Jump to content

seven stars

Members
  • Posts

    16
  • Joined

  • Last visited

Everything posted by seven stars

  1. Hi, I followed your steps and now all the scans are completely clean. Many, many, many thanks. Sean.
  2. Hi, I haven't removed combofix - ComboFix /u doesn't work (it says it can't find combofix) and I don't have a C:\Qoobox\BackEnv folder (I have other subfolders but not that one). Because of that, I still haven't done a system restore (can I do one now?) and I haven't run OTMoveIt3 yet. I wasn't sure whether I should go ahead with those steps. Other than that MBAM is clear, but Avira is still finding TR/Dropper.Gen trojan. Thanks again - things are obviously much better than before. Sean
  3. Apologies. If you check my previous reply though, I mentioned that I had already run the Avira scan before I saw your post telling me to disable/enable System Restore. That's why I asked you whether I should still go ahead and do the system restore, in light of the Avira results. In any case, I deleted seanfix.exe (the renamed combofix), downloaded a new combofix to my desktop, and tried to run ComboFix /u, but it wouldn't work - I got the same problem as before. I don't have a C:\QooBox\LastRun folder. I only have two subfolders in that directory - C:\Qoobox\BackEnv and C:\Qoobox\Quarantine. I didn't go any further than that because I wasn't sure what to do. thanks, Sean
  4. Avira AntiVir Personal Report file date: 31 January 2009 10:00 Scanning for 1302306 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 3) [5.1.2600] Boot mode: Normally booted Username: SYSTEM Computer name: SEVENSTARS Version information: BUILD.DAT : 8.2.0.337 16934 Bytes 11/18/2008 13:05:00 AVSCAN.EXE : 8.1.4.10 315649 Bytes 11/18/2008 09:21:26 AVSCAN.DLL : 8.1.4.0 40705 Bytes 5/26/2008 08:56:40 LUKE.DLL : 8.1.4.5 164097 Bytes 6/12/2008 13:44:19 LUKERES.DLL : 8.1.4.0 12033 Bytes 5/26/2008 08:58:52 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 12:30:36 ANTIVIR1.VDF : 7.1.1.113 2817536 Bytes 1/14/2009 09:58:26 ANTIVIR2.VDF : 7.1.1.207 1359360 Bytes 1/30/2009 09:58:40 ANTIVIR3.VDF : 7.1.1.208 2048 Bytes 1/30/2009 09:58:40 Engineversion : 8.2.0.70 AEVDF.DLL : 8.1.1.0 106868 Bytes 1/31/2009 09:59:05 AESCRIPT.DLL : 8.1.1.39 344443 Bytes 1/31/2009 09:59:03 AESCN.DLL : 8.1.1.6 127348 Bytes 1/31/2009 09:59:01 AERDL.DLL : 8.1.1.3 438645 Bytes 11/4/2008 14:58:38 AEPACK.DLL : 8.1.3.5 393588 Bytes 1/31/2009 09:59:00 AEOFFICE.DLL : 8.1.0.33 196987 Bytes 1/31/2009 09:58:56 AEHEUR.DLL : 8.1.0.89 1569143 Bytes 1/31/2009 09:58:54 AEHELP.DLL : 8.1.2.0 119159 Bytes 1/31/2009 09:58:46 AEGEN.DLL : 8.1.1.12 328053 Bytes 1/31/2009 09:58:45 AEEMU.DLL : 8.1.0.9 393588 Bytes 10/14/2008 11:05:56 AECORE.DLL : 8.1.6.3 176501 Bytes 1/31/2009 09:58:42 AEBB.DLL : 8.1.0.3 53618 Bytes 10/14/2008 11:05:56 AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/9/2008 09:40:05 AVPREF.DLL : 8.0.2.0 38657 Bytes 5/16/2008 10:28:01 AVREP.DLL : 8.0.0.2 98344 Bytes 7/31/2008 13:02:15 AVREG.DLL : 8.0.0.1 33537 Bytes 5/9/2008 12:26:40 AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 09:29:23 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 6/12/2008 13:27:49 SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/22/2008 18:28:02 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 6/12/2008 13:49:40 NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 13:05:10 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 6/12/2008 14:48:07 RCTEXT.DLL : 8.0.52.0 86273 Bytes 6/27/2008 14:34:37 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: 31 January 2009 10:00 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'firefox.exe' - '1' Module(s) have been scanned Scan process 'Dot1XCfg.exe' - '1' Module(s) have been scanned Scan process 'epmworker.exe' - '1' Module(s) have been scanned Scan process 'Generic.exe' - '1' Module(s) have been scanned Scan process 'iPodService.exe' - '1' Module(s) have been scanned Scan process 'DLG.exe' - '1' Module(s) have been scanned Scan process 'SUPERANTISPYWARE.EXE' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'netwaiting.exe' - '1' Module(s) have been scanned Scan process 'msconfig.exe' - '1' Module(s) have been scanned Scan process 'CapabilityManager.exe' - '1' Module(s) have been scanned Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned Scan process 'QTTask.exe' - '1' Module(s) have been scanned Scan process 'DVDLauncher.exe' - '1' Module(s) have been scanned Scan process 'Application Launcher.exe' - '1' Module(s) have been scanned Scan process 'issch.exe' - '1' Module(s) have been scanned Scan process 'tfswctrl.exe' - '1' Module(s) have been scanned Scan process 'iFrmewrk.exe' - '1' Module(s) have been scanned Scan process 'ZCfgSvc.exe' - '1' Module(s) have been scanned Scan process 'quickset.exe' - '1' Module(s) have been scanned Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned Scan process 'stsystra.exe' - '1' Module(s) have been scanned Scan process 'igfxpers.exe' - '1' Module(s) have been scanned Scan process 'igfxsrvc.exe' - '1' Module(s) have been scanned Scan process 'hkcmd.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned Scan process 'NicConfigSvc.exe' - '1' Module(s) have been scanned Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'WLKEEPER.exe' - '1' Module(s) have been scanned Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned Scan process 'EvtEng.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 52 processes with 52 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '62' files ). Starting the file scan: Begin scan in 'C:\' C:\hiberfil.sys [WARNING] The file could not be opened! C:\pagefile.sys [WARNING] The file could not be opened! C:\Documents and Settings\Administrator\Desktop\seanfix.exe [0] Archive type: RAR SFX (self extracting) --> 32788R22FWJFW\Prep.com [DETECTION] Is the TR/Dropper.Gen Trojan --> 32788R22FWJFW\Tail.com [DETECTION] Is the TR/Dropper.Gen Trojan [WARNING] The file was ignored! C:\Documents and Settings\Seanie\Desktop\seanfix.exe [0] Archive type: RAR SFX (self extracting) --> 32788R22FWJFW\Prep.com [DETECTION] Is the TR/Dropper.Gen Trojan --> 32788R22FWJFW\Tail.com [DETECTION] Is the TR/Dropper.Gen Trojan [WARNING] The file was ignored! C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP323\A0030868.dll [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '49b42806.qua'! C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP323\A0030871.dll [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '49b4280d.qua'! C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP345\A0033059.exe:extractor6.jpg [DETECTION] Is the TR/Spy.Agent.110080 Trojan [NOTE] The file was moved to '49b42840.qua'! C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP345\A0033087.EXE [DETECTION] Is the TR/Crypt.CFI.Gen Trojan [NOTE] The file was moved to '49b42846.qua'! C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP346\A0033121.exe:mian.nest.9.10 [DETECTION] Is the TR/Spy.Gen Trojan [NOTE] The file was moved to '49b4284d.qua'! C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP354\A0034746.com [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to '49b42992.qua'! C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP354\A0034753.com [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to '49b42997.qua'! C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP354\A0034793.com [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to '49b4299b.qua'! C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP354\A0034800.com [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to '49b4299f.qua'! C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP354\A0034801.com [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to '49b429a2.qua'! C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP354\A0034847.com [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to '49b429a5.qua'! C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP354\A0034848.com [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to '49b429ac.qua'! C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP354\A0034949.exe [0] Archive type: RAR SFX (self extracting) --> 32788R22FWJFW\Prep.com [DETECTION] Is the TR/Dropper.Gen Trojan --> 32788R22FWJFW\Tail.com [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to '49b429b3.qua'! C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP354\A0034988.com [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to '49b429b4.qua'! End of the scan: 31 January 2009 10:45 Used time: 45:43 Minute(s) The scan has been done completely. 6292 Scanning directories 215165 Files were scanned 19 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 14 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 215144 Files not concerned 3285 Archives were scanned 4 Warnings 14 Notes
  5. Hi, I installed Avira after the last step (to replace AVG, which I uninstalled for a previous step), so I was already running a scan with it before I saw your last reply. Avira made 19 detections. Presumably I should avoid doing a system restore now? MBAM was clear. I'll post the MBAM log, then the HJT one. I'll post the Avira one in the next reply as well... Thanks, Sean _____________________MBAM_____________________ Malwarebytes' Anti-Malware 1.33 Database version: 1712 Windows 5.1.2600 Service Pack 3 2009-01-31 10:53:46 mbam-log-2009-01-31 (10-53-46).txt Scan type: Quick Scan Objects scanned: 55833 Time elapsed: 4 minute(s), 2 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) _____________________HJT_____________________ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:56, on 2009-01-31 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\stsystra.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\NetWaiting\netWaiting.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/ R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} (20-20 Technologies 3D Room Planner) - http://magnet.2020.net/virtualplanner/Core...yerAX_Win32.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 8252 bytes
  6. Here's the gmer log file (attached)... gmerlog.zip gmerlog.zip
  7. Whoops - meant "HJT" for the second log obviously. Still a bit tired...
  8. Seems to be running fine. MBAM was clear anyway ____________________MBAM________________________ Malwarebytes' Anti-Malware 1.33 Database version: 1707 Windows 5.1.2600 Service Pack 3 2009-01-30 07:13:46 mbam-log-2009-01-30 (07-13-46).txt Scan type: Quick Scan Objects scanned: 54745 Time elapsed: 2 minute(s), 44 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ____________________MBAM________________________ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 07:17, on 2009-01-30 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\stsystra.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe C:\Program Files\NetWaiting\netWaiting.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/ R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} (20-20 Technologies 3D Room Planner) - http://magnet.2020.net/virtualplanner/Core...yerAX_Win32.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 7706 bytes
  9. _____________________C:\COMBOFIX.TXT_________________________ ComboFix 09-01-24.01 - Administrator 2009-01-29 7:24:33.1 - NTFSx86 NETWORK Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.820 [GMT 0:00] Running from: c:\documents and settings\Administrator\Desktop\seanfix.exe AV: *On-access scanning disabled* (Outdated) FW: *disabled* . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\Readme.txt . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_PACKET -------\Legacy_TDSSSERV -------\Service_TDSSserv ((((((((((((((((((((((((( Files Created from 2008-12-28 to 2009-01-29 ))))))))))))))))))))))))))))))) . 2009-01-28 20:27 . 2009-01-28 20:27 <DIR> d-------- c:\program files\Yahoo! 2009-01-28 20:27 . 2009-01-28 20:27 <DIR> d-------- c:\documents and settings\Seanie\Application Data\Yahoo! 2009-01-28 20:27 . 2009-01-28 20:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion 2009-01-27 21:05 . 2009-01-27 21:05 250 --a------ c:\windows\gmer.ini 2009-01-22 22:05 . 2009-01-22 22:19 <DIR> d-------- C:\as_xyz 2009-01-20 22:24 . 2009-01-20 22:27 <DIR> d-------- C:\Lop SD 2009-01-20 22:20 . 2009-01-20 22:20 <DIR> d-------- C:\_OTScanIt 2009-01-19 21:41 . 2009-01-19 21:41 <DIR> d-------- c:\program files\Trend Micro 2009-01-18 22:26 . 2009-01-18 22:26 <DIR> d-------- c:\program files\Sophos 2009-01-05 10:14 . 2001-08-17 13:56 7,552 --a------ c:\windows\system32\drivers\SONYPVU1.SYS 2009-01-05 10:14 . 2001-08-17 13:56 7,552 --a------ c:\windows\system32\dllcache\sonypvu1.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-29 07:20 --------- d-----w c:\documents and settings\Seanie\Application Data\AVG7 2009-01-29 07:20 --------- d-----w c:\documents and settings\LocalService\Application Data\AVG7 2009-01-29 07:20 --------- d-----w c:\documents and settings\All Users\Application Data\avg7 2009-01-29 07:20 --------- d-----w c:\documents and settings\Administrator\Application Data\AVG7 2009-01-28 20:33 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-01-28 20:27 --------- d-----w c:\program files\CCleaner 2009-01-26 22:24 --------- d-----w c:\program files\PartyGaming 2009-01-23 07:37 --------- d-----w c:\program files\Java 2009-01-23 07:30 --------- d-----w c:\program files\Corel 2009-01-23 07:27 --------- d-----w c:\program files\Common Files\Adobe 2009-01-18 22:43 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-01-18 22:10 1,033,728 ----a-w c:\windows\explorer.exe 2009-01-14 16:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-14 16:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2008-12-23 22:53 --------- d-----w c:\program files\iTunes 2008-12-23 22:53 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-12-23 22:52 --------- d-----w c:\program files\QuickTime 2008-12-23 22:52 --------- d-----w c:\program files\iPod 2008-12-23 22:52 --------- d-----w c:\program files\Common Files\Apple 2008-12-23 22:52 --------- d-----w c:\program files\Bonjour 2008-12-23 22:51 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer 2008-12-23 22:50 --------- d-----w c:\program files\Apple Software Update 2008-12-23 22:50 --------- d-----w c:\documents and settings\All Users\Application Data\Apple 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys 2008-12-10 22:07 --------- d-----w c:\program files\SUPERAntiSpyware 2008-12-05 22:24 --------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2008-12-05 22:23 --------- d-----w c:\documents and settings\Seanie\Application Data\SUPERAntiSpyware.com 2008-12-05 21:55 1,312,755 ----a-w C:\MGtools.exe 2008-12-04 22:22 --------- d-----w c:\program files\Spybot - Search & Destroy 2007-11-17 14:13 81,920 ----a-w c:\documents and settings\Seanie\Application Data\ezpinst.exe 2007-11-17 14:13 47,360 ----a-w c:\documents and settings\Seanie\Application Data\pcouffin.sys 2006-12-31 13:48 88 -c--a-w c:\documents and settings\Seanie\Application Data\wklnhst.dat 2007-05-02 22:00 56 -csh--r c:\windows\system32\A96C0B895C.sys 2007-10-18 19:29 3,766 -csha-w c:\windows\system32\KGyGaAvL.sys 2008-09-09 21:07 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008090120080908\index.dat 2008-09-09 21:07 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008090920080910\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-10 1809648] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947] "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-06-29 1032192] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 667718] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-05-01 602182] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920] "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744] "MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 1117184] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 49152] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-01-14 1273488] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-14 169984] "SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 c:\windows\stsystra.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-10 22:07 352256 c:\program files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Sony Ericsson\\Update Service\\ma3platform.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"= "c:\\WINDOWS\\stsystra.exe"= "c:\\Program Files\\Intel\\Wireless\\Bin\\ZCfgSvc.exe"= "c:\\WINDOWS\\system32\\taskmgr.exe"= "c:\\Program Files\\Intel\\Wireless\\Bin\\iFrmewrk.exe"= "c:\\Program Files\\Common Files\\Teleca Shared\\Generic.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "%windir%\\explorer.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "23562:TCP"= 23562:TCP:uTorr_TCP "23562:UDP"= 23562:UDP:uTorr_UDP R1 Odptdi;Odptdi;c:\windows\system32\drivers\odptdi.sys [2008-10-27 46744] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-11-17 8944] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-11-17 55024] S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\10.tmp --> c:\windows\system32\10.tmp [?] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-11-17 7408] . Contents of the 'Scheduled Tasks' folder 2009-01-05 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] . - - - - ORPHANS REMOVED - - - - HKLM-Run-DMXLauncher - c:\program files\Dell\Media Experience\DMXLauncher.exe Notify-WgaLogon - (no file) MSConfigStartUp-AVG7_CC - c:\progra~1\Grisoft\AVGFRE~1\avgcc.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.ie/ uInternet Connection Wizard,ShellNext = hxxp://www.euro.dell.com/ DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://magnet.2020.net/virtualplanner/Core/Player/2020PlayerAX_Win32.cab FF - ProfilePath - c:\documents and settings\Seanie\Application Data\Mozilla\Firefox\Profiles\mj2nxr7s.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.ie/ . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-29 07:27:04 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2] "ImagePath"="\??\c:\windows\system32\10.tmp" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders\p*& 2*] "Path"="c:\\WINDOWS\\system32\\config\\systemprofile\\Application Data\\Intel\\Wireless\\" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(916) c:\program files\SUPERAntiSpyware\SASWINLO.DLL . ------------------------ Other Running Processes ------------------------ . c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Intel\Wireless\Bin\WLKEEPER.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Dell\QuickSet\NicConfigSvc.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\windows\system32\wscntfy.exe c:\windows\system32\igfxsrvc.exe c:\program files\Common Files\Teleca Shared\CapabilityManager.exe c:\program files\Digital Line Detect\DLG.exe c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Common Files\Teleca Shared\Generic.exe c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe . ************************************************************************** . Completion time: 2009-01-29 7:29:51 - machine was rebooted [seanie] ComboFix-quarantined-files.txt 2009-01-29 07:29:48 Pre-Run: 5,296,717,824 bytes free Post-Run: 4,155,936,768 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect 200 --- E O F --- 2009-01-15 21:36:05 _____________________C:\AVENGER.TXT_________________________ Logfile of The Avenger Version 2.0, © by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! Error: file "C:\WINDOWS\system32\brsvc01a.exe" not found! Deletion of file "C:\WINDOWS\system32\brsvc01a.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\brss01a.exe" not found! Deletion of file "C:\WINDOWS\system32\brss01a.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\SYSTEM32\TDSSixgp.dll" not found! Deletion of file "C:\WINDOWS\SYSTEM32\TDSSixgp.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\SYSTEM32\TDSSproc.log" not found! Deletion of file "C:\WINDOWS\SYSTEM32\TDSSproc.log" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\SYSTEM32\TDSSwkod.log" not found! Deletion of file "C:\WINDOWS\SYSTEM32\TDSSwkod.log" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: could not open file "C:\Documents and Settings\Chelsea\Local Settings\Temp\TDSSe8db.tmp" Deletion of file "C:\Documents and Settings\Chelsea\Local Settings\Temp\TDSSe8db.tmp" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: file "c:\windows\system32\drivers\msqpdxserv.sys" not found! Deletion of file "c:\windows\system32\drivers\msqpdxserv.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\resycled" not found! Deletion of file "C:\resycled" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: could not open file "D:\resycled" Deletion of file "D:\resycled" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: could not open file "e:\resycled" Deletion of file "e:\resycled" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: could not open file "f:\resycled" Deletion of file "f:\resycled" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: could not open file "g:\resycled" Deletion of file "g:\resycled" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: file "c:\windows\system32\TDSSweat.dat" not found! Deletion of file "c:\windows\system32\TDSSweat.dat" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\drivers\TDSSmqlt.sys" not found! Deletion of file "C:\WINDOWS\system32\drivers\TDSSmqlt.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\windows\system32\drivers\tdssserv.sys" not found! Deletion of file "C:\windows\system32\drivers\tdssserv.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\drivers\TDSSmact.sys" not found! Deletion of file "C:\WINDOWS\system32\drivers\TDSSmact.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\TDSSfpmp.dll" not found! Deletion of file "C:\WINDOWS\system32\TDSSfpmp.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\TDSSwpyd.dat" not found! Deletion of file "C:\WINDOWS\system32\TDSSwpyd.dat" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\TDSStkdv.log" not found! Deletion of file "C:\WINDOWS\system32\TDSStkdv.log" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\TDSSotxb.dll" not found! Deletion of file "C:\WINDOWS\system32\TDSSotxb.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\TDSScrrn.dll" not found! Deletion of file "C:\WINDOWS\system32\TDSScrrn.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\TDSSbvqh.dll" not found! Deletion of file "C:\WINDOWS\system32\TDSSbvqh.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\TDSSjnmx.dll" not found! Deletion of file "C:\WINDOWS\system32\TDSSjnmx.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\TDSShrxr.dll" not found! Deletion of file "c:\windows\system32\TDSShrxr.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\TDSSkkbi.log" not found! Deletion of file "c:\windows\system32\TDSSkkbi.log" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\TDSSlrvd.dat" not found! Deletion of file "c:\windows\system32\TDSSlrvd.dat" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\TDSSlxwp.dll" not found! Deletion of file "c:\windows\system32\TDSSlxwp.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\TDSSnmxh.log" not found! Deletion of file "c:\windows\system32\TDSSnmxh.log" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\TDSSoiqt.dll" not found! Deletion of file "c:\windows\system32\TDSSoiqt.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\TDSSrhyp.log" not found! Deletion of file "c:\windows\system32\TDSSrhyp.log" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\TDSSrtqp.dll" not found! Deletion of file "c:\windows\system32\TDSSrtqp.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\TDSSsihc.dll" not found! Deletion of file "c:\windows\system32\TDSSsihc.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\TDSSxfum.dll" not found! Deletion of file "c:\windows\system32\TDSSxfum.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\TDSSmtve.dat" not found! Deletion of file "c:\windows\system32\TDSSmtve.dat" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\TDSSnirj.dat" not found! Deletion of file "c:\windows\system32\TDSSnirj.dat" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\tdss" not found! Deletion of driver "tdss" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\tdssserv" not found! Deletion of driver "tdssserv" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\TDSSserv.SYS" not found! Deletion of driver "TDSSserv.SYS" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\Service_TDSSSERV.SYS" not found! Deletion of driver "Service_TDSSSERV.SYS" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\Legacy_TDSSSERV.SYS" not found! Deletion of driver "Legacy_TDSSSERV.SYS" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\msqpdxserv.sys" not found! Deletion of driver "msqpdxserv.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\msqpdxserv" not found! Deletion of driver "msqpdxserv" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSserv.sys" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSserv.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDSSserv.sys" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDSSserv.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\tdssserv" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\tdssserv" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdssserv" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdssserv" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\tdssserv.sys" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\tdssserv.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\tdssserv.sys" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\tdssserv.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tdssserv" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tdssserv" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDSSSERV" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDSSSERV" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TDSSSERV" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TDSSSERV" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\SOFTWARE\tdss" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\SOFTWARE\tdss" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Completed script processing. ******************* Finished! Terminate. _____________________HJT_________________________ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:34, on 2009-01-29 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\stsystra.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\NetWaiting\netWaiting.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Digital Line Detect\DLG.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/ R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} (20-20 Technologies 3D Room Planner) - http://magnet.2020.net/virtualplanner/Core...yerAX_Win32.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 7665 bytes
  10. I renamed combofix and ran it in safe mode. Before I ran it, it said that AVG was still running, even though I'd done all I could to disable it. I didn't want to take any chances, so I uninstalled AVG altogether before running combofix (it's an out of date version anyway and you said I'd be better to get more up-to-date a/v software when we're done). Here are the logs: DDS, Attach (this reply) Combofix, Avenger, HJT (next reply) cheers, Sean _____________________DDS.TXT_________________________ DDS (Ver_09-01-19.01) - NTFSx86 Run by Seanie at 21:32:52.35 on 2009-01-29 Internet Explorer: 7.0.5730.11 ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.ie/ uInternet Connection Wizard,ShellNext = hxxp://www.euro.dell.com/ uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: NoExplorer - No File BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe mRun: [igfxtray] c:\windows\system32\igfxtray.exe mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe mRun: [igfxpers] c:\windows\system32\igfxpers.exe mRun: [sigmatelSysTrayApp] stsystra.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe mRun: [intelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe" mRun: [intelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [sony Ericsson PC Suite] "c:\program files\sony ericsson\mobile2\application launcher\Application Launcher.exe" /startoptions mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe" mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://magnet.2020.net/virtualplanner/Core/Player/2020PlayerAX_Win32.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - c:\program files\tiscali\tiscali internet\dlls\tiscalifilter.dll Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\seanie\applic~1\mozilla\firefox\profiles\mj2nxr7s.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.ie/ ============= SERVICES / DRIVERS =============== =============== Created Last 30 ================ 2009-01-29 07:23 <DIR> a-dshr-- C:\cmdcons 2009-01-29 06:56 286,720 a------- c:\windows\SWREG.exe 2009-01-29 06:56 98,816 a------- c:\windows\sed.exe 2009-01-28 20:27 <DIR> --d----- c:\program files\Yahoo! 2009-01-27 21:05 250 a------- c:\windows\gmer.ini 2009-01-22 22:05 <DIR> --d----- C:\as_xyz 2009-01-20 22:24 <DIR> --d----- C:\Lop SD 2009-01-20 22:20 <DIR> --d----- C:\_OTScanIt 2009-01-19 21:41 <DIR> --d----- c:\program files\Trend Micro 2009-01-18 22:26 <DIR> --d----- c:\program files\Sophos 2009-01-05 10:14 7,552 a------- c:\windows\system32\drivers\SONYPVU1.SYS 2009-01-05 10:14 7,552 a------- c:\windows\system32\dllcache\sonypvu1.sys ==================== Find3M ==================== 2009-01-18 22:10 1,033,728 a------- c:\windows\system32\dllcache\explorer.exe 2009-01-18 22:10 1,033,728 a------- c:\windows\explorer.exe 2009-01-14 16:11 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-14 16:11 15,504 a------- c:\windows\system32\drivers\mbam.sys 2008-12-13 06:40 3,593,216 a------- c:\windows\system32\dllcache\mshtml.dll 2008-12-11 10:57 333,952 a------- c:\windows\system32\drivers\srv.sys 2008-12-11 10:57 333,952 -------- c:\windows\system32\dllcache\srv.sys 2008-12-05 21:55 1,312,755 a------- C:\MGtools.exe 2007-11-17 14:13 81,920 a------- c:\docume~1\seanie\applic~1\ezpinst.exe 2007-11-17 14:13 47,360 a------- c:\docume~1\seanie\applic~1\pcouffin.sys 2006-12-31 13:48 88 ac------ c:\docume~1\seanie\applic~1\wklnhst.dat 2007-05-02 22:00 56 -c-shr-- c:\windows\system32\A96C0B895C.sys 2007-10-18 19:29 3,766 ac-sh--- c:\windows\system32\KGyGaAvL.sys 2008-09-09 21:07 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090120080908\index.dat 2008-09-09 21:07 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090920080910\index.dat ============= FINISH: 21:33:20.35 =============== _____________________ATTACH.TXT_________________________ ==== Installed Programs ====================== Adobe Flash Player 10 Plugin Adobe Flash Player 9 ActiveX Adobe SVG Viewer 3.0 Apple Mobile Device Support Apple Software Update Aventail Access Manager Aventail OnDemand Proxy Agent Aventail Web Proxy Agent Aventail Webifiers Bonjour Broadcom Management Programs CCleaner (remove only) CinepPlayer 30 Update Conexant HDA D110 MDC V.92 Modem Dell Support 3.2 Dell System Restore Digital Line Detect DVDFab Platinum 3.0.4.5 Beta Ghosthunter relase Google Earth High Definition Audio Driver Package - KB835221 HijackThis 2.0.2 Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB952287) Intel® Graphics Media Accelerator Driver Intel® PROSet/Wireless Software iTunes Magic ISO Maker v5.4 (build 0239) Malwarebytes' Anti-Malware Malwarebytes' RogueRemover mCore MCU mDrWiFi mHlpDell Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 Microsoft National Language Support Downlevel APIs Microsoft Office 2000 Professional Microsoft Office Web Components Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Works mIWA mLogView mMHouse Modem Helper Mozilla Firefox (3.0.5) mPfMgr mPfWiz mProSafe MSN mSSO MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) mWlsSafe mWMI mXML mZConfig NetWaiting PowerDVD 5.7 QuickSet QuickTime Security Update for Step By Step Interactive Training (KB898458) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 7 (KB928090) Security Update for Windows Internet Explorer 7 (KB929969) Security Update for Windows Internet Explorer 7 (KB931768) Security Update for Windows Internet Explorer 7 (KB933566) Security Update for Windows Internet Explorer 7 (KB937143) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB939653) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows Media Player 9 (KB917734) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Sonic Activation Module Sonic DLA Sonic MyDVD LE Sonic RecordNow Audio Sonic RecordNow Copy Sonic RecordNow Data Sonic Update Manager Sony Ericsson PC Suite 1.20.173 Sophos Anti-Rootkit 1.3.1 Spybot - Search & Destroy SUPERAntiSpyware Free Edition Synaptics Pointing Device Driver Tiscali Internet Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955839) Update Service VideoLAN VLC media player 0.8.5 WebFldrs XP Windows Genuine Advantage Validation Tool (KB892130) Windows Installer 3.1 (KB893803) Windows Internet Explorer 7 Windows Media Format 11 runtime Windows Media Player 11 Windows XP Service Pack 3 WinRAR archiver Yahoo! Toolbar ==== End Of File ===========================
  11. Hi, I got to STEP07 (download and run combofix), but it wouldn't run for me. Instead I got an error message (like the dialogs you get when IE crashes): "prep.com has encountered a problem and needs to close" with the Send and Don't send buttons.
  12. _______________________________GMER________________________________________ GMER 1.0.14.14536 - http://www.gmer.net Rootkit scan 2009-01-27 21:06:34 Windows 5.1.2600 Service Pack 3 ---- Devices - GMER 1.0.14 ---- AttachedDevice \FileSystem\Ntfs \Ntfs avg7rsw.sys (AVG Resident Shield Unload Helper/GRISOFT, s.r.o.) Device \Driver\Tcpip \Device\Ip avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Ip odptdi.sys (OnDemand Proxy TDI Driver/Aventail Corporation) Device \Driver\Tcpip \Device\Tcp avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Tcp odptdi.sys (OnDemand Proxy TDI Driver/Aventail Corporation) Device \Driver\Tcpip \Device\Udp avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Udp odptdi.sys (OnDemand Proxy TDI Driver/Aventail Corporation) Device \Driver\Tcpip \Device\RawIp avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.) AttachedDevice \Driver\Tcpip \Device\RawIp odptdi.sys (OnDemand Proxy TDI Driver/Aventail Corporation) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) ---- Services - GMER 1.0.14 ---- Service system32\drivers\TDSSserv.sys (*** hidden *** ) [sYSTEM] TDSSserv <-- ROOTKIT !!! ---- EOF - GMER 1.0.14 ---- _______________________________MBAM__________________________________________ Malwarebytes' Anti-Malware 1.33 Database version: 1700 Windows 5.1.2600 Service Pack 3 27/01/2009 21:11:28 mbam-log-2009-01-27 (21-11-28).txt Scan type: Quick Scan Objects scanned: 55113 Time elapsed: 3 minute(s), 7 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) _______________________________HJT________________________________________ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:15:36, on 27/01/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\stsystra.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\NetWaiting\netWaiting.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Digital Line Detect\DLG.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Seanie\Desktop\gmer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} (20-20 Technologies 3D Room Planner) - http://magnet.2020.net/virtualplanner/Core...yerAX_Win32.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{046D27A9-134B-4AE0-9CEF-1CCD7FF3B79A}: NameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{046D27A9-134B-4AE0-9CEF-1CCD7FF3B79A}: NameServer = 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{046D27A9-134B-4AE0-9CEF-1CCD7FF3B79A}: NameServer = 192.168.1.1 O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 9038 bytes
  13. Hi Tigger - what do you mean by 'cracks'? (I'm not the brightest!) That 'cracking' folder is a music folder for a CD compilation I was making for the car. The folder used to be called 'Cracking tunes' (as in 'very good tunes'). Not sure whether you use that expression, but it's common in Ireland and Britain.
  14. ***OTScanIt2*** Process Explorer.EXE killed successfully! [Registry - Safe List] Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}\ not found. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\drivers\svchost.exe deleted successfully. [Files/Folders - Created Within 30 Days] C:\Documents and Settings\Seanie\Desktop\dds.scr moved successfully. C:\Documents and Settings\Seanie\Desktop\dds.com moved successfully. [Files/Folders - Modified Within 30 Days] C:\Documents and Settings\Seanie\Local Settings\Temp\WMC0000.tmp folder deleted successfully. C:\Documents and Settings\Seanie\Local Settings\Temp\~nsu.tmp folder deleted successfully. C:\Documents and Settings\Seanie\Local Settings\Temp\SSUPDATE.EXE moved successfully. C:\Documents and Settings\Seanie\Local Settings\Temp\vqmzrt.exe moved successfully. C:\Documents and Settings\Seanie\Local Settings\Temp\txdlrf.exe moved successfully. [Alternate Data Streams] ADS C:\WINDOWS\explorer.exe:mian.nest.9.10 deleted successfully. ADS C:\WINDOWS\explorer.exe:host.opts.db deleted successfully. ADS C:\WINDOWS\explorer.exe:log.dump deleted successfully. ADS C:\WINDOWS\explorer.exe:extractor6.trg deleted successfully. ADS C:\WINDOWS\explorer.exe:httpcomm.set deleted successfully. [Purity] Purity scan complete. [Empty Temp Folders] User's Temp folder emptied. User's Temporary Internet Files folder emptied. User's Internet Explorer cache folder emptied. Local Service Temp folder emptied. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. Local Service Temporary Internet Files folder emptied. Windows Temp folder emptied. Java cache emptied. FireFox cache emptied. RecycleBin -> emptied. Explorer started successfully < End of fix log > OTScanIt2 by OldTimer - Version 1.0.6.2 fix logfile created on 01202009_222033 Files moved on Reboot... File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot. Registry entries deleted on Reboot... ________________________________________________________________________ ***Lop S&D*** --------------------\\ Lop S&D 4.2.5-0 XP/Vista Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3 X86-based PC ( Multiprocessor Free : Genuine Intel® CPU T2050 @ 1.60GHz ) BIOS : Phoenix ROM BIOS PLUS Version 1.10 A08 USER : Seanie ( Administrator ) BOOT : Normal boot Antivirus : (Not Activated) Firewall : (Not Activated) C:\ (Local Disk) - NTFS - Total:70 Go (Free:3 Go) D:\ (CD or DVD) - UDF - Total:6 Go (Free:0 Go) F:\ (Local Disk) - FAT - Total:0 Go (Free:0 Go) "C:\Lop SD" ( MAJ : 19-12-2008|23:40 ) Option : [1] ( 20/01/2009|22:25 ) --------------------\\ Listing folders in APPLIC~1 [23/09/2006|11:42] C:\DOCUME~1\ADMINI~1\APPLIC~1\AOL [05/12/2008|22:17] C:\DOCUME~1\ADMINI~1\APPLIC~1\AVG7 [14/09/2006|14:24] C:\DOCUME~1\ADMINI~1\APPLIC~1\Corel [14/09/2006|14:30] C:\DOCUME~1\ADMINI~1\APPLIC~1\Gtek [10/08/2004|12:08] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities [14/09/2006|14:19] C:\DOCUME~1\ADMINI~1\APPLIC~1\Intel [02/09/2008|21:42] C:\DOCUME~1\ADMINI~1\APPLIC~1\Macromedia [09/09/2008|20:52] C:\DOCUME~1\ADMINI~1\APPLIC~1\Malwarebytes [03/09/2008|21:00] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft [14/09/2006|14:25] C:\DOCUME~1\ADMINI~1\APPLIC~1\You've Got Pictures Screensaver [23/12/2008|22:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} [11/11/2006|23:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe [11/11/2006|23:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems [23/09/2006|11:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL [23/12/2008|22:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple [23/12/2008|22:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer [21/02/2007|20:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg7 [19/11/2006|19:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink [02/01/2007|19:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google [24/09/2006|19:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft [14/09/2006|14:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\GTek [14/09/2006|14:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield [14/09/2006|14:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Intel [05/09/2008|20:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes [14/09/2006|14:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee [14/09/2006|14:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee.com [24/09/2006|19:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee.com Personal Firewall [15/10/2006|19:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft [29/10/2006|11:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime [10/08/2004|12:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI [14/09/2006|14:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic [29/03/2007|20:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Ericsson [05/12/2008|21:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy [05/12/2008|22:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com [29/03/2007|20:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Teleca [02/01/2007|19:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage [23/09/2006|11:42] C:\DOCUME~1\Cora\APPLIC~1\AOL [17/10/2006|21:12] C:\DOCUME~1\Cora\APPLIC~1\AVG7 [14/09/2006|14:24] C:\DOCUME~1\Cora\APPLIC~1\Corel [14/09/2006|14:30] C:\DOCUME~1\Cora\APPLIC~1\Gtek [10/08/2004|12:08] C:\DOCUME~1\Cora\APPLIC~1\Identities [14/09/2006|14:19] C:\DOCUME~1\Cora\APPLIC~1\Intel [17/10/2006|21:14] C:\DOCUME~1\Cora\APPLIC~1\Macromedia [03/09/2008|21:45] C:\DOCUME~1\Cora\APPLIC~1\Microsoft [14/09/2006|14:25] C:\DOCUME~1\Cora\APPLIC~1\You've Got Pictures Screensaver [23/09/2006|11:42] C:\DOCUME~1\DEFAUL~1\APPLIC~1\AOL [14/09/2006|14:24] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Corel [14/09/2006|14:30] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Gtek [10/08/2004|12:08] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities [14/09/2006|14:19] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Intel [14/09/2006|14:17] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft [14/09/2006|14:25] C:\DOCUME~1\DEFAUL~1\APPLIC~1\You've Got Pictures Screensaver [27/12/2008|08:00] C:\DOCUME~1\LOCALS~1\APPLIC~1\AVG7 [23/09/2006|11:50] C:\DOCUME~1\LOCALS~1\APPLIC~1\McAfee.com Personal Firewall [10/08/2004|11:57] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft [24/09/2006|19:12] C:\DOCUME~1\NETWOR~1\APPLIC~1\Intel [10/08/2004|11:57] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft [27/10/2007|18:14] C:\DOCUME~1\Seanie\APPLIC~1\Adobe [02/10/2006|19:12] C:\DOCUME~1\Seanie\APPLIC~1\AdobeUM [23/09/2006|11:42] C:\DOCUME~1\Seanie\APPLIC~1\AOL [17/11/2006|00:19] C:\DOCUME~1\Seanie\APPLIC~1\Apple Computer [27/10/2008|08:47] C:\DOCUME~1\Seanie\APPLIC~1\Aventail [17/01/2009|10:58] C:\DOCUME~1\Seanie\APPLIC~1\AVG7 [02/05/2007|22:05] C:\DOCUME~1\Seanie\APPLIC~1\Corel [06/10/2006|21:53] C:\DOCUME~1\Seanie\APPLIC~1\CyberLink [01/06/2008|19:40] C:\DOCUME~1\Seanie\APPLIC~1\dvdcss [17/02/2007|12:36] C:\DOCUME~1\Seanie\APPLIC~1\Google [14/09/2006|14:30] C:\DOCUME~1\Seanie\APPLIC~1\Gtek [11/11/2006|11:36] C:\DOCUME~1\Seanie\APPLIC~1\Help [10/08/2004|12:08] C:\DOCUME~1\Seanie\APPLIC~1\Identities [14/09/2006|14:19] C:\DOCUME~1\Seanie\APPLIC~1\Intel [30/09/2006|20:40] C:\DOCUME~1\Seanie\APPLIC~1\Leadertech [24/09/2006|20:14] C:\DOCUME~1\Seanie\APPLIC~1\Macromedia [09/09/2008|21:13] C:\DOCUME~1\Seanie\APPLIC~1\Malwarebytes [23/09/2006|11:26] C:\DOCUME~1\Seanie\APPLIC~1\McAfee.com Personal Firewall [27/10/2008|08:47] C:\DOCUME~1\Seanie\APPLIC~1\Microsoft [16/12/2008|22:01] C:\DOCUME~1\Seanie\APPLIC~1\Mozilla [02/01/2007|19:41] C:\DOCUME~1\Seanie\APPLIC~1\Real [30/09/2006|20:40] C:\DOCUME~1\Seanie\APPLIC~1\Sonic [16/10/2006|18:00] C:\DOCUME~1\Seanie\APPLIC~1\Sun [05/12/2008|22:23] C:\DOCUME~1\Seanie\APPLIC~1\SUPERAntiSpyware.com [29/03/2007|20:19] C:\DOCUME~1\Seanie\APPLIC~1\Teleca [31/12/2006|13:47] C:\DOCUME~1\Seanie\APPLIC~1\Template [10/11/2007|22:40] C:\DOCUME~1\Seanie\APPLIC~1\uTorrent [29/10/2006|11:46] C:\DOCUME~1\Seanie\APPLIC~1\vlc [03/02/2008|20:42] C:\DOCUME~1\Seanie\APPLIC~1\Vso [14/09/2006|14:25] C:\DOCUME~1\Seanie\APPLIC~1\You've Got Pictures Screensaver --------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks [05/01/2009 23:54][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job [20/01/2009 22:22][--ah-----] C:\WINDOWS\tasks\SA.DAT [04/08/2004 04:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini --------------------\\ Listing Folders in C:\Program Files [11/11/2006|23:01] C:\Program Files\Adobe [31/12/2006|18:06] C:\Program Files\Ahead [23/12/2008|22:50] C:\Program Files\Apple Software Update [23/12/2008|22:52] C:\Program Files\Bonjour [14/09/2006|14:18] C:\Program Files\Broadcom [05/12/2008|21:39] C:\Program Files\CCleaner [23/12/2008|22:50] C:\Program Files\Common Files [14/09/2006|14:16] C:\Program Files\CONEXANT [02/05/2007|22:04] C:\Program Files\Corel [14/09/2006|14:19] C:\Program Files\CyberLink [23/09/2006|11:44] C:\Program Files\Dell [14/09/2006|14:30] C:\Program Files\Dell Support [14/09/2006|14:18] C:\Program Files\Digital Line Detect [02/01/2007|20:46] C:\Program Files\DivX [03/02/2008|21:17] C:\Program Files\DVDFab Platinum 3 [15/02/2008|19:13] C:\Program Files\Google [24/09/2006|19:55] C:\Program Files\Grisoft [17/02/2007|12:35] C:\Program Files\InstallShield Installation Information [14/09/2006|14:19] C:\Program Files\Intel [13/12/2008|17:51] C:\Program Files\Internet Explorer [23/12/2008|22:52] C:\Program Files\iPod [23/12/2008|22:53] C:\Program Files\iTunes [04/04/2007|20:23] C:\Program Files\Java [02/05/2007|21:51] C:\Program Files\MagicISO [18/01/2009|22:43] C:\Program Files\Malwarebytes' Anti-Malware [14/09/2006|14:28] C:\Program Files\McAfee [15/08/2008|23:33] C:\Program Files\Messenger [17/02/2007|10:54] C:\Program Files\microsoft frontpage [17/02/2007|10:55] C:\Program Files\Microsoft Office [14/09/2006|14:29] C:\Program Files\Microsoft Works [29/10/2008|12:10] C:\Program Files\Modem Helper [27/07/2008|21:25] C:\Program Files\Movie Maker [20/01/2009|22:23] C:\Program Files\Mozilla Firefox [01/09/2007|23:45] C:\Program Files\MSN [10/08/2004|12:01] C:\Program Files\MSN Gaming Zone [17/11/2006|00:51] C:\Program Files\MSXML 4.0 [27/07/2008|21:21] C:\Program Files\NetMeeting [14/09/2006|14:18] C:\Program Files\NetWaiting [10/08/2004|12:01] C:\Program Files\Online Services [27/07/2008|21:21] C:\Program Files\Outlook Express [20/10/2007|22:14] C:\Program Files\PartyGaming [23/12/2008|22:52] C:\Program Files\QuickTime [27/12/2006|18:54] C:\Program Files\Real [02/09/2008|21:36] C:\Program Files\RogueRemover FREE [14/09/2006|14:16] C:\Program Files\Sigmatel [14/09/2006|14:21] C:\Program Files\Sonic [04/05/2007|22:41] C:\Program Files\Sony Ericsson [18/01/2009|22:26] C:\Program Files\Sophos [04/12/2008|22:22] C:\Program Files\Spybot - Search & Destroy [10/12/2008|22:07] C:\Program Files\SUPERAntiSpyware [14/09/2006|14:17] C:\Program Files\Synaptics [14/09/2006|14:21] C:\Program Files\Tiscali [19/01/2009|21:41] C:\Program Files\Trend Micro [02/01/2007|19:44] C:\Program Files\Uninstall Information [15/10/2006|01:18] C:\Program Files\uTorrent [29/10/2006|11:39] C:\Program Files\VideoLAN [02/01/2007|20:54] C:\Program Files\Windows Media Connect 2 [27/07/2008|21:21] C:\Program Files\Windows Media Player [27/07/2008|21:21] C:\Program Files\Windows NT [24/09/2006|19:38] C:\Program Files\WindowsUpdate [18/10/2006|20:10] C:\Program Files\WinRAR [10/08/2004|12:04] C:\Program Files\xerox --------------------\\ Listing Folders in C:\Program Files\Common Files [11/11/2006|23:01] C:\Program Files\Common Files\Adobe [11/11/2006|23:03] C:\Program Files\Common Files\Adobe Systems Shared [23/09/2006|11:44] C:\Program Files\Common Files\AOL [23/12/2008|22:52] C:\Program Files\Common Files\Apple [02/05/2007|22:05] C:\Program Files\Common Files\Corel [17/02/2007|10:55] C:\Program Files\Common Files\Designer [14/09/2006|14:20] C:\Program Files\Common Files\InstallShield [14/09/2006|14:11] C:\Program Files\Common Files\Java [17/02/2007|10:55] C:\Program Files\Common Files\Microsoft Shared [10/08/2004|12:02] C:\Program Files\Common Files\MSSoap [14/09/2006|14:25] C:\Program Files\Common Files\Nullsoft [02/01/2007|19:42] C:\Program Files\Common Files\Real [28/10/2008|22:30] C:\Program Files\Common Files\Roxio Shared [10/08/2004|12:02] C:\Program Files\Common Files\Services [28/10/2008|22:30] C:\Program Files\Common Files\Sonic Shared [10/08/2004|11:57] C:\Program Files\Common Files\SpeechEngines [27/07/2008|21:21] C:\Program Files\Common Files\System [29/03/2007|20:18] C:\Program Files\Common Files\Teleca Shared [14/09/2006|14:20] C:\Program Files\Common Files\TiVo Shared [23/01/2008|21:40] C:\Program Files\Common Files\Wise Installation Wizard --------------------\\ Process ( 58 Processes ) ... OK ! --------------------\\ Searching with S_Lop No Lop folder found ! --------------------\\ Searching for Lop Files - Folders No Lop folder found ! --------------------\\ Searching within the Registry ..... OK ! --------------------\\ Checking the Hosts file Hosts file CLEAN --------------------\\ Searching for hidden files with Catchme catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-20 22:26:33 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 0 --------------------\\ Searching for other infections --------------------\\ ROOTKIT !! Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDSSSERV] Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_TDSSSERV] Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TDSSSERV] Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TDSSserv] Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\TDSSserv] Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TDSSserv] --------------------\\ Cracks & Keygens .. C:\DOCUME~1\Seanie\Desktop\cracking C:\DOCUME~1\Seanie\Desktop\cracking\01 Cardiac Arrest.mp3 C:\DOCUME~1\Seanie\Desktop\cracking\01 Panther Dash.mp3 C:\DOCUME~1\Seanie\Desktop\cracking\01 Tell Me Why.mp3 C:\DOCUME~1\Seanie\Desktop\cracking\02 All You Good Good People.mp3 C:\DOCUME~1\Seanie\Desktop\cracking\04 Cut Your Hair.mp3 C:\DOCUME~1\Seanie\Desktop\cracking\05 Come Back to What You Know.mp3 C:\DOCUME~1\Seanie\Desktop\cracking\05 Till the Morning Comes.mp3 C:\DOCUME~1\Seanie\Desktop\cracking\06 Junior Kickstart.mp3 C:\DOCUME~1\Seanie\Desktop\cracking\06 Supersonic.mp3 C:\DOCUME~1\Seanie\Desktop\cracking\07 Eight Miles High.mp3 C:\DOCUME~1\Seanie\Desktop\cracking\08 - Mr. Grieves.mp3 C:\DOCUME~1\Seanie\Desktop\cracking\09 Texarkana.mp3 C:\DOCUME~1\Seanie\Desktop\cracking\9 - Aphex Twin - Avril 14th.mp3 C:\DOCUME~1\Seanie\Desktop\cracking\AlbumArtSmall.jpg C:\DOCUME~1\Seanie\Desktop\cracking\AlbumArt_{0064FE52-9192-44A2-8B79-21C2D331ECFF}_Large.jpg C:\DOCUME~1\Seanie\Desktop\cracking\AlbumArt_{0064FE52-9192-44A2-8B79-21C2D331ECFF}_Small.jpg C:\DOCUME~1\Seanie\Desktop\cracking\clare C:\DOCUME~1\Seanie\Desktop\cracking\dec C:\DOCUME~1\Seanie\Desktop\cracking\desktop.ini C:\DOCUME~1\Seanie\Desktop\cracking\Folder.jpg C:\DOCUME~1\Seanie\Desktop\cracking\for andreas C:\DOCUME~1\Seanie\Desktop\cracking\Mamma Mia (2008) - Soundtrack C:\DOCUME~1\Seanie\Desktop\cracking\next version C:\DOCUME~1\Seanie\Desktop\cracking\old C:\DOCUME~1\Seanie\Desktop\cracking\xmas C:\DOCUME~1\Seanie\Desktop\cracking\clare\01 Bladhm.mp3 C:\DOCUME~1\Seanie\Desktop\cracking\clare\01 Headache.mp3 C:\DOCUME~1\Seanie\Desktop\cracking\clare\01 Meicsiceo.mp3 C:\DOCUME~1\Seanie\Desktop\cracking\clare\01-glasvegas-flowers_and_football_tops.mp3 C:\DOCUME~1\Seanie\Desktop\cracking\clare\02 Can't Take My Eyes off You.mp3 C:\DOCUME~1\Seanie\Desktop\cracking\clare\02 Don't Take Your Gun to Town.mp3 C:\DOCUME~1\Seanie\Desktop\cracking\clare\02 Shut Up.mp3 C:\DOCUME~1\Seanie\Desktop\cracking\clare\03 Cail
  15. Tigger, yer a star - thanks a million. I've attached the text file. cheers, Sean OTScanIt.Txt OTScanIt.Txt
  16. Hi, First, great work with this forum! I have a stubborn Vundo infection that pops up every time I run mbam. Other problems that might be worth mentioning: * Yesterday mbam spotted 'Rootkit.ADS'. I think it's been removed though. * I seem to have some remnants of 'AntiVirus XP 2008' as well. There are icons in my Start menu, although there are only placeholder graphics instead of proper icons, if you know what I mean. I don't think it's a real problem though. I'd really appreciate any help that comes my way. I've run mbam and HJT (as requested in the sticky thread), so here goes... Thanks, Sean __________________________________________________________________________ ***HJT*** Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:41:24, on 19/01/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\WINDOWS\stsystra.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\NetWaiting\netWaiting.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [nogewajufu] Rundll32.exe "C:\WINDOWS\system32\hapejulu.dll",s O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [nogewajufu] Rundll32.exe "C:\WINDOWS\system32\lutazipu.dll",s (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} (20-20 Technologies 3D Room Planner) - http://magnet.2020.net/virtualplanner/Core...yerAX_Win32.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{046D27A9-134B-4AE0-9CEF-1CCD7FF3B79A}: NameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{046D27A9-134B-4AE0-9CEF-1CCD7FF3B79A}: NameServer = 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{046D27A9-134B-4AE0-9CEF-1CCD7FF3B79A}: NameServer = 192.168.1.1 O20 - AppInit_DLLs: c:\windows\system32\kefuzego.dll , c:\windows\system32\rapepute.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 10119 bytes __________________________________________________________________________ ***MBAM*** Malwarebytes' Anti-Malware 1.33 Database version: 1666 Windows 5.1.2600 Service Pack 3 19/01/2009 21:35:24 mbam-log-2009-01-19 (21-35-24).txt Scan type: Quick Scan Objects scanned: 54687 Time elapsed: 4 minute(s), 24 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nogewajufu (Trojan.Vundo.H) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.