BigAL85

Hello, I have recently cleared out some trojans etc and would appreciate if someone could have a look at my log files and check if there isn't anything still lurking. System seems ok but I have a suspicion something remains. Please find listed below DDS and MBAM Log files. Also attached are ark.txt and attach.txt in zip format as directed. Thanks in advance. AL DDS DDS (Ver_09-12-01.01) - NTFSx86 Run by Alan Maxwell at 23:19:52.29 on 04/03/2010 Internet Explorer: 7.0.5730.11 Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1535.706 [GMT 0:00] AV: PCguard Anti-Virus *On-access scanning enabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755} FW: PCguard Firewall *enabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22} ============== Running Processes =============== G:\WINDOWS\system32\Ati2evxx.exe G:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe G:\WINDOWS\System32\svchost.exe -k netsvcs G:\WINDOWS\system32\svchost.exe -k WudfServiceGroup G:\Program Files\Virgin Broadband\PCguard\Fws.exe svchost.exe svchost.exe G:\WINDOWS\system32\Ati2evxx.exe G:\WINDOWS\Explorer.EXE G:\WINDOWS\system32\spoolsv.exe svchost.exe G:\Program Files\Virgin Broadband Wireless\AffinegyService.exe G:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe G:\Program Files\Virgin Broadband\PCguard\rps.exe G:\Program Files\WinPcap\rpcapd.exe G:\WINDOWS\system32\svchost.exe -k imgsvc G:\Program Files\Virgin Broadband\PCguard\SafeConnect\Bin\SanaAgent.exe G:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe G:\WINDOWS\SOUNDMAN.EXE G:\Program Files\ULI5289\ALi5289.exe G:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe G:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe G:\WINDOWS\system32\ctfmon.exe G:\Program Files\Spybot - Search & Destroy\TeaTimer.exe G:\Program Files\3\3Connect\AutoUpdateSrv.exe G:\Program Files\Virgin Broadband Wireless\ndis_events.exe G:\Program Files\Virgin Broadband\advisor\BroadbandadvisorComHandler.exe G:\Program Files\Virgin Broadband\PCguard\RpsSecurityAwareR.exe G:\WINDOWS\system32\wscntfy.exe G:\Program Files\3\3Connect\Wilog.exe G:\Program Files\Internet Explorer\iexplore.exe G:\Documents and Settings\Alan Maxwell\Desktop\AntiVtools\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.co.uk/ uSearch Page = hxxp://www.google.com uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 uSearch Bar = hxxp://www.google.com/ie mDefault_Page_URL = hxxp://uk.yahoo.com mStart Page = hxxp://uk.yahoo.com uInternet Connection Wizard,ShellNext = iexplore mSearchAssistant = hxxp://www.google.com/ie BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: PopKill Class: {3c060ea2-e6a9-4e49-a530-d4657b8c449a} - g:\program files\virgin broadband\pcguard\pkR.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - g:\progra~1\spybot~1\SDHelper.dll TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File uRun: [CTFMON.EXE] g:\windows\system32\ctfmon.exe uRun: [TomTomHOME.exe] "g:\program files\tomtom home 2\TomTomHOMERunner.exe" uRun: [spybotSD TeaTimer] g:\program files\spybot - search & destroy\TeaTimer.exe mRun: [ATIPTA] g:\program files\ati technologies\ati control panel\atiptaxx.exe mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd mRun: [soundMan] SOUNDMAN.EXE mRun: [ALi5289] g:\program files\uli5289\ALi5289.exe mRun: [JMAP5289] g:\program files\uli5289\JMAP5289.exe mRun: [NeroFilterCheck] g:\program files\common files\ahead\lib\NeroCheck.exe mRun: [Wireless Manager] "g:\program files\virgin broadband wireless\Wireless Manager.exe" startup mRun: [broadbandadvisor.exe] "g:\program files\virgin broadband\advisor\Broadbandadvisor.exe" /AUTORUN mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k dRun: [CTFMON.EXE] g:\windows\system32\CTFMON.EXE StartupFolder: g:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - g:\program files\3\3connect\AutoUpdateSrv.exe IE: &AOL Toolbar search - g:\program files\aol toolbar\toolbar.dll/SEARCH.HTML IE: &Search - ?p=ZUxdm265YYGB IE: Append Link Target to Existing PDF - g:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: E&xport to Microsoft Excel - g:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Google Sidewiki... - g:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - g:\program files\messenger\msmsgs.exe IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - g:\progra~1\spybot~1\SDHelper.dll DPF: Microsoft XML Parser for Java - file://g:\windows\java\classes\xmldso.cab DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///G:/Program%20Files/The%20Mysterious%20City%20-%20Golden%20Prague/Images/stg_drm.ocx DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} - hxxp://sell.autotrader.co.uk/uk-ola/common/TraderMediaX.cab DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by101fd.bay101.hotmail.msn.com/resources/MsnPUpld.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1198852670937 DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///G:/Program%20Files/Mystery%20P.I.%20-%20The%20Lottery%20Ticket/Images/armhelper.ocx DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} - hxxp://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326 TCP: {5673C342-B760-4F51-96A3-CA30069481DD} = 217.171.135.1 217.171.132.1 Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - g:\windows\system32\WPDShServiceObj.dll Hosts: 127.0.0.1 www.spywareinfo.com ============= SERVICES / DRIVERS =============== R0 aliidex;aliidex;g:\windows\system32\drivers\aliidex.sys [2006-2-20 7040] R0 aliperf;aliperf;g:\windows\system32\drivers\aliperf.sys [2006-2-20 7168] R0 m5289;m5289;g:\windows\system32\drivers\m5289.sys [2004-9-1 49101] R0 uliagpkx;ULi AGP Bus Filter Driver;g:\windows\system32\drivers\AGPKX.SYS [2006-2-20 44928] R1 KLIF;KLIF;g:\windows\system32\drivers\klif.sys [2009-8-22 179984] R2 NPF;NetGroup Packet Filter Driver;g:\windows\system32\drivers\npf.sys [2009-3-14 32512] R3 RadialpointSafeConnectDriver;RadialpointSafeConnectDriver;g:\program files\virgin broadband\pcguard\safeconnect\driver\platform_xp\SafeConnectDriver.sys [2008-11-14 161304] R3 RadialpointSafeConnectFilter;RadialpointSafeConnectFilter;g:\program files\virgin broadband\pcguard\safeconnect\driver\platform_xp\SafeConnectFilter.sys [2008-11-14 29720] R3 RadialpointSafeConnectShim;RadialpointSafeConnectShim;g:\program files\virgin broadband\pcguard\safeconnect\driver\platform_xp\SafeConnectShim.sys [2008-11-14 27376] R3 ULI5261;ULi Based Ethernet NT Driver;g:\windows\system32\drivers\ULILAN.SYS [2006-2-20 29696] S3 ASPI;Advanced SCSI Programming Interface Driver;g:\windows\system32\drivers\ASPI32.SYS [2009-3-27 16512] S3 DIGIRPS;Digi PortServer Driver;g:\windows\system32\drivers\digirlpt.sys [2008-12-10 42432] S3 JM5289;JM5289;\??\g:\documents and settings\alan maxwell\jm5289.sys --> g:\documents and settings\alan maxwell\JM5289.sys [?] =============== Created Last 30 ================ 2010-03-04 23:18:40 0 ----a-w- g:\documents and settings\alan maxwell\defogger_reenable 2010-03-04 20:59:42 0 d-----w- g:\docume~1\alanma~1\applic~1\Birdstep Technology 2010-03-04 20:59:34 0 d-----w- g:\docume~1\alluse~1\applic~1\Birdstep Technology 2010-03-04 20:59:19 10240 ------w- g:\windows\system32\drivers\mdvrmng.sys 2010-03-04 20:58:49 32128 -c--a-w- g:\windows\system32\dllcache\usbccgp.sys 2010-03-04 20:58:49 32128 ----a-w- g:\windows\system32\drivers\usbccgp.sys 2010-03-04 20:58:17 872192 ----a-w- g:\windows\system32\drivers\mod7700.sys 2010-03-04 20:58:17 24448 ----a-w- g:\windows\system32\drivers\ewdcsc.sys 2010-03-04 20:58:17 103168 ----a-w- g:\windows\system32\drivers\ewusbfake.sys 2010-03-04 20:58:17 101376 ----a-w- g:\windows\system32\drivers\ewusbmdm.sys 2010-03-04 20:58:17 100992 ----a-w- g:\windows\system32\drivers\ewusbnet.sys 2010-03-04 20:57:50 76118 ----a-w- g:\windows\Huawei ModemsUninstall.exe 2010-03-04 20:57:50 0 d-----w- g:\program files\Huawei Modems 2010-03-04 20:57:49 0 d-----w- g:\program files\3 2010-02-22 21:02:22 23392 ----a-w- g:\windows\system32\nscompat.tlb 2010-02-22 21:02:22 16832 ----a-w- g:\windows\system32\amcompat.tlb 2010-02-21 08:07:12 0 d-----w- g:\docume~1\alanma~1\applic~1\Malwarebytes 2010-02-21 08:07:09 0 d-----w- g:\program files\MALWAREBYTES ANTI-MALWARE 2010-02-21 08:07:06 38224 ----a-w- g:\windows\system32\drivers\mbamswissarmy.sys 2010-02-21 08:07:04 19160 ----a-w- g:\windows\system32\drivers\mbam.sys 2010-02-21 08:07:04 0 d-----w- g:\docume~1\alluse~1\applic~1\Malwarebytes 2010-02-21 08:07:03 0 d-----w- g:\program files\Malwarebytes' Anti-Malware ==================== Find3M ==================== 2010-03-04 23:17:35 752928 --sha-w- g:\windows\system32\drivers\fidbox2.dat 2010-03-04 23:16:26 23222560 --sha-w- g:\windows\system32\drivers\fidbox.dat 2010-03-04 22:03:46 71516 --sha-w- g:\windows\system32\drivers\fidbox2.idx 2010-03-04 22:03:46 312680 --sha-w- g:\windows\system32\drivers\fidbox.idx 2009-12-16 18:43:27 343040 ----a-w- g:\windows\system32\mspaint.exe 2009-12-14 07:08:23 33280 ----a-w- g:\windows\system32\csrsrv.dll 2008-02-26 15:23:00 0 ----a-w- g:\program files\temp01 2007-07-30 16:40:16 774144 ----a-w- g:\program files\RngInterstitial.dll 2008-08-19 06:54:00 32768 --sha-w- g:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008081920080820\index.dat ============= FINISH: 23:21:02.89 =============== MBAM Malwarebytes' Anti-Malware 1.44 Database version: 3825 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.11 04/03/2010 23:50:46 mbam-log-2010-03-04 (23-50-46).txt Scan type: Quick Scan Objects scanned: 128645 Time elapsed: 7 minute(s), 0 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ark.zip