Jump to content

theo38

Members
  • Posts

    4
  • Joined

  • Last visited

Everything posted by theo38

  1. Hi there, Firstly, many thanks for your advice to run ComboxFix - it seems to have worked! I'm just posting the log it produced however, as this is what I was advised to do: ComboFix 09-11-16.05 - User 16/11/2009 10:09..2 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1480 [GMT 0:00] Running from: c:\documents and settings\User\Desktop\ComboFix.exe AV: avast! antivirus 4.8.1356 [VPS 091115-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\User\Local Settings\Application Data\{7A3BBF25-42BC-43E6-A646-B3B2F1D3E356} c:\documents and settings\User\Local Settings\Application Data\{7A3BBF25-42BC-43E6-A646-B3B2F1D3E356}\chrome.manifest c:\documents and settings\User\Local Settings\Application Data\{7A3BBF25-42BC-43E6-A646-B3B2F1D3E356}\chrome\content\_cfg.js c:\documents and settings\User\Local Settings\Application Data\{7A3BBF25-42BC-43E6-A646-B3B2F1D3E356}\chrome\content\overlay.xul c:\documents and settings\User\Local Settings\Application Data\{7A3BBF25-42BC-43E6-A646-B3B2F1D3E356}\install.rdf c:\program files\Mozilla Firefox\searchplugins\search.xml c:\windows\Install.txt c:\windows\run.log c:\windows\system32\install.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED} -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE} ((((((((((((((((((((((((( Files Created from 2009-10-16 to 2009-11-16 ))))))))))))))))))))))))))))))) . 2009-11-13 10:19 . 2009-11-13 10:19 -------- d-----w- C:\$AVG 2009-11-13 10:18 . 2009-11-13 10:18 -------- d-----w- c:\program files\AVG 2009-11-13 09:40 . 2009-11-13 09:40 -------- d-----w- c:\program files\Trend Micro 2009-11-11 12:13 . 2009-11-11 12:13 -------- d-----w- c:\windows\McAfee.com 2009-11-11 10:08 . 2009-11-11 10:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2009-11-11 09:12 . 2004-08-03 22:29 19551 ----a-w- c:\windows\system32\dllcache\watv02nt.sys 2009-11-11 09:11 . 2001-08-17 13:58 22912 ----a-w- c:\windows\system32\dllcache\umaxpcls.sys 2009-11-11 09:10 . 2001-08-17 12:50 36640 ----a-w- c:\windows\system32\dllcache\t2r4mini.sys 2009-11-11 09:09 . 2001-08-17 12:12 25034 ----a-w- c:\windows\system32\dllcache\smcpwr2n.sys 2009-11-11 09:08 . 2001-08-17 22:36 57856 ----a-w- c:\windows\system32\dllcache\EXCH_scripto.dll 2009-11-11 09:07 . 2001-08-17 13:28 714762 ----a-w- c:\windows\system32\dllcache\r2mdmkxx.sys 2009-11-11 09:06 . 2001-08-17 22:36 41984 ----a-w- c:\windows\system32\dllcache\ovui2rc.dll 2009-11-11 09:05 . 2001-08-17 14:56 91488 ----a-w- c:\windows\system32\dllcache\n9i3disp.dll 2009-11-11 09:04 . 2004-08-04 04:00 92416 ----a-w- c:\windows\system32\dllcache\mga.sys 2009-11-11 09:03 . 2001-08-17 13:51 18688 ----a-w- c:\windows\system32\dllcache\irsir.sys 2009-11-11 09:02 . 2001-08-17 13:28 115807 ----a-w- c:\windows\system32\dllcache\hsf_fsks.sys 2009-11-11 09:01 . 2001-08-17 22:36 43520 ----a-w- c:\windows\system32\dllcache\EXCH_fcachdll.dll 2009-11-11 09:00 . 2008-04-13 19:40 8320 ----a-w- c:\windows\system32\dllcache\dlttape.sys 2009-11-11 08:59 . 2008-04-13 19:46 17024 ----a-w- c:\windows\system32\dllcache\ccdecode.sys 2009-11-11 08:58 . 2001-08-17 14:56 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll 2009-11-11 08:58 . 2004-08-04 04:00 7680 ----a-w- c:\windows\system32\dllcache\inetmgr.exe 2009-11-11 08:58 . 2004-08-04 04:00 5632 ----a-w- c:\windows\system32\dllcache\iisrstap.dll 2009-11-11 08:58 . 2004-08-04 04:00 19968 ----a-w- c:\windows\system32\dllcache\inetsloc.dll 2009-11-11 08:58 . 2004-08-04 04:00 169984 ----a-w- c:\windows\system32\dllcache\iisui.dll 2009-11-11 08:58 . 2004-08-04 04:00 6144 ----a-w- c:\windows\system32\dllcache\ftpsapi2.dll 2009-11-11 08:58 . 2004-08-04 04:00 14336 ----a-w- c:\windows\system32\dllcache\iisreset.exe 2009-11-11 08:41 . 2009-11-11 08:41 -------- d-sh--w- c:\documents and settings\User\IECompatCache 2009-11-10 17:06 . 2009-11-11 12:22 -------- d-----w- c:\program files\Free Window Registry Repair 2009-11-10 17:06 . 2009-11-10 17:06 -------- d-----w- c:\documents and settings\User\Application Data\Registry Mechanic 2009-11-10 16:18 . 2009-11-10 16:18 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2009-11-10 15:51 . 2009-11-13 09:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2009-11-10 15:49 . 2009-11-11 12:33 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-11-10 15:49 . 2009-11-11 12:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-11-10 13:37 . 2009-11-10 13:37 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes 2009-11-10 13:37 . 2009-11-10 13:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-11-10 12:19 . 2009-09-15 11:54 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2009-11-10 12:19 . 2009-09-15 11:54 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2009-11-10 12:19 . 2009-09-15 11:53 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2009-11-10 12:19 . 2009-09-15 11:56 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys 2009-11-10 12:19 . 2009-09-15 11:56 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2009-11-10 12:19 . 2009-09-15 11:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2009-11-10 12:19 . 2009-09-15 11:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2009-11-10 12:19 . 2009-09-15 11:53 97480 ----a-w- c:\windows\system32\AvastSS.scr 2009-11-10 12:19 . 2009-09-15 11:59 1279968 ----a-w- c:\windows\system32\aswBoot.exe 2009-11-10 12:19 . 2009-11-10 12:19 -------- d-----w- c:\program files\Alwil Software 2009-11-10 11:42 . 2009-11-10 11:42 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2009-11-10 11:24 . 2009-11-10 11:24 120 ----a-w- c:\windows\Tyehilahaca.dat 2009-11-10 11:24 . 2009-11-10 11:24 0 ----a-w- c:\windows\Xgavobacagayu.bin 2009-11-10 11:16 . 2009-11-10 11:15 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-11-10 11:15 . 2009-11-10 11:15 152576 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\jre1.6.0_15\lzma.dll 2009-11-10 11:10 . 2009-11-10 14:19 -------- d-----w- c:\documents and settings\All Users\Defence 2009-11-09 16:33 . 2009-11-09 16:33 -------- d-sh--w- c:\documents and settings\User\PrivacIE 2009-11-09 15:42 . 2009-11-09 15:42 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2009-11-09 10:28 . 2009-11-09 10:28 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2009-11-09 10:27 . 2009-11-09 10:27 -------- d-sh--w- c:\documents and settings\User\IETldCache 2009-11-09 09:47 . 2009-10-02 04:44 92160 ------w- c:\windows\system32\dllcache\iecompat.dll 2009-11-09 09:47 . 2009-11-11 12:50 -------- d-----w- c:\windows\ie8updates 2009-11-09 09:45 . 2009-08-29 08:08 12800 ------w- c:\windows\system32\dllcache\xpshims.dll 2009-11-09 09:45 . 2009-08-29 08:08 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll 2009-11-09 09:43 . 2009-11-09 09:44 -------- dc-h--w- c:\windows\ie8 2009-11-09 09:38 . 2009-11-09 09:38 -------- d-----w- c:\windows\system32\drivers\UMDF 2009-11-09 09:38 . 2009-11-09 09:38 -------- d-----w- c:\windows\system32\LogFiles 2009-11-09 09:37 . 2008-01-09 12:28 27632 ----a-w- c:\windows\system32\drivers\seehcri.sys 2009-11-09 09:37 . 2009-11-09 09:37 148736 ----a-w- c:\documents and settings\All Users\Application Data\hpe2E.dll 2009-11-04 13:39 . 2009-11-04 13:40 -------- d-----w- c:\program files\Ultra AVI Converter 2009-11-04 13:31 . 2009-10-06 13:40 545280 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\u3apmn3g.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe 2009-11-04 13:31 . 2009-10-06 13:40 103424 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\u3apmn3g.default\extensions\piclens@cooliris.com\libs\pixomatic.dll 2009-11-04 13:31 . 2009-10-06 13:40 344064 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\u3apmn3g.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe 2009-11-04 13:31 . 2009-10-06 13:40 153600 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\u3apmn3g.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll 2009-11-04 13:31 . 2009-10-06 13:40 4716544 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\u3apmn3g.default\extensions\piclens@cooliris.com\components\cooliris.dll 2009-11-03 16:05 . 2009-11-10 12:06 -------- d-----w- c:\documents and settings\User\Application Data\uTorrent 2009-11-03 15:28 . 2009-11-09 15:26 -------- d-----w- C:\OutputFolder 2009-11-03 15:26 . 2006-09-26 13:57 28672 ----a-w- c:\windows\system32\AVEQT.dll 2009-11-03 15:26 . 2009-11-04 14:00 -------- d-----w- c:\program files\Ultra QuickTime Converter 2009-11-03 15:21 . 2009-11-03 15:26 -------- d-----w- c:\documents and settings\User\Application Data\GetRightToGo 2009-11-03 14:59 . 2009-08-16 15:08 178176 ----a-w- c:\windows\system32\unrar.dll 2009-11-03 14:59 . 2009-11-03 14:59 -------- d-----w- c:\program files\AviSynth 2.5 2009-11-03 14:59 . 2009-11-03 14:59 -------- d-----w- c:\program files\AML Products 2009-11-03 14:36 . 2009-11-03 14:36 -------- d-----w- c:\program files\softendo.com 2009-11-03 13:39 . 2009-11-03 13:39 -------- d-----w- c:\documents and settings\User\Application Data\CopyTrans 2009-11-03 13:38 . 2009-11-03 13:38 -------- d-----w- c:\program files\WindSolutions 2009-11-03 13:38 . 2009-11-03 13:38 -------- d-----w- c:\documents and settings\User\Application Data\WindSolutions 2009-11-03 13:38 . 2009-11-03 13:38 -------- d-----w- c:\documents and settings\All Users\Application Data\WindSolutions 2009-11-03 09:36 . 2009-11-12 16:21 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Temp 2009-11-03 09:36 . 2001-08-17 22:36 5632 ----a-w- c:\windows\system32\ptpusb.dll 2009-11-03 09:36 . 2008-04-14 01:12 159232 ----a-w- c:\windows\system32\ptpusd.dll 2009-10-30 13:39 . 2009-10-30 13:39 -------- d-----w- c:\program files\iPod 2009-10-30 13:39 . 2009-10-30 13:40 -------- d-----w- c:\program files\iTunes 2009-10-30 13:34 . 2009-10-30 13:34 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe 2009-10-30 13:30 . 2009-10-30 13:31 -------- d-----w- c:\program files\Safari 2009-10-22 10:27 . 2009-10-22 10:27 -------- d-----w- c:\windows\system32\scripting 2009-10-22 10:27 . 2009-10-22 10:27 -------- d-----w- c:\windows\l2schemas 2009-10-22 10:27 . 2009-10-22 10:27 -------- d-----w- c:\windows\system32\en 2009-10-22 10:27 . 2009-10-22 10:27 -------- d-----w- c:\windows\system32\bits . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-16 10:19 . 2009-02-27 14:08 -------- d-----w- c:\program files\BT PC Backup v8 2009-11-13 17:27 . 2009-02-25 13:59 -------- d-----w- c:\program files\Sage Payroll 2009-11-13 16:05 . 2009-09-22 10:24 -------- d-----w- c:\documents and settings\User\Application Data\FileZilla 2009-11-12 17:06 . 2009-09-22 10:24 -------- d-----w- c:\program files\FileZilla FTP Client 2009-11-11 14:04 . 2008-05-16 01:57 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-11-11 12:32 . 2009-10-08 11:26 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-11-11 12:12 . 2008-05-16 02:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Dell 2009-11-11 10:09 . 2008-05-16 02:01 -------- d-----w- c:\program files\Google 2009-11-10 12:00 . 2008-05-20 10:04 -------- d-----w- c:\documents and settings\User\Application Data\Roxio 2009-11-10 11:21 . 2004-08-11 16:00 1033728 ----a-w- c:\windows\explorer.exe 2009-11-10 11:21 . 2009-11-10 11:21 0 ----a-w- c:\documents and settings\User\4A0.tmp 2009-11-10 11:21 . 2009-11-10 11:21 208384 ----a-w- c:\documents and settings\User\49B.tmp 2009-11-10 11:21 . 2009-11-10 11:21 212 ----a-w- c:\documents and settings\User\499.tmp 2009-11-10 11:15 . 2008-05-16 01:53 -------- d-----w- c:\program files\Java 2009-11-10 10:28 . 2009-09-23 16:40 -------- d-----w- c:\documents and settings\User\Application Data\Spotify 2009-11-09 09:37 . 2009-10-08 11:35 -------- d-----w- c:\program files\Sony Ericsson 2009-11-03 09:38 . 2009-09-22 13:52 -------- d-----w- c:\documents and settings\User\Application Data\Apple Computer 2009-11-03 09:36 . 2009-09-22 13:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2009-10-30 13:39 . 2009-09-22 13:49 -------- d-----w- c:\program files\Common Files\Apple 2009-10-22 12:29 . 2008-05-16 02:08 52840 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-10-22 10:29 . 2004-08-11 16:14 87983 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-10-09 14:33 . 2009-10-09 14:33 -------- d-----w- c:\documents and settings\User\Application Data\rockbox.org 2009-10-08 11:38 . 2009-10-08 11:36 -------- d-----w- c:\program files\Avanquest update 2009-10-08 11:36 . 2009-10-08 11:36 -------- d-----w- c:\documents and settings\All Users\Application Data\BVRP Software 2009-10-08 11:35 . 2009-10-08 11:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Ericsson 2009-10-06 10:39 . 2009-10-06 10:39 -------- d-----w- c:\documents and settings\User\Application Data\Office Genuine Advantage 2009-10-06 10:39 . 2009-10-06 10:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage 2009-10-05 08:39 . 2009-09-30 12:59 -------- d-----w- c:\program files\Steam 2009-10-01 08:18 . 2008-07-18 10:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Sage 2009-09-27 08:39 . 2009-09-27 08:39 369152 ----a-w- c:\windows\system32\avisynth.dll 2009-09-23 16:40 . 2009-09-23 16:40 -------- d-----w- c:\program files\Spotify 2009-09-22 13:51 . 2009-09-22 13:51 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2009-09-22 13:51 . 2009-09-22 13:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2009-09-22 13:51 . 2009-09-22 13:51 -------- d-----w- c:\program files\Bonjour 2009-09-22 13:50 . 2009-09-22 13:50 -------- d-----w- c:\program files\QuickTime 2009-08-26 08:00 . 2004-08-11 16:00 247326 ----a-w- c:\windows\system32\strmdll.dll 2002-04-16 10:27 . 2002-04-16 10:27 5 --sha-w- c:\windows\system32\CdI5T.drv 1998-03-20 00:00 . 1998-03-20 00:00 1048 --sha-w- c:\windows\system32\flfnlf.sys 1998-03-20 00:00 . 1998-03-20 00:00 1048 --sha-w- c:\windows\system32\rlfnlf.sys 1998-03-20 00:00 . 1998-03-20 00:00 1048 --sha-w- c:\windows\system32\TMail3FL.SYS 1998-03-20 00:00 . 1998-03-20 00:00 1048 --sha-w- c:\windows\system32\TMailRL.sys . ------- Sigcheck ------- [7] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll [7] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\eventlog.dll [7] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll c:\windows\system32\eventlog.dll ... is missing !! . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-11 39408] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064] "Google Update"="c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-11-12 135664] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000] "Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-11-11 122368] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064] "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\dldfcoms.exe"= "c:\\Program Files\\Dell AIO Printer 948\\dldfmon.exe"= "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldfpswx.exe"= "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldfjswx.exe"= "c:\\Program Files\\Dell AIO Printer 948\\dldfaiox.exe"= "c:\\Program Files\\Dell AIO Printer 948\\DLDFFax.exe"= "c:\\Program Files\\BT PC Backup v8\\Agent.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\xampp\\apache\\bin\\httpd.exe"= "c:\\xampp\\FileZillaFTP\\FileZilla Server.exe"= "c:\\xampp\\mysql\\bin\\mysqld.exe"= "c:\\xampp\\MercuryMail\\mercury.exe"= "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Spotify\\spotify.exe"= "c:\\Program Files\\Steam\\Steam.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5353:TCP"= 5353:TCP:Adobe CSI CS4 R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [10/11/2009 12:19 114768] R2 AgentService;AgentService;c:\program files\BT PC Backup v8\AgentService.exe [09/11/2008 20:38 6608192] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/11/2009 12:19 20560] R2 dldf_device;dldf_device;c:\windows\system32\dldfcoms.exe -service --> c:\windows\system32\dldfcoms.exe -service [?] R2 dldfCATSCustConnectService;dldfCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dldfserv.exe [16/05/2008 01:35 98952] R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [09/11/2009 09:37 27632] S2 0010031257867622mcinstcleanup;McAfee Application Installer Cleanup (0010031257867622);c:\docume~1\User\LOCALS~1\Temp\001003~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\User\LOCALS~1\Temp\001003~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?] S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [09/11/2009 09:37 90112] S3 LV_Tracker;LV_Tracker;c:\windows\system32\drivers\LV_Tracker.sys [01/08/2008 18:20 45384] --- Other Services/Drivers In Memory --- *NewlyCreated* - CLASSPNP_2 *Deregistered* - CLASSPNP_2 *Deregistered* - mbr HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs BtwSrv . Contents of the 'Scheduled Tasks' folder 2009-11-06 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2009-11-16 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-11-11 10:08] 2009-11-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1191282553-2944949144-565863707-1005Core.job - c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-12 16:20] 2009-11-10 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAEXEC.exe [2009-08-03 14:07] 2009-11-10 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2009-04-14 21:18] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uStart Page = hxxp://www.Google.com/ uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\u3apmn3g.default\ FF - component: c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\u3apmn3g.default\extensions\piclens@cooliris.com\components\cooliris.dll FF - plugin: c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\u3apmn3g.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll FF - plugin: c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1739.5352\npCIDetect13.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); . - - - - ORPHANS REMOVED - - - - HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-16 10:20 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... c:\docume~1\User\LOCALS~1\Temp\TMP4352$.TMP 0 bytes scan completed successfully hidden files: 1 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A857170]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xba0ecf28 \Driver\ACPI -> ACPI.sys @ 0xb9f7fcb8 \Driver\atapi -> atapi.sys @ 0xb9f11852 \Driver\iaStor -> iaStor.sys @ 0xb9e7e918 IoDeviceObjectType -> ParseProcedure -> ntkrnlpa.exe @ 0x805827e8 \Device\Harddisk0\DR0 -> ParseProcedure -> ntkrnlpa.exe @ 0x805827e8 NDIS: Intel® 82562V-2 10/100 Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xb9d40bb0 PacketIndicateHandler -> NDIS.sys @ 0xb9d4da21 SendHandler -> NDIS.sys @ 0xb9d2b87b user & kernel MBR OK ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(728) c:\windows\system32\WININET.dll c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll - - - - - - - > 'lsass.exe'(788) c:\windows\system32\WININET.dll - - - - - - - > 'explorer.exe'(3488) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\dldfcoms.exe c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe c:\program files\Dell Support Center\bin\sprtsvc.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\program files\Alwil Software\Avast4\setup\avast.setup c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2009-11-16 10:26 - machine was rebooted ComboFix-quarantined-files.txt 2009-11-16 10:26 Pre-Run: 264,847,269,888 bytes free Post-Run: 265,510,809,600 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - DDD68B5BE2B65D6136A325F123FDBC2D
  2. Just realised that I need to post a HijackThis log (duh!). Here it is: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:42:34, on 13/11/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\BT PC Backup v8\AgentService.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\dldfserv.exe C:\WINDOWS\system32\dldfcoms.exe C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\DOCUME~1\User\LOCALS~1\Temp\AVGDownloadManager\packages\65\setup.exe C:\WINDOWS\system32\wuauclt.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://partnerpage.google.com/smallbiz.del...amp;ibd=2080516 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://partnerpage.google.com/smallbiz.del...amp;ibd=2080516 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...798/mcfscan.cab O20 - AppInit_DLLs: C:\WINDOWS\system32\ O23 - Service: McAfee Application Installer Cleanup (0010031257867622) (0010031257867622mcinstcleanup) - Unknown owner - C:\DOCUME~1\User\LOCALS~1\Temp\001003~1.EXE (file missing) O23 - Service: AgentService - Iron Mountain Incorporated - C:\Program Files\BT PC Backup v8\AgentService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: dldfCATSCustConnectService - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldfserv.exe O23 - Service: dldf_device - - C:\WINDOWS\system32\dldfcoms.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- End of file - 8879 bytes
  3. Sorry to bump this, but I'm keen to try ComboFix and have been advised to wait for assistance...
  4. Hi there, My computer was infected with a virus yesterday. Using Malwarebytes and a variety of other anti-virus/spyware applications, I've managed to get rid of the virus as far as I can tell, however all of my browsers are randomly redirecting to pages and the Google search toolbar, if used, ends up using Gala Search, rather than Goggle. Any help would be much appreciated, and here is the log which Malwarebytes has just generated for me following a scan: Malwarebytes' Anti-Malware 1.41 Database version: 3138 Windows 5.1.2600 Service Pack 3 11/11/2009 15:01 mbam-log-2009-11-11 (15-01-55).txt Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|) Objects scanned: 255865 Time elapsed: 35 minute(s), 7 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.