Jump to content

cloughie71

Members
 View Profile  See their activity

  • Posts

    7

  • Joined

  • Last visited

Reputation

0 Neutral
  1. cloughie71
    Hi again Well I managed to get the wireless back up and running by uninstalling the network adapter then restarting and letting it re install however it now appears that there is a redirect virus on there too! Hope someone can help.....
  2. cloughie71
    Hi again I'm back now! Unfortunately the quarantined files are no longer there however below is the log from the original scan: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5363 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 01/06/2011 02:26:12 mbam-log-2011-06-01 (02-26-12).txt Scan type: Full scan (C:\|) Objects scanned: 290120 Time elapsed: 1 hour(s), 23 minute(s), 25 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 6 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.ShoppingReport2) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D1EC4CA-4B92-4324-B8F8-C9A6ED06A8AE} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} (Adware.ShoppingReport2) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\system volume information\_restore{d6691a47-2dec-4ab9-9372-a5bacce2fc45}\RP2\A0003158.exe (Trojan.Agent) -> Quarantined and deleted successfully. Thanks in advance for any advice. Cloughie :-)
  3. cloughie71
    Hi and thanks for your reply. I'm away from home for a week with limited access to internet and without my laptop so won't be able to respond for a while but will check as soon as I'm home and let you know. Thanks again Cloughie
  4. cloughie71
    And the DDS Log: . DDS (Ver_2011-06-01.06) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23 Run by Lynn at 13:45:39 on 2011-06-02 Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1014.431 [GMT 1:00] . AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Firewall *Disabled* . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\rundll32.exe svchost.exe C:\WINDOWS\System32\svchost.exe -k Akamai C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\stsystra.exe C:\Program Files\Dell\MediaDirect\PCMService.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\vsnpstd3.exe C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Real\RealPlayer\update\realsched.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe C:\Program Files\Common Files\Teleca Shared\logger.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exe C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://uk.ask.com?o=15557&l=dis uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110514093942.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [solCalendar] c:\program files\solcana\solcalendar\Calendar.exe uRun: [AdobeBridge] uRun: [Lyeqomiz] rundll32.exe "c:\windows\ntaskbi.dll",Startup mRun: [igfxtray] c:\windows\system32\igfxtray.exe mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe mRun: [igfxpers] c:\windows\system32\igfxpers.exe mRun: [sigmatelSysTrayApp] stsystra.exe mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe" mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [snpstd3] c:\windows\vsnpstd3.exe mRun: [tsnpstd3] c:\windows\tsnpstd3.exe mRun: [Mobile Connectivity Suite] "c:\program files\htc\htc sync\application launcher\Application Launcher.exe" /startoptions mRun: [Desktop Calendar] c:\program files\desktop calendar\CanDesk.exe 9 mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [intelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe" mRun: [intelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL DPF: {2FD395CB-BD93-4BA9-AA4B-D725754E20D1} - hxxp://player.portalarium.com/installers/win32/PortalariumPlayer.cab DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxps://www.tescophoto.com/wpp/tesco/app/ImageUploader5.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1258477053845 DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{1A41946A-A6C7-4FD2-8E55-0BB1EEF6378F} : DhcpNameServer = 192.168.1.254 Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\lynn\application data\mozilla\firefox\profiles\qci6bz6j.default\ FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll FF - plugin: c:\documents and settings\lynn\application data\mozilla\firefox\profiles\qci6bz6j.default\extensions\{1bc9ba34-1eed-42ca-a505-6d2f1a935bbb}\plugins\npietab2.dll FF - plugin: c:\documents and settings\lynn\application data\mozilla\firefox\profiles\qci6bz6j.default\extensions\player@portalarium.com\plugins\NPPortalariumPlayer.dll FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\veetle\player\npvlc.dll FF - plugin: c:\program files\veetle\plugins\npVeetle.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\mcafee\SiteAdvisor FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext FF - Ext: XULRunner: {0D3B11D4-A107-44A6-86AB-2917B13C3045} - c:\documents and settings\lynn\local settings\application data\{0D3B11D4-A107-44A6-86AB-2917B13C3045} FF - Ext: XULRunner: {787661FF-5655-45AA-AC7A-70891A72281C} - c:\documents and settings\paul\local settings\application data\{787661FF-5655-45AA-AC7A-70891A72281C} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: IE Tab 2 (FF 3.6+): {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} - %profile%\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} FF - Ext: Portalarium Player: player@portalarium.com - %profile%\extensions\player@portalarium.com . ============= SERVICES / DRIVERS =============== . R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-9-10 387480] R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-9-10 84200] R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-4 14336] R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-9-10 153280] R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-9-10 314088] R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-5-31 38224] S1 usyufrfb;usyufrfb;\??\c:\windows\system32\drivers\usyufrfb.sys --> c:\windows\system32\drivers\usyufrfb.sys [?] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-2 135664] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe" /mccoresvc --> c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [?] S2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe" /mccoresvc --> c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [?] S2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe" /mccoresvc --> c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [?] S2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe" /mccoresvc --> c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [?] S2 McShield;McShield;"c:\program files\common files\mcafee\systemcore\\mcshield.exe" --> c:\program files\common files\mcafee\systemcore\\mcshield.exe [?] S2 mfefire;McAfee Firewall Core Service;"c:\program files\common files\mcafee\systemcore\\mfefire.exe" --> c:\program files\common files\mcafee\systemcore\\mfefire.exe [?] S2 mfevtp;McAfee Validation Trust Protection Service;"c:\program files\common files\mcafee\systemcore\mfevtps.exe" --> c:\program files\common files\mcafee\systemcore\mfevtps.exe [?] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-9-10 56064] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-2 135664] S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2010-1-27 25728] S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-9-10 52320] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-9-10 84488] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-1-30 136704] S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-1-30 8320] . =============== Created Last 30 ================ . 2011-06-02 12:37:38 388096 -c--a-r- c:\documents and settings\lynn\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe 2011-06-02 12:37:37 -------- dc----w- c:\program files\Trend Micro 2011-06-01 09:38:12 -------- dc----w- c:\program files\Modem Helper 2011-06-01 09:37:01 16128 -c--a-w- c:\windows\system32\drivers\APPDRV.SYS 2011-06-01 09:06:14 21361 -c--a-w- c:\windows\system32\drivers\AegisP.sys 2011-06-01 09:06:14 21361 -c--a-w- c:\windows\AegisP.sys 2011-06-01 09:05:16 745472 -c----w- c:\windows\system32\NETw4c32.dll 2011-06-01 09:05:16 2777088 -c--a-w- c:\windows\system32\NETw4r32.dll 2011-06-01 09:05:16 2236032 -c--a-w- c:\windows\system32\drivers\NETw4x32.sys 2011-06-01 09:04:20 -------- dc----w- c:\documents and settings\lynn\application data\Intel 2011-06-01 00:00:26 -------- dc----w- c:\documents and settings\lynn\application data\Malwarebytes 2011-05-31 23:40:29 -------- dc----w- c:\windows\system32\MpEngineStore 2011-05-31 19:32:52 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-31 19:32:51 -------- dc----w- c:\documents and settings\all users\application data\Malwarebytes 2011-05-31 19:32:47 20952 -c--a-w- c:\windows\system32\drivers\mbam.sys 2011-05-31 19:32:47 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware 2011-05-31 19:12:30 -------- dc----w- c:\windows\system32\wbem\repository\FS 2011-05-31 19:12:30 -------- dc----w- c:\windows\system32\wbem\Repository 2011-05-31 15:58:29 0 -c--a-w- c:\windows\Ereyeq.bin 2011-05-31 15:58:09 -------- dc----w- c:\documents and settings\lynn\local settings\application data\{0D3B11D4-A107-44A6-86AB-2917B13C3045} 2011-05-31 15:57:11 120832 -csha-r- c:\windows\system32\routetabc.dll 2011-05-28 14:40:01 -------- dc----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy 2011-05-28 14:40:00 -------- dc----w- c:\program files\Spybot - Search & Destroy 2011-05-20 16:31:16 -------- dc----w- c:\documents and settings\lynn\application data\PacificPoker 2011-05-20 16:31:07 -------- dc----w- c:\program files\PacificPoker . ==================== Find3M ==================== . 2011-04-14 13:01:38 95824 -c--a-w- c:\windows\system32\drivers\mfeapfk.sys 2011-04-14 13:01:38 9344 -c--a-w- c:\windows\system32\drivers\mfeclnk.sys 2011-04-14 13:01:38 84488 -c--a-w- c:\windows\system32\drivers\mferkdet.sys 2011-04-14 13:01:38 84200 -c--a-w- c:\windows\system32\drivers\mfetdi2k.sys 2011-04-14 13:01:38 56064 -c--a-w- c:\windows\system32\drivers\cfwids.sys 2011-04-14 13:01:38 52320 -c--a-w- c:\windows\system32\drivers\mfebopk.sys 2011-04-14 13:01:38 387480 -c--a-w- c:\windows\system32\drivers\mfehidk.sys 2011-04-14 13:01:38 314088 -c--a-w- c:\windows\system32\drivers\mfefirek.sys 2011-04-14 13:01:38 153280 -c--a-w- c:\windows\system32\drivers\mfeavfk.sys 2011-03-07 05:33:50 692736 -c--a-w- c:\windows\system32\inetcomm.dll 2009-12-20 15:10:32 1956528 -c--a-w- c:\program files\install_flash_player_ax.exe 2009-11-30 14:38:39 4043264 -c--a-w- c:\program files\b1c1_ukx.exe 2009-11-29 16:36:13 124273 -c--a-w- c:\program files\msgr10uk.exe 2009-11-29 12:48:17 1519896 -c--a-w- c:\program files\broadband_advisor.exe . =================== ROOTKIT ==================== . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 5.1.2600 Disk: Hitachi_HTS541680J9SA00 rev.SB2OC7KP -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 . device: opened successfully user: MBR read successfully . Disk trace: error: Read A device attached to the system is not functioning. kernel: MBR read successfully _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; } detected disk devices: detected hooks: \Driver\atapi DriverStartIo -> 0x86CD731B user & kernel MBR OK . ============= FINISH: 13:53:27.17 ===============
  5. cloughie71
    And the MBAM log: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5363 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 02/06/2011 13:59:05 mbam-log-2011-06-02 (13-59-05).txt Scan type: Quick scan Objects scanned: 180373 Time elapsed: 19 minute(s), 10 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  6. cloughie71
    Here is the Hijack This log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 13:38:36, on 02/06/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\stsystra.exe C:\Program Files\Dell\MediaDirect\PCMService.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\vsnpstd3.exe C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Real\RealPlayer\update\realsched.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe C:\Program Files\Common Files\Teleca Shared\logger.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exe C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.ask.com?o=15557&l=dis R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110514093942.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe" O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe O4 - HKLM\..\Run: [Mobile Connectivity Suite] "C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [Desktop Calendar] C:\Program Files\Desktop Calendar\CanDesk.exe 9 O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [solCalendar] C:\Program Files\Solcana\SolCalendar\Calendar.exe O4 - HKCU\..\Run: [Lyeqomiz] rundll32.exe "C:\WINDOWS\ntaskbi.dll",Startup O4 - Global Startup: Bluetooth.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {2FD395CB-BD93-4BA9-AA4B-D725754E20D1} (Portalarium Player Web Plugin) - http://player.portalarium.com/installers/win32/PortalariumPlayer.cab O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - https://www.tescophoto.com/wpp/tesco/app/ImageUploader5.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1258477053845 O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Bluetooth Service (btwdins) - Unknown owner - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (file missing) O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe (file missing) O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (file missing) O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - Unknown owner - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (file missing) O23 - Service: McAfee Services (mcmscsvc) - Unknown owner - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (file missing) O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - Unknown owner - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (file missing) O23 - Service: McAfee Network Agent (McNASvc) - Unknown owner - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (file missing) O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - Unknown owner - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (file missing) O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe (file missing) O23 - Service: McAfee Firewall Core Service (mfefire) - Unknown owner - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe (file missing) O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (file missing) O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 12734 bytes
  7. cloughie71
    Hi All My laptop was recently infected with the XP security malware virus which I eventually managed to remove using a combination of Malware Bytes and Microsoft Security Essentials. Malware Bytes didn't remove it first time round so installed MSE from a thumb drive and that seemed to do the trick however I performed a full scan with Malware Bytes after rebooting and it found another half a dozen or so infected files which it then removed. Now I have no internet access from my laptop and it appears to be something to do with the Intel Pro Set Wireless software. I've downloaded updated drivers onto a thumb drive and tried installing them but to no avail. Any help would be greatly appreciated. Many Thanks in advance Cloughie
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.