\windows\system32\drivers\mfesmfk.sys 2009-05-02 02:12 . 2009-04-09 03:58 35272 ----a-w c:\windows\system32\drivers\mfebopk.sys 2009-05-02 02:12 . 2009-04-09 03:58 79880 ----a-w c:\windows\system32\drivers\mfeavfk.sys 2009-05-02 02:12 . 2009-04-09 04:23 120136 ----a-w c:\windows\system32\drivers\Mpfp.sys 2009-05-02 02:11 . 2009-05-02 02:12 -------- d-----w c:\program files\Common Files\McAfee 2009-05-02 02:11 . 2009-05-02 02:11 -------- d-----w c:\program files\McAfee.com 2009-05-02 02:10 . 2009-05-08 08:18 -------- d-----w c:\program files\McAfee 2009-05-02 01:59 . 2009-04-09 03:57 34216 ----a-w c:\windows\system32\drivers\mferkdk.sys 2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w c:\windows\system32\GPhotos.scr 2009-04-18 15:04 . 2009-04-18 15:13 -------- d-----w c:\program files\YSB Tax Calendar 2009-04-16 22:26 . 2009-04-16 22:26 -------- d-----w c:\documents and settings\Isabella & Charlotte\Application Data\F-Secure 2009-04-16 22:26 . 2009-04-20 07:56 53248 ----a-w C:\flow.exe 2009-04-15 13:16 . 2009-04-15 13:16 94 ----a-w C:\tpkupw.bat 2009-04-15 10:02 . 2009-03-06 14:22 284160 ------w c:\windows\system32\dllcache\pdh.dll 2009-04-15 10:02 . 2009-02-06 10:39 35328 ------w c:\windows\system32\dllcache\sc.exe 2009-04-15 10:02 . 2009-02-09 12:10 401408 ------w c:\windows\system32\dllcache\rpcss.dll 2009-04-15 10:02 . 2009-02-06 11:11 110592 ------w c:\windows\system32\dllcache\services.exe 2009-04-15 10:02 . 2009-02-09 12:10 473600 ------w c:\windows\system32\dllcache\fastprox.dll 2009-04-15 10:02 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe 2009-04-15 10:02 . 2009-02-09 12:10 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll 2009-04-15 10:02 . 2009-02-09 12:10 729088 ------w c:\windows\system32\dllcache\lsasrv.dll 2009-04-15 10:02 . 2009-02-09 12:10 617472 ------w c:\windows\system32\dllcache\advapi32.dll 2009-04-15 10:02 . 2009-02-09 12:10 714752 ------w c:\windows\system32\dllcache\ntdll.dll 2009-04-15 09:58 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll 2009-04-15 09:58 . 2008-04-21 12:08 215552 ------w c:\windows\system32\dllcache\wordpad.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-13 11:56 . 2007-05-17 06:03 53400 ----a-w c:\documents and settings\Isabella & Charlotte\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-05-12 08:50 . 2007-12-16 10:15 53400 ----a-w c:\windows\system32\GDIPFONTCACHEV1.DAT 2009-05-11 14:31 . 2008-11-11 12:35 -------- d-----w c:\program files\Optus Internet Security Suite 2009-05-11 09:19 . 2008-07-13 01:19 -------- d-----w c:\program files\Legacy Interactive 2009-05-10 11:19 . 2007-07-08 07:22 -------- d-----w c:\program files\Common Files\Apple 2009-05-05 14:06 . 2008-08-30 14:25 -------- d-----w c:\program files\Common Files\Symantec Shared 2009-05-05 13:51 . 2006-10-18 13:31 -------- d-----w c:\program files\Google 2009-05-01 19:45 . 2008-11-11 14:00 110738 ----a-w c:\program files\OPTUS 2009-04-28 09:38 . 2009-03-11 13:02 33408 ----a-w c:\windows\system32\drivers\fsbts.sys 2009-04-14 08:47 . 2009-04-14 08:47 -------- d-----w c:\program files\Uniblue 2009-04-14 08:44 . 2008-06-12 13:34 -------- d-----w c:\program files\SpywareBlaster 2009-04-09 03:58 . 2009-04-09 03:58 214024 ----a-w c:\windows\system32\drivers\mfehidk.sys 2009-03-28 03:30 . 2009-03-28 03:30 -------- d-----w c:\program files\Microsoft Works 2009-03-19 09:18 . 2009-03-19 09:16 -------- d-----w c:\program files\iTunes 2009-03-19 09:16 . 2009-03-19 09:16 -------- d-----w c:\program files\iPod 2009-03-19 09:09 . 2009-03-19 09:09 -------- d-----w c:\program files\Bonjour 2009-03-19 09:06 . 2009-03-19 09:04 -------- d-----w c:\program files\QuickTime 2009-03-19 08:48 . 2009-03-19 08:43 -------- d-----w c:\program files\Safari 2009-03-06 14:22 . 2004-08-10 04:51 284160 ----a-w c:\windows\system32\pdh.dll 2009-03-03 00:18 . 2004-08-10 04:51 826368 ----a-w c:\windows\system32\wininet.dll 2009-02-20 18:09 . 2004-08-10 04:51 78336 ----a-w c:\windows\system32\ieencode.dll 2008-04-14 00:12 . 2004-08-10 04:51 91136 --sh--r c:\windows\system32\hazluottjrfk.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-05 39408] "Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-04-30 2329936] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-07-21 98304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-07-21 86016] "Persistence"="c:\windows\system32\igfxpers.exe" [2006-07-21 81920] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 843776] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-07 122940] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-27 136600] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-04-20 645328] "McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-04-09 1176808] "ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-12-08 1173384] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck smrgdf c:\documents and settings\Isabella & Charlotte\Application Data\iolo\ [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 2000 Series.lnk] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "PDEngine"=3 (0x3) "PDAgent"=2 (0x2) "ioloSystemService"=2 (0x2) "ioloFileInfoList"=2 (0x2) "ERSvc"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Media Player\\wmplayer.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [11/03/2009 11:02 PM 33408] R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [11/11/2008 10:37 PM 79904] R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [5/05/2009 11:54 PM 130424] R2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [17/03/2006 7:25 PM 65536] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2/05/2009 12:16 PM 210216] R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [5/05/2009 11:53 PM 348752] R2 smp_lpt;smp_lpt;c:\windows\system32\drivers\smp_LPT.sys [23/06/2008 4:53 PM 37928] R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3/11/2006 7:19 PM 13592] R3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\drivers\urvpndrv.sys [4/11/2003 12:43 PM 28304] S1 F-Secure HIPS;F-Secure HIPS;\??\c:\program files\Optus Internet Security Suite\HIPS\drivers\fshs.sys --> c:\program files\Optus Internet Security Suite\HIPS\drivers\fshs.sys [?] S3 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\c:\program files\Optus Internet Security Suite\Anti-Virus\minifilter\fsgk.sys --> c:\program files\Optus Internet Security Suite\Anti-Virus\minifilter\fsgk.sys [?] S3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltw2k.sys [31/08/2007 4:50 PM 10768] S3 FSORSPClient;F-Secure ORSP Client;"c:\program files\Optus Internet Security Suite\ORSP Client\fsorsp.exe" --> c:\program files\Optus Internet Security Suite\ORSP Client\fsorsp.exe [?] S4 F-Secure Filter;F-Secure File System Filter;\??\c:\program files\Optus Internet Security Suite\Anti-Virus\Win2K\FSfilter.sys --> c:\program files\Optus Internet Security Suite\Anti-Virus\Win2K\FSfilter.sys [?] S4 F-Secure Recognizer;F-Secure File System Recognizer;\??\c:\program files\Optus Internet Security Suite\Anti-Virus\Win2K\FSrec.sys --> c:\program files\Optus Internet Security Suite\Anti-Virus\Win2K\FSrec.sys [?] S4 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe --> c:\program files\iolo\common\lib\ioloServiceManager.exe [?] S4 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe --> c:\program files\iolo\common\lib\ioloServiceManager.exe [?] --- Other Services/Drivers In Memory --- *NewlyCreated* - IDSVC *Deregistered* - mchInjDrv [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3cae4ad9-15f0-11dd-8876-0012c96bcb57}] \Shell\AutoRun\command - F:\39lpji.com \Shell\explore\Command - F:\39lpji.com \Shell\open\Command - F:\39lpji.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{61287488-c41f-11dc-8848-0012c96bcb57}] \Shell\AutoRun\command - E:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{92d55fde-5798-11dc-87f9-0012c96bcb57}] \Shell\Auto\command - J:\auto.exe \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe . Contents of the 'Scheduled Tasks' folder 2009-05-14 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-02 13:50] 2009-05-02 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-05-02 22:57] 2009-05-02 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-05-02 22:57] 2009-05-13 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 09:20] 2009-05-08 c:\windows\Tasks\Norton Security Scan for Pauline & Steve.job - c:\program files\Norton Security Scan\Nss.exe [2008-09-18 10:20] . - - - - ORPHANS REMOVED - - - - HKU-Default-Run-Windows Resurections - c:\windows\TEMP\mrwztfo.exe HKU-Default-Run-Diagnostic Manager - c:\windows\TEMP\1259240076.exe ShellExecuteHooks-{39B15A4A-8C87-43B7-9859-E98F429DDEBB} - (no file) Notify-11478321 - (no file) Notify-15724321 - (no file) Notify-18467321 - (no file) Notify-19169321 - (no file) Notify-24464321 - (no file) Notify-26500321 - (no file) Notify-26962321 - (no file) Notify-29358321 - (no file) Notify-41321 - (no file) Notify-5705321 - 5705321.dll Notify-6334321 - (no file) Notify-hgGAstQH - hgGAstQH.dll . ------- Supplementary Scan ------- . uStart Page = hxxp://www.msn.com uInternet Connection Wizard,ShellNext = hxxp://www.google.com.au/ig/dell?hl=en&client=dell-row-rel&channel=au&ibd=6061018 uInternet Settings,ProxyServer = proxy.iprimus.com.au:8080 uInternet Settings,ProxyOverride = *.iprimus.com.au;*.primustel.com.au;*.primus.com.au;192.*;172.*;127.*;<local>;*.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 LSP: c:\program files\Optus Internet Security Suite\FSPS\program\FSLSP.DLL FF - ProfilePath - c:\documents and settings\Pauline & Steve\Application Data\Mozilla\Firefox\Profiles\vjvgwqhn.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.slatteryit.com.au/mpm-thankyou.html?message=|http://www.commbank.com.au/|http://redbigot.info/Members/Champagne-Sparkling.htm|http://www.boccaccio.com.au/prod1917.htm|http://www.bundaleerwines.com.au/index.php?id=12|http://www.dsr.nsw.gov.au/sydneyacademy/program.asp?Code=1055 FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll FF - plugin: c:\program files\Common-Use Signing Interface\bin\npCsiPlugin.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdjvu.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMGWRAP.DLL FF - plugin: c:\program files\Mozilla Firefox\plugins\NPuroamHost.dll . . ------- File Associations ------- . JSEFile=NOTEPAD.EXE %1 VBEFile=NOTEPAD.EXE %1 VBSFile=NOTEPAD.EXE %1 . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-14 20:44 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-324456753-2853923158-1365374836-1006\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_USERS\S-1-5-21-324456753-2853923158-1365374836-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{93404D9B-4FB0-75F2-9704-1BE3337C4823}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "nabenmceaifhegflgnifgialdmce"=hex:63,61,63,6b,65,69,00,7c . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(836) c:\windows\system32\igfxdev.dll c:\program files\McAfee\SiteAdvisor\saHook.dll - - - - - - - > 'lsass.exe'(892) c:\program files\Optus Internet Security Suite\FSPS\program\FSLSP.DLL . Completion time: 2009-05-14 20:46 ComboFix-quarantined-files.txt 2009-05-14 10:46 Pre-Run: 28,353,327,104 bytes free Post-Run: 28,611,710,976 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptOut Current=2 Default=2 Failed=4 LastKnownGood=3 Sets=1,2,3,4 288 --- E O F --- 2009-05-13 17:14
  7. stevieb
    OK, have backed up critical stuff and below is latest MalwareBytes log Malwarebytes' Anti-Malware 1.36 Database version: 2122 Windows 5.1.2600 Service Pack 3 14/05/2009 7:22:38 AM mbam-log-2009-05-14 (07-22-37).txt Scan type: Full Scan (C:\|) Objects scanned: 180754 Time elapsed: 1 hour(s), 24 minute(s), 38 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  8. stevieb
    Thought I had got rid of this with MalwareBytes but it is back, help appreciated. HJT log as below Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:40:59 AM, on 13/05/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VirusScan\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\alg.exe C:\PROGRA~1\McAfee\VirusScan\mcsysmon.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\Explorer.EXE c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Common-Use Signing Interface\JRE\bin\javawforcsi.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com.au/ig/dell?hl=en&client=dell-row-rel&channel=au&ibd=6061018 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.iprimus.com.au:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.iprimus.com.au;*.primustel.com.au;*.primus.com.au;192.*;172.*;127.*;<local>;*.local F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll O3 - Toolbar: (no name) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - (no file) O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup O4 - HKUS\S-1-5-21-324456753-2853923158-1365374836-1007\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Isabella & Charlotte') O4 - HKUS\S-1-5-21-324456753-2853923158-1365374836-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Isabella & Charlotte') O4 - HKUS\S-1-5-21-324456753-2853923158-1365374836-1007\..\Run: [Windowfs Temporary Layer] hazluottjrfk.exe (User 'Isabella & Charlotte') O4 - HKUS\S-1-5-21-324456753-2853923158-1365374836-1007\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Isabella & Charlotte') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {11818680-FCF6-11D0-9808-0800092A4865} (Adobe Form Control) - http://www.ato.gov.au/formflow/codebase/FormCtl.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/sit...b?1187787037562 O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...wlscbase370.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1180616368015 O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - O16 - DPF: {CDDCFBB3-4D93-11D2-B1A9-00A0C9B742BE} (Adobe Script Object) - http://www.ato.gov.au/formflow/codebase/scriptobject.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll O20 - Winlogon Notify: 11478321 - C:\WINDOWS\ O20 - Winlogon Notify: 15724321 - C:\WINDOWS\ O20 - Winlogon Notify: 18467321 - C:\WINDOWS\ O20 - Winlogon Notify: 19169321 - C:\WINDOWS\ O20 - Winlogon Notify: 24464321 - C:\WINDOWS\ O20 - Winlogon Notify: 26500321 - C:\WINDOWS\ O20 - Winlogon Notify: 26962321 - C:\WINDOWS\ O20 - Winlogon Notify: 29358321 - C:\WINDOWS\ O20 - Winlogon Notify: 41321 - C:\WINDOWS\ O20 - Winlogon Notify: 5705321 - 5705321.dll (file missing) O20 - Winlogon Notify: 6334321 - C:\WINDOWS\ O20 - Winlogon Notify: hgGAstQH - hgGAstQH.dll (file missing) O23 - Service: Broadcom ASF IP Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\Optus Internet Security Suite\Anti-Virus\fsgk32st.exe (file missing) O23 - Service: F-Secure Automatic Update Agent (FSAUA) - Unknown owner - C:\Program Files\Optus Internet Security Suite\FSAUA\program\fsaua.exe (file missing) O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - Unknown owner - C:\Program Files\Optus Internet Security Suite\FWES\Program\fsdfwd.exe (file missing) O23 - Service: F-Secure Management Agent (FSMA) - Unknown owner - C:\Program Files\Optus Internet Security Suite\Common\FSMA32.EXE (file missing) O23 - Service: F-Secure ORSP Client (FSORSPClient) - Unknown owner - C:\Program Files\Optus Internet Security Suite\ORSP Client\fsorsp.exe (file missing) O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VirusScan\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VirusScan\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VirusScan\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe -- End of file - 13172 bytes
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.