Jump to content

XSShadow

Members
  • Posts

    17
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Apparently SaveFile is under some construction so I used MediaFire instead: http://www.mediafire.com/?sharekey=ddcc4b6...04e75f6e8ebb871 I had some problems with the scan though, I got another error about restricted privileges and then it froze.
  2. Used up too much attachment space on part 1 so part 2 won't attach, let me know if you even need to see it.
  3. I tried to do what you outlined in your PM but once again I got an error about insufficient privileges. I did manage to run the GMER scan though (apparently it's too long to post here and it's too big to attach, so I'll try to attach it in multiple parts). After I ran the scan though Comodo started to light up with hundreds of threat detections (over 3,000). I'm not sure if they all got removed because Comodo seemed to crash from the load but I rebooted and now it seems like my google search results and everything else are back to normal. Log.txt
  4. Gave it a shot and I got the same error as before :S
  5. Here you go: Malwarebytes' Anti-Malware 1.41 Database version: 2879 Windows 5.1.2600 Service Pack 3 9/30/2009 8:22:34 PM mbam-log-2009-09-30 (20-22-34).txt Scan type: Quick Scan Objects scanned: 107277 Time elapsed: 11 minute(s), 40 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  6. I'm not sure what the problem with DDS is, I open the file and it displays the disclaimer and then it doesn't do anything else. I left it sitting there for 10 minutes or so with avast! and Comodo both off but there was no change.
  7. Here is the MBAM log: Malwarebytes' Anti-Malware 1.41 Database version: 2775 Windows 5.1.2600 Service Pack 3 9/29/2009 7:46:43 PM mbam-log-2009-09-29 (19-46-43).txt Scan type: Full Scan (C:\|) Objects scanned: 174790 Time elapsed: 2 hour(s), 3 minute(s), 13 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\brastia (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) And the Win32kDiag log, it doesn't look like it went very far though (This was with avast! and Comodo turned off): Running from: C:\Documents and Settings\IBM\Desktop\Win32kDiag.exe Log file at : C:\Documents and Settings\IBM\Desktop\Win32kDiag.txt WARNING: Could not get backup privileges! Searching 'C:\WINDOWS'... Cannot access: C:\WINDOWS\system32\drivers\sfi.dat
  8. I got a fresh copy of ComboFix and disabled Comodo and tried again. ComboFix loaded and then I got another series of errors that said: "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item." and the file names it displays in the top left corner of the error box are similar to the ones I posted in my last reply.
  9. It seems like I have some viruses messing with ComboFix, when I drag the file into ComboFix it loads and I get a bunch of virus notifications from Comodo and then ComboFix closes down and gives me this error: "Windows cannot fine '32788R22FWJFW\iexplorer.exe'. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search." I get that same error a couple dozen times in a row but sometimes the file name changes to '\n.pif' or '\hidec.exe'.
  10. Here is the Security Checker log: Results of screen317's Security Check version 0.99.0 Windows XP Service Pack 3 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! avast! Antivirus Antivirus up to date! (On Access scanning disabled!) `````````````````````````````` Anti-malware/Other Utilities Check: IBM 32-bit Runtime Environment for Java 2, v1.4.2 Java 6 Update 15 Java 6 Update 7 IBM 32-bit Runtime Environment for Java 2, v1.4.2 Out of date Java installed! Adobe Flash Player 10 Adobe Reader 9.1 `````````````````````````````` Process Check: objlist.exe by Laurent Alwil Software Avast4 aswUpdSv.exe Alwil Software Avast4 ashServ.exe Alwil Software Avast4 ashDisp.exe Comodo Firewall cmdagent.exe `````````````````````````````` DNS Vulnerability Check: Request Timed Out (Wireless Internet connection/Disconnected Internet/Proxy?) `````````End of Log``````````` I can't post the F-Secure log because when the scan reaches 100% it shuts down and tells me that a database is corrupted, I've run it a few times and it gives me the same error. Everything is running fine now except that my Google search results are still being hijacked.
  11. Thanks for your help so far, here's the new ComboFix log: ComboFix 09-09-22.03 - IBM 09/23/2009 15:34.4.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.628 [GMT -7:00] Running from: c:\documents and settings\IBM\Desktop\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2009-08-23 to 2009-09-23 ))))))))))))))))))))))))))))))) . 2009-09-22 17:50 . 2009-09-22 17:50 -------- d-----w- c:\program files\Common Files\Adobe 2009-09-22 17:48 . 2009-09-22 17:48 -------- d-----w- c:\program files\Common Files\Adobe AIR 2009-09-22 17:47 . 2009-09-22 17:55 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2009-09-21 06:33 . 2009-09-21 06:33 -------- d-----w- c:\program files\Common Files\DivX Shared 2009-09-20 20:15 . 2009-09-20 20:15 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2009-09-19 20:27 . 2009-09-19 20:27 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure 2009-09-18 02:30 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe 2009-09-18 02:30 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe 2009-09-18 02:30 . 2008-04-14 00:12 39424 ----a-w- c:\windows\system32\grpconv.exe 2009-09-18 02:30 . 2008-04-14 00:12 39424 ----a-w- c:\windows\system32\dllcache\grpconv.exe 2009-09-16 22:30 . 2009-09-16 22:30 -------- d-----w- c:\program files\Trend Micro 2009-09-16 18:03 . 2009-09-16 18:03 -------- d-----w- c:\documents and settings\IBM\Application Data\CCH 2009-09-16 17:55 . 2009-09-16 17:56 -------- d-----w- c:\program files\Common Files\CCH Shared 2009-09-16 17:54 . 2009-09-16 17:54 -------- d-----w- c:\program files\CCH 2009-09-16 17:50 . 2009-09-16 19:51 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-09-15 20:42 . 2009-09-18 02:29 578560 ----a-w- c:\windows\system32\dllcache\user32.dll 2009-09-12 18:17 . 2009-09-12 18:17 -------- d-----w- c:\program files\Vuze 2009-09-11 15:49 . 2009-09-11 15:49 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2009-09-10 22:04 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll 2009-09-03 01:38 . 2009-09-23 22:34 30720 ----a-w- c:\windows\system32\B22327DAE92BEBA3.exe 2009-08-31 19:51 . 2009-08-31 19:52 -------- d-----w- c:\program files\ImageConverter Plus 2009-08-31 19:46 . 2009-08-31 19:46 -------- d-----w- C:\temp . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-22 21:36 . 2008-09-18 17:14 -------- d-----w- c:\documents and settings\IBM\Application Data\HPAppData 2009-09-21 06:33 . 2009-01-28 01:43 -------- d-----w- c:\program files\DivX 2009-09-20 20:09 . 2008-07-12 21:52 -------- d-----w- c:\program files\CyberArmor 2009-09-20 02:53 . 2009-07-07 19:20 -------- d-----w- c:\documents and settings\IBM\Application Data\vlc 2009-09-20 01:05 . 2008-12-22 07:50 -------- d-----w- c:\documents and settings\IBM\Application Data\Azureus 2009-09-19 21:20 . 2008-07-21 23:40 -------- d-----w- c:\program files\Microsoft Office 2007 Complete Third Edition 2009-09-19 19:21 . 2009-05-25 02:20 -------- d-----w- c:\documents and settings\IBM\Application Data\LimeWire 2009-09-18 02:42 . 2008-09-20 00:00 -------- d-----w- c:\program files\Java 2009-09-18 02:29 . 1980-01-01 07:00 578560 ------w- c:\windows\system32\user32.dll 2009-09-16 19:59 . 2008-07-15 23:40 72408 ----a-w- c:\documents and settings\IBM\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-09-11 23:52 . 2009-05-29 05:50 -------- d-----w- c:\program files\Sprint Instinct Applications 2009-09-11 15:47 . 2008-12-25 15:37 -------- d-----w- c:\program files\Microsoft Silverlight 2009-09-11 02:02 . 2008-07-23 07:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-09-07 00:23 . 2008-09-03 20:14 -------- d-----w- c:\program files\ApexDC++ 2009-09-04 22:38 . 2008-11-09 01:46 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-08-22 04:59 . 2009-04-23 04:11 -------- d-----w- c:\program files\Starcraft 2009-08-12 01:25 . 2006-04-23 21:40 -------- d-----w- c:\program files\Symantec 2009-08-11 02:08 . 2006-04-23 21:41 -------- d-----w- c:\program files\Norton AntiVirus 2009-08-09 02:51 . 2006-04-23 21:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec 2009-08-05 16:41 . 2009-08-05 16:41 -------- d-----w- c:\program files\MasRizal 2009-08-05 09:01 . 1980-01-01 07:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-25 12:23 . 2008-11-28 08:53 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-07-17 19:01 . 1980-01-01 07:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-14 06:43 . 1980-01-01 07:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-03 17:09 . 1980-01-01 07:00 915456 ------w- c:\windows\system32\wininet.dll 2005-05-26 21:35 . 2008-08-15 07:02 1422 ----a-w- c:\program files\ReadMe.txt 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll . ((((((((((((((((((((((((((((( SnapShot@2009-09-18_02.33.56 ))))))))))))))))))))))))))))))))))))))))) . + 2009-09-22 17:49 . 2009-09-22 17:49 21504 c:\windows\Installer\11bdf7.msi + 2009-09-22 17:49 . 2009-09-22 17:49 27648 c:\windows\Installer\11bdf2.msi + 2009-09-18 02:42 . 2009-07-25 12:23 149280 c:\windows\system32\javaws.exe + 2009-09-18 02:42 . 2009-07-25 12:23 145184 c:\windows\system32\javaw.exe + 2009-09-18 02:42 . 2009-07-25 12:23 145184 c:\windows\system32\java.exe + 2009-07-10 17:39 . 2009-07-10 17:39 406640 c:\windows\Downloaded Program Files\fslauncher.dll + 2009-09-22 17:51 . 2009-09-22 17:51 3938816 c:\windows\Installer\11bf2a.msi . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-08 110592] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-08 512000] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-05-04 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-05-04 126976] "TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2004-02-05 897024] "TPHOTKEY"="c:\progra~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2005-04-04 94208] "EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2005-03-23 217088] "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-09-02 127035] "PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2005-04-14 139264] "BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-04-14 208896] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152] "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-06 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312] "B22327DAE92BEBA3"="c:\windows\system32\B22327DAE92BEBA3.exe" [2009-09-23 30720] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696] "brastia"="c:\windows\system32\brastia.exe" [bU] "TpShocks"="TpShocks.exe" - c:\windows\system32\TpShocks.exe [2005-04-05 106496] "TP4EX"="tp4ex.exe" - c:\windows\system32\TP4EX.exe [2004-11-12 40960] c:\documents and settings\IBM\Start Menu\Programs\Startup\ Sprint media monitor.lnk - c:\windows\RM.exe [2009-5-28 222552] c:\documents and settings\All Users\Start Menu\Programs\Startup\ BTTray.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2005-5-24 565309] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey] 2004-08-13 03:11 24576 ----a-w- c:\windows\system32\tphklock.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\ApexDC++\\ApexDC.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Vuze\\Azureus.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Starcraft\\StarCraft.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= R0 Shockprf;Shockprf;c:\windows\system32\drivers\shockprf.sys [4/23/2006 2:22 PM 59776] R0 TPDiskPM;TPDiskPM;c:\windows\system32\drivers\TPDiskPM.sys [4/23/2006 2:23 PM 14208] R1 ShockMgr;ShockMgr;c:\windows\system32\drivers\ShockMgr.sys [4/23/2006 2:22 PM 4608] R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [4/23/2006 2:49 PM 4442] R3 TPInput;TPInput;c:\windows\system32\drivers\TPInput.sys [4/23/2006 2:23 PM 6016] R3 TPM11;NSC Integrated Trusted Platform Module 1.1;c:\windows\system32\drivers\nsctpm11.sys [1/1/1980 14336] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2008-08-15 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-12 19:34] 2009-09-23 c:\windows\Tasks\PMTask.job - c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2006-04-23 08:01] . . ------- Supplementary Scan ------- . uStart Page = hxxp://google.com/ uInternet Settings,ProxyOverride = *.local;<local> uInternet Settings,ProxyServer = http=localhost:7171 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Send To &Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm FF - ProfilePath - c:\documents and settings\IBM\Application Data\Mozilla\Firefox\Profiles\s7mq8r0t.default\ FF - prefs.js: browser.search.selectedEngine - Wikipedia (en) FF - prefs.js: browser.startup.homepage - Google.com FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10607&gct=&gc=1&q= FF - plugin: c:\documents and settings\IBM\Application Data\Mozilla\Firefox\Profiles\s7mq8r0t.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071301000019.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-23 15:39 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(712) c:\windows\system32\tphklock.dll - - - - - - - > 'explorer.exe'(3872) c:\windows\system32\WININET.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2009-09-23 15:41 ComboFix-quarantined-files.txt 2009-09-23 22:41 ComboFix2.txt 2009-09-21 22:19 ComboFix3.txt 2009-09-20 20:29 ComboFix4.txt 2009-09-18 02:37 Pre-Run: 44,101,292,032 bytes free Post-Run: 44,067,684,352 bytes free 191 --- E O F --- 2009-09-11 02:15 I've got avast! and Comodo running now.
  12. Another update, my Google results were working again yesterday but I turn on my laptop this morning and they're hijacked again.
  13. Alright, here's the new ComboFix log: ComboFix 09-09-18.02 - IBM 09/20/2009 13:19.2.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.510 [GMT -7:00] Running from: c:\documents and settings\IBM\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\IBM\Desktop\CFScript.txt.txt * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\3561130331.dat . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SEEKEENSRCH_SERVICE -------\Legacy_SRSERVICESCHEDULE -------\Legacy_VIEXPF2K -------\Service_Viexpf2k ((((((((((((((((((((((((( Files Created from 2009-08-20 to 2009-09-20 ))))))))))))))))))))))))))))))) . 2009-09-20 20:15 . 2009-09-20 20:15 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2009-09-19 20:27 . 2009-09-19 20:27 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure 2009-09-18 02:30 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe 2009-09-18 02:30 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe 2009-09-18 02:30 . 2008-04-14 00:12 39424 ----a-w- c:\windows\system32\grpconv.exe 2009-09-18 02:30 . 2008-04-14 00:12 39424 ----a-w- c:\windows\system32\dllcache\grpconv.exe 2009-09-16 22:30 . 2009-09-16 22:30 -------- d-----w- c:\program files\Trend Micro 2009-09-16 18:03 . 2009-09-16 18:03 -------- d-----w- c:\documents and settings\IBM\Application Data\CCH 2009-09-16 17:55 . 2009-09-16 17:56 -------- d-----w- c:\program files\Common Files\CCH Shared 2009-09-16 17:54 . 2009-09-16 17:54 -------- d-----w- c:\program files\CCH 2009-09-16 17:50 . 2009-09-16 19:51 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-09-15 20:42 . 2009-09-18 02:29 578560 ----a-w- c:\windows\system32\dllcache\user32.dll 2009-09-12 18:17 . 2009-09-12 18:17 -------- d-----w- c:\program files\Vuze 2009-09-11 15:49 . 2009-09-11 15:49 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2009-09-10 22:04 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll 2009-09-03 01:38 . 2009-09-20 20:25 30720 ----a-w- c:\windows\system32\B22327DAE92BEBA3.exe 2009-08-31 19:51 . 2009-08-31 19:52 -------- d-----w- c:\program files\ImageConverter Plus 2009-08-31 19:46 . 2009-08-31 19:46 -------- d-----w- C:\temp . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-20 20:17 . 2008-09-18 17:14 -------- d-----w- c:\documents and settings\IBM\Application Data\HPAppData 2009-09-20 20:09 . 2008-07-12 21:52 -------- d-----w- c:\program files\CyberArmor 2009-09-20 02:53 . 2009-07-07 19:20 -------- d-----w- c:\documents and settings\IBM\Application Data\vlc 2009-09-20 01:05 . 2008-12-22 07:50 -------- d-----w- c:\documents and settings\IBM\Application Data\Azureus 2009-09-19 21:20 . 2008-07-21 23:40 -------- d-----w- c:\program files\Microsoft Office 2007 Complete Third Edition 2009-09-19 19:21 . 2009-05-25 02:20 -------- d-----w- c:\documents and settings\IBM\Application Data\LimeWire 2009-09-18 02:42 . 2008-09-20 00:00 -------- d-----w- c:\program files\Java 2009-09-18 02:29 . 1980-01-01 07:00 578560 ------w- c:\windows\system32\user32.dll 2009-09-16 19:59 . 2008-07-15 23:40 72408 ----a-w- c:\documents and settings\IBM\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-09-11 23:52 . 2009-05-29 05:50 -------- d-----w- c:\program files\Sprint Instinct Applications 2009-09-11 15:47 . 2008-12-25 15:37 -------- d-----w- c:\program files\Microsoft Silverlight 2009-09-11 02:02 . 2008-07-23 07:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-09-07 00:23 . 2008-09-03 20:14 -------- d-----w- c:\program files\ApexDC++ 2009-09-04 22:38 . 2008-11-09 01:46 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-08-22 04:59 . 2009-04-23 04:11 -------- d-----w- c:\program files\Starcraft 2009-08-12 01:25 . 2006-04-23 21:40 -------- d-----w- c:\program files\Symantec 2009-08-11 02:08 . 2006-04-23 21:41 -------- d-----w- c:\program files\Norton AntiVirus 2009-08-09 02:51 . 2006-04-23 21:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec 2009-08-05 16:41 . 2009-08-05 16:41 -------- d-----w- c:\program files\MasRizal 2009-08-05 09:01 . 1980-01-01 07:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-25 12:23 . 2008-11-28 08:53 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-07-17 19:01 . 1980-01-01 07:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-14 06:43 . 1980-01-01 07:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-03 17:09 . 1980-01-01 07:00 915456 ------w- c:\windows\system32\wininet.dll 2009-06-25 08:25 . 1980-01-01 07:00 730112 ----a-w- c:\windows\system32\lsasrv.dll 2009-06-25 08:25 . 1980-01-01 07:00 56832 ----a-w- c:\windows\system32\secur32.dll 2009-06-25 08:25 . 1980-01-01 07:00 54272 ----a-w- c:\windows\system32\wdigest.dll 2009-06-25 08:25 . 1980-01-01 07:00 301568 ----a-w- c:\windows\system32\kerberos.dll 2009-06-25 08:25 . 1980-01-01 07:00 147456 ----a-w- c:\windows\system32\schannel.dll 2009-06-25 08:25 . 1980-01-01 07:00 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-06-24 11:18 . 1980-01-01 07:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2005-05-26 21:35 . 2008-08-15 07:02 1422 ----a-w- c:\program files\ReadMe.txt . ((((((((((((((((((((((((((((( SnapShot@2009-09-18_02.33.56 ))))))))))))))))))))))))))))))))))))))))) . + 2009-09-20 20:25 . 2009-09-20 20:25 16384 c:\windows\temp\Perflib_Perfdata_46c.dat + 2009-09-18 02:42 . 2009-07-25 12:23 149280 c:\windows\system32\javaws.exe + 2009-09-18 02:42 . 2009-07-25 12:23 145184 c:\windows\system32\javaw.exe + 2009-09-18 02:42 . 2009-07-25 12:23 145184 c:\windows\system32\java.exe + 2009-07-10 17:39 . 2009-07-10 17:39 406640 c:\windows\Downloaded Program Files\fslauncher.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-08 110592] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-08 512000] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-05-04 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-05-04 126976] "TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2004-02-05 897024] "TPHOTKEY"="c:\progra~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2005-04-04 94208] "EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2005-03-23 217088] "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-09-02 127035] "PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2005-04-14 139264] "BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-04-14 208896] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152] "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-06 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312] "B22327DAE92BEBA3"="c:\windows\system32\B22327DAE92BEBA3.exe" [2009-09-20 30720] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "brastia"="c:\windows\system32\brastia.exe" [bU] "TpShocks"="TpShocks.exe" - c:\windows\system32\TpShocks.exe [2005-04-05 106496] "TP4EX"="tp4ex.exe" - c:\windows\system32\TP4EX.exe [2004-11-12 40960] c:\documents and settings\IBM\Start Menu\Programs\Startup\ Sprint media monitor.lnk - c:\windows\RM.exe [2009-5-28 222552] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] BTTray.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2005-5-24 565309] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey] 2004-08-13 03:11 24576 ----a-w- c:\windows\system32\tphklock.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\ApexDC++\\ApexDC.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Vuze\\Azureus.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Starcraft\\StarCraft.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= R0 Shockprf;Shockprf;c:\windows\system32\drivers\shockprf.sys [4/23/2006 2:22 PM 59776] R0 TPDiskPM;TPDiskPM;c:\windows\system32\drivers\TPDiskPM.sys [4/23/2006 2:23 PM 14208] R1 ShockMgr;ShockMgr;c:\windows\system32\drivers\ShockMgr.sys [4/23/2006 2:22 PM 4608] R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [4/23/2006 2:49 PM 4442] R3 TPInput;TPInput;c:\windows\system32\drivers\TPInput.sys [4/23/2006 2:23 PM 6016] R3 TPM11;NSC Integrated Trusted Platform Module 1.1;c:\windows\system32\drivers\nsctpm11.sys [1/1/1980 14336] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2008-08-15 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-12 19:34] 2009-09-20 c:\windows\Tasks\PMTask.job - c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2006-04-23 08:01] . . ------- Supplementary Scan ------- . uStart Page = hxxp://google.com/ uInternet Settings,ProxyOverride = *.local;<local> uInternet Settings,ProxyServer = http=localhost:7171 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Send To &Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm FF - ProfilePath - c:\documents and settings\IBM\Application Data\Mozilla\Firefox\Profiles\s7mq8r0t.default\ FF - prefs.js: browser.search.selectedEngine - Wikipedia (en) FF - prefs.js: browser.startup.homepage - Google.com FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10607&gct=&gc=1&q= FF - plugin: c:\documents and settings\IBM\Application Data\Mozilla\Firefox\Profiles\s7mq8r0t.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071301000019.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-20 13:25 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(724) c:\windows\system32\tphklock.dll - - - - - - - > 'explorer.exe'(2688) c:\windows\system32\WININET.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\btncopy.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ibmpmsvc.exe c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe c:\windows\system32\rundll32.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\Analog Devices\SoundMAX\SMAgent.exe c:\windows\system32\TPHDEXLG.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\Digital Line Detect\DLG.exe c:\program files\HP\Digital Imaging\bin\hpqtra08.exe c:\windows\system32\wscntfy.exe c:\program files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe c:\program files\Sprint Instinct Applications\MEMonitor.exe c:\program files\iPod\bin\iPodService.exe c:\program files\HP\Digital Imaging\bin\hpqste08.exe c:\program files\HP\Digital Imaging\bin\hpqbam08.exe c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe . ************************************************************************** . Completion time: 2009-09-20 13:29 - machine was rebooted ComboFix-quarantined-files.txt 2009-09-20 20:29 ComboFix2.txt 2009-09-18 02:37 Pre-Run: 44,404,191,232 bytes free Post-Run: 44,674,183,168 bytes free 227 --- E O F --- 2009-09-11 02:15 I think I did everything correctly but I didn't get the message box you mentioned in your note, hopefully it's not a major problem.
  14. Thanks for your help so far, things feel a bit faster but google search results are still hijacked and when my computer turns on the windows firewall remains off for a minute or two before suddenly coming online (this is a problem I had before as well that I forgot to mention).
  15. VirusTotal couldn't scan c:\windows\system32\1041e.exe but here is the report for c:\documents and settings\All Users\Application Data\SeekeenSrch\seekeen155.exe: Antivirus Version Last Update Result a-squared 4.5.0.24 2009.09.19 Adware.Win32.OneStep.cop!A2 AhnLab-V3 5.0.0.2 2009.09.19 - AntiVir 7.9.1.19 2009.09.18 TR/ATRAPS.Gen Antiy-AVL 2.0.3.7 2009.09.18 AdWare/Win32.OneStep.gen Authentium 5.1.2.4 2009.09.19 W32/Backdoor2.DTXM Avast 4.8.1351.0 2009.09.18 - AVG 8.5.0.412 2009.09.19 - BitDefender 7.2 2009.09.19 Backdoor.Generic.178986 CAT-QuickHeal 10.00 2009.09.19 Win32.Trojan.Agent.9c30f9ba ClamAV 0.94.1 2009.09.19 Adware.Onestep-13 Comodo 2370 2009.09.19 ApplicUnwnt.Win32.Adware.OneStep.~I DrWeb 5.0.0.12182 2009.09.19 - eSafe 7.0.17.0 2009.09.17 - eTrust-Vet 31.6.6746 2009.09.18 - F-Prot 4.5.1.85 2009.09.19 W32/Backdoor2.DTXM F-Secure 8.0.14470.0 2009.09.18 - Fortinet 3.120.0.0 2009.09.19 Adware/OneStep GData 19 2009.09.19 Backdoor.Generic.178986 Ikarus T3.1.1.72.0 2009.09.19 - Jiangmin 11.0.800 2009.09.19 Trojan/Agent.bzyh K7AntiVirus 7.10.849 2009.09.19 Trojan.Win32.Malware.1 Kaspersky 7.0.0.125 2009.09.19 - McAfee 5745 2009.09.18 potentially unwanted program Generic PUP McAfee+Artemis 5745 2009.09.18 potentially unwanted program Generic PUP McAfee-GW-Edition 6.8.5 2009.09.18 Trojan.ATRAPS.Gen Microsoft 1.5005 2009.09.19 BrowserModifier:Win32/OneStepSearch NOD32 4440 2009.09.19 a variant of Win32/Adware.OneStep Norman 6.01.09 2009.09.18 Onestep.A nProtect 2009.1.8.0 2009.09.19 Trojan-Clicker/W32.OneStep.4608.C Panda 10.0.2.2 2009.09.19 Adware/OneStep PCTools 4.4.2.0 2009.09.19 - Prevx 3.0 2009.09.19 High Risk Cloaked Malware Rising 21.47.52.00 2009.09.19 - Sophos 4.45.0 2009.09.19 OneStep Sunbelt 3.2.1858.2 2009.09.19 - Symantec 1.4.4.12 2009.09.19 Adware.OneStep TheHacker 6.5.0.2.012 2009.09.18 - TrendMicro 8.950.0.1094 2009.09.18 - VBA32 3.12.10.10 2009.09.18 AdWare.Win32.OneStep.mb ViRobot 2009.9.18.1943 2009.09.18 - VirusBuster 4.6.5.0 2009.09.18 Adware.OneStep.Gen Additional information File size: 4608 bytes MD5...: f932731b175f753bc0c7ff8f4508635d SHA1..: cca7b6d8d3e7a09a4d482db459e7e98945c78e98 SHA256: 651c942431c8095667812d3b16da8923c033f3476c09e879e918d735816beedb ssdeep: 48:a+hnfEE/c/9WlA/jYniUWFJfiTnls85/YUGUwisiBcJK/:XiE/c/9WlA/jYzz D/YUPwkyJK/ PEiD..: - PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x1000 timedatestamp.....: 0x4a9ed126 (Wed Sep 02 20:10:14 2009) machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x6dc 0x800 5.06 b910a1ac93cea622b69041fa1c25defa .rdata 0x2000 0x1b4 0x200 4.12 fc1cc58abf6a45141c358d40e78c2f7b .data 0x3000 0x3b0 0x200 2.76 74b8e66006c9571330faac4f3ea9406c .rsrc 0x4000 0x10 0x200 0.00 bf619eac0cdf3f68d496ea9344137e8b ( 2 imports ) > SHLWAPI.dll: StrToIntA > KERNEL32.dll: GetFileSize, lstrcpynA, CloseHandle, CreateFileA, CreateFileMappingA, ExitProcess, FlushViewOfFile, GetCommandLineA, GetProcAddress, GetSystemTime, LoadLibraryA, MapViewOfFile, UnmapViewOfFile ( 0 exports ) RDS...: NSRL Reference Data Set - pdfid.: - trid..: Win32 Executable Generic (42.3%) Win32 Dynamic Link Library (generic) (37.6%) Generic Win/DOS Executable (9.9%) DOS Executable Generic (9.9%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=83C7A8A800ABCBFF124B00952652F00008336BDC' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=83C7A8A800ABCBFF124B00952652F00008336BDC</a> sigcheck: publisher....: n/a copyright....: n/a product......: n/a description..: n/a original name: n/a internal name: n/a file version.: n/a comments.....: n/a signers......: - signing date.: - verified.....: Unsigned And the results of F-Secure: Scanning Report Saturday, September 19, 2009 13:27:37 - 14:21:11 Computer name: IBM-0882C88589A Scanning type: Scan system for malware, spyware and rootkits Target: C:\ 22 malware found Backdoor.Generic.178986 (spyware) * System (Disinfected) TrackingCookie.Advertising (spyware) * System (Disinfected) TrackingCookie.Atdmt (spyware) * System (Disinfected) Worm.Generic.87726 (spyware) * System (Disinfected) TrackingCookie.Mediaplex (spyware) * System (Disinfected) Trojan.Generic.1717562 (spyware) * System (Disinfected) Gen:Adware.Heur.Ly4@VywcYXoi (spyware) * System (Not cleaned) Trojan-Spy:W32/Ambler.gen!A (spyware) * System (Disinfected) Worm.Generic.87726 (virus) * C:\WINDOWS\SYSTEM32\1041E.EXE (Not cleaned) Trojan-Spy:W32/Ambler.gen!A (virus) * C:\WINDOWS\SYSTEM32\FAGW32.DLL (Not cleaned) Trojan-Spy:W32/Ambler.gen!A (virus) * C:\WINDOWS\SYSTEM32\GIXW32.DLL (Not cleaned) Trojan-Spy:W32/Ambler.gen!A (virus) * C:\WINDOWS\SYSTEM32\MAGKS32.DLL (Not cleaned) Trojan-Spy:W32/Ambler.gen!A (virus) * C:\WINDOWS\SYSTEM32\XAGKF32.DLL (Not cleaned) Backdoor.Generic.178986 (virus) * C:\PROGRAM FILES\SEEKEENSRCH\SEEKEEN.EXE (Not cleaned) Trojan.Generic.1644422 (virus) * C:\PROGRAM FILES\MICROSOFT OFFICE 2007 COMPLETE THIRD EDITION\LAUNCHER.EXE (Renamed & Submitted) Trojan.Generic.1644422 (virus) * C:\PROGRAM FILES\MICROSOFT OFFICE 2007 COMPLETE THIRD EDITION\MS OFFICE 2007\LAUNCHER.EXE (Renamed & Submitted) Trojan.Generic.1717562 (virus) * C:\PROGRAM FILES\INITIO\BUTTON MANAGER V1.874\INIHID.EXE (Not cleaned) Backdoor.Generic.178986 (virus) * C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SEEKEENSRCH\SEEKEEN147.EXE (Renamed & Submitted) Backdoor.Generic.178986 (virus) * C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SEEKEENSRCH\SEEKEEN149.EXE (Renamed & Submitted) Backdoor.Generic.178986 (virus) * C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SEEKEENSRCH\SEEKEEN151.EXE (Renamed & Submitted) Backdoor.Generic.178986 (virus) * C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SEEKEENSRCH\SEEKEEN153.EXE (Renamed & Submitted) Backdoor.Generic.178986 (virus) * C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SEEKEENSRCH\SEEKEEN155.EXE (Not cleaned) Statistics Scanned: * Files: 47741 * System: 3574 * Not scanned: 7 Actions: * Disinfected: 7 * Renamed: 6 * Deleted: 0 * Not cleaned: 9 * Submitted: 6 Files not scanned: * C:\PAGEFILE.SYS * C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT * C:\WINDOWS\SYSTEM32\CONFIG\SAM * C:\WINDOWS\SYSTEM32\CONFIG\SECURITY * C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE * C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM * C:\DOCUMENTS AND SETTINGS\IBM\LOCAL SETTINGS\TEMP\ETILQS_BETVAMLB0TZDESVDOUDL And now the Security Check report: Results of screen317's Security Check version 0.98.9 Windows XP Service Pack 3 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! CyberArmor WMIC entry does not exist for antivirus; attempting automatic update. `````````````````````````````` Anti-malware/Other Utilities Check: Spybot - Search & Destroy Malwarebytes' Anti-Malware HijackThis 2.0.2 IBM 32-bit Runtime Environment for Java 2, v1.4.2 Java 6 Update 15 Java 6 Update 7 IBM 32-bit Runtime Environment for Java 2, v1.4.2 Out of date Java installed! Adobe Flash Player 10 Adobe Reader 7.0 Out of date Adobe Reader installed! `````````````````````````````` Process Check: objlist.exe by Laurent IBM LOCALS~1 Temp OnlineScanner\Anti-Virus\fsgk32.exe IBM LOCALS~1 Temp OnlineScanner\Anti-Virus\fssm32.exe IBM LOCALS~1 Temp fsonlinescanner.exe `````````````````````````````` DNS Vulnerability Check: Unknown. This method cannot test your vulnerability to DNS cache poisoning. `````````End of Log``````````` I'll reboot my laptop and let you know how things are running
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.