Jump to content

kevinboo

Members
  • Posts

    14
  • Joined

  • Last visited

Everything posted by kevinboo

  1. I think I've got this Radio whatever Virus, Norton Keeps on telling me it's safe over and over and over and over... Can anyone please help?
  2. Hi Delta, Now Sorted, found Acc restore on line. Many thanks for your help here, take care, hopefully I'll stay clean and not need your help again. Thanks Again.... Regards.. Kevin
  3. Hi Delta There is no System Restore option, the box is empty? Regards... Kevin
  4. Hi Delta Please see below OTL detail as requested. ========== FILES ========== C:\Documents and Settings\Nat\Local Settings\Application Data\MSASCui.exe moved successfully. C:\Documents and Settings\Nat\Local Settings\Temp\392.exe moved successfully. C:\Documents and Settings\Nat\Local Settings\Temp\574.exe moved successfully. C:\Documents and Settings\Nat\Local Settings\Temp\612.exe moved successfully. C:\Documents and Settings\Nat\Local Settings\Temp\843.exe moved successfully. C:\Documents and Settings\Nat\Local Settings\Temp\876.exe moved successfully. File\Folder C:\Documents and Settings\Nat\Local Settings\Temporary Internet Files\Content.IE5\5R0AEDLW\eH6c1543e6V03f01830002Rbb05ee99102T2798e960Q000002f3900807F0016000aJ0e00060 not found. File\Folder 1l0809K7307105c3180[1] not found. File\Folder C:\Documents and Settings\Nat\Local Settings\Temporary Internet Files\Content.IE5\5R0AEDLW\eH6c1543e6V03f01830002Rbb05ee99102T2798e966Q000002f3900807F0016000aJ0e00060 not found. File\Folder 1l0809K7307105c316P000001070[1] not found. File\Folder [RESETHOSTS] not found. OTL by OldTimer - Version 3.1.34.0 log created on 03162010_075749 Regards... Kevin
  5. Hi Delta, Sorry for the delay, Mohters day week-end and all that. Logs as requested below, and I seem to be running OK now. KASPERSKY ONLINE SCANNER 7.0: scan report Monday, March 15, 2010 Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Monday, March 15, 2010 07:24:18 Records in database: 3802802 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: C:\ D:\ Scan statistics: Objects scanned: 81922 Threats found: 6 Infected objects found: 8 Suspicious objects found: 0 Scan duration: 02:36:24 File name / Threat / Threats count C:\Documents and Settings\Nat\Local Settings\Application Data\MSASCui.exe Infected: Trojan.Win32.FraudPack.annm 1 C:\Documents and Settings\Nat\Local Settings\Temp\392.exe Infected: P2P-Worm.Win32.Palevo.ums 1 C:\Documents and Settings\Nat\Local Settings\Temp\574.exe Infected: P2P-Worm.Win32.Palevo.uwi 1 C:\Documents and Settings\Nat\Local Settings\Temp\612.exe Infected: P2P-Worm.Win32.Palevo.now 1 C:\Documents and Settings\Nat\Local Settings\Temp\843.exe Infected: P2P-Worm.Win32.Palevo.rbi 1 C:\Documents and Settings\Nat\Local Settings\Temp\876.exe Infected: P2P-Worm.Win32.Palevo.nbz 1 C:\Documents and Settings\Nat\Local Settings\Temporary Internet Files\Content.IE5\5R0AEDLW\eH6c1543e6V03f01830002Rbb05ee99102T2798e960Q000002f3900807F0016000aJ0e00060 1l0809K7307105c3180[1] Infected: Trojan.Win32.FraudPack.annm 1 C:\Documents and Settings\Nat\Local Settings\Temporary Internet Files\Content.IE5\5R0AEDLW\eH6c1543e6V03f01830002Rbb05ee99102T2798e966Q000002f3900807F0016000aJ0e00060 1l0809K7307105c316P000001070[1] Infected: Trojan.Win32.FraudPack.annm 1 Selected area has been scanned. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:00:59, on 15/03/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\Kontiki\KService.exe C:\Program Files\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe C:\WINDOWS\system32\o2flash.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\sm56hlpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe C:\Program Files\QuickTime\QTTask.exe C:\Downloaded Programs\iTUNES\iTunesHelper.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Lenovo\Productivity Keyboard\SKDaemon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Java\jre6\bin\java.exe C:\Downloaded Programs\Hijack this\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.ask.com?o=15153&l=dis O1 - Hosts:
  6. Hi Delta, Here is my second OTL text... ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\- BHO: Adobe PDF Reader Link Helper\ not found. File {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found. File not found. ========== SERVICES/DRIVERS ========== Service .1173065773 stopped successfully! Service .1173065773 deleted successfully! ========== REGISTRY ========== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"FirstRunDisabled" | 0 /E : value set successfully! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"UpdatesDisableNotify" | 0 /E : value set successfully! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"AntiVirusOverride" | 0 /E : value set successfully! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"FirewallOverride" | 0 /E : value set successfully! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"AntiVirusDisableNotify" | 0 /E : value set successfully! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"FirewallDisableNotify" | 0 /E : value set successfully! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\"DisableMonitoring" | 0 /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\\"DisableNotifications" | 0 /E : value set successfully! ========== FILES ========== C:\Program Files\1173065773\Nat1173065773L.exe moved successfully. ========== COMMANDS ========== C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.1.34.0 log created on 03122010_122418
  7. Hi here are the results: Antivirus;Version;Last Update;Result a-squared;4.5.0.50;2010.02.25;Downloader.Kiser!IK AhnLab-V3;5.0.0.2;2010.02.25;- AntiVir;8.2.1.172;2010.02.25;DR/Kiser.FB Antiy-AVL;2.0.3.7;2010.02.25;- Authentium;5.2.0.5;2010.02.25;- Avast;4.8.1351.0;2010.02.24;- AVG;9.0.0.730;2010.02.25;- BitDefender;7.2;2010.02.25;- CAT-QuickHeal;10.00;2010.02.25;- ClamAV;0.96.0.0-git;2010.02.25;PUA.Script.Packed-3 Comodo;4060;2010.02.25;UnclassifiedMalware DrWeb;5.0.1.12222;2010.02.25;- eSafe;7.0.17.0;2010.02.24;- eTrust-Vet;35.2.7328;2010.02.25;Win32/Orsam.J F-Prot;4.5.1.85;2010.02.25;- F-Secure;9.0.15370.0;2010.02.25;Suspicious:W32/Malware!Gemini Fortinet;4.0.14.0;2010.02.25;W32/Autorun.ZF!worm GData;19;2010.02.25;- Ikarus;T3.1.1.80.0;2010.02.25;Downloader.Kiser Jiangmin;13.0.900;2010.02.25;- K7AntiVirus;7.10.981;2010.02.23;- Kaspersky;7.0.0.125;2010.02.25;- McAfee;5902;2010.02.24;W32/Autorun.worm.zf.gen McAfee+Artemis;5902;2010.02.24;Artemis!84CB8691AA81 McAfee-GW-Edition;6.8.5;2010.02.25;- Microsoft;1.5502;2010.02.25;- NOD32;4895;2010.02.25;- Norman;6.04.08;2010.02.25;AutoRun.AGUK nProtect;2009.1.8.0;2010.02.25;- Panda;10.0.2.2;2010.02.24;Trj/CI.A PCTools;7.0.3.5;2010.02.25;- Prevx;3.0;2010.02.25;High Risk Worm Rising;22.34.01.03;2010.02.11;AdWare.Win32.Autoit.x Sophos;4.50.0;2010.02.25;Mal/Generic-A Sunbelt;5698;2010.02.25;- Symantec;20091.2.0.41;2010.02.25;- TheHacker;6.5.1.6.210;2010.02.25;- TrendMicro;9.120.0.1004;2010.02.25;- VBA32;3.12.12.2;2010.02.25;Trojan.Autoit.F ViRobot;2010.2.25.2202;2010.02.25;- VirusBuster;5.0.27.0;2010.02.24;- Additional information File size: 423016 bytes MD5 : 84cb8691aa81b9c39d5b0de8f280170b SHA1 : 9de7715b0112bdce5bfdd17895ee8209f1b789c7 SHA256: 3651f87f9a5d6c41ee8c80ac9ac6c57b0b6d0ca3d3552aebcca90ec6fdeafd63 PEInfo: PE Structure information<br> <br> ( base data )<br> entrypointaddress.: 0xAF1E0<br> timedatestamp.....: 0x4951FA17 (Wed Dec 24 10:00:07 2008)<br> machinetype.......: 0x14C (Intel I386)<br> <br> ( 3 sections )<br> name viradd virsiz rawdsiz ntrpy md5<br> UPX0 0x1000 0x6F000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>UPX1 0x70000 0x40000 0x3F400 7.93 08b3eaa2b794bef186a3a4bb4377144d<br>.rsrc 0xB0000 0x8000 0x8000 4.88 ff919d5108d999ce9e2338ad5d9bbd94<br> <br> ( 16 imports )<br> <br>> advapi32.dll: AddAce<br>> comctl32.dll: ImageList_Remove<br>> comdlg32.dll: GetSaveFileNameW<br>> gdi32.dll: BitBlt<br>> kernel32.dll: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess<br>> mpr.dll: WNetGetConnectionW<br>> ole32.dll: CoInitialize<br>> oleaut32.dll: -<br>> psapi.dll: EnumProcesses<br>> shell32.dll: DragFinish<br>> user32.dll: GetDC<br>> userenv.dll: LoadUserProfileW<br>> version.dll: VerQueryValueW<br>> wininet.dll: FtpOpenFileW<br>> winmm.dll: timeGetTime<br>> wsock32.dll: -<br> <br> ( 0 exports )<br> TrID : File type identification<br>UPX compressed Win32 Executable (43.8%)<br>Win32 EXE Yoda's Crypter (38.1%)<br>Win32 Executable Generic (12.2%)<br>Generic Win/DOS Executable (2.8%)<br>DOS Executable Generic (2.8%) ssdeep: 6144:5lZ/zUMu4pDSxsCMRzf7x3SfS1JAzXBtL76lCUuEUJYZxoXUbMA+FK:5HLUMuiv9RgfSjAzRtyRuyL0vA+M sigcheck: publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: BOX _NTR2010s<br>original name: n/a<br>internal name: n/a<br>file version.: 1.4.0.0<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br> Prevx Info: <a href="http://info.prevx.com/aboutprogramtext.asp?PX5=042C75EA68B0BD4174F906A3D7478800B83D9FA4" target="_blank">http://info.prevx.com/aboutprogramtext.asp?PX5=042C75EA68B0BD4174F906A3D7478800B83D9FA4</a> PEiD : - packers (Kaspersky): PE_Patch.UPX, UPX packers (F-Prot): UPX RDS : NSRL Reference Data Set<br>- Thanks
  8. <table border="1"><tr><td colspan="4">File Usu__rio1263816420L.exe received on 2010.02.25 14:45:15 (UTC)</td></tr><tr><td>Antivirus</td><td>Version</td><td>Last Update</td><td>Result</td</tr><tr><td>a-squared</td><td>4.5.0.50</td><td>2010.02.25</td><td style="color: red;">Downloader.Kiser!IK</td</tr><tr><td>AhnLab-V3</td><td>5.0.0.2</td><td>2010.02.25</td><td>-</td</tr><tr><td>AntiVir</td><td>8.2.1.172</td><td>2010.02.25</td><td style="color: red;">DR/Kiser.FB</td</tr><tr><td>Antiy-AVL</td><td>2.0.3.7</td><td>2010.02.25</td><td>-</td</tr><tr><td>Authentium</td><td>5.2.0.5</td><td>2010.02.25</td><td>-</td</tr><tr><td>Avast</td><td>4.8.1351.0</td><td>2010.02.24</td><td>-</td</tr><tr><td>AVG</td><td>9.0.0.730</td><td>2010.02.25</td><td>-</td</tr><tr><td>BitDefender</td><td>7.2</td><td>2010.02.25</td><td>-</td</tr><tr><td>CAT-QuickHeal</td><td>10.00</td><td>2010.02.25</td><td>-</td</tr><tr><td>ClamAV</td><td>0.96.0.0-git</td><td>2010.02.25</td><td style="color: red;">PUA.Script.Packed-3</td</tr><tr><td>Comodo</td><td>4060</td><td>2010.02.25</td><td style="color: red;">UnclassifiedMalware</td</tr><tr><td>DrWeb</td><td>5.0.1.12222</td><td>2010.02.25</td><td>-</td</tr><tr><td>eSafe</td><td>7.0.17.0</td><td>2010.02.24</td><td>-</td</tr><tr><td>eTrust-Vet</td><td>35.2.7328</td><td>2010.02.25</td><td style="color: red;">Win32/Orsam.J</td</tr><tr><td>F-Prot</td><td>4.5.1.85</td><td>2010.02.25</td><td>-</td</tr><tr><td>F-Secure</td><td>9.0.15370.0</td><td>2010.02.25</td><td style="color: red;">Suspicious:W32/Malware!Gemini</td</tr><tr><td>Fortinet</td><td>4.0.14.0</td><td>2010.02.25</td><td style="color: red;">W32/Autorun.ZF!worm</td</tr><tr><td>GData</td><td>19</td><td>2010.02.25</td><td>-</td</tr><tr><td>Ikarus</td><td>T3.1.1.80.0</td><td>2010.02.25</td><td style="color: red;">Downloader.Kiser</td</tr><tr><td>Jiangmin</td><td>13.0.900</td><td>2010.02.25</td><td>-</td</tr><tr><td>K7AntiVirus</td><td>7.10.981</td><td>2010.02.23</td><td>-</td</tr><tr><td>Kaspersky</td><td>7.0.0.125</td><td>2010.02.25</td><td>-</td</tr><tr><td>McAfee</td><td>5902</td><td>2010.02.24</td><td style="color: red;">W32/Autorun.worm.zf.gen</td</tr><tr><td>McAfee+Artemis</td><td>5902</td><td>2010.02.24</td><td style="color: red;">Artemis!84CB8691AA81</td</tr><tr><td>McAfee-GW-Edition</td><td>6.8.5</td><td>2010.02.25</td><td>-</td</tr><tr><td>Microsoft</td><td>1.5502</td><td>2010.02.25</td><td>-</td</tr><tr><td>NOD32</td><td>4895</td><td>2010.02.25</td><td>-</td</tr><tr><td>Norman</td><td>6.04.08</td><td>2010.02.25</td><td style="color: red;">AutoRun.AGUK</td</tr><tr><td>nProtect</td><td>2009.1.8.0</td><td>2010.02.25</td><td>-</td</tr><tr><td>Panda</td><td>10.0.2.2</td><td>2010.02.24</td><td style="color: red;">Trj/CI.A</td</tr><tr><td>PCTools</td><td>7.0.3.5</td><td>2010.02.25</td><td>-</td</tr><tr><td>Prevx</td><td>3.0</td><td>2010.02.25</td><td style="color: red;">High Risk Worm</td</tr><tr><td>Rising</td><td>22.34.01.03</td><td>2010.02.11</td><td style="color: red;">AdWare.Win32.Autoit.x</td</tr><tr><td>Sophos</td><td>4.50.0</td><td>2010.02.25</td><td style="color: red;">Mal/Generic-A</td</tr><tr><td>Sunbelt</td><td>5698</td><td>2010.02.25</td><td>-</td</tr><tr><td>Symantec</td><td>20091.2.0.41</td><td>2010.02.25</td><td>-</td</tr><tr><td>TheHacker</td><td>6.5.1.6.210</td><td>2010.02.25</td><td>-</td</tr><tr><td>TrendMicro</td><td>9.120.0.1004</td><td>2010.02.25</td><td>-</td</tr><tr><td>VBA32</td><td>3.12.12.2</td><td>2010.02.25</td><td style="color: red;">Trojan.Autoit.F</td</tr><tr><td>ViRobot</td><td>2010.2.25.2202</td><td>2010.02.25</td><td>-</td</tr><tr><td>VirusBuster</td><td>5.0.27.0</td><td>2010.02.24</td><td>-</td</tr><tr><td colspan="4"> </td></tr><tr><td colspan="4">Additional information</td></tr><tr><td colspan="4">File size: 423016 bytes</td></tr><tr><td colspan="4">MD5 : 84cb8691aa81b9c39d5b0de8f280170b</td></tr><tr><td colspan="4">SHA1 : 9de7715b0112bdce5bfdd17895ee8209f1b789c7</td></tr><tr><td colspan="4">SHA256: 3651f87f9a5d6c41ee8c80ac9ac6c57b0b6d0ca3d3552aebcca90ec6fdeafd63</td></tr><tr><td colspan="4">PEInfo: PE Structure information<br> <br> ( base data )<br> entrypointaddress.: 0xAF1E0<br> timedatestamp.....: 0x4951FA17 (Wed Dec 24 10:00:07 2008)<br> machinetype.......: 0x14C (Intel I386)<br> <br> ( 3 sections )<br> name viradd virsiz rawdsiz ntrpy md5<br> UPX0 0x1000 0x6F000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>UPX1 0x70000 0x40000 0x3F400 7.93 08b3eaa2b794bef186a3a4bb4377144d<br>.rsrc 0xB0000 0x8000 0x8000 4.88 ff919d5108d999ce9e2338ad5d9bbd94<br> <br> ( 16 imports )<br> <br>> advapi32.dll: AddAce<br>> comctl32.dll: ImageList_Remove<br>> comdlg32.dll: GetSaveFileNameW<br>> gdi32.dll: BitBlt<br>> kernel32.dll: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess<br>> mpr.dll: WNetGetConnectionW<br>> ole32.dll: CoInitialize<br>> oleaut32.dll: -<br>> psapi.dll: EnumProcesses<br>> shell32.dll: DragFinish<br>> user32.dll: GetDC<br>> userenv.dll: LoadUserProfileW<br>> version.dll: VerQueryValueW<br>> wininet.dll: FtpOpenFileW<br>> winmm.dll: timeGetTime<br>> wsock32.dll: -<br> <br> ( 0 exports )<br> </td></tr><tr><td colspan="4">TrID : File type identification<br>UPX compressed Win32 Executable (43.8%)<br>Win32 EXE Yoda's Crypter (38.1%)<br>Win32 Executable Generic (12.2%)<br>Generic Win/DOS Executable (2.8%)<br>DOS Executable Generic (2.8%)</td></tr><tr><td colspan="4">ssdeep: 6144:5lZ/zUMu4pDSxsCMRzf7x3SfS1JAzXBtL76lCUuEUJYZxoXUbMA+FK:5HLUMuiv9RgfSjAzRtyRuyL0vA+M</td></tr><tr><td colspan="4">sigcheck: publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: BOX _NTR2010s<br>original name: n/a<br>internal name: n/a<br>file version.: 1.4.0.0<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br></td></tr><tr><td colspan="4">Prevx Info: <a href="http://info.prevx.com/aboutprogramtext.asp?PX5=042C75EA68B0BD4174F906A3D7478800B83D9FA4" target="_blank">http://info.prevx.com/aboutprogramtext.asp?PX5=042C75EA68B0BD4174F906A3D7478800B83D9FA4</a></td></tr><tr><td colspan="4">PEiD : -</td></tr><tr><td colspan="4">packers (Kaspersky): PE_Patch.UPX, UPX</td></tr><tr><td colspan="4">packers (F-Prot): UPX</td></tr><tr><td colspan="4">RDS : NSRL Reference Data Set<br>-</td></tr></table>
  9. Hi Delta, Here's my MBR... Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully kernel: MBR read successfully user & kernel MBR OK
  10. Hello Delta, Here is my gmer.txt... GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-03-08 21:13:33 Windows 5.1.2600 Service Pack 3 Running: 9kpoqbu7.exe; Driver: C:\DOCUME~1\Nat\LOCALS~1\Temp\uwtdqpod.sys ---- System - GMER 1.0.15 ---- SSDT 8572B788 ZwAlertResumeThread SSDT 864C2A68 ZwAlertThread SSDT 85713518 ZwAllocateVirtualMemory SSDT 856B2A10 ZwAssignProcessToJobObject SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xA802F210] SSDT 866545F0 ZwCreateMutant SSDT 86541F38 ZwCreateSymbolicLinkObject SSDT 8659C8C0 ZwCreateThread SSDT 8571EE90 ZwDebugActiveProcess SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xA802F490] SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xA802F9F0] SSDT 864CF1C0 ZwDuplicateObject SSDT 864CB920 ZwFreeVirtualMemory SSDT 857143B8 ZwImpersonateAnonymousToken SSDT 85714458 ZwImpersonateThread SSDT 85717D00 ZwLoadDriver SSDT 857040E0 ZwMapViewOfSection SSDT 856C5F90 ZwOpenEvent SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwOpenKey [0xA802F7A0] SSDT 85756948 ZwOpenProcess SSDT 864CD1D0 ZwOpenProcessToken SSDT 85717DE0 ZwOpenSection SSDT 8563E9A8 ZwOpenThread SSDT 856B2940 ZwProtectVirtualMemory SSDT 864ED780 ZwResumeThread SSDT 85732B28 ZwSetContextThread SSDT 85768050 ZwSetInformationProcess SSDT 8571EF70 ZwSetSystemInformation SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xA802FC40] SSDT 856C5ED0 ZwSuspendProcess SSDT 864B7D98 ZwSuspendThread SSDT 864E2488 ZwTerminateProcess SSDT 864B7E78 ZwTerminateThread SSDT 85768008 ZwUnmapViewOfSection SSDT 8563E800 ZwWriteVirtualMemory ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2DD0 8050466C 4 Bytes JMP 579ECBD4 .text ntkrnlpa.exe!ZwCallbackReturn + 3024 805048C0 4 Bytes CALL CB44CE28 ? SYMDS.SYS The system cannot find the file specified. ! ? SYMEFA.SYS The system cannot find the file specified. ! ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a3a5736d8 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a3a5736d8@001bee40a47c 0x98 0x6B 0xF0 0x65 ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000a3a5736d8 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000a3a5736d8@001bee40a47c 0x98 0x6B 0xF0 0x65 ... ---- Disk sectors - GMER 1.0.15 ---- Disk \Device\Harddisk0\DR0 sector 01: copy of MBR Disk \Device\Harddisk0\DR0 sector 02: copy of MBR Disk \Device\Harddisk0\DR0 sector 03: copy of MBR Disk \Device\Harddisk0\DR0 sector 04: copy of MBR Disk \Device\Harddisk0\DR0 sector 05: copy of MBR Disk \Device\Harddisk0\DR0 sector 06: copy of MBR Disk \Device\Harddisk0\DR0 sector 07: copy of MBR Disk \Device\Harddisk0\DR0 sector 08: copy of MBR Disk \Device\Harddisk0\DR0 sector 09: copy of MBR Disk \Device\Harddisk0\DR0 sector 10: copy of MBR Disk \Device\Harddisk0\DR0 sector 11: copy of MBR Disk \Device\Harddisk0\DR0 sector 12: copy of MBR Disk \Device\Harddisk0\DR0 sector 13: copy of MBR Disk \Device\Harddisk0\DR0 sector 14: copy of MBR Disk \Device\Harddisk0\DR0 sector 15: copy of MBR Disk \Device\Harddisk0\DR0 sector 16: copy of MBR Disk \Device\Harddisk0\DR0 sector 17: copy of MBR Disk \Device\Harddisk0\DR0 sector 18: copy of MBR Disk \Device\Harddisk0\DR0 sector 19: copy of MBR Disk \Device\Harddisk0\DR0 sector 20: copy of MBR Disk \Device\Harddisk0\DR0 sector 21: copy of MBR Disk \Device\Harddisk0\DR0 sector 22: copy of MBR Disk \Device\Harddisk0\DR0 sector 23: copy of MBR Disk \Device\Harddisk0\DR0 sector 24: copy of MBR Disk \Device\Harddisk0\DR0 sector 25: copy of MBR Disk \Device\Harddisk0\DR0 sector 26: copy of MBR Disk \Device\Harddisk0\DR0 sector 27: copy of MBR Disk \Device\Harddisk0\DR0 sector 28: copy of MBR Disk \Device\Harddisk0\DR0 sector 29: copy of MBR Disk \Device\Harddisk0\DR0 sector 30: copy of MBR Disk \Device\Harddisk0\DR0 sector 31: copy of MBR Disk \Device\Harddisk0\DR0 sector 32: copy of MBR Disk \Device\Harddisk0\DR0 sector 33: copy of MBR Disk \Device\Harddisk0\DR0 sector 34: copy of MBR Disk \Device\Harddisk0\DR0 sector 35: copy of MBR Disk \Device\Harddisk0\DR0 sector 36: copy of MBR Disk \Device\Harddisk0\DR0 sector 37: copy of MBR Disk \Device\Harddisk0\DR0 sector 38: copy of MBR Disk \Device\Harddisk0\DR0 sector 39: copy of MBR Disk \Device\Harddisk0\DR0 sector 40: copy of MBR Disk \Device\Harddisk0\DR0 sector 41: copy of MBR Disk \Device\Harddisk0\DR0 sector 42: copy of MBR Disk \Device\Harddisk0\DR0 sector 43: copy of MBR Disk \Device\Harddisk0\DR0 sector 44: copy of MBR Disk \Device\Harddisk0\DR0 sector 45: copy of MBR Disk \Device\Harddisk0\DR0 sector 46: copy of MBR Disk \Device\Harddisk0\DR0 sector 47: copy of MBR Disk \Device\Harddisk0\DR0 sector 48: copy of MBR Disk \Device\Harddisk0\DR0 sector 49: copy of MBR Disk \Device\Harddisk0\DR0 sector 50: copy of MBR Disk \Device\Harddisk0\DR0 sector 51: copy of MBR Disk \Device\Harddisk0\DR0 sector 52: copy of MBR Disk \Device\Harddisk0\DR0 sector 53: copy of MBR Disk \Device\Harddisk0\DR0 sector 54: copy of MBR Disk \Device\Harddisk0\DR0 sector 55: copy of MBR Disk \Device\Harddisk0\DR0 sector 56: copy of MBR Disk \Device\Harddisk0\DR0 sector 57: copy of MBR Disk \Device\Harddisk0\DR0 sector 58: copy of MBR Disk \Device\Harddisk0\DR0 sector 59: copy of MBR Disk \Device\Harddisk0\DR0 sector 60: copy of MBR Disk \Device\Harddisk0\DR0 sector 61: copy of MBR Disk \Device\Harddisk0\DR0 sector 62: rootkit-like behavior; copy of MBR Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior; copy of MBR ---- EOF - GMER 1.0.15 ----
  11. Hi Delta, This is a reply to your first post, below find pasted my uninstall manager log.. 4oD Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 7.1.0 Apple Mobile Device Support Apple Software Update BBC iPlayer Download Manager BlueSoleil Bonjour Citrix Presentation Server Client Critical Update for Windows Media Player 11 (KB959772) DivX DivX Converter DivX Converter DivX Player DivX Plus Web Player Google Toolbar for Internet Explorer Google Toolbar for Internet Explorer Google Update Helper Google Updater High Definition Audio Driver Package - KB888111 HijackThis 2.0.2 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 10 (KB903157) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) hp deskjet 3420 series (Remove only) Intel® Graphics Media Accelerator Driver Intel® Matrix Storage Manager Intel® PROSet/Wireless Software iTunes J2SE Runtime Environment 5.0 Update 10 J2SE Runtime Environment 5.0 Update 3 Java 6 Update 14 Java 6 Update 2 Java 6 Update 5 Java SE Runtime Environment 6 Update 1 Malwarebytes' Anti-Malware Map Button (Windows Live Toolbar) mCore mDriver Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB953297) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 3.5 SP1 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Office 2000 Professional Microsoft Silverlight Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Works mMHouse Motorola SM56 Data Fax Modem Mozilla Firefox (3.0.18) Mp3tag v2.45a mPfMgr mProSafe MSVC80_x86 MSXML 4.0 SP2 (KB925672) MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 6 Service Pack 2 (KB973686) mWlsSafe mXML Nokia Connectivity Cable Driver Nokia PC Suite Nokia PC Suite O2Micro Flash Memory Card Windows Driver V1.9 OCA Client history tool install OneCare Advisor (Windows Live Toolbar) PC Connectivity Solution Popup Blocker (Windows Live Toolbar) QuickTime REALTEK GbE & FE Ethernet NIC Driver Realtek High Definition Audio Driver RegCure 1.5.0.1 Security Update for CAPICOM (KB931906) Security Update for CAPICOM (KB931906) Security Update for Step By Step Interactive Training (KB898458) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows XP (KB913433) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950759) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953838) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956390) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958215) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960714) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB963027) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969897) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972260) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974455) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB976325) Security Update for Windows XP (KB977165) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978706) Smart Menus (Windows Live Toolbar) SPSS 15.0 for Windows Symantec KB-DocID:2003093015493306 Tabbed Browsing (Windows Live Toolbar) ThinkPad UltraNav Driver Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Media Player 10 (KB910393) Update for Windows Media Player 10 (KB913800) Update for Windows Media Player 10 (KB926251) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) Update for Windows XP (KB976749) Update for Windows XP (KB978207) Update Rollup 2 for Windows XP Media Center Edition 2005 USB Enhanced Performance Keyboard Software VC80CRTRedist - 8.0.50727.4053 Windows Driver Package - Nokia Modem (05/22/2008 3.8) Windows Driver Package - Nokia Modem (05/22/2008 7.00.0.1) Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0) Windows Easy Transfer Windows Imaging Component Windows Installer 3.1 (KB893803) Windows Live Favorites for Windows Live Toolbar Windows Live Messenger Windows Live Outlook Toolbar (Windows Live Toolbar) Windows Live Sign-in Assistant Windows Live Toolbar Windows Live Toolbar Windows Live Toolbar Extension (Windows Live Toolbar) Windows Live Toolbar Feed Detector (Windows Live Toolbar) Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Player 11 Windows Media Player 11 Windows XP Media Center Edition 2005 KB908246 Windows XP Media Center Edition 2005 KB911061 Windows XP Media Center Edition 2005 KB925766 Windows XP Media Center Edition 2005 KB973768 Windows XP Service Pack 3 WinZip 14.0 XP Codec Pack
  12. Hi Guys, I'm hoping someone can help, I cannot run MBAM. I have somthing similiar to the Total Security/AV360 thing mentioned in the pinned posts in this forum, but it calls itself XP Internet Security 2010. Please see my log attached as a txt file, also copied and pasted below as I wasn't sure which way I should do this. Hope you can help.. Regards... Kevin Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:27:13, on 07/03/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\sm56hlpr.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\eHome\ehRecvr.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe C:\Program Files\Kontiki\KHost.exe C:\Program Files\Kontiki\KService.exe C:\Downloaded Programs\iTUNES\iTunesHelper.exe C:\Program Files\QuickTime\QTTask.exe C:\WINDOWS\system32\igfxtray.exe C:\Program Files\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe C:\WINDOWS\system32\o2flash.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe C:\Documents and Settings\Nat\Local Settings\Application Data\av.exe C:\Downloaded Programs\Hijack this\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.ask.com?o=15153&l=dis O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing) O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\IPSBHO.DLL O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [AOL_Demo] C:\Applications\Tool\AOL Demo\DSGDemo.exe O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Downloaded Programs\iTUNES\iTunesHelper.exe" O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [sKDaemon.exe] C:\Program Files\Lenovo\Productivity Keyboard\SKDaemon.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Nat\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - .DEFAULT User Startup: Philips Media Manager.lnk = C:\Program Files\Philips\Media Manager\Philips Media Manager.exe (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: BlueSoleil.lnk = ? O4 - Global Startup: FreeventsSchedule.lnk = C:\Freevents\FreeventsSchedule.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?c57707d8ec014af8a9260e0c7ab3b951 O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?c57707d8ec014af8a9260e0c7ab3b951 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.pcservicecall.co.uk O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.tescophoto.com/wpp/tesco/app/ImageUploader5.cab O16 - DPF: {B015B944-7316-49AE-AC84-ACCA9379EA32} (IPCamPlugIn Control) - http://artisancam.dyndns.org/IPCamPluginMJPEG.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O23 - Service: 1173065773 (.1173065773) - Unknown owner - C:\Program Files\1173065773\Nat1173065773L.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- End of file - 11850 bytes hijackthis_one.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.