Jump to content

alukeonlife

Members
 View Profile  See their activity

  • Posts

    5

  • Joined

  • Last visited

 Content Type 

Everything posted by alukeonlife

  1. alukeonlife
    All clear now thank you. I'll run defogger. I'm buying full version for our office too, damned boss and his infected laptop where it all began! nice dog btw :-) Malwarebytes' Anti-Malware 1.44 Database version: 3823 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 04/03/2010 10:06:13 mbam-log-2010-03-04 (10-06-13).txt Scan type: Quick Scan Objects scanned: 115208 Time elapsed: 4 minute(s), 48 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  2. alukeonlife
    Sadly, 6 entries still there for backdoor.bot -------------------- Malwarebytes' Anti-Malware 1.44 Database version: 3810 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 04/03/2010 08:56:36 mbam-log-2010-03-04 (08-56-36).txt Scan type: Quick Scan Objects scanned: 114746 Time elapsed: 4 minute(s), 25 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 6 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  3. alukeonlife
    File uploaded and log below ComboFix 10-03-03.02 - Luke 03/03/2010 22:03:51.2.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1406 [GMT 0:00] Running from: c:\dloads\ComboFix.exe Command switches used :: c:\documents and settings\Luke\Desktop\CFScript.txt AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} file zipped: c:\windows\system32\msulpq32.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\MSIMRT.DLL c:\windows\system32\MSIMRT32.DLL c:\windows\system32\MSIMUSIC.DLL c:\windows\system32\msulpq32.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_oojfev ((((((((((((((((((((((((( Files Created from 2010-02-03 to 2010-03-03 ))))))))))))))))))))))))))))))) . 2010-03-01 20:05 . 2010-03-01 20:05 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9 2010-03-01 19:37 . 2010-01-07 16:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-03-01 19:37 . 2010-03-01 19:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-03-01 19:37 . 2010-01-07 16:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-03-01 15:34 . 2010-03-01 15:34 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2010-02-07 14:47 . 2010-02-07 14:47 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google 2010-02-07 14:42 . 2010-02-07 14:42 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-03-03 17:43 . 2008-01-14 23:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2010-03-02 10:06 . 2010-03-01 23:35 0 ----a-w- c:\documents and settings\Luke\Local Settings\Application Data\prvlcl.dat 2010-03-02 10:03 . 2010-03-02 10:03 -------- d-----w- c:\program files\Trend Micro 2010-03-02 00:31 . 2007-04-11 16:21 -------- d-----w- c:\program files\Mozilla Thunderbird 2010-03-02 00:09 . 2010-03-02 00:09 52224 ----a-w- c:\documents and settings\Luke\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll 2010-03-02 00:09 . 2010-03-02 00:09 117760 ----a-w- c:\documents and settings\Luke\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-03-02 00:07 . 2010-03-02 00:07 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2010-03-02 00:06 . 2010-03-02 00:06 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-03-02 00:06 . 2010-03-02 00:06 -------- d-----w- c:\documents and settings\Luke\Application Data\SUPERAntiSpyware.com 2010-03-02 00:06 . 2005-02-24 14:13 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2010-03-01 20:05 . 2010-03-01 20:05 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-03-01 20:05 . 2010-03-01 20:05 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2010-03-01 20:05 . 2010-03-01 20:05 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-03-01 20:05 . 2010-03-01 20:05 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2010-03-01 20:05 . 2010-03-02 20:38 3777280 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe 2010-03-01 20:05 . 2010-03-02 20:38 1260800 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe 2010-03-01 19:35 . 2005-08-17 12:17 -------- d-----w- c:\program files\Lavasoft 2010-03-01 16:01 . 2008-10-20 17:48 -------- d-----w- c:\program files\AVG 2010-02-28 23:25 . 2006-02-08 19:14 49 ----a-w- c:\windows\wpd99.drv 2010-02-28 23:25 . 2006-02-08 19:09 -------- d-----w- c:\documents and settings\All Users\Application Data\pdf995 2010-02-28 00:24 . 2005-03-17 21:03 -------- d-----w- c:\documents and settings\Luke\Application Data\CoreFTP 2010-02-07 14:42 . 2008-01-14 23:45 -------- d-----w- c:\program files\Google 2010-02-06 16:53 . 2005-05-30 15:48 101712 ----a-w- c:\documents and settings\Luke\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-01-21 18:46 . 2005-08-31 22:49 -------- d-----w- c:\program files\Winamp 2010-01-21 18:44 . 2010-01-21 18:44 -------- d-----w- c:\program files\Winamp Detect 2010-01-20 23:07 . 2010-01-10 10:16 -------- d-----w- c:\program files\Microsoft Silverlight 2010-01-19 23:03 . 2010-01-19 23:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage 2010-01-10 10:15 . 2010-01-10 10:15 -------- d-----w- c:\program files\Microsoft 2010-01-10 10:15 . 2010-01-10 10:14 -------- d-----w- c:\program files\Windows Live 2010-01-10 10:15 . 2010-01-10 10:15 -------- d-----w- c:\program files\Windows Live SkyDrive 2010-01-10 10:11 . 2010-01-10 10:11 -------- d-----w- c:\program files\Common Files\Windows Live 2009-12-31 16:50 . 2004-08-04 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys 2009-12-21 19:14 . 2004-08-04 12:00 916480 ------w- c:\windows\system32\wininet.dll 2009-12-16 18:43 . 2005-01-14 16:10 343040 ----a-w- c:\windows\system32\mspaint.exe 2009-12-14 07:08 . 2004-08-04 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll 2009-12-08 19:27 . 2004-08-04 12:00 2189184 ------w- c:\windows\system32\ntoskrnl.exe 2009-12-08 18:43 . 2004-08-03 22:59 2066048 ------w- c:\windows\system32\ntkrnlpa.exe 2009-12-06 00:33 . 2007-09-13 18:16 167 ----a-w- c:\documents and settings\Luke\udownload.dat 2009-12-04 18:22 . 2004-08-04 12:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2005-09-19 12:29 . 2005-08-16 12:59 44158 ----a-w- c:\program files\mozilla firefox\components\inspector.dll 2005-05-13 16:12 . 2005-05-13 16:12 217073 --sha-r- c:\windows\meta4.exe 2005-10-24 10:13 . 2005-10-24 10:13 66560 --sha-r- c:\windows\MOTA113.exe 2005-10-13 20:27 . 2005-10-13 20:27 422400 --sha-r- c:\windows\x2.64.exe 2005-10-07 18:14 . 2005-10-07 18:14 308224 --sha-r- c:\windows\system32\avisynth.dll 2005-07-14 11:31 . 2005-07-14 11:31 27648 --sha-r- c:\windows\system32\AVSredirect.dll 2005-06-26 14:32 . 2005-06-26 14:32 616448 --sha-r- c:\windows\system32\cygwin1.dll 2005-06-21 21:37 . 2005-06-21 21:37 45568 --sha-r- c:\windows\system32\cygz.dll 2004-01-24 23:00 . 2004-01-24 23:00 70656 --sha-r- c:\windows\system32\i420vfw.dll 2006-04-27 09:24 . 2006-04-27 09:24 2945024 --sha-r- c:\windows\system32\Smab.dll 2005-02-28 12:16 . 2005-02-28 12:16 240128 --sha-r- c:\windows\system32\x.264.exe 2004-01-24 23:00 . 2004-01-24 23:00 70656 --sha-r- c:\windows\system32\yv12vfw.dll . ((((((((((((((((((((((((((((( SnapShot@2010-03-03_18.11.56 ))))))))))))))))))))))))))))))))))))))))) . + 2010-03-03 22:11 . 2010-03-03 22:11 16384 c:\windows\Temp\Perflib_Perfdata_62c.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-14 68856] "Google Update"="c:\documents and settings\Luke\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVRaidService"="c:\windows\system32\nvraidservice.exe" [2004-09-02 83968] "DeltTray"="DeltTray.exe" [2002-04-02 24576] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-08-28 282624] "NSLauncher"="c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2006-11-28 2658304] "PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328] "sclauncher"="c:\program files\SimpleCenter\bin\win\sclauncher.exe" [2006-09-13 90112] "VX1000"="c:\windows\vVX1000.exe" [2006-12-05 707360] "M-Audio Taskbar Icon"="c:\windows\System32\M-AudioTaskBarIcon.exe" [2007-01-25 154112] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-31 149280] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-1-14 113664] Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696] Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588] NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2005-6-28 118784] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2010-03-01 20:05 12464 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"= "c:\\Program Files\\Trillian\\trillian.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\SimpleCenter\\Home Media Server.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"= "c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"= "c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\AVG\\AVG9\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [01/03/2010 20:05 333192] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [01/03/2010 20:05 360584] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [05/01/2010 07:56 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [05/01/2010 07:56 74480] R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [01/03/2010 20:05 906520] R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [01/03/2010 20:05 285392] R3 AEILAB;AEI USB To Fast Ethernet Adapter;c:\windows\system32\drivers\AEILAB.SYS [20/10/2005 23:21 24299] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [07/02/2010 14:42 135664] S3 FXDRV;FXDRV;\??\d:\fxdrv.sys --> d:\Fxdrv.sys [?] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [25/04/2009 11:41 138112] S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [25/04/2009 11:41 8320] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [05/01/2010 07:56 7408] . Contents of the 'Scheduled Tasks' folder 2010-03-03 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-01-14 10:28] 2010-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 14:42] 2010-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 14:42] 2010-03-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-2025429265-839522115-1003Core.job - c:\documents and settings\Luke\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 21:55] 2010-03-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-2025429265-839522115-1003UA.job - c:\documents and settings\Luke\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 21:55] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.co.uk/ IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html FF - ProfilePath - c:\documents and settings\Luke\Application Data\Mozilla\Firefox\Profiles\gph1p0zl.default\ FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll FF - plugin: c:\documents and settings\Luke\Local Settings\Application Data\Google\Update\1.2.183.17\npGoogleOneClick8.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- FF - user.js: general.useragent.extra.zencast - . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-03-03 22:11 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(884) c:\program files\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\WININET.dll c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(1496) c:\windows\system32\WININET.dll c:\progra~1\WINDOW~2\wmpband.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng.nlr c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\program files\AVG\AVG9\avgchsvx.exe c:\program files\AVG\AVG9\avgrsx.exe c:\program files\AVG\AVG9\avgcsrvx.exe c:\windows\system32\Ati2evxx.exe c:\program files\Common Files\EPSON\EBAPI\SAgent2.exe c:\program files\Flip Video\FlipShare\FlipShareService.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\AVG\AVG9\avgnsx.exe c:\windows\system32\wscntfy.exe c:\program files\AVG\AVG9\avgcsrvx.exe c:\windows\system32\wbem\unsecapp.exe c:\windows\system32\DeltTray.exe c:\windows\system32\rundll32.exe c:\program files\PC Connectivity Solution\ServiceLayer.exe c:\documents and settings\Luke\Local Settings\Application Data\Google\Update\1.2.183.17\GoogleCrashHandler.exe c:\windows\system32\wbem\unsecapp.exe . ************************************************************************** . Completion time: 2010-03-03 22:16:51 - machine was rebooted ComboFix-quarantined-files.txt 2010-03-03 22:16 ComboFix2.txt 2010-03-03 18:23 Pre-Run: 83,098,288,128 bytes free Post-Run: 83,046,031,360 bytes free Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4 - - End Of File - - 9E8EA98C8C315E50EB23B4BF8BFAD790
  4. alukeonlife
    Hi, thanks for the reply, I've run ComboFix (having disabled AVG etc), log below: ComboFix 10-03-03.02 - Luke 03/03/2010 17:59:47.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1390 [GMT 0:00] Running from: c:\dloads\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\AutoRun.inf c:\windows\system32\ntnet.drv . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_TDSSSERV ((((((((((((((((((((((((( Files Created from 2010-02-03 to 2010-03-03 ))))))))))))))))))))))))))))))) . 2010-03-01 20:05 . 2010-03-01 20:05 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9 2010-03-01 19:37 . 2010-01-07 16:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-03-01 19:37 . 2010-03-01 19:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-03-01 19:37 . 2010-01-07 16:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-03-01 15:34 . 2010-03-01 15:34 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2010-02-07 14:47 . 2010-02-07 14:47 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google 2010-02-07 14:42 . 2010-02-07 14:42 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-03-03 17:43 . 2008-01-14 23:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2010-03-02 10:06 . 2010-03-01 23:35 0 ----a-w- c:\documents and settings\Luke\Local Settings\Application Data\prvlcl.dat 2010-03-02 10:03 . 2010-03-02 10:03 -------- d-----w- c:\program files\Trend Micro 2010-03-02 00:31 . 2007-04-11 16:21 -------- d-----w- c:\program files\Mozilla Thunderbird 2010-03-02 00:09 . 2010-03-02 00:09 52224 ----a-w- c:\documents and settings\Luke\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll 2010-03-02 00:09 . 2010-03-02 00:09 117760 ----a-w- c:\documents and settings\Luke\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-03-02 00:07 . 2010-03-02 00:07 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2010-03-02 00:06 . 2010-03-02 00:06 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-03-02 00:06 . 2010-03-02 00:06 -------- d-----w- c:\documents and settings\Luke\Application Data\SUPERAntiSpyware.com 2010-03-02 00:06 . 2005-02-24 14:13 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2010-03-01 20:05 . 2010-03-01 20:05 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-03-01 20:05 . 2010-03-01 20:05 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2010-03-01 20:05 . 2010-03-01 20:05 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-03-01 20:05 . 2010-03-01 20:05 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2010-03-01 20:05 . 2010-03-02 20:38 3777280 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe 2010-03-01 20:05 . 2010-03-02 20:38 1260800 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe 2010-03-01 19:35 . 2005-08-17 12:17 -------- d-----w- c:\program files\Lavasoft 2010-03-01 16:01 . 2008-10-20 17:48 -------- d-----w- c:\program files\AVG 2010-02-28 23:25 . 2006-02-08 19:14 49 ----a-w- c:\windows\wpd99.drv 2010-02-28 23:25 . 2006-02-08 19:09 -------- d-----w- c:\documents and settings\All Users\Application Data\pdf995 2010-02-28 00:24 . 2005-03-17 21:03 -------- d-----w- c:\documents and settings\Luke\Application Data\CoreFTP 2010-02-07 14:42 . 2008-01-14 23:45 -------- d-----w- c:\program files\Google 2010-02-06 16:53 . 2005-05-30 15:48 101712 ----a-w- c:\documents and settings\Luke\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-01-21 18:46 . 2005-08-31 22:49 -------- d-----w- c:\program files\Winamp 2010-01-21 18:44 . 2010-01-21 18:44 -------- d-----w- c:\program files\Winamp Detect 2010-01-20 23:07 . 2010-01-10 10:16 -------- d-----w- c:\program files\Microsoft Silverlight 2010-01-19 23:03 . 2010-01-19 23:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage 2010-01-10 10:15 . 2010-01-10 10:15 -------- d-----w- c:\program files\Microsoft 2010-01-10 10:15 . 2010-01-10 10:14 -------- d-----w- c:\program files\Windows Live 2010-01-10 10:15 . 2010-01-10 10:15 -------- d-----w- c:\program files\Windows Live SkyDrive 2010-01-10 10:11 . 2010-01-10 10:11 -------- d-----w- c:\program files\Common Files\Windows Live 2009-12-31 16:50 . 2004-08-04 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys 2009-12-21 19:14 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2009-12-16 18:43 . 2005-01-14 16:10 343040 ----a-w- c:\windows\system32\mspaint.exe 2009-12-14 07:08 . 2004-08-04 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll 2009-12-08 19:27 . 2004-08-04 12:00 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe 2009-12-08 18:43 . 2004-08-03 22:59 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe 2009-12-06 00:33 . 2007-09-13 18:16 167 ----a-w- c:\documents and settings\Luke\udownload.dat 2009-12-04 18:22 . 2004-08-04 12:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2005-09-19 12:29 . 2005-08-16 12:59 44158 ----a-w- c:\program files\mozilla firefox\components\inspector.dll 2005-05-13 16:12 . 2005-05-13 16:12 217073 --sha-r- c:\windows\meta4.exe 2005-10-24 10:13 . 2005-10-24 10:13 66560 --sha-r- c:\windows\MOTA113.exe 2005-10-13 20:27 . 2005-10-13 20:27 422400 --sha-r- c:\windows\x2.64.exe 2005-10-07 18:14 . 2005-10-07 18:14 308224 --sha-r- c:\windows\system32\avisynth.dll 2005-07-14 11:31 . 2005-07-14 11:31 27648 --sha-r- c:\windows\system32\AVSredirect.dll 2005-06-26 14:32 . 2005-06-26 14:32 616448 --sha-r- c:\windows\system32\cygwin1.dll 2005-06-21 21:37 . 2005-06-21 21:37 45568 --sha-r- c:\windows\system32\cygz.dll 2004-01-24 23:00 . 2004-01-24 23:00 70656 --sha-r- c:\windows\system32\i420vfw.dll 2006-04-27 09:24 . 2006-04-27 09:24 2945024 --sha-r- c:\windows\system32\Smab.dll 2005-02-28 12:16 . 2005-02-28 12:16 240128 --sha-r- c:\windows\system32\x.264.exe 2004-01-24 23:00 . 2004-01-24 23:00 70656 --sha-r- c:\windows\system32\yv12vfw.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-14 68856] "Google Update"="c:\documents and settings\Luke\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVRaidService"="c:\windows\system32\nvraidservice.exe" [2004-09-02 83968] "DeltTray"="DeltTray.exe" [2002-04-02 24576] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-08-28 282624] "NSLauncher"="c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2006-11-28 2658304] "PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328] "sclauncher"="c:\program files\SimpleCenter\bin\win\sclauncher.exe" [2006-09-13 90112] "VX1000"="c:\windows\vVX1000.exe" [2006-12-05 707360] "M-Audio Taskbar Icon"="c:\windows\System32\M-AudioTaskBarIcon.exe" [2007-01-25 154112] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-31 149280] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-1-14 113664] Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696] Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588] NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2005-6-28 118784] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Userinit"="c:\windows\system32\userinit.exe,c:\windows\system32\msulpq32.exe," [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2010-03-01 20:05 12464 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=sysaudio.sys [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"= "c:\\Program Files\\Trillian\\trillian.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\SimpleCenter\\Home Media Server.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"= "c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"= "c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\AVG\\AVG9\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [01/03/2010 20:05 333192] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [01/03/2010 20:05 360584] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [05/01/2010 07:56 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [05/01/2010 07:56 74480] R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [01/03/2010 20:05 906520] R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [01/03/2010 20:05 285392] R3 AEILAB;AEI USB To Fast Ethernet Adapter;c:\windows\system32\drivers\AEILAB.SYS [20/10/2005 23:21 24299] S0 oojfev;oojfev; [x] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [07/02/2010 14:42 135664] S3 FXDRV;FXDRV;\??\d:\fxdrv.sys --> d:\Fxdrv.sys [?] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [25/04/2009 11:41 138112] S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [25/04/2009 11:41 8320] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [05/01/2010 07:56 7408] . Contents of the 'Scheduled Tasks' folder 2010-03-03 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-01-14 10:28] 2010-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 14:42] 2010-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 14:42] 2010-03-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-2025429265-839522115-1003Core.job - c:\documents and settings\Luke\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 21:55] 2010-03-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-2025429265-839522115-1003UA.job - c:\documents and settings\Luke\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 21:55] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.co.uk/ IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html FF - ProfilePath - c:\documents and settings\Luke\Application Data\Mozilla\Firefox\Profiles\gph1p0zl.default\ FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll FF - plugin: c:\documents and settings\Luke\Local Settings\Application Data\Google\Update\1.2.183.17\npGoogleOneClick8.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- FF - user.js: general.useragent.extra.zencast - . - - - - ORPHANS REMOVED - - - - SafeBoot-TDSSmqlt.sys SafeBoot-aawservice AddRemove-Junglist VST Instrument - c:\program files\VSTPLUGINS\orion\Junglist\Uninstal.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-03-03 18:11 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(876) c:\program files\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\WININET.dll c:\windows\system32\Ati2evxx.dll - - - - - - - > 'lsass.exe'(932) c:\windows\system32\wininet.dll - - - - - - - > 'explorer.exe'(1616) c:\windows\system32\WININET.dll c:\progra~1\WINDOW~2\wmpband.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng.nlr c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\program files\AVG\AVG9\avgchsvx.exe c:\program files\AVG\AVG9\avgrsx.exe c:\program files\AVG\AVG9\avgcsrvx.exe c:\windows\system32\Ati2evxx.exe c:\program files\Common Files\EPSON\EBAPI\SAgent2.exe c:\program files\Flip Video\FlipShare\FlipShareService.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\AVG\AVG9\avgnsx.exe c:\program files\AVG\AVG9\avgcsrvx.exe c:\windows\system32\wscntfy.exe c:\windows\system32\wbem\unsecapp.exe c:\windows\system32\DeltTray.exe c:\windows\system32\rundll32.exe c:\program files\PC Connectivity Solution\ServiceLayer.exe c:\documents and settings\Luke\Local Settings\Application Data\Google\Update\1.2.183.17\GoogleCrashHandler.exe c:\windows\system32\wbem\unsecapp.exe . ************************************************************************** . Completion time: 2010-03-03 18:23:19 - machine was rebooted ComboFix-quarantined-files.txt 2010-03-03 18:23 Pre-Run: 83,442,962,432 bytes free Post-Run: 83,057,750,016 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptOut Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4 - - End Of File - - 758E914362137487402CCB99CA0D4DC6
  5. alukeonlife
    Had a problem with the Dr. Guard malware, which has now been eradicated but cant shift a backdoor.bot and nothing seems to remove it. Logs below and attached as per sticky post. Malwarebytes' Anti-Malware 1.44 Database version: 3810 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 02/03/2010 20:29:08 mbam-log-2010-03-02 (20-29-08).txt Scan type: Quick Scan Objects scanned: 115168 Time elapsed: 25 minute(s), 54 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 6 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) --------------------------DDS.txt---------------------------------- DDS (Ver_09-12-01.01) - NTFSx86 Run by Luke at 11:07:30.06 on 02/03/2010 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1437 [GMT 0:00] ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch C:\WINDOWS\system32\svchost -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe -k LocalService C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\WINDOWS\system32\svchost.exe -k bthsvcs C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\Program Files\Flip Video\FlipShare\FlipShareService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\AVG\AVG9\avgnsx.exe C:\Program Files\AVG\AVG9\avgemc.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\system32\nvraidservice.exe C:\WINDOWS\system32\DeltTray.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\SimpleCenter\bin\win\sclauncher.exe C:\WINDOWS\vVX1000.exe C:\WINDOWS\System32\M-AudioTaskBarIcon.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\PROGRA~1\AVG\AVG9\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Documents and Settings\Luke\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Documents and Settings\Luke\Local Settings\Application Data\Google\Update\1.2.183.17\GoogleCrashHandler.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\Nikon\PictureProject\NkbMonitor.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\WINDOWS\System32\alg.exe C:\dloads\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.co.uk/ mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\msulpq32.exe, BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\smart web printing\hpswp_printenhancer.dll BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: {D593DE91-7B41-45C2-830E-E9A99AB142AA} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [Google Update] "c:\documents and settings\luke\local settings\application data\google\update\GoogleUpdate.exe" /c mRun: [NVRaidService] c:\windows\system32\nvraidservice.exe mRun: [DeltTray] DeltTray.exe mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [NSLauncher] c:\program files\nokia\nokia software launcher\NSLauncher.exe /startup mRun: [PCSuiteTrayApplication] c:\program files\nokia\nokia pc suite 6\LaunchApplication.exe -startup mRun: [sclauncher] c:\program files\simplecenter\bin\win\sclauncher.exe mRun: [VX1000] c:\windows\vVX1000.exe mRun: [M-Audio Taskbar Icon] c:\windows\system32\M-AudioTaskBarIcon.exe mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [<NO NAME>] mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE dRun: [Nokia.PCSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nkbmon~1.lnk - c:\program files\nikon\pictureproject\NkbMonitor.exe IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1263161976750 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll Notify: AtiExtEvent - Ati2evxx.dll Notify: avgrsstarter - avgrsstx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\luke\applic~1\mozilla\firefox\profiles\gph1p0zl.default\ FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll FF - plugin: c:\documents and settings\luke\local settings\application data\google\update\1.2.183.17\npGoogleOneClick8.dll FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- FF - user.js: general.useragent.extra.zencast - c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); ============= SERVICES / DRIVERS =============== R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-3-1 333192] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-3-1 28424] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-3-1 360584] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-1-5 9968] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-1-5 74480] R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-3-1 906520] R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-1 285392] R3 AEILAB;AEI USB To Fast Ethernet Adapter;c:\windows\system32\drivers\AEILAB.SYS [2005-10-20 24299] S0 oojfev;oojfev; [x] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-7 135664] S3 FXDRV;FXDRV;\??\d:\fxdrv.sys --> d:\Fxdrv.sys [?] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-4-25 138112] S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-4-25 8320] S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-1-5 7408] =============== Created Last 30 ================ 2010-03-02 10:59:45 0 ----a-w- c:\documents and settings\luke\defogger_reenable 2010-03-02 10:03:31 0 d-----w- c:\program files\Trend Micro 2010-03-02 00:07:13 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com 2010-03-02 00:06:47 0 d-----w- c:\program files\SUPERAntiSpyware 2010-03-02 00:06:47 0 d-----w- c:\docume~1\luke\applic~1\SUPERAntiSpyware.com 2010-03-01 20:06:03 0 d--h--w- C:\$AVG 2010-03-01 20:05:53 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-03-01 20:05:53 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2010-03-01 20:05:47 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-03-01 20:05:39 0 d-----w- c:\windows\system32\drivers\Avg 2010-03-01 20:05:23 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9 2010-03-01 19:37:59 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-03-01 19:37:58 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-03-01 19:37:58 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-02-02 16:21:16 54156 ---ha-w- c:\windows\QTFont.qfn 2010-02-02 16:21:16 1409 ----a-w- c:\windows\QTFont.for ==================== Find3M ==================== 2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll 2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe 2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll 2009-12-08 19:27:51 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe 2009-12-08 18:43:50 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe 2009-12-06 00:33:18 167 ----a-w- c:\documents and settings\luke\udownload.dat 2005-05-13 16:12:00 217073 --sha-r- c:\windows\meta4.exe 2005-10-24 10:13:58 66560 --sha-r- c:\windows\MOTA113.exe 2005-10-13 20:27:00 422400 --sha-r- c:\windows\x2.64.exe 2005-10-07 18:14:52 308224 --sha-r- c:\windows\system32\avisynth.dll 2005-07-14 11:31:20 27648 --sha-r- c:\windows\system32\AVSredirect.dll 2005-06-26 14:32:28 616448 --sha-r- c:\windows\system32\cygwin1.dll 2005-06-21 21:37:42 45568 --sha-r- c:\windows\system32\cygz.dll 2004-01-24 23:00:00 70656 --sha-r- c:\windows\system32\i420vfw.dll 2006-04-27 09:24:24 2945024 --sha-r- c:\windows\system32\Smab.dll 2005-02-28 12:16:22 240128 --sha-r- c:\windows\system32\x.264.exe 2004-01-24 23:00:00 70656 --sha-r- c:\windows\system32\yv12vfw.dll 2008-10-27 17:59:58 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008102720081028\index.dat ============= FINISH: 11:08:56.23 =============== attach and ark, zipped up and attached. Thank you so much in advance attach.zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.