SH99
-
Posts
13 -
Joined
-
Last visited
-
thanks for all the help. Things seem to be running ok now, no adverts/pop-ups have appeared. I ran a malwarebytes anti-malware scan just to have a check on things and the following 2 files came up with the vendor Adware.MyWebSearch - are they ok? C:\Program Files\MSNMessenger\riched20.dll C:\SystemVolumeInformation\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP378\A0092926.dll I know some checked the messenger one in an earlier post but we dont use msn messenger so is it safe to delete? Thanks
-
I think it worked ok this time. ComboFix 08-02.05.3 - Sonia Hernandez 2008-02-09 10:34:07.6 - NTFSx86 Running from: C:\Documents and Settings\Sonia Hernandez\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Sonia Hernandez\Desktop\CFScript.txt * Created a new restore point FILE C:\WINDOWS\system32\drivers\iyfhwfihjwcs.sys C:\WINDOWS\system32\drivers\qplqgbsygiis.sys C:\WINDOWS\system32\spads.dll c:\windows\system32\stlb2.xml . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\drivers\iyfhwfihjwcs.sys C:\WINDOWS\system32\drivers\qplqgbsygiis.sys C:\WINDOWS\system32\spads.dll c:\windows\system32\stlb2.xml . ((((((((((((((((((((((((( Files Created from 2008-01-09 to 2008-02-09 ))))))))))))))))))))))))))))))) . 2008-02-08 23:15 . 2004-08-04 04:56 388,608 --a------ C:\kmd.exe 2008-02-08 19:13 . 2008-02-08 19:13 <DIR> d-------- C:\Program Files\7-Zip 2008-02-06 13:19 . 2008-02-06 22:30 <DIR> d-------- C:\Program Files\Google 2008-02-05 23:46 . 2008-02-05 23:46 <DIR> d-------- C:\Program Files\Trend Micro 2008-02-05 22:24 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS 2008-02-05 19:51 . 2008-02-08 00:10 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2008-02-05 19:51 . 2008-02-07 22:50 30,590 --a------ C:\WINDOWS\system32\pavas.ico 2008-02-05 19:51 . 2008-02-07 22:50 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico 2008-02-05 19:51 . 2008-02-07 22:50 1,406 --a------ C:\WINDOWS\system32\Help.ico 2008-02-05 19:07 . 2008-02-05 19:07 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-02-05 19:07 . 2008-02-05 19:07 <DIR> d-------- C:\Documents and Settings\Sonia Hernandez\Application Data\Malwarebytes 2008-02-05 19:07 . 2008-02-05 19:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-02-05 18:05 . 2008-02-07 23:32 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-02-04 21:47 . 2008-02-04 21:47 <DIR> d-------- C:\Documents and Settings\Sonia Hernandez\Application Data\TrojanHunter 2008-02-04 20:54 . 2008-02-05 18:01 <DIR> d-------- C:\Program Files\TrojanHunter 5.0 2008-02-04 10:31 . 2007-03-06 13:24 55,296 --a------ C:\WINDOWS\system32\drivers\rp_skt32.sys 2008-02-04 10:28 . 2008-02-04 10:28 <DIR> d-------- C:\Program Files\Common Files\Authentium 2008-02-04 10:28 . 2007-04-19 11:36 48,384 --a------ C:\WINDOWS\system32\drivers\rp_pkt32.sys 2008-02-04 10:27 . 2008-02-04 10:27 <DIR> d-------- C:\Program Files\Raxco 2008-02-04 10:27 . 2008-02-04 10:27 <DIR> d-------- C:\Program Files\Common Files\Scanner 2008-02-04 10:27 . 2008-02-04 10:27 <DIR> d-------- C:\Program Files\CA 2008-02-04 10:27 . 2008-02-04 10:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Raxco 2008-02-03 22:43 . 2008-02-03 22:43 40,731 --a------ C:\WINDOWS\system32\superiorads-uninst.exe 2008-02-03 18:53 . 2008-02-03 18:53 <DIR> d-------- C:\Program Files\QuickTime 2008-01-29 23:34 . 2008-01-29 23:34 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2008-01-29 23:34 . 2008-01-29 23:34 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf 2008-01-29 23:18 . 2008-01-29 23:17 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll 2008-01-29 23:18 . 2008-01-29 23:17 20,520 --a------ C:\WINDOWS\system32\drivers\ggsemc.sys 2008-01-29 23:18 . 2008-01-29 23:17 13,352 --a------ C:\WINDOWS\system32\drivers\ggflt.sys 2008-01-29 22:50 . 2008-01-29 23:13 <DIR> d-------- C:\Program Files\Sony Ericsson 2008-01-29 22:50 . 2008-01-29 22:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson 2008-01-23 23:09 . 2008-01-04 21:58 129,784 --------- C:\WINDOWS\system32\pxafs.dll 2008-01-23 23:09 . 2008-01-04 21:58 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe 2008-01-23 23:09 . 2008-01-04 21:58 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe 2008-01-23 23:09 . 2008-01-04 21:58 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys 2008-01-23 23:09 . 2008-01-04 21:58 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys 2008-01-23 18:27 . 2008-01-24 17:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\vsosdk 2008-01-22 20:48 . 2008-01-22 20:48 <DIR> d-------- C:\Program Files\VSO 2008-01-22 20:48 . 2008-01-31 17:56 <DIR> d-------- C:\Documents and Settings\Sonia Hernandez\Application Data\Vso 2008-01-22 20:48 . 2006-09-29 11:24 217,127 --a------ C:\WINDOWS\system32\drv43260.dll 2008-01-22 20:48 . 2006-09-29 11:25 208,935 --a------ C:\WINDOWS\system32\drv33260.dll 2008-01-22 20:48 . 2006-09-29 11:26 176,165 --a------ C:\WINDOWS\system32\drv23260.dll 2008-01-22 20:48 . 2008-01-22 20:48 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys 2008-01-22 20:48 . 2008-01-22 20:48 47,360 --a------ C:\Documents and Settings\Sonia Hernandez\Application Data\pcouffin.sys 2008-01-18 19:30 . 2008-01-18 19:30 <DIR> d-------- C:\Documents and Settings\Sonia Hernandez\Application Data\InstallShield 2008-01-17 22:58 . 2008-01-23 23:12 69 --a------ C:\WINDOWS\NeroDigital.ini 2008-01-17 17:16 . 2008-01-17 17:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LightScribe 2008-01-17 17:15 . 2008-02-07 23:20 <DIR> d-------- C:\Program Files\Common Files\LightScribe 2008-01-17 17:12 . 2008-01-18 09:38 <DIR> d-------- C:\Documents and Settings\Sonia Hernandez\Application Data\Ahead 2008-01-17 17:08 . 2008-01-24 00:17 <DIR> d-------- C:\Program Files\Common Files\Ahead 2008-01-13 17:48 . 2008-01-13 18:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-01-13 17:39 . 2008-02-09 10:22 <DIR> d-------- C:\Documents and Settings\Sonia Hernandez\Application Data\uTorrent 2008-01-13 16:26 . 2008-01-13 16:26 <DIR> d-------- C:\Documents and Settings\Sonia Hernandez\Application Data\TomTom . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-07 23:32 --------- d-----w C:\Program Files\uTorrent 2008-02-07 23:24 --------- d-----w C:\Program Files\iTunes 2008-02-06 13:32 --------- d-----w C:\Program Files\Common Files\Adobe 2008-02-05 23:41 --------- d-----w C:\Program Files\MSN Messenger 2008-02-05 19:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-02-05 16:38 --------- d-----w C:\Program Files\Virgin Broadband 2008-02-04 10:33 --------- d-----w C:\Documents and Settings\Sonia Hernandez\Application Data\Virgin Broadband 2008-02-04 10:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Virgin Broadband 2008-02-04 10:17 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-01-23 23:09 --------- d-----w C:\Program Files\DivX 2008-01-22 22:29 --------- d-----w C:\Program Files\Lavasoft 2008-01-18 20:19 --------- d-----w C:\Program Files\Java 2008-01-18 20:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint 2008-01-13 17:27 --------- d-----w C:\Documents and Settings\Sonia Hernandez\Application Data\Lavasoft 2008-01-10 22:42 --------- d-----w C:\Documents and Settings\Sonia Hernandez\Application Data\LimeWire 2008-01-08 16:04 --------- d-----w C:\Program Files\iPod 2008-01-08 15:53 --------- d-----w C:\Program Files\Common Files\Apple 2008-01-05 15:14 94,688 -c--a-w C:\Documents and Settings\Sonia Hernandez\Application Data\GDIPFONTCACHEV1.DAT 2008-01-04 21:59 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2008-01-04 21:58 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2008-01-04 21:58 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2008-01-04 21:58 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2008-01-04 21:57 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2008-01-04 21:57 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2008-01-04 21:57 682,496 ----a-w C:\WINDOWS\system32\DivX.dll 2008-01-04 21:57 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2008-01-04 21:57 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2008-01-04 21:57 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2008-01-04 21:57 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2008-01-04 21:57 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2008-01-04 21:56 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2008-01-04 21:56 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2007-12-31 12:23 --------- d-----w C:\Program Files\Apple Software Update 2007-12-31 12:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple 2007-12-27 22:23 --------- d-----w C:\Documents and Settings\Sonia Hernandez\Application Data\DivX 2007-12-23 16:26 20,747 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys 2007-12-23 16:26 --------- d-----w C:\Program Files\BLUENEXT 2007-12-23 16:25 --------- d-----w C:\Program Files\Common Files\InstallShield 2004-10-01 04:27 326 -c-h--w C:\Documents and Settings\All Users\Application Data\mssaru.dat 2004-09-27 17:16 140 -c-ha-w C:\Documents and Settings\Sonia Hernandez\Application Data\ptads.bin 1998-08-24 12:09 10,000 -c--a-w C:\WINDOWS\inf\unregpn.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:56 15360] "LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 13:26 484904] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2007-10-18 15:42 356352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2003-09-21 18:06 151597] "Workflow"="D:\Workflow.exe" [ ] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-05 18:34 188416] "VCSPlayer"="C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe" [2002-06-07 11:34 299008] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-03 18:53 385024] "-FreedomNeedsReboot"="C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe" [2007-09-05 14:10 13552] "Broadbandadvisor.exe"="C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" [2007-08-07 18:49 2061552] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ BN-WD54G Wireless Client Utility.lnk - C:\Program Files\BLUENEXT\BN-WD54G\Installer\WINXP\BCU.exe [2007-12-23 16:26:17 593920] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, R1 vcsmpdrv;vcsmpdrv;C:\WINDOWS\system32\DRIVERS\vcsmpdrv.sys [2002-06-07 11:38] S2 Ca533av;USB PC Camera;C:\WINDOWS\system32\Drivers\Ca533av.sys [] S3 CA500AI;SPCA500A Still Image Capture, Sunplus Version 1.00;C:\WINDOWS\system32\Drivers\BULKUSB.sys [] S3 CA500AV;Digital Video Camera(Video);C:\WINDOWS\system32\DRIVERS\CA500AV.SYS [] S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-01-29 23:17] S3 MR97310_VGA_DUAL_CAMERA;Digital Camera;C:\WINDOWS\system32\DRIVERS\mr97310v.sys [] S3 USBCamera;Bulk USB Device;C:\WINDOWS\system32\Drivers\Bulk533.sys [] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{42a184c0-2abd-11d9-a907-806d6172696f}] \Shell\AutoRun\command - E:\RunGame.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" . Contents of the 'Scheduled Tasks' folder "2008-02-08 12:58:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2003-12-25 17:28:17 C:\WINDOWS\Tasks\Registration reminder 2.job" - C:\WINDOWS\System32\OOBE\oobebaln.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-09 10:37:27 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-02-09 10:38:51 ComboFix-quarantined-files.txt 2008-02-09 10:38:28 ComboFix2.txt 2008-02-08 23:45:10 ComboFix3.txt 2008-02-06 23:08:41 ComboFix4.txt 2008-01-15 19:48:21 . 2008-01-10 08:54:01 --- E O F ---
-
heres the Hijack This scan: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:50:02, on 08/02/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Virgin Broadband\PCguard\Fws.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Raxco\PerfectDisk\PDAgent.exe C:\WINDOWS\System32\tcpsvcs.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe C:\Program Files\BLUENEXT\BN-WD54G\Installer\WINXP\BCU.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Workflow] D:\Workflow.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe" O4 - HKLM\..\Run: [broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon O4 - Global Startup: BN-WD54G Wireless Client Utility.lnk = C:\Program Files\BLUENEXT\BN-WD54G\Installer\WINXP\BCU.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: Virgin Broadband PCguard Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe O23 - Service: PCguard Firewall (RP_FWS) - Virgin Media - C:\Program Files\Virgin Broadband\PCguard\Fws.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing) O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe -- End of file - 7989 bytes
-
ok finally here is the Combo fix log! When i clicked & dragged the txt file into combofix it worked but then it said that there was an error with windows and re-started my computer. When I was re-started the txt file was no longer on my desktop. I clicked in combofix and the below scan is what was created but several error messages appeared throughout the process saying there were some problems and the process will stop. Is everything I did what I was supposed to? I am going to do the Hijack scan now! ComboFix 08-02.05.3 - Sonia Hernandez 2008-02-08 23:38:25.5 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.39 [GMT 0:00] Running from: C:\Documents and Settings\Sonia Hernandez\Desktop\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2008-01-08 to 2008-02-08 ))))))))))))))))))))))))))))))) . 2008-02-08 19:13 . 2008-02-08 19:13 <DIR> d-------- C:\Program Files\7-Zip 2008-02-06 22:54 . 2004-08-04 04:56 388,608 --a------ C:\kmd.exe 2008-02-06 13:19 . 2008-02-06 22:30 <DIR> d-------- C:\Program Files\Google 2008-02-05 23:46 . 2008-02-05 23:46 <DIR> d-------- C:\Program Files\Trend Micro 2008-02-05 22:24 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS 2008-02-05 22:21 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\iyfhwfihjwcs.sys 2008-02-05 20:29 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\qplqgbsygiis.sys 2008-02-05 19:51 . 2008-02-08 00:10 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2008-02-05 19:51 . 2008-02-07 22:50 30,590 --a------ C:\WINDOWS\system32\pavas.ico 2008-02-05 19:51 . 2008-02-07 22:50 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico 2008-02-05 19:51 . 2008-02-07 22:50 1,406 --a------ C:\WINDOWS\system32\Help.ico 2008-02-05 19:07 . 2008-02-05 19:07 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-02-05 19:07 . 2008-02-05 19:07 <DIR> d-------- C:\Documents and Settings\Sonia Hernandez\Application Data\Malwarebytes 2008-02-05 19:07 . 2008-02-05 19:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-02-05 18:05 . 2008-02-07 23:32 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-02-04 21:47 . 2008-02-04 21:47 <DIR> d-------- C:\Documents and Settings\Sonia Hernandez\Application Data\TrojanHunter 2008-02-04 20:54 . 2008-02-05 18:01 <DIR> d-------- C:\Program Files\TrojanHunter 5.0 2008-02-04 10:31 . 2007-03-06 13:24 55,296 --a------ C:\WINDOWS\system32\drivers\rp_skt32.sys 2008-02-04 10:28 . 2008-02-04 10:28 <DIR> d-------- C:\Program Files\Common Files\Authentium 2008-02-04 10:28 . 2007-04-19 11:36 48,384 --a------ C:\WINDOWS\system32\drivers\rp_pkt32.sys 2008-02-04 10:27 . 2008-02-04 10:27 <DIR> d-------- C:\Program Files\Raxco 2008-02-04 10:27 . 2008-02-04 10:27 <DIR> d-------- C:\Program Files\Common Files\Scanner 2008-02-04 10:27 . 2008-02-04 10:27 <DIR> d-------- C:\Program Files\CA 2008-02-04 10:27 . 2008-02-04 10:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Raxco 2008-02-03 22:43 . 2008-02-03 22:43 40,731 --a------ C:\WINDOWS\system32\superiorads-uninst.exe 2008-02-03 18:53 . 2008-02-03 18:53 <DIR> d-------- C:\Program Files\QuickTime 2008-01-29 23:34 . 2008-01-29 23:34 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2008-01-29 23:34 . 2008-01-29 23:34 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf 2008-01-29 23:18 . 2008-01-29 23:17 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll 2008-01-29 23:18 . 2008-01-29 23:17 20,520 --a------ C:\WINDOWS\system32\drivers\ggsemc.sys 2008-01-29 23:18 . 2008-01-29 23:17 13,352 --a------ C:\WINDOWS\system32\drivers\ggflt.sys 2008-01-29 22:50 . 2008-01-29 23:13 <DIR> d-------- C:\Program Files\Sony Ericsson 2008-01-29 22:50 . 2008-01-29 22:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson 2008-01-23 23:09 . 2008-01-04 21:58 129,784 --------- C:\WINDOWS\system32\pxafs.dll 2008-01-23 23:09 . 2008-01-04 21:58 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe 2008-01-23 23:09 . 2008-01-04 21:58 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe 2008-01-23 23:09 . 2008-01-04 21:58 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys 2008-01-23 23:09 . 2008-01-04 21:58 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys 2008-01-23 18:27 . 2008-01-24 17:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\vsosdk 2008-01-22 20:48 . 2008-01-22 20:48 <DIR> d-------- C:\Program Files\VSO 2008-01-22 20:48 . 2008-01-31 17:56 <DIR> d-------- C:\Documents and Settings\Sonia Hernandez\Application Data\Vso 2008-01-22 20:48 . 2006-09-29 11:24 217,127 --a------ C:\WINDOWS\system32\drv43260.dll 2008-01-22 20:48 . 2006-09-29 11:25 208,935 --a------ C:\WINDOWS\system32\drv33260.dll 2008-01-22 20:48 . 2006-09-29 11:26 176,165 --a------ C:\WINDOWS\system32\drv23260.dll 2008-01-22 20:48 . 2008-01-22 20:48 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys 2008-01-22 20:48 . 2008-01-22 20:48 47,360 --a------ C:\Documents and Settings\Sonia Hernandez\Application Data\pcouffin.sys 2008-01-18 19:30 . 2008-01-18 19:30 <DIR> d-------- C:\Documents and Settings\Sonia Hernandez\Application Data\InstallShield 2008-01-17 22:58 . 2008-01-23 23:12 69 --a------ C:\WINDOWS\NeroDigital.ini 2008-01-17 17:16 . 2008-01-17 17:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LightScribe 2008-01-17 17:15 . 2008-02-07 23:20 <DIR> d-------- C:\Program Files\Common Files\LightScribe 2008-01-17 17:12 . 2008-01-18 09:38 <DIR> d-------- C:\Documents and Settings\Sonia Hernandez\Application Data\Ahead 2008-01-17 17:08 . 2008-01-24 00:17 <DIR> d-------- C:\Program Files\Common Files\Ahead 2008-01-13 17:48 . 2008-01-13 18:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-01-13 17:39 . 2008-02-08 23:03 <DIR> d-------- C:\Documents and Settings\Sonia Hernandez\Application Data\uTorrent 2008-01-13 16:26 . 2008-01-13 16:26 <DIR> d-------- C:\Documents and Settings\Sonia Hernandez\Application Data\TomTom 2008-01-08 16:03 . 2008-02-07 23:24 <DIR> d-------- C:\Program Files\iTunes 2008-01-08 15:53 . 2008-01-08 15:53 <DIR> d-------- C:\Program Files\Common Files\Apple 2008-01-08 01:16 . 2008-01-08 01:16 630,784 --a------ C:\WINDOWS\system32\divxdec.ax . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-07 23:32 --------- d-----w C:\Program Files\uTorrent 2008-02-06 13:32 --------- d-----w C:\Program Files\Common Files\Adobe 2008-02-05 23:41 --------- d-----w C:\Program Files\MSN Messenger 2008-02-05 19:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-02-05 16:38 --------- d-----w C:\Program Files\Virgin Broadband 2008-02-04 10:33 --------- d-----w C:\Documents and Settings\Sonia Hernandez\Application Data\Virgin Broadband 2008-02-04 10:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Virgin Broadband 2008-02-04 10:17 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-01-23 23:09 --------- d-----w C:\Program Files\DivX 2008-01-22 22:29 --------- d-----w C:\Program Files\Lavasoft 2008-01-18 20:19 --------- d-----w C:\Program Files\Java 2008-01-18 20:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint 2008-01-13 17:27 --------- d-----w C:\Documents and Settings\Sonia Hernandez\Application Data\Lavasoft 2008-01-10 22:42 --------- d-----w C:\Documents and Settings\Sonia Hernandez\Application Data\LimeWire 2008-01-08 16:04 --------- d-----w C:\Program Files\iPod 2008-01-05 15:14 94,688 -c--a-w C:\Documents and Settings\Sonia Hernandez\Application Data\GDIPFONTCACHEV1.DAT 2007-12-31 12:23 --------- d-----w C:\Program Files\Apple Software Update 2007-12-31 12:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple 2007-12-27 22:23 --------- d-----w C:\Documents and Settings\Sonia Hernandez\Application Data\DivX 2007-12-23 16:26 20,747 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys 2007-12-23 16:26 --------- d-----w C:\Program Files\BLUENEXT 2007-12-23 16:25 --------- d-----w C:\Program Files\Common Files\InstallShield 2004-10-01 04:27 326 -c-h--w C:\Documents and Settings\All Users\Application Data\mssaru.dat 2004-09-27 17:16 140 -c-ha-w C:\Documents and Settings\Sonia Hernandez\Application Data\ptads.bin . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:56 15360] "LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 13:26 484904] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2007-10-18 15:42 356352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2003-09-21 18:06 151597] "Workflow"="D:\Workflow.exe" [ ] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-05 18:34 188416] "VCSPlayer"="C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe" [2002-06-07 11:34 299008] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-03 18:53 385024] "-FreedomNeedsReboot"="C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe" [2007-09-05 14:10 13552] "Broadbandadvisor.exe"="C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" [2007-08-07 18:49 2061552] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ BN-WD54G Wireless Client Utility.lnk - C:\Program Files\BLUENEXT\BN-WD54G\Installer\WINXP\BCU.exe [2007-12-23 16:26:17 593920] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, R1 vcsmpdrv;vcsmpdrv;C:\WINDOWS\system32\DRIVERS\vcsmpdrv.sys [2002-06-07 11:38] R2 VCSSecS;Virtual CD v4 Security service (SDK - Version);C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe [2002-05-16 11:17] S2 Ca533av;USB PC Camera;C:\WINDOWS\system32\Drivers\Ca533av.sys [] S3 CA500AI;SPCA500A Still Image Capture, Sunplus Version 1.00;C:\WINDOWS\system32\Drivers\BULKUSB.sys [] S3 CA500AV;Digital Video Camera(Video);C:\WINDOWS\system32\DRIVERS\CA500AV.SYS [] S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-01-29 23:17] S3 MR97310_VGA_DUAL_CAMERA;Digital Camera;C:\WINDOWS\system32\DRIVERS\mr97310v.sys [] S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\System32\svchost.exe [2004-08-04 04:56] S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\System32\svchost.exe [2004-08-04 04:56] S3 p2psvc;Peer Networking;C:\WINDOWS\System32\svchost.exe [2004-08-04 04:56] S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\System32\svchost.exe [2004-08-04 04:56] S3 Radialpoint Security Services;Virgin Broadband PCguard;C:\WINDOWS\system32\dllhost.exe [2004-08-04 04:56] S3 USBCamera;Bulk USB Device;C:\WINDOWS\system32\Drivers\Bulk533.sys [] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{42a184c0-2abd-11d9-a907-806d6172696f}] \Shell\AutoRun\command - E:\RunGame.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" . Contents of the 'Scheduled Tasks' folder "2008-02-08 12:58:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2003-12-25 17:28:17 C:\WINDOWS\Tasks\Registration reminder 2.job" - C:\WINDOWS\System32\OOBE\oobebaln.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-08 23:42:37 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-02-08 23:45:09 ComboFix-quarantined-files.txt 2008-02-08 23:44:58 ComboFix2.txt 2008-02-06 23:08:41 ComboFix3.txt 2008-01-15 19:48:21 . 2008-01-10 08:54:01 --- E O F ---
-
About 20mins! Did I just have to click and drag that notepad file into combofix?
-
I have copied the file into combofix as instructed but it is taking an awful long time - is this normal? Its been running for a while yet the progress bar only has 4 bars so far! Thanks
-
Below are requested scans: Panda Scan: Incident Status Location Adware:adware/powersearch Not disinfected c:\windows\system32\stlb2.xml Adware:adware/elitebar Not disinfected c:\windows\downloaded program files\v2.dll Adware:adware/toprebates Not disinfected c:\windows\downloaded program files\WinadX.inf Potentially unwanted tool:application/altnet Not disinfected hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\AltnetDM Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Sonia Hernandez\Cookies\sonia_hernandez@overture[1].txt Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Sonia Hernandez\Desktop\ComboFix.exe[327882R2FWJFW\nircmd.com] Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Sonia Hernandez\Desktop\ComboFix.exe[327882R2FWJFW\nircmd.cfexe] Possible Virus. Not disinfected C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe Adware:Adware/TrafficSol Not disinfected C:\Program Files\Trend Micro\HijackThis\backups\backup-20080206-224809-335.dll Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL.vir Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL.vir Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL.vir Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL.vir Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL.vir Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL.vir Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL.vir Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL.vir Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL.vir Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL.vir Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL.vir Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\QooBox\Quarantine\C\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL.vir Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\QooBox\Quarantine\catchme2008-01-15_194314.72.zip[F3HTMLMU.DLL] Spyware:Spyware/Omi Not disinfected C:\WINDOWS\Downloaded Program Files\actsetup.dll Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\NirCmd.exe Potentially unwanted tool:Application/Pskill.A Not disinfected C:\WINDOWS\RESTORE.INS[C:/OEMCUST/TOOLS/WIN32/PSKILL.EXE] Potentially unwanted tool:Application/Pskill.A Not disinfected C:\WINDOWS\system\RESTORE.INS[C:/OEMCUST/TOOLS/WIN32/PSKILL.EXE] Virus:W32/Sasser.ftp Disinfected C:\WINDOWS\system32\cmd.ftp Adware:Adware/IST.ISTBar Not disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\W5KDSF23\test[1].htm Adware:Adware/TrafficSol Not disinfected C:\WINDOWS\system32\spads.dll HJT scan: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:04:06, on 08/02/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Virgin Broadband\PCguard\Fws.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Raxco\PerfectDisk\PDAgent.exe C:\WINDOWS\System32\tcpsvcs.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\BLUENEXT\BN-WD54G\Installer\WINXP\BCU.exe C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Workflow] D:\Workflow.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe" O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe" O4 - HKLM\..\Run: [broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\RunOnce: [indexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon O4 - HKCU\..\RunOnce: [indexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe" O4 - Global Startup: BN-WD54G Wireless Client Utility.lnk = C:\Program Files\BLUENEXT\BN-WD54G\Installer\WINXP\BCU.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: Virgin Broadband PCguard Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe O23 - Service: PCguard Firewall (RP_FWS) - Virgin Media - C:\Program Files\Virgin Broadband\PCguard\Fws.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing) O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe -- End of file - 8406 bytes
-
Oh ok! I deleted the files you said to earlier so wonder why they didnt show! Also can I just check, about to do the panda scan but I did one on Tues 5th of 'My Computer' and it came back with no viruses found - should I still run another one now? Thanks
-
Hi Yes i think i posted the whole scan but just in case i saved it so here it is again. I am deleting those files you said now and working on the scans which I will post in the next reply.
-
Thank you for your help! In answer to your questions about knowing what those files are, we have no idea! Should I run the HJT scan again and fix those too? ComboFix 08-02.05.3 - Sonia Hernandez 2008-02-06 23:00:50.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.49 [GMT 0:00]Running from: C:\Documents and Settings\Sonia Hernandez\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2008-01-06 to 2008-02-06 ))))))))))))))))))))))))))))))) . 2008-02-06 22:31 . 2008-02-06 22:31 <DIR> d-------- C:\WINDOWS\LastGood 2008-02-06 13:19 . 2008-02-06 22:30 <DIR> d-------- C:\Program Files\Google 2008-02-05 23:46 . 2008-02-05 23:46 <DIR> d-------- C:\Program Files\Trend Micro 2008-02-05 22:24 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS 2008-02-05 22:21 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\iyfhwfihjwcs.sys 2008-02-05 20:29 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\qplqgbsygiis.sys 2008-02-05 19:51 . 2008-02-05 23:18 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2008-02-05 19:51 . 2008-02-05 22:10 30,590 --a------ C:\WINDOWS\system32\pavas.ico 2008-02-05 19:51 . 2008-02-05 22:10 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico 2008-02-05 19:51 . 2008-02-05 22:10 1,406 --a------ C:\WINDOWS\system32\Help.ico 2008-02-05 19:07 . 2008-02-05 19:07 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-02-05 19:07 . 2008-02-05 19:07 <DIR> d-------- C:\Documents and Settings\Sonia Hernandez\Application Data\Malwarebytes 2008-02-05 19:07 . 2008-02-05 19:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-02-05 18:05 . 2008-02-05 22:56 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-02-05 08:38 . 2008-02-05 08:38 <DIR> d-------- C:\Program Files\Enigma Software Group 2008-02-04 21:47 . 2008-02-04 21:47 <DIR> d-------- C:\Documents and Settings\Sonia Hernandez\Application Data\TrojanHunter 2008-02-04 20:54 . 2008-02-05 18:01 <DIR> d-------- C:\Program Files\TrojanHunter 5.0 2008-02-04 10:31 . 2007-03-06 13:24 55,296 --a------ C:\WINDOWS\system32\drivers\rp_skt32.sys 2008-02-04 10:28 . 2008-02-04 10:28 <DIR> d-------- C:\Program Files\Common Files\Authentium 2008-02-04 10:28 . 2007-04-19 11:36 48,384 --a------ C:\WINDOWS\system32\drivers\rp_pkt32.sys 2008-02-04 10:27 . 2008-02-04 10:27 <DIR> d-------- C:\Program Files\Raxco 2008-02-04 10:27 . 2008-02-04 10:27 <DIR> d-------- C:\Program Files\Common Files\Scanner 2008-02-04 10:27 . 2008-02-04 10:27 <DIR> d-------- C:\Program Files\CA 2008-02-04 10:27 . 2008-02-04 10:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Raxco 2008-02-03 22:43 . 2008-02-03 22:43 40,731 --a------ C:\WINDOWS\system32\superiorads-uninst.exe 2008-02-03 18:53 . 2008-02-03 18:53 <DIR> d-------- C:\Program Files\QuickTime 2008-01-29 23:34 . 2008-01-29 23:34 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2008-01-29 23:34 . 2008-01-29 23:34 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf 2008-01-29 23:18 . 2008-01-29 23:17 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll 2008-01-29 23:18 . 2008-01-29 23:17 20,520 --a------ C:\WINDOWS\system32\drivers\ggsemc.sys 2008-01-29 23:18 . 2008-01-29 23:17 13,352 --a------ C:\WINDOWS\system32\drivers\ggflt.sys 2008-01-29 22:50 . 2008-01-29 23:13 <DIR> d-------- C:\Program Files\Sony Ericsson 2008-01-29 22:50 . 2008-01-29 22:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson 2008-01-23 23:09 . 2008-01-04 21:58 129,784 --------- C:\WINDOWS\system32\pxafs.dll 2008-01-23 23:09 . 2008-01-04 21:58 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe 2008-01-23 23:09 . 2008-01-04 21:58 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe 2008-01-23 23:09 . 2008-01-04 21:58 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys 2008-01-23 23:09 . 2008-01-04 21:58 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys 2008-01-23 18:27 . 2008-01-24 17:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\vsosdk 2008-01-22 20:48 . 2008-01-22 20:48 <DIR> d-------- C:\Program Files\VSO 2008-01-22 20:48 . 2008-01-31 17:56 <DIR> d-------- C:\Documents and Settings\Sonia Hernandez\Application Data\Vso 2008-01-22 20:48 . 2006-09-29 11:24 217,127 --a------ C:\WINDOWS\system32\drv43260.dll 2008-01-22 20:48 . 2006-09-29 11:25 208,935 --a------ C:\WINDOWS\system32\drv33260.dll 2008-01-22 20:48 . 2006-09-29 11:26 176,165 --a------ C:\WINDOWS\system32\drv23260.dll 2008-01-22 20:48 . 2008-01-22 20:48 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys 2008-01-22 20:48 . 2008-01-22 20:48 47,360 --a------ C:\Documents and Settings\Sonia Hernandez\Application Data\pcouffin.sys 2008-01-18 19:30 . 2008-01-18 19:30 <DIR> d-------- C:\Documents and Settings\Sonia Hernandez\Application Data\InstallShield 2008-01-17 22:58 . 2008-01-23 23:12 69 --a------ C:\WINDOWS\NeroDigital.ini 2008-01-17 17:16 . 2008-01-17 17:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LightScribe 2008-01-17 17:15 . 2008-02-05 22:49 <DIR> d-------- C:\Program Files\Common Files\LightScribe 2008-01-17 17:12 . 2008-01-18 09:38 <DIR> d-------- C:\Documents and Settings\Sonia Hernandez\Application Data\Ahead 2008-01-17 17:08 . 2008-01-24 00:17 <DIR> d-------- C:\Program Files\Common Files\Ahead 2008-01-13 17:48 . 2008-01-13 18:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-01-13 17:39 . 2008-02-04 10:34 <DIR> d-------- C:\Documents and Settings\Sonia Hernandez\Application Data\uTorrent 2008-01-13 16:26 . 2008-01-13 16:26 <DIR> d-------- C:\Documents and Settings\Sonia Hernandez\Application Data\TomTom 2008-01-08 16:03 . 2008-02-05 22:51 <DIR> d-------- C:\Program Files\iTunes 2008-01-08 15:53 . 2008-01-08 15:53 <DIR> d-------- C:\Program Files\Common Files\Apple 2008-01-08 01:16 . 2008-01-08 01:16 630,784 --a------ C:\WINDOWS\system32\divxdec.ax . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-06 13:32 --------- d-----w C:\Program Files\Common Files\Adobe 2008-02-05 23:41 --------- d-----w C:\Program Files\MSN Messenger 2008-02-05 19:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-02-05 16:38 --------- d-----w C:\Program Files\Virgin Broadband 2008-02-04 10:33 --------- d-----w C:\Documents and Settings\Sonia Hernandez\Application Data\Virgin Broadband 2008-02-04 10:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Virgin Broadband 2008-02-04 10:17 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-01-23 23:09 --------- d-----w C:\Program Files\DivX 2008-01-22 22:29 --------- d-----w C:\Program Files\Lavasoft 2008-01-18 20:19 --------- d-----w C:\Program Files\Java 2008-01-18 20:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint 2008-01-13 17:27 --------- d-----w C:\Documents and Settings\Sonia Hernandez\Application Data\Lavasoft 2008-01-10 22:42 --------- d-----w C:\Documents and Settings\Sonia Hernandez\Application Data\LimeWire 2008-01-08 16:04 --------- d-----w C:\Program Files\iPod 2008-01-05 15:14 94,688 -c--a-w C:\Documents and Settings\Sonia Hernandez\Application Data\GDIPFONTCACHEV1.DAT 2007-12-31 12:23 --------- d-----w C:\Program Files\Apple Software Update 2007-12-31 12:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple 2007-12-27 22:23 --------- d-----w C:\Documents and Settings\Sonia Hernandez\Application Data\DivX 2007-12-23 16:26 20,747 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys 2007-12-23 16:26 --------- d-----w C:\Program Files\BLUENEXT 2007-12-23 16:25 --------- d-----w C:\Program Files\Common Files\InstallShield 2004-10-01 04:27 326 -c-h--w C:\Documents and Settings\All Users\Application Data\mssaru.dat 2004-09-27 17:16 140 -c-ha-w C:\Documents and Settings\Sonia Hernandez\Application Data\ptads.bin . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:56 15360] "LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 13:26 484904] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2007-10-18 15:42 356352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2003-09-21 18:06 151597] "Workflow"="D:\Workflow.exe" [ ] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-05 18:34 188416] "VCSPlayer"="C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe" [2002-06-07 11:34 299008] "CleanEasyImg"="c:\apps\easydvd\cleanall.exe" [ ] "delcab"="C:\drivers\deltreew.exe" [ ] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-03 18:53 385024] "PCguard"="C:\Program Files\Virgin Broadband\PCguard\Rps.exe" [2007-09-05 14:10 310000] "-FreedomNeedsReboot"="C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe" [2007-09-05 14:10 13552] "Broadbandadvisor.exe"="C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" [2007-08-07 18:49 2061552] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ BN-WD54G Wireless Client Utility.lnk - C:\Program Files\BLUENEXT\BN-WD54G\Installer\WINXP\BCU.exe [2007-12-23 16:26:17 593920] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, R1 vcsmpdrv;vcsmpdrv;C:\WINDOWS\system32\DRIVERS\vcsmpdrv.sys [2002-06-07 11:38] R2 VCSSecS;Virtual CD v4 Security service (SDK - Version);C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe [2002-05-16 11:17] S2 Ca533av;USB PC Camera;C:\WINDOWS\system32\Drivers\Ca533av.sys [] S3 CA500AI;SPCA500A Still Image Capture, Sunplus Version 1.00;C:\WINDOWS\system32\Drivers\BULKUSB.sys [] S3 CA500AV;Digital Video Camera(Video);C:\WINDOWS\system32\DRIVERS\CA500AV.SYS [] S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-01-29 23:17] S3 MR97310_VGA_DUAL_CAMERA;Digital Camera;C:\WINDOWS\system32\DRIVERS\mr97310v.sys [] S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\System32\svchost.exe [2004-08-04 04:56] S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\System32\svchost.exe [2004-08-04 04:56] S3 p2psvc;Peer Networking;C:\WINDOWS\System32\svchost.exe [2004-08-04 04:56] S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\System32\svchost.exe [2004-08-04 04:56] S3 Radialpoint Security Services;Virgin Broadband PCguard;C:\WINDOWS\system32\dllhost.exe [2004-08-04 04:56] S3 USBCamera;Bulk USB Device;C:\WINDOWS\system32\Drivers\Bulk533.sys [] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{42a184c0-2abd-11d9-a907-806d6172696f}] \Shell\AutoRun\command - E:\RunGame.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" . Contents of the 'Scheduled Tasks' folder "2008-01-04 12:58:10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2003-12-25 17:28:17 C:\WINDOWS\Tasks\Registration reminder 2.job" - C:\WINDOWS\System32\OOBE\oobebaln.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-06 23:05:32 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-02-06 23:08:40 ComboFix-quarantined-files.txt 2008-02-06 23:08:35 ComboFix2.txt 2008-01-15 19:48:21 . 2008-01-10 08:54:01 --- E O F --- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:13:10, on 06/02/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Virgin Broadband\PCguard\Fws.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Raxco\PerfectDisk\PDAgent.exe C:\WINDOWS\System32\tcpsvcs.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe C:\Program Files\BLUENEXT\BN-WD54G\Installer\WINXP\BCU.exe C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Workflow] D:\Workflow.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe" O4 - HKLM\..\Run: [CleanEasyImg] c:\apps\easydvd\cleanall.exe O4 - HKLM\..\Run: [delcab] C:\drivers\deltreew.exe C:\cabs O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe" O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe" O4 - HKLM\..\Run: [broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon O4 - Global Startup: BN-WD54G Wireless Client Utility.lnk = C:\Program Files\BLUENEXT\BN-WD54G\Installer\WINXP\BCU.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: Virgin Broadband PCguard Update Service (RPSUpdaterR) - Virgin Media - C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe O23 - Service: PCguard Firewall (RP_FWS) - Virgin Media - C:\Program Files\Virgin Broadband\PCguard\Fws.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing) O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe -- End of file - 8330 bytes
-
I have now sent you the requested file. Below is the log for the Hijack scan: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:48:07, on 05/02/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Virgin Broadband\PCguard\Fws.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Raxco\PerfectDisk\PDAgent.exe C:\WINDOWS\System32\tcpsvcs.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\System32\Rundll32.exe C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe C:\Program Files\BLUENEXT\BN-WD54G\Installer\WINXP\BCU.exe C:\Program Files\Virgin Broadband\advisor\BroadbandadvisorComHandler.exe C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: browser optimizer superiorads - {8E015787-B1E3-404a-95DE-3E71E1FA0305} - C:\WINDOWS\system32\spads.dll O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Workflow] D:\Workflow.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe" O4 - HKLM\..\Run: [CleanEasyImg] c:\apps\easydvd\cleanall.exe O4 - HKLM\..\Run: [delcab] C:\drivers\deltreew.exe C:\cabs O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\spads.dll" DllVerify O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe" O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe" O4 - HKLM\..\Run: [broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon O4 - Global Startup: BN-WD54G Wireless Client Utility.lnk = C:\Program Files\BLUENEXT\BN-WD54G\Installer\WINXP\BCU.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZUxdm080YYGB O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: Virgin Broadband PCguard Update Service (RPSUpdaterR) - Virgin Media - C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe O23 - Service: PCguard Firewall (RP_FWS) - Virgin Media - C:\Program Files\Virgin Broadband\PCguard\Fws.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing) O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe -- End of file - 8499 bytes
-
Hi I have followed the instructions to locate the file but how do I 'zip it up' to email it to you? Once I will do this I will complete the HIjack Log. Do I still need to do the Panda scan? If so where are the instructions to do this as I tried to do a scan but not sure if it worked properly and didn't really know how to find my way around! Thanks
-
Hi My computer has recently been taken over by a load of spyware and I am continually getting pop-ups with ads served by Dcads in the subject box along top. I have read your instructions on what programs I need to run and which logs I need to post on here for you to be able to analyse the problem. I hope you can help! First the below is the log from the MBAM scan: Malwarebytes' Anti-Malware 1.02 Database version: 320 Scan type: Full Scan (C:\|) Objects scanned: 72634 Time elapsed: 36 minute(s), 48 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 9 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Program Files\MSN Messenger\riched20.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP377\A0090093.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP377\A0090103.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP377\A0091094.exe (Adware.WebHancer) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP377\A0091095.dll (Adware.WebHancer) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP377\A0091096.dll (Adware.WebHancer) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP377\A0091097.exe (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Documents and Settings\Sonia Hernandez\Application Data\inst.exe (Heuristics.Malware) -> Quarantined and deleted successfully.