Jump to content

rudey61

Members
  • Posts

    9
  • Joined

  • Last visited

Everything posted by rudey61

  1. Here are the two logs files that you requested. Thank you for your time in looking at these! Attach.txt DDS.txt
  2. Hi Screen, Thanks for the reply... So far I've tried uninstalling all others and separately installed G Data, Avira and now Avast, all of which complain that they can't register services. I'll install MSE but would expect it to behave as the others have done. Warm regards Rudey
  3. After being infected with vundo and xp antispyware 2010 (and possibly others), and then thoroughly cleaned with the support of elise025, http://forums.malwarebytes.org/index.php?showuser=29666, I'm now unable to have any AV software act as a service on my uninfected system. G Data Antivirus 2010 says: 1) G Data Antivirus 2010 could not be loaded! [OK] 2) Unable to start G Data Antivirus because not all components can be initialized. Please restart your computer. [OK] Avira says Protection Module status 'Unknown'. I have uninstalled, rebooted and re-installed with the same negative outcome. I have, on G Data's instruction, run AVCleaner and reinstalled, again with no positive outcome. For a time, MBAM pro couldn't start its protection module, but that works now. I think there's a service missing on this machine that would otherwise cause it to work. I've compared the services running on the previously infected machine to a clean machine and can see no difference. Having googled this and gotten no where, I'd be very grateful for someone's expertise. Thanks in advance. Rudey61
  4. Thanks so much for your support and advice Elise! I'm just in the process of installing AV + FW, having already installed the premium mbam. I really am grateful for the time you give up in order to help those you don't know or have any duty or obligation towards. Many thanks! rudey61
  5. Gosh! that was quick... I'm running that scan you recommended at the moment. I apologise for duplicating the logs... I wasn't sure if you used any software to automatically parse the results; I'll stick to including logs inline. Could I ask your personal opinion on 'the best' AV software? I understand you may be restricted in making recommendations, but if you are permitted to say, I'd be interested to know what you personally rely on. I have been using G Data, admittedly, not on the infected machine, since it has a small system footprint and uses two engines to find viruses. Please find the eset log below: No threats found!
  6. Thank you again for your speedy response and help. I've followed your advice re: keyloggers. Please find below the latest mbam log: Malwarebytes' Anti-Malware 1.44 Database version: 3826 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 05/03/2010 19:11:13 mbam-log-2010-03-05 (19-11-13).txt Scan type: Full Scan (C:\|D:\|) Objects scanned: 198430 Time elapsed: 22 minute(s), 40 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) mbam_log_2010_03_05__19_11_13_.txt
  7. Thank you, Elise, for your offer of help! It's greatly appreciated. Please find below the log file you requested, inline and attached: ComboFix 10-03-04.05 - Dave 05/03/2010 15:39:28.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2037.1588 [GMT 0:00] Running from: E:\ComboFix.exe FW: Outpost Firewall Pro *disabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Dave\Local Settings\Temporary Internet Files\BlkMA.jpg c:\documents and settings\Dave\Local Settings\Temporary Internet Files\la4Kp832.jpg c:\documents and settings\Dave\Local Settings\Temporary Internet Files\mxjam.jpg c:\documents and settings\Dave\Local Settings\Temporary Internet Files\xY7On.jpg . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SSHNAS ((((((((((((((((((((((((( Files Created from 2010-02-05 to 2010-03-05 ))))))))))))))))))))))))))))))) . 2010-03-05 15:44 . 2010-03-05 15:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage 2010-03-04 00:02 . 2010-03-04 00:02 -------- d-----w- c:\windows\7E7D778E121D4BBDBA29FAA81B9FBD8C.TMP 2010-03-03 23:39 . 2010-03-04 00:13 68976 ----a-w- c:\windows\system32\drivers\GRD.sys 2010-03-03 21:31 . 2010-03-03 21:31 -------- d-----w- c:\documents and settings\Dave\Application Data\Malwarebytes 2010-03-03 00:10 . 2010-03-03 00:10 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE 2010-03-03 00:09 . 2010-03-03 00:09 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Downloaded Installations 2010-03-03 00:09 . 2010-03-03 00:09 -------- d-----w- c:\docume~1\ADMINI~1\Local Settings\Application Data\Downloaded Installations 2010-03-03 00:05 . 2010-03-03 00:05 -------- d--h--w- c:\windows\PIF 2010-03-02 23:30 . 2010-03-02 23:30 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer 2010-03-02 23:30 . 2010-03-02 23:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer 2010-03-02 23:30 . 2010-03-02 23:30 -------- d-----w- c:\docume~1\ADMINI~1\Local Settings\Application Data\Apple Computer 2010-03-02 22:41 . 2010-03-02 22:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2010-03-02 22:34 . 2010-01-07 16:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-03-02 22:34 . 2010-03-04 00:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-03-02 22:34 . 2010-03-02 22:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-03-02 22:34 . 2010-01-07 16:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-03-02 22:16 . 2010-03-02 22:16 83904 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-03-02 22:16 . 2010-03-02 22:16 83904 ----a-w- c:\docume~1\ADMINI~1\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-03-02 19:16 . 2010-02-09 13:32 715000 ----a-w- c:\windows\system32\drivers\SandBox.sys 2010-03-02 19:16 . 2009-11-02 13:20 257304 ----a-w- c:\windows\system32\drivers\afwcore.sys 2010-03-02 19:16 . 2009-02-18 16:30 31128 ----a-w- c:\windows\system32\drivers\afw.sys 2010-03-02 19:16 . 2010-03-03 00:07 -------- d-----w- c:\windows\system32\Filt 2010-03-02 19:16 . 2010-03-02 19:16 -------- d-----w- c:\program files\Agnitum 2010-03-02 19:15 . 2010-03-02 19:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Agnitum 2010-03-02 19:09 . 2010-03-02 19:09 53320 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys 2010-03-02 19:09 . 2010-03-02 19:09 51784 ----a-w- c:\windows\system32\drivers\GDTdiIcpt.sys 2010-03-02 19:09 . 2010-03-02 19:09 27720 ----a-w- c:\windows\system32\drivers\GDBehave.sys 2010-03-02 19:09 . 2010-03-02 19:16 -------- d-----w- c:\documents and settings\All Users\Application Data\G DATA 2010-03-02 19:08 . 2010-03-03 23:11 -------- d-----w- c:\program files\Common Files\G DATA 2010-03-02 19:08 . 2010-03-02 19:08 -------- d-----w- c:\program files\G Data 2010-03-02 19:07 . 2010-03-02 19:07 -------- d-----w- c:\documents and settings\Dave\Local Settings\Application Data\Downloaded Installations 2010-03-02 18:45 . 2010-03-02 18:45 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2010-03-02 18:41 . 2010-03-02 18:41 -------- d--h--w- c:\windows\system32\GroupPolicy 2010-02-28 19:12 . 2010-02-28 19:12 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2010-02-17 22:15 . 2010-02-17 22:15 -------- d-----w- c:\program files\iPod 2010-02-17 22:12 . 2010-02-17 22:12 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe 2010-02-11 10:42 . 2010-02-11 10:42 66704 ---ha-w- c:\windows\system32\mlfcache.dat 2010-02-03 23:50 . 2010-02-03 23:50 181008 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2010-02-03 23:34 . 2010-02-03 23:34 -------- d-----w- c:\documents and settings\Dave\Local Settings\Application Data\Apple_Inc . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-03-02 19:21 . 2009-04-16 15:44 256 ----a-w- c:\windows\system32\pool.bin 2010-02-28 19:40 . 2009-12-03 22:09 79488 ----a-w- c:\documents and settings\Dave\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll 2010-02-17 22:16 . 2009-09-25 10:27 -------- d-----w- c:\program files\iTunes 2010-02-17 22:15 . 2008-12-17 22:25 -------- d-----w- c:\program files\Common Files\Apple 2010-02-11 10:42 . 2008-12-17 22:26 -------- d-----w- c:\documents and settings\Dave\Application Data\Apple Computer 2010-02-10 23:31 . 2008-12-17 20:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-02-04 14:08 . 2008-12-03 10:45 -------- d-----w- c:\program files\Google 2010-02-02 22:28 . 2009-02-05 15:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2010-01-22 18:40 . 2008-12-03 10:40 -------- d-----w- c:\program files\Java 2010-01-14 06:19 . 2009-09-16 11:13 -------- d-----w- c:\program files\Safari 2010-01-14 06:18 . 2010-01-14 06:18 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe 2010-01-08 23:33 . 2010-01-08 23:33 6106960 ----a-w- c:\documents and settings\All Users\Application Data\Leapfrog\LeapFrog Connect\Updates\TagPlugin.exe 2010-01-07 22:33 . 2010-01-07 22:33 -------- d-----w- c:\program files\DIFX 2010-01-07 22:33 . 2010-01-07 22:30 -------- d-----w- c:\program files\LeapFrog 2010-01-07 22:32 . 2010-01-07 22:32 28696928 ----a-w- c:\documents and settings\All Users\Application Data\Leapfrog\LeapFrog Connect\Updates\UPCInstaller.exe 2010-01-07 22:31 . 2010-01-07 22:31 6969680 ----a-w- c:\documents and settings\All Users\Application Data\Leapfrog\LeapFrog Connect\Updates\TagJuniorPlugin.exe 2010-01-07 22:30 . 2010-01-07 22:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Leapfrog 2009-12-31 16:50 . 2008-04-25 16:16 353792 ----a-w- c:\windows\system32\drivers\srv.sys 2009-12-21 19:14 . 2008-04-25 16:16 916480 ----a-w- c:\windows\system32\wininet.dll 2009-12-16 18:43 . 2008-04-25 21:26 343040 ----a-w- c:\windows\system32\mspaint.exe 2009-12-14 19:15 . 2009-12-14 19:15 2146304 ----a-w- c:\windows\system32\GPhotos.scr 2009-12-14 07:08 . 2008-04-25 16:16 33280 ----a-w- c:\windows\system32\csrsrv.dll 2009-12-08 19:26 . 2008-04-25 16:16 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe 2009-12-08 18:43 . 2008-04-14 00:01 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-03 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2010-02-09 2447488] "G DATA AntiVirus Trayapplication"="c:\program files\G Data\AntiVirus\AVKTray\AVKTray.exe" [2009-08-12 919624] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Manager.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk backup=c:\windows\pss\Desktop Manager.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HPAiODevice(hp officejet g series) - 1.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HPAiODevice(hp officejet g series) - 1.lnk backup=c:\windows\pss\HPAiODevice(hp officejet g series) - 1.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2008-06-12 02:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] 2009-08-13 14:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\G DATA AntiVirus Trayapplication] 2009-08-12 07:46 919624 ----a-w- c:\program files\G Data\AntiVirus\AVKTray\AVKTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] 2010-02-10 09:43 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2008-10-25 10:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2008-07-16 04:00 170520 ----a-w- c:\windows\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager] 2004-05-12 15:18 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2007-05-08 16:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2008-07-16 04:00 150040 ----a-w- c:\windows\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM] 2006-09-11 04:40 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-01-22 19:16 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OutpostFeedBack] 2010-02-09 15:14 439784 ----a-w- c:\program files\Agnitum\Outpost Firewall Pro\feedback.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OutpostMonitor] 2010-02-09 15:30 2447488 ----a-w- c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv] 2008-02-26 10:57 128296 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] 2008-07-16 04:00 141848 ----a-w- c:\windows\system32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-11-10 23:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray] 2008-03-06 15:19 236016 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP] 2008-07-16 03:40 1044480 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2009-01-26 18:18 136600 ----a-w- c:\program files\Java\jre6\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2008-12-03 10:47 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\iTunes\\iTunes.exe"= R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [03/12/2008 18:29 24064] R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [02/03/2010 19:16 715000] R2 GDTdiInterceptor;GDTdiInterceptor;c:\windows\system32\drivers\GDTdiIcpt.sys [02/03/2010 19:09 51784] R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [02/03/2010 19:16 31128] R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [02/03/2010 19:16 257304] R3 k57w2k;Broadcom NetLink Gigabit Ethernet;c:\windows\system32\drivers\k57xp32.sys [03/12/2008 18:29 176640] S0 ndruvws;ndruvws; [x] S2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [02/03/2010 19:16 1338160] S2 gupdate1c987a2d1fcabfe;Google Update Service (gupdate1c987a2d1fcabfe);c:\program files\Google\Update\GoogleUpdate.exe [05/02/2009 15:02 133104] S3 ASWFilt;ASWFilt;c:\windows\system32\Filt\ASWFilt.dll [02/03/2010 19:16 34488] S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [07/01/2010 22:33 18560] S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [03/12/2008 10:48 30192] S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [23/04/2007 14:11 224896] . Contents of the 'Scheduled Tasks' folder 2010-02-24 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2010-03-05 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-03 22:28] 2010-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-05 15:02] 2010-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-05 15:02] 2010-03-05 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAEXEC.exe [2009-08-03 15:07] 2010-03-05 c:\windows\Tasks\User_Feed_Synchronization-{DE1866C9-F72F-45AF-A4C7-4E2FBCB32BFC}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 04:31] . . ------- Supplementary Scan ------- . uStart Page = about:blank uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uDefault_Search_URL = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk&ibd=3081203 uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html TCP: {0154129A-FE14-4137-B365-A8A05F52EA3C} = 194.168.4.100,194.168.8.100 TCP: {56193B72-5761-44BC-B567-F42B2C86666F} = 194.168.4.100,194.168.8.100 DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} - hxxp://sell.autotrader.co.uk/uk-ola/common/TraderMediaX.cab . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-asg984jgkfmgasi8ug98jgkfgfb - c:\docume~1\Dave\LOCALS~1\Temp\csrss.exe MSConfigStartUp-Remote System Protection - c:\windows\system32\mpswnv6tet.dll MSConfigStartUp-TOY5KNQ8OC - c:\docume~1\Dave\LOCALS~1\Temp\Qjx.exe MSConfigStartUp-uishf9wuifwuh387fh3wufinhjfdwefe - c:\docume~1\Dave\LOCALS~1\Temp\d6izfk.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-03-05 15:47 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(428) c:\windows\system32\WININET.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\HPZipm12.exe c:\program files\Google\Update\1.2.183.17\GoogleCrashHandler.exe c:\windows\system32\wdfmgr.exe . ************************************************************************** . Completion time: 2010-03-05 15:49:09 - machine was rebooted ComboFix-quarantined-files.txt 2010-03-05 15:49 Pre-Run: 120,649,371,648 bytes free Post-Run: 121,442,234,368 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - 0D82B483A634E73E8332403BAD646135 combofix.txt.txt
  8. DDS (Ver_09-12-01.01) - NTFSx86 Run by Dave at 18:51:35.78 on 04/03/2010 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2037.1650 [GMT 0:00] FW: Outpost Firewall Pro *enabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Google\Update\1.2.183.17\GoogleCrashHandler.exe C:\WINDOWS\Explorer.EXE C:\Program Files\G Data\AntiVirus\AVKTray\AVKTray.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\mmc.exe E:\dds.com ============== Pseudo HJT Report =============== uStart Page = about:blank uSearch Page = hxxp://www.google.com uDefault_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk&ibd=3081203 uSearch Bar = hxxp://www.google.com/ie uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uDefault_Search_URL = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk&ibd=3081203 uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\msynso32.exe, BHO: G Data WebFilter: {0124123d-61b4-456f-af86-78c53a0790c5} - c:\program files\g data\antivirus\webfilter\AvkWebIE.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: G Data WebFilter: {0124123d-61b4-456f-af86-78c53a0790c5} - c:\program files\g data\antivirus\webfilter\AvkWebIE.dll uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" mRun: [OutpostMonitor] "c:\progra~1\agnitum\outpos~1\op_mon.exe" /tray /noservice mRun: [G DATA AntiVirus Trayapplication] c:\program files\g data\antivirus\avktray\AVKTray.exe dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {44627E97-789B-40d4-B5C2-58BD171129A1} - {A1A7E22D-1587-4230-8F16-081C68D21448} - c:\program files\agnitum\outpost firewall pro\ie_bar.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} - hxxp://sell.autotrader.co.uk/uk-ola/common/TraderMediaX.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229541569890 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229541612375 DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab TCP: {0154129A-FE14-4137-B365-A8A05F52EA3C} = 194.168.4.100,194.168.8.100 TCP: {56193B72-5761-44BC-B567-F42B2C86666F} = 194.168.4.100,194.168.8.100 Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Notify: igfxcui - igfxdev.dll AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll c:\progra~1\google\google~3\goec62~1.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll ============= SERVICES / DRIVERS =============== R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2008-12-3 24064] R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [2010-3-2 715000] R2 acssrv;Agnitum Client Security Service;c:\progra~1\agnitum\outpos~1\acs.exe [2010-3-2 1338160] R2 GDTdiInterceptor;GDTdiInterceptor;c:\windows\system32\drivers\GDTdiIcpt.sys [2010-3-2 51784] R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [2010-3-2 31128] R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [2010-3-2 257304] R3 k57w2k;Broadcom NetLink Gigabit Ethernet;c:\windows\system32\drivers\k57xp32.sys [2008-12-3 176640] S0 ndruvws;ndruvws; [x] S2 gupdate1c987a2d1fcabfe;Google Update Service (gupdate1c987a2d1fcabfe);c:\program files\google\update\GoogleUpdate.exe [2009-2-5 133104] S3 ASWFilt;ASWFilt;c:\windows\system32\filt\ASWFilt.dll [2010-3-2 34488] S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2010-1-7 18560] S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-12-3 30192] S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [2007-4-23 224896] =============== Created Last 30 ================ 2010-03-04 18:51:01 0 ----a-w- c:\documents and settings\dave\defogger_reenable 2010-03-04 00:02:10 0 d-----w- c:\windows\7E7D778E121D4BBDBA29FAA81B9FBD8C.TMP 2010-03-03 23:39:00 68976 ----a-w- c:\windows\system32\drivers\GRD.sys 2010-03-03 21:31:19 0 d-----w- c:\docume~1\dave\applic~1\Malwarebytes 2010-03-03 00:05:01 0 d--h--w- c:\windows\PIF 2010-03-02 22:34:43 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-03-02 22:34:42 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-03-02 22:34:42 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-03-02 22:34:42 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2010-03-02 20:17:03 0 d-----w- c:\windows\pss 2010-03-02 19:16:41 715000 ----a-w- c:\windows\system32\drivers\SandBox.sys 2010-03-02 19:16:31 257304 ----a-w- c:\windows\system32\drivers\afwcore.sys 2010-03-02 19:16:12 49 ----a-w- c:\windows\transp.gif 2010-03-02 19:16:07 31128 ----a-w- c:\windows\system32\drivers\afw.sys 2010-03-02 19:16:02 0 d-----w- c:\windows\system32\Filt 2010-03-02 19:16:02 0 d-----w- c:\program files\Agnitum 2010-03-02 19:15:37 0 d-----w- c:\docume~1\alluse~1\applic~1\Agnitum 2010-03-02 19:09:54 53320 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys 2010-03-02 19:09:48 51784 ----a-w- c:\windows\system32\drivers\GDTdiIcpt.sys 2010-03-02 19:09:30 27720 ----a-w- c:\windows\system32\drivers\GDBehave.sys 2010-03-02 19:09:18 0 d-----w- c:\docume~1\alluse~1\applic~1\G DATA 2010-03-02 19:08:41 0 d-----w- c:\program files\G Data 2010-03-02 19:08:41 0 d-----w- c:\program files\common files\G DATA 2010-03-02 18:51:40 882 --sha-r- c:\documents and settings\dave\ntuser.pol 2010-03-02 18:41:21 0 d--h--w- c:\windows\system32\GroupPolicy 2010-02-17 22:15:44 0 d-----w- c:\program files\iPod 2010-02-11 10:42:37 66704 ---ha-w- c:\windows\system32\mlfcache.dat ==================== Find3M ==================== 2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll 2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe 2009-12-14 19:15:14 2146304 ----a-w- c:\windows\system32\GPhotos.scr 2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll 2009-12-08 19:26:15 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe 2009-12-08 18:43:51 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe 2007-04-23 14:21:16 269824 ----a-w- c:\windows\inf\wg111v3\vista64\wg111v3.sys 2007-04-23 14:11:54 224896 ----a-w- c:\windows\inf\wg111v3\wg111v3.sys 2006-12-15 11:30:36 98304 ----a-w- c:\windows\inf\wg111v3\UScanM.exe 2006-12-15 11:30:36 66048 ----a-w- c:\windows\inf\wg111v3\EAPPkt.sys 2006-12-15 11:30:36 315392 ----a-w- c:\windows\inf\wg111v3\InstallDriver.exe 2006-12-15 11:30:36 28672 ----a-w- c:\windows\inf\wg111v3\SetDrv.exe 2006-12-15 11:30:36 212992 ----a-w- c:\windows\inf\wg111v3\CopyWHQLDriver.exe 2006-12-15 11:30:36 20480 ----a-w- c:\windows\inf\wg111v3\RTWUPath.exe 2006-12-15 11:30:36 19968 ----a-w- c:\windows\inf\wg111v3\RTWREFU.EXE ============= FINISH: 18:52:02.37 =============== Malwarebytes' Anti-Malware 1.44 Database version: 3822 Windows 5.1.2600 Service Pack 3 (Safe Mode) Internet Explorer 8.0.6001.18702 03/03/2010 22:41:14 mbam-log-2010-03-03 (22-41-14).txt Scan type: Full Scan (C:\|) Objects scanned: 207643 Time elapsed: 18 minute(s), 47 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 18 Registry Values Infected: 4 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a3ba40a2-74f0-42bd-f434-00b15a2c8953} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\ROUA3O12PW (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\TOY5KNQ8OC (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\toy5knq8oc (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Attach.zip
  9. Having just used the free version of MBAM to remove (?) a load of viruses, I thought I'd buy the full version to keep me secure in the future. However, I believe that one or more of the viruses has altered the registry such that the Protected Service for MBAM won't start. Incidentally, nor will G Data, my antivirus package. I'm hoping someone knows how to help!!!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.