Jump to content

James R

Members
 View Profile  See their activity

  • Posts

    7

  • Joined

  • Last visited

Reputation

0 Neutral
  1. James R
    Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:58:25, on 25/11/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\System32\Ati2evxx.exe C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\SYSTEM32\DWRCS.EXE C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SYSTEM32\DWRCST.exe C:\Program Files\Apoint\Apoint.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Napster\napster.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Messenger\MSMSGS.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\Program Files\Dell\Bluetooth Software\BTTray.exe C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe C:\Program Files\Logitech\SetPoint\KEM.exe C:\Program Files\Mindjet\MindManager 5\sys\PDF\ENU\W2K\PDFSaver.exe C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE C:\PROGRA~1\Dell\BLUETO~1\BTSTAC~1.EXE C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Steve.Orchard\Local Settings\Temporary Internet Files\Content.IE5\41O387C3\HiJackThis[1].exe C:\WINDOWS\system32\wuauclt.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/weather/5day.shtml R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9090 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local> O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [schedulingAgent] mstinit.exe /firstlogon O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [EPSON Stylus C86 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE /P23 "EPSON Stylus C86 Series" /O5 "LPT1:" /M "Stylus C86" O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ssAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe O4 - Global Startup: MindManager PDF Writer.lnk = C:\Program Files\Mindjet\MindManager 5\sys\PDF\ENU\W2K\PDFSaver.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: SfxXML - http://ada2004.capital/Download/SfxXMLData.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = uk.gwrgroup.com O17 - HKLM\Software\..\Telephony: DomainName = uk.gwrgroup.com O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = uk.gwrgroup.com O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - D:\Player\__CDS2.dll (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM Inc. - C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\SYSTEM32\DWRCS.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Image Converter SCSI Service (ICScsiSV) - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe O23 - Service: IcVzMonLauncher - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMon.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Windows Media (lrsman) - Unknown owner - C:\WINDOWS\system\svchost.exe (file missing) O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- End of file - 9820 bytes
  2. James R
    Update after deleting quarantined items... alwarebytes' Anti-Malware 1.30 Database version: 1423 Windows 5.1.2600 Service Pack 2 25/11/2008 19:54:11 mbam-log-2008-11-25 (19-54-11).txt Scan type: Quick Scan Objects scanned: 69088 Time elapsed: 11 minute(s), 9 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 3 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 1 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\z444.z444mgr (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a48fe9ac-dd02-4ff7-9211-b7ba9a2c8bf2} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\z444.z444mgr.1 (Trojan.BHO) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Systray (Trojan.Agent) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\WINDOWS\system32\890166 (Trojan.BHO) -> Quarantined and deleted successfully. Files Infected: C:\WINDOWS\system32\890166\890166.dll (Trojan.BHO) -> Quarantined and deleted successfully.
  3. James R
    Malwarebytes' Anti-Malware 1.30 Database version: 1423 Windows 5.1.2600 Service Pack 2 25/11/2008 19:50:56 mbam-log-2008-11-25 (19-50-35).txt Scan type: Quick Scan Objects scanned: 69088 Time elapsed: 11 minute(s), 9 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 3 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 1 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\z444.z444mgr (Trojan.BHO) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{a48fe9ac-dd02-4ff7-9211-b7ba9a2c8bf2} (Trojan.BHO) -> No action taken. HKEY_CLASSES_ROOT\z444.z444mgr.1 (Trojan.BHO) -> No action taken. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Systray (Trojan.Agent) -> No action taken. Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\WINDOWS\system32\890166 (Trojan.BHO) -> No action taken. Files Infected: C:\WINDOWS\system32\890166\890166.dll (Trojan.BHO) -> No action taken.
  4. James R
    Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 07:17:29, on 24/11/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32csrss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32svchost.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSsystem32spoolsv.exe C:WINDOWSSystem32SCardSvr.exe C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe C:WINDOWSSystem32Ati2evxx.exe C:Program FilesDellBluetooth Softwarebinbtwdins.exe C:Program FilesSymantec_Client_SecuritySymantec AntiVirusDefWatch.exe C:WINDOWSSYSTEM32DWRCS.EXE C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE C:Program FilesSymantec_Client_SecuritySymantec AntiVirusRtvscan.exe C:WINDOWSSystem32wdfmgr.exe C:WINDOWSSystem32alg.exe C:WINDOWSExplorer.EXE C:WINDOWSSYSTEM32DWRCST.exe C:Program FilesApointApoint.exe C:Program FilesCommon FilesRealUpdate_OBrealsched.exe C:PROGRA~1SYMANT~1SYMANT~1vptray.exe C:Program FilesApointApntex.exe C:Program FilesNapsternapster.exe C:Program FilesiTunesiTunesHelper.exe C:Program FilesMessengerMSMSGS.EXE C:WINDOWSsystem32ctfmon.exe C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe C:Program FilesAdobeAcrobat 5.0DistillrAcroTray.exe C:Program FilesDellBluetooth SoftwareBTTray.exe C:Program FilesGoogleGoogle Calendar SyncGoogleCalendarSync.exe C:Program FilesLogitechSetPointKEM.exe C:Program FilesMindjetMindManager 5sysPDFENUW2KPDFSaver.exe C:Program FilesLogitechSetPointKHALMNPR.EXE C:PROGRA~1DellBLUETO~1BTSTAC~1.EXE C:Program FilesiPodbiniPodService.exe C:Program FilesInternet Exploreriexplore.exe C:Program FilesInternet Exploreriexplore.exe C:Program FilesInternet Exploreriexplore.exe C:Program FilesInternet Exploreriexplore.exe C:Program FilesInternet Exploreriexplore.exe C:PROGRA~1MICROS~2Office12OUTLOOK.EXE C:WINDOWSsystem32NOTEPAD.EXE C:Documents and SettingsSteve.OrchardLocal SettingsTemporary Internet FilesContent.IE549UZG5U7HiJackThis[1].exe C:WINDOWSSystem32wbemwmiprvse.exe R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.bbc.co.uk/weather/5day.shtml R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = http=127.0.0.1:9090 R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local;<local> O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:Program FilesGoogleGoogle ToolbarGoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier5.0.926.3450swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:Program FilesWindows Live Toolbarmsntb.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:Program FilesGoogleGoogle ToolbarComponentfastsearch_219B3E1547538286.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:Program FilesWindows Live Toolbarmsntb.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:Program FilesGoogleGoogle ToolbarGoogleToolbar.dll O4 - HKLM..Run: [Apoint] C:Program FilesApointApoint.exe O4 - HKLM..Run: [schedulingAgent] mstinit.exe /firstlogon O4 - HKLM..Run: [TkBellExe] C:Program FilesCommon FilesRealUpdate_OBrealsched.exe -osboot O4 - HKLM..Run: [vptray] C:PROGRA~1SYMANT~1SYMANT~1vptray.exe O4 - HKLM..Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM..Run: [EPSON Stylus C86 Series] C:WINDOWSSystem32spoolDRIVERSW32X863E_S4I0R2.EXE /P23 "EPSON Stylus C86 Series" /O5 "LPT1:" /M "Stylus C86" O4 - HKLM..Run: [NapsterShell] C:Program FilesNapsternapster.exe /systray O4 - HKLM..Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program FilesAdobeReader 8.0ReaderReader_sl.exe" O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime O4 - HKLM..Run: [AppleSyncNotifier] C:Program FilesCommon FilesAppleMobile Device SupportbinAppleSyncNotifier.exe O4 - HKLM..Run: [iTunesHelper] "C:Program FilesiTunesiTunesHelper.exe" O4 - HKLM..Run: [systray] C:windowsmstre8.exe O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengerMSMSGS.EXE" /background O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe O4 - HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe O4 - HKCU..Run: [ssAAD.exe] C:PROGRA~1SonySONICS~1SsAAD.exe O4 - Global Startup: Acrobat Assistant.lnk = C:Program FilesAdobeAcrobat 5.0DistillrAcroTray.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Google Calendar Sync.lnk = C:Program FilesGoogleGoogle Calendar SyncGoogleCalendarSync.exe O4 - Global Startup: Logitech SetPoint.lnk = C:Program FilesLogitechSetPointKEM.exe O4 - Global Startup: MindManager PDF Writer.lnk = C:Program FilesMindjetMindManager 5sysPDFENUW2KPDFSaver.exe O8 - Extra context menu item: &Windows Live Search - res://C:Program FilesWindows Live Toolbarmsntb.dll/search.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2Office12REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe O16 - DPF: SfxXML - http://ada2004.capital/Download/SfxXMLData.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O17 - HKLMSystemCCSServicesTcpipParameters: Domain = uk.gwrgroup.com O17 - HKLMSoftware..Telephony: DomainName = uk.gwrgroup.com O17 - HKLMSystemCS1ServicesTcpipParameters: Domain = uk.gwrgroup.com O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - D:Player__CDS2.dll (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:WINDOWSSystem32Ati2evxx.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM Inc. - C:Program FilesDellBluetooth Softwarebinbtwdins.exe O23 - Service: DefWatch - Symantec Corporation - C:Program FilesSymantec_Client_SecuritySymantec AntiVirusDefWatch.exe O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:WINDOWSSYSTEM32DWRCS.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe O23 - Service: Image Converter SCSI Service (ICScsiSV) - Sony Corporation - C:Program FilesSonyIMAGE CONVERTER 3ICScsiSV.exe O23 - Service: IcVzMonLauncher - Sony Corporation - C:Program FilesSonyIMAGE CONVERTER 3IcVzMonLauncher.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver1150Intel 32IDriverT.exe O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:Program FilesSonyIMAGE CONVERTER 3IcVzMon.exe O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe O23 - Service: Windows Media (lrsman) - Unknown owner - C:WINDOWSsystemsvchost.exe (file missing) O23 - Service: MSCSPTISRV - Sony Corporation - C:Program FilesCommon FilesSony SharedAVLibMSCSPTISRV.exe O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:Program FilesSymantec_Client_SecuritySymantec AntiVirusRtvscan.exe O23 - Service: PACSPTISVR - Unknown owner - C:Program FilesCommon FilesSony SharedAVLibPACSPTISVR.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:Program FilesCommon FilesSony SharedAVLibSPTISRV.exe -- End of file - 9394 bytes
  5. James R
    ;******************************************************************************* ******************************************************************************** * ******************* ANALYSIS: 2008-11-24 07:12:39 PROTECTIONS: 2 MALWARE: 26 SUSPECTS: 0 ;******************************************************************************* ******************************************************************************** * ******************* PROTECTIONS Description Version Active Updated ;=============================================================================== ================================================================================ = =================== Symantec Antivirus Corporate Edition 8.0 No No Norton Antivirus Edition 7.5 No No ;=============================================================================== ================================================================================ = =================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;=============================================================================== ================================================================================ = =================== 00020994 W32/Bagle.pwdzip Virus No 0 Yes No C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudAntiVirusLab.zip 00020994 W32/Bagle.pwdzip Virus No 0 Yes No C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC1.zip 00020994 W32/Bagle.pwdzip Virus No 0 Yes No C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp.zip 00032745 adware/sahagent Adware No 0 Yes No c:\sahagent.log 00123310 HackTool/SRunner.B HackTools No 0 Yes No C:\System Volume Information\_restore{5539982B-DC32-4740-A587-38289BFC0D0E}\RP1318\A0130705.exe 00132190 Adware/SAHAgent Adware No 0 No No C:\temp\sahagent.exe[bundle.exe] 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\admin.neil.taylor\Cookies\admin.neil.taylor@doubleclick[1].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-1547161642-162531612-839522115-32077\Dc8.GWR700210\Cookies\administrator@atdmt[1].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\admin.john.coyle\Cookies\admin.john.coyle@atdmt[1].txt 00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Steve.Orchard\Cookies\steve.orchard@adultfriendfinder[1].txt 00202347 application/winfixer2005 HackTools No 0 Yes No c:\windows\downloaded program files\uwas6_0001_n68m2301netinstaller.exe 00400835 Generic Trojan Virus/Trojan No 0 Yes No c:\windows\system32\wkssvc32.dll 00400835 Generic Trojan Virus/Trojan No 0 Yes No C:\WINDOWS\system32\wkssvc32.dll 00437975 Trj/Tiny.AF Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{5539982B-DC32-4740-A587-38289BFC0D0E}\RP1323\A0131752.exe 00438911 Trj/Tiny.AF Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{5539982B-DC32-4740-A587-38289BFC0D0E}\RP1323\A0131768.exe 00441732 Adware/IEAntiSpyware Adware No 0 Yes No C:\System Volume Information\_restore{5539982B-DC32-4740-A587-38289BFC0D0E}\RP1315\A0130237.dll 00441732 Adware/IEAntiSpyware Adware No 0 Yes No C:\System Volume Information\_restore{5539982B-DC32-4740-A587-38289BFC0D0E}\RP1313\A0130183.dll 00441732 Adware/IEAntiSpyware Adware No 0 Yes No C:\System Volume Information\_restore{5539982B-DC32-4740-A587-38289BFC0D0E}\RP1314\A0130206.dll 00441738 Adware/IEAntiSpyware Adware No 0 Yes No C:\System Volume Information\_restore{5539982B-DC32-4740-A587-38289BFC0D0E}\RP1316\A0130273.exe 00441748 Adware/IEAntiSpyware Adware No 0 Yes No C:\System Volume Information\_restore{5539982B-DC32-4740-A587-38289BFC0D0E}\RP1315\A0130236.exe 00441748 Adware/IEAntiSpyware Adware No 0 Yes No C:\System Volume Information\_restore{5539982B-DC32-4740-A587-38289BFC0D0E}\RP1316\A0130268.exe 00441748 Adware/IEAntiSpyware Adware No 0 Yes No C:\System Volume Information\_restore{5539982B-DC32-4740-A587-38289BFC0D0E}\RP1314\A0130205.exe 00441748 Adware/IEAntiSpyware Adware No 0 Yes No C:\System Volume Information\_restore{5539982B-DC32-4740-A587-38289BFC0D0E}\RP1315\A0130248.exe 00441748 Adware/IEAntiSpyware Adware No 0 Yes No C:\System Volume Information\_restore{5539982B-DC32-4740-A587-38289BFC0D0E}\RP1313\A0130184.exe 00441776 Adware/IEAntiSpyware Adware No 0 Yes No C:\System Volume Information\_restore{5539982B-DC32-4740-A587-38289BFC0D0E}\RP1313\A0130185.exe 00441776 Adware/IEAntiSpyware Adware No 0 Yes No C:\System Volume Information\_restore{5539982B-DC32-4740-A587-38289BFC0D0E}\RP1315\A0130238.exe 00441776 Adware/IEAntiSpyware Adware No 0 Yes No C:\System Volume Information\_restore{5539982B-DC32-4740-A587-38289BFC0D0E}\RP1314\A0130207.exe 03839851 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{5539982B-DC32-4740-A587-38289BFC0D0E}\RP1323\A0131762.sys 03958670 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{5539982B-DC32-4740-A587-38289BFC0D0E}\RP1323\A0131529.exe 03974388 Adware/SecurityError Adware No 0 Yes No C:\System Volume Information\_restore{5539982B-DC32-4740-A587-38289BFC0D0E}\RP1323\A0131751.dll 04025193 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{5539982B-DC32-4740-A587-38289BFC0D0E}\RP1315\A0130242.exe 04025200 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{5539982B-DC32-4740-A587-38289BFC0D0E}\RP1322\A0131499.exe 04025200 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{5539982B-DC32-4740-A587-38289BFC0D0E}\RP1318\A0130661.exe 04025200 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{5539982B-DC32-4740-A587-38289BFC0D0E}\RP1315\A0130229.exe 04025200 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{5539982B-DC32-4740-A587-38289BFC0D0E}\RP1323\A0131769.exe 04025200 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{5539982B-DC32-4740-A587-38289BFC0D0E}\RP1319\A0130723.exe 04035723 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{5539982B-DC32-4740-A587-38289BFC0D0E}\RP1315\A0130251.dll 04044595 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{5539982B-DC32-4740-A587-38289BFC0D0E}\RP1316\A0130274.exe 04049235 Generic Trojan Virus/Trojan No 0 Yes No C:\WINDOWS\system32\890166\890166.dll 04057360 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{5539982B-DC32-4740-A587-38289BFC0D0E}\RP1313\A0130194.exe 04060465 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{5539982B-DC32-4740-A587-38289BFC0D0E}\RP1315\A0130243.exe 04081629 Adware/SecurityError Adware No 0 Yes No C:\System Volume Information\_restore{5539982B-DC32-4740-A587-38289BFC0D0E}\RP1315\A0130252.exe ;=============================================================================== ================================================================================ = =================== SUSPECTS Sent Location ;=============================================================================== ================================================================================ = =================== ;=============================================================================== ================================================================================ = =================== VULNERABILITIES Id Severity Description ;=============================================================================== ================================================================================ = =================== 184380 MEDIUM MS08-002 184379 MEDIUM MS08-001 182048 HIGH MS07-069 182046 HIGH MS07-067 182043 HIGH MS07-064 179553 HIGH MS07-061 176382 HIGH MS07-057 176383 HIGH MS07-058 170911 HIGH MS07-050 170907 HIGH MS07-046 170906 HIGH MS07-045 170904 HIGH MS07-043 164915 HIGH MS07-035 164913 HIGH MS07-033 164911 HIGH MS07-031 160623 HIGH MS07-027 157262 HIGH MS07-022 157261 HIGH MS07-021 157260 HIGH MS07-020 157259 HIGH MS07-019 156477 HIGH MS07-017 150253 HIGH MS07-016 150249 HIGH MS07-013 150248 HIGH MS07-012 150247 HIGH MS07-011 150243 HIGH MS07-008 150242 HIGH MS07-007 150241 MEDIUM MS07-006 141034 HIGH MS06-076 141033 MEDIUM MS06-075 141030 HIGH MS06-072 137571 HIGH MS06-070 137568 HIGH MS06-067 133387 MEDIUM MS06-065 133386 MEDIUM MS06-064 133385 MEDIUM MS06-063 133379 HIGH MS06-057 131654 HIGH MS06-055 129977 MEDIUM MS06-053 129976 MEDIUM MS06-052 126093 HIGH MS06-051 126092 MEDIUM MS06-050 126087 HIGH MS06-046 126086 MEDIUM MS06-045 126083 HIGH MS06-042 126082 HIGH MS06-041 126081 HIGH MS06-040 123421 HIGH MS06-036 123420 HIGH MS06-035 120825 MEDIUM MS06-032 120823 MEDIUM MS06-030 120818 HIGH MS06-025 120815 HIGH MS06-022 120814 HIGH MS06-021 117384 MEDIUM MS06-018 114666 HIGH MS06-015 114664 HIGH MS06-013 108744 MEDIUM MS06-008 108743 MEDIUM MS06-007 108742 MEDIUM MS06-006 104567 HIGH MS06-002 104237 HIGH MS06-001 96574 HIGH MS05-053 93395 HIGH MS05-051 93394 HIGH MS05-050 93454 MEDIUM MS05-049 ;=============================================================================== ================================================================================ = ===================
  6. James R
    Malwarebytes' Anti-Malware 1.30 Database version: 1368 Windows 5.1.2600 Service Pack 2 23/11/2008 20:02:31 mbam-log-2008-11-23 (20-02-31).txt Scan type: Quick Scan Objects scanned: 69139 Time elapsed: 17 minute(s), 1 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected)
  7. James R
    Hi, Since running malwarebytes I have successfully managed to clean out malware from my PC. However I seem to have developed three new problems. 1. It is now difficult to open IE 6. It takes two or three goes with right click to open up. 2. Similarly it is very difficult to open PDF files. 3. I can't get on to my googlemail account and receive a messafe from gmail saying my Cookies are not enabled. I've followed their suggested remedy but it doesn't fix the problem. Can anyone help please? All Best James
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.