Jump to content

Recommended Posts

Hi All

I've been told to post in this forum.

I believe that my computer has been infected with a virus/trojan horse and I can't seem to get Malwarebytes to run on my system (though I have managed to install it). I'm not getting any pop-ups relating to anti-virus software, but the virus keeps hijacking my internet browser (Firefox) each time I do a google search (i.e. I click on a search result and it opens up an irrelevant pop-up redirecting me to a number of random websites). I've tried a number of the suggested cures I found on the forums (i.e. renaming the file, running ProcessExplorer), but I can't seem to find anything that works. I've also performed a hijackthis log, which is as follows:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:37:59, on 16/07/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\a-squared Free\a2service.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\lxdjcoms.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\program files\common files\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Dell\Media Experience\PCMService.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe

C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe

C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\U.S. Robotics\U.S. Robotics USB Phone\U.S.RoboticsUSBPhone.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Internet Explorer\Iexplore.exe

C:\Program Files\Internet Explorer\Iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.la.dell.com/content/default.as...;l=en&s=gen

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.la.dell.com/content/default.as...;l=en&s=gen

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [Lexmark X84-X85 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe

O4 - HKLM\..\Run: [Lexmark X84-X85 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe

O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [lxdjmon.exe] "C:\Program Files\Lexmark 1400 Series\lxdjmon.exe"

O4 - HKLM\..\Run: [lxdjamon] "C:\Program Files\Lexmark 1400 Series\lxdjamon.exe"

O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall

O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Batman\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [u.S. Robotics USB Phone] C:\Program Files\U.S. Robotics\U.S. Robotics USB Phone\U.S.RoboticsUSBPhone.exe

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')

O4 - Global Startup: Digital Line Detect.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {BD4C7EDB-A392-11D9-8BFB-0040953018D7} (PhaseCaster Widget) - http://www.streamerp2p.com/sfiles/phasex.cab

O18 - Protocol: linkscanner - (no CLSID) - (no file)

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: Intel

Link to post
Share on other sites

Hello Chris,

The HJT log shows 2 antivirus apps active and running. This definetely leads to conflicts.

IF you're subscribed to McAfee AND IF it has not expired (lapsed), then un-install AVG and reboot the system !

IF your McAfee has lapsed, or if it was only a trial edition, or if it came with your pc and you never subscribed (paid) or if you do not have a current license, then, un-install McAfee and keep AVG.

Tell me about which you removed and which you kept.

You will want to print out or copy these instructions to Notepad for Safe Mode/offline reference!

These steps are for this member only. If you are a casual observer, do NOT try this on your system!

If at any point, if you have a question or problem, STOP & make a post to the forum.

Also, do not run or start any other programs while these utilities and tools are in use!

Please do NOT run any other tools on your own or do any fixes other than what is listed here.

=

Set Windows to show all files and all folders.

On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed.

"CHECK" (turn on) Display the contents of system folders.

Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.

Next, un-check Hide extensions for known file types.

Next un-check Hide protected operating system files.

=

Next, 1. Go Here and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

=

Next, Take out the trash (temporary files & temporary internet files)

Please download ATF Cleaner by Atribune, saving it to your desktop. It is used to cleanout temporary files & temp areas used by internet browsers.

Start ATF-Cleaner.exe to run the program.

Under Main choose: Select All

Click the Empty Selected button.

If you use Firefox browser, do this also:

Click Firefox at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser, do this also:

Click Opera at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

ATF-Cleaner should be run per the above in every user-login account {User Profile}

=

Close any open work documents / programs before proceeding forward.

Please download GooredFix from one of the locations below and save it to your Desktop

Download Mirror #1

Download Mirror #2

Next close all your browsers when you get to this point. Close/exit Firefox and also Internet Explorer.

  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

=

Using Internet Explorer browser only, go to ESET Online Scanner website:

http://www.eset.com/onlinescan/

  • Accept the Terms of Use and press Start button;
  • Approve the install of the required ActiveX Control, then follow on-screen instructions;
  • Enable (check) the Remove found threats option, and run the scan.
  • After the scan completes, the Details tab in the Results window will display what was found and removed.
    • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt.

    Look at contents of this file using Notepad or Wordpad.

    The Frequently Asked Questions for ESET Online Scanner can be viewed here

    http://www.eset.com/onlinescan/cac4.php?page=faq

    • From ESET Tech Support: If you have ESET NOD32 installed, you should disable it prior to running this scanner.
      Otherwise the scan will take twice as long to do:
      everytime the ESET online scanner opens a file on your computer to scan it, NOD32 on your machine will rescan the file as a result.
    • It is emphasized to temporarily disable any pc-resident {active} antivirus program prior to any on-line scan by any on-line scanner.
      (And the prompt re-enabling when finished.)
    • If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.

=

Download DDS and save it to your desktop from http://www.techsupportforum.com/sectools/sUBs/dds here or

http://download.bleepingcomputer.com/sUBs/dds.scr or

http://www.forospyware.com/sUBs/dds

Disable any script blocker if your antivirus/antimalware has it.

Then double click dds.scr to run the tool.

When done, DDS.txt will open.

Click Yes at the next prompt for Optional Scan.

  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt

    [*]Save both reports to your desktop.

Please include the following logs in your next reply:

Goored.txt

the Eset scan log

DDS.txt

Attach.txt

Link to post
Share on other sites

Hi Maurice

Many thanks for your reply. My situation has slightly changed since my initial post. I managed to get Malwarebytes to run by renaming the executable file. It then found a virus named "iacinit.dll", but Malwarebytes was unable to delete this. A friend of mine (who knows a bit about these things) then did something involving putting some code and then dropping it into the ComboFix.exe icon on my desktop (sorry, I'm not sure what the code was - I believe he found it on either this or a similar forum). This seemed to do the trick as when we ran Malwarebytes again, the "iacinit.dll" virus did not appear again.

I have, however, ran the virus checkers you suggested in your post. Please find the logs for each of them.

I am very grateful for the help. Please let me know what else, if anything, I need to do to ensure that my computer is fixed.

Many thanks

Chris

GooredFix.txt

Attach.txt

DDS.txt

log.txt

GooredFix.txt

Attach.txt

DDS.txt

log.txt

Link to post
Share on other sites

#1 As long as you're getting guided help on this forum, do NOT get or run other tools without checking here first !!!

# 2. Do NOT use the attach feature to place your reports. No one wants to download posts put by a suspect-infected system.

Always Copy & Paste log files, putting copy in-body of Reply.

#3. Get and COPY & Paste in your next reply a copy of C:\Combofix.txt .....pronto

#4. Repeat, do not run any tools or do any fixes or make changes without my guidance.

# 5. Get a good copy of Goored.txt and put into a new reply. The one you had is not readable !!

Logs follow (from prior post of OP)

Eset scan log

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=6

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.5886

# api_version=3.0.2

# EOSSerial=44116ff5b00dc04b916318607cb6fa77

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2009-07-19 07:21:10

# local_time=2009-07-19 08:21:10 (+0000, GMT Daylight Time)

# country="United Kingdom"

# lang=1033

# osver=5.1.2600 NT Service Pack 2

# compatibility_mode=5121 21 100 88 94390826093750

# scanned=74564

# found=1

# cleaned=1

# scan_time=4288

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP296\A0057710.sys Win32/Olmarik.JQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

DDS.txt

DDS (Ver_09-06-26.01) - NTFSx86

Run by Christopher Oliver at 20:37:10.00 on 19/07/2009

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_05

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1014.384 [GMT 1:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

svchost.exe

svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\lxdjcoms.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\program files\common files\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Dell\Media Experience\PCMService.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe

C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\Lexmark 1400 Series\lxdjamon.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\U.S. Robotics\U.S. Robotics USB Phone\U.S.RoboticsUSBPhone.exe

C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\Program Files\Spotify\spotify.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\Christopher Oliver\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www1.la.dell.com/content/default.aspx?c=vg&l=en&s=gen

uInternet Connection Wizard,ShellNext = hxxp://www1.la.dell.com/content/default.aspx?c=vg&l=en&s=gen

uInternet Settings,ProxyOverride = *.local

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\progra~1\mcafee\viruss~1\scriptsn.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File

uRun: [u.S. Robotics USB Phone] c:\program files\u.s. robotics\u.s. robotics usb phone\U.S.RoboticsUSBPhone.exe

uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [intelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"

mRun: [intelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

mRun: [sigmatelSysTrayApp] stsystra.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"

mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"

mRun: [dla] c:\windows\system32\dla\tfswctrl.exe

mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [Lexmark X84-X85 Button Monitor] c:\progra~1\lexmar~1\ACMonitor_X84-X85.exe

mRun: [Lexmark X84-X85 Button Manager] c:\progra~1\lexmar~1\AcBtnMgr_X84-X85.exe

mRun: [PrinTray] c:\windows\system32\spool\drivers\w32x86\3\printray.exe

mRun: [sunJavaUpdateSched] "c:\program files\java\jre1.6.0_05\bin\jusched.exe"

mRun: [lxdjamon] "c:\program files\lexmark 1400 series\lxdjamon.exe"

mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall

mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

dRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000

IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {BD4C7EDB-A392-11D9-8BFB-0040953018D7} - hxxp://www.streamerp2p.com/sfiles/phasex.cab

DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-150-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\christ~1\applic~1\mozilla\firefox\profiles\3nysa2sb.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk

FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll

FF - component: c:\program files\nokia\nokia pc suite 7\bkmrksync\components\BkMrkExt.dll

FF - plugin: c:\documents and settings\all users\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npzylomgamesplayer.dll

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-5-18 214024]

R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-7-7 611664]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-10-1 210216]

R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-6-21 359952]

R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2008-5-18 144704]

R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2008-5-18 606736]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-5-18 79880]

R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-5-18 35272]

R3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-5-18 34216]

R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-5-18 40552]

S2 lxdjCATSCustConnectService;lxdjCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdjserv.exe [2008-2-22 99248]

=============== Created Last 30 ================

2009-07-19 19:07 <DIR> --d----- c:\program files\ESET

2009-07-17 23:30 <DIR> --d----- c:\windows\system32\dllcache\cache

2009-07-17 23:11 <DIR> a-dshr-- C:\cmdcons

2009-07-17 23:09 219,648 a------- c:\windows\PEV.exe

2009-07-17 23:09 161,792 a------- c:\windows\SWREG.exe

2009-07-17 23:09 98,816 a------- c:\windows\sed.exe

2009-07-17 23:08 <DIR> --ds---- C:\something

2009-07-17 11:16 <DIR> --d----- c:\docume~1\christ~1\applic~1\Malwarebytes

2009-07-16 22:37 <DIR> --d----- c:\program files\Trend Micro

2009-07-16 21:29 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys

2009-07-16 21:29 19,096 a------- c:\windows\system32\drivers\mbam.sys

2009-07-16 21:29 <DIR> --d----- c:\program files\Batman

2009-07-16 21:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes

2009-07-16 19:48 <DIR> --dsh--- c:\documents and settings\christopher oliver\IECompatCache

2009-07-16 19:47 <DIR> --dsh--- c:\documents and settings\christopher oliver\PrivacIE

2009-07-16 16:05 <DIR> --dsh--- c:\documents and settings\christopher oliver\IETldCache

2009-07-16 13:56 102,912 -------- c:\windows\system32\dllcache\iecompat.dll

2009-07-16 13:56 <DIR> --d----- c:\windows\ie8updates

2009-07-16 13:55 11,064,832 -------- c:\windows\system32\dllcache\ieframe.dll

2009-07-16 13:55 1,985,024 -------- c:\windows\system32\dllcache\iertutil.dll

2009-07-16 13:55 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll

2009-07-16 13:55 12,800 -------- c:\windows\system32\dllcache\xpshims.dll

2009-07-16 13:54 <DIR> -cd-h--- c:\windows\ie8

2009-07-16 09:10 <DIR> --d----- c:\program files\Enigma Software Group

2009-07-09 21:39 <DIR> --d----- c:\program files\iPod

2009-07-09 21:39 <DIR> --d----- c:\program files\iTunes

2009-07-09 21:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

2009-07-09 21:28 <DIR> --d----- c:\program files\Bonjour

2009-06-21 11:07 <DIR> --d----- c:\documents and settings\christopher oliver\viewONE

2009-06-21 11:03 <DIR> --d----- C:\viewONE

2009-06-21 11:01 <DIR> --d----- c:\program files\viewONE

==================== Find3M ====================

2009-06-16 15:55 119,808 a------- c:\windows\system32\t2embed.dll

2009-06-16 15:55 82,432 a------- c:\windows\system32\fontsub.dll

2009-06-16 15:55 119,808 -------- c:\windows\system32\dllcache\t2embed.dll

2009-06-16 15:55 82,432 -------- c:\windows\system32\dllcache\fontsub.dll

2009-06-13 10:58 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf

2009-06-13 10:58 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf

2009-06-03 20:27 1,290,752 a------- c:\windows\system32\quartz.dll

2009-06-03 20:27 1,290,752 -------- c:\windows\system32\dllcache\quartz.dll

2009-05-13 06:15 915,456 a------- c:\windows\system32\wininet.dll

2009-05-13 06:15 915,456 a------- c:\windows\system32\dllcache\cache\wininet.dll

2009-05-13 06:15 5,936,128 -------- c:\windows\system32\dllcache\mshtml.dll

2009-05-13 06:15 915,456 -------- c:\windows\system32\dllcache\wininet.dll

2009-05-07 16:44 344,064 a------- c:\windows\system32\localspl.dll

2009-05-07 16:44 344,064 -------- c:\windows\system32\dllcache\localspl.dll

2009-04-30 22:22 1,207,808 -------- c:\windows\system32\dllcache\urlmon.dll

2009-04-30 22:22 25,600 -------- c:\windows\system32\dllcache\jsproxy.dll

2009-04-30 22:22 385,536 -------- c:\windows\system32\dllcache\iedkcs32.dll

2009-04-30 12:21 173,056 -------- c:\windows\system32\dllcache\ie4uinit.exe

2009-04-29 05:31 1,024,000 -------- c:\windows\system32\dllcache\browseui.dll

2009-04-29 05:31 474,112 -------- c:\windows\system32\dllcache\shlwapi.dll

2009-04-29 05:31 1,499,136 -------- c:\windows\system32\dllcache\shdocvw.dll

2009-04-29 05:31 1,054,208 -------- c:\windows\system32\dllcache\danim.dll

2009-04-29 05:31 55,808 -------- c:\windows\system32\dllcache\extmgr.dll

2009-04-29 05:31 151,040 -------- c:\windows\system32\dllcache\cdfview.dll

2009-04-27 10:29 18,432 -------- c:\windows\system32\dllcache\iedw.exe

2007-12-19 22:29 47,360 a------- c:\docume~1\christ~1\applic~1\pcouffin.sys

2006-05-03 10:06 163,328 ---shr-- c:\windows\system32\flvDX.dll

2007-02-21 11:47 31,232 ---shr-- c:\windows\system32\msfDX.dll

2008-03-16 13:30 216,064 ---shr-- c:\windows\system32\nbDX.dll

============= FINISH: 20:37:45.09 ===============

Attach.txt

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-06-26.01)

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume2

Install Date: 09/08/2007 18:51:22

System Uptime: 19/07/2009 10:32:02 (10 hours ago)

Motherboard: Dell Inc. | | 0KD882

Processor: Genuine Intel® CPU T2400 @ 1.83GHz | Microprocessor | 1830/166mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 70 GiB total, 2.797 GiB free.

D: is CDROM ()

E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP264: 16/07/2009 00:41:58 - Software Distribution Service 3.0

RP265: 16/07/2009 00:42:04 - System Checkpoint

RP266: 16/07/2009 00:42:07 - System Checkpoint

RP267: 16/07/2009 00:42:17 - System Checkpoint

RP268: 16/07/2009 00:42:18 - System Checkpoint

RP269: 16/07/2009 00:42:19 - System Checkpoint

RP270: 16/07/2009 00:42:19 - System Checkpoint

RP271: 16/07/2009 00:42:21 - System Checkpoint

RP272: 16/07/2009 00:42:23 - System Checkpoint

RP273: 16/07/2009 00:42:24 - System Checkpoint

RP274: 16/07/2009 00:42:26 - System Checkpoint

RP275: 16/07/2009 00:42:31 - System Checkpoint

RP276: 16/07/2009 00:42:31 - System Checkpoint

RP277: 16/07/2009 00:42:31 - Software Distribution Service 3.0

RP278: 16/07/2009 00:42:31 - Installed Windows Media Format Runtime

RP279: 16/07/2009 00:42:32 - Software Distribution Service 3.0

RP280: 16/07/2009 00:42:32 - System Checkpoint

RP281: 16/07/2009 00:42:32 - Installed Windows XP Wdf01007.

RP282: 16/07/2009 00:42:32 - Installed Windows XP Wudf01005.

RP283: 16/07/2009 00:42:32 - System Checkpoint

RP284: 16/07/2009 00:42:32 - System Checkpoint

RP285: 16/07/2009 00:42:32 - System Checkpoint

RP286: 16/07/2009 00:42:33 - System Checkpoint

RP287: 16/07/2009 00:42:33 - System Checkpoint

RP288: 16/07/2009 00:42:33 - System Checkpoint

RP289: 16/07/2009 00:42:33 - System Checkpoint

RP290: 16/07/2009 00:42:33 - System Checkpoint

RP291: 16/07/2009 00:42:33 - System Checkpoint

RP292: 16/07/2009 00:42:33 - System Checkpoint

RP293: 16/07/2009 00:42:34 - System Checkpoint

RP294: 16/07/2009 00:42:34 - System Checkpoint

RP295: 16/07/2009 00:42:34 - System Checkpoint

RP296: 17/07/2009 13:49:46 - Software Distribution Service 3.0

RP297: 18/07/2009 18:29:18 - System Checkpoint

RP298: 19/07/2009 18:56:47 - System Checkpoint

==== Installed Programs ======================

Link to post
Share on other sites

GooredFix:

GooredFix by jpshortstuff (12.07.09)

Log created at 00:35 on 20/07/2009 (Christopher Oliver)

Firefox version 3.0.11 (en-GB)

========== GooredScan ==========

C:\Program Files\Mozilla Firefox\extensions\

{972ce4c6-7e08-4474-a285-3208198ce6fd} [12:27 09/08/2007]

{B13721C7-F507-4982-B2E5-502A71474FED} [16:30 09/08/2007]

{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [17:25 19/05/2008]

{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [10:22 15/06/2008]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]

"{B7082FAA-CB62-4872-9106-E42DD88EDE45}"="C:\Program Files\McAfee\SiteAdvisor" [18:32 01/10/2008]

"bkmrksync@nokia.com"="C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\" [22:21 14/06/2009]

-=E.O.F=-

Combofix:

ComboFix 09-07-14.08 - Christopher Oliver 17/07/2009 23:23.1.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1014.624 [GMT 1:00]

Running from: c:\documents and settings\Christopher Oliver\Desktop\something.exe

Command switches used :: c:\documents and settings\Christopher Oliver\Desktop\CFscript.txt

AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::

"c:\windows\SYSTEM32\uacinit.dll"

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Christopher Oliver\Application Data\inst.exe

c:\windows\system32\AVSredirect.dll

c:\windows\system32\drivers\UACwlrpaiyebdjkwptwu.sys

c:\windows\system32\UACgqnendlrblkktnijy.dll

c:\windows\system32\UAChbqsltmpskapjoyav.dll

c:\windows\system32\uacinit.dll

c:\windows\system32\UACndlcqdqntvmbjipwq.dll

c:\windows\system32\UACpmmxxuhthxgnidgfm.dll

c:\windows\system32\UACuxkpqkcnlairmhdyt.dat

c:\windows\system32\UACvqssqbufxvitviqpo.db

c:\windows\system32\UACyvobutfegnxonntjl.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_UACd.sys

((((((((((((((((((((((((( Files Created from 2009-06-17 to 2009-07-17 )))))))))))))))))))))))))))))))

.

2009-07-17 15:16 . 2009-07-17 15:16 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2009-07-17 14:14 . 2009-07-17 16:12 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\SiteAdvisor

2009-07-17 10:16 . 2009-07-17 10:16 -------- d-----w- c:\documents and settings\Christopher Oliver\Application Data\Malwarebytes

2009-07-16 21:37 . 2009-07-16 21:37 -------- d-----w- c:\program files\Trend Micro

2009-07-16 20:29 . 2009-07-13 12:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-07-16 20:29 . 2009-07-16 20:47 -------- d-----w- c:\program files\Batman

2009-07-16 20:29 . 2009-07-16 20:29 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Malwarebytes

2009-07-16 20:29 . 2009-07-13 12:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-07-16 18:48 . 2009-07-16 18:48 -------- d-sh--w- c:\documents and settings\Christopher Oliver\IECompatCache

2009-07-16 18:47 . 2009-07-16 18:47 -------- d-sh--w- c:\documents and settings\Christopher Oliver\PrivacIE

2009-07-16 17:17 . 2009-07-16 17:17 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

2009-07-16 15:07 . 2009-07-16 15:07 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

2009-07-16 15:05 . 2009-07-16 15:05 -------- d-sh--w- c:\documents and settings\Christopher Oliver\IETldCache

2009-07-16 12:56 . 2009-06-02 10:12 102912 ------w- c:\windows\system32\dllcache\iecompat.dll

2009-07-16 12:56 . 2009-07-16 12:56 -------- d-----w- c:\windows\ie8updates

2009-07-16 12:55 . 2009-04-30 21:22 12800 ------w- c:\windows\system32\dllcache\xpshims.dll

2009-07-16 12:55 . 2009-04-30 21:22 1985024 ------w- c:\windows\system32\dllcache\iertutil.dll

2009-07-16 12:55 . 2009-04-30 21:22 11064832 ------w- c:\windows\system32\dllcache\ieframe.dll

2009-07-16 12:55 . 2009-04-30 21:22 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll

2009-07-16 12:54 . 2009-07-16 12:55 -------- dc-h--w- c:\windows\ie8

2009-07-16 08:10 . 2009-07-16 08:20 -------- d-----w- c:\program files\Enigma Software Group

2009-07-09 20:39 . 2009-07-09 20:39 -------- d-----w- c:\program files\iPod

2009-07-09 20:39 . 2009-07-09 20:40 -------- d-----w- c:\program files\iTunes

2009-07-09 20:39 . 2009-07-09 20:40 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

2009-07-09 20:35 . 2009-07-09 20:37 -------- d-----w- c:\program files\QuickTime

2009-07-09 20:28 . 2009-07-09 20:28 -------- d-----w- c:\program files\Bonjour

2009-06-22 18:40 . 2009-06-30 17:50 1878984 ----a-w- c:\documents and settings\Christopher Oliver\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe

2009-06-21 10:07 . 2009-06-23 21:17 -------- d-----w- c:\documents and settings\Christopher Oliver\viewONE

2009-06-21 10:03 . 2009-06-21 10:03 -------- d-----w- C:\viewONE

2009-06-21 10:01 . 2009-06-21 10:03 -------- d-----w- c:\program files\viewONE

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-07-17 16:10 . 2006-06-13 07:22 -------- d-----w- c:\program files\McAfee

2009-07-17 13:02 . 2006-06-13 07:11 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-07-17 13:00 . 2007-08-09 16:31 -------- d-----w- c:\documents and settings\Christopher Oliver\Application Data\Skype

2009-07-17 12:50 . 2008-07-06 20:58 -------- d-----w- c:\documents and settings\Christopher Oliver\Application Data\Samsung

2009-07-17 12:49 . 2008-07-06 20:51 -------- d-----w- c:\program files\Samsung

2009-07-15 05:03 . 2007-08-20 12:15 -------- d-----w- c:\documents and settings\Christopher Oliver\Application Data\uTorrent

2009-07-14 10:01 . 2009-02-15 12:39 -------- d-----w- c:\documents and settings\Christopher Oliver\Application Data\Spotify

2009-07-09 20:39 . 2007-08-09 14:54 -------- d-----w- c:\program files\Common Files\Apple

2009-06-26 17:13 . 2008-03-15 13:24 -------- d-----w- c:\program files\lx_cats

2009-06-16 14:55 . 2004-08-10 17:51 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-16 14:55 . 2004-08-10 17:51 82432 ----a-w- c:\windows\system32\fontsub.dll

2009-06-14 22:21 . 2009-06-14 22:21 -------- d-----w- c:\program files\Common Files\PCSuite

2009-06-14 22:21 . 2009-06-14 22:21 -------- d-----w- c:\program files\Common Files\Nokia

2009-06-14 22:21 . 2009-06-13 09:54 -------- d-----w- c:\program files\Nokia

2009-06-14 22:18 . 2009-06-14 22:18 -------- d-----w- c:\program files\PC Connectivity Solution

2009-06-14 22:14 . 2009-06-13 09:52 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Installations

2009-06-13 11:28 . 2009-06-13 09:56 -------- d-----w- c:\documents and settings\Christopher Oliver\Application Data\Nokia

2009-06-13 09:59 . 2009-06-13 09:56 -------- d-----w- c:\documents and settings\Christopher Oliver\Application Data\PC Suite

2009-06-13 09:59 . 2009-06-13 09:56 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\PC Suite

2009-06-13 09:58 . 2009-06-13 09:58 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf

2009-06-13 09:58 . 2009-06-13 09:58 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf

2009-06-13 09:55 . 2009-06-13 09:55 -------- d-----w- c:\program files\DIFX

2009-06-11 22:39 . 2009-06-11 22:39 -------- d-----w- c:\program files\eRightSoft

2009-06-11 22:34 . 2009-06-11 22:28 -------- d-----w- c:\program files\Common Files\AVSMedia

2009-06-11 22:34 . 2009-06-11 22:24 -------- d-----w- c:\program files\AVS4YOU

2009-06-11 22:30 . 2009-06-11 22:30 -------- d-----w- c:\documents and settings\Christopher Oliver\Application Data\AVS4YOU

2009-06-11 22:29 . 2009-06-11 22:29 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\AVS4YOU

2009-06-11 20:06 . 2009-06-11 20:06 -------- d-----w- c:\program files\Nidesoft Studio

2009-06-03 19:27 . 2004-08-10 17:51 1290752 ----a-w- c:\windows\system32\quartz.dll

2009-05-29 23:32 . 2008-10-01 19:14 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore

2009-05-13 05:15 . 2004-08-10 17:51 915456 ----a-w- c:\windows\system32\wininet.dll

2009-05-07 15:44 . 2004-08-10 17:51 344064 ----a-w- c:\windows\system32\localspl.dll

2009-06-12 23:48 . 2008-12-14 18:35 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll

2007-06-21 17:38 . 2007-06-21 17:38 30280 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll

2007-06-21 17:38 . 2007-06-21 17:38 79432 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll

2007-06-21 17:38 . 2007-06-21 17:38 71240 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll

2007-06-21 17:38 . 2007-06-21 17:38 140872 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll

2007-06-21 17:39 . 2007-06-21 17:39 38472 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll

2007-06-21 17:39 . 2007-06-21 17:39 46664 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll

2007-06-21 17:39 . 2007-06-21 17:39 34376 ----a-w- c:\program files\mozilla firefox\plugins\logging.dll

2007-06-21 17:39 . 2007-06-21 17:39 685640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll

2007-06-21 17:40 . 2007-06-21 17:40 30280 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll

2006-05-03 09:06 . 2009-06-11 22:40 163328 --sh--r- c:\windows\system32\flvDX.dll

2007-02-21 10:47 . 2009-06-11 22:40 31232 --sh--r- c:\windows\system32\msfDX.dll

2008-03-16 12:30 . 2009-06-11 22:40 216064 --sh--r- c:\windows\system32\nbDX.dll

.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

---- Directory of C:\_Backup ----

---- Directory of C:\_Backup.RC ----

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"U.S. Robotics USB Phone"="c:\program files\U.S. Robotics\U.S. Robotics USB Phone\U.S.RoboticsUSBPhone.exe" [2005-08-17 843776]

"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-03-20 1312256]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]

"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 761947]

"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]

"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]

"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]

"Lexmark X84-X85 Button Monitor"="c:\progra~1\LEXMAR~1\ACMonitor_X84-X85.exe" [2003-01-08 40960]

"Lexmark X84-X85 Button Manager"="c:\progra~1\LEXMAR~1\AcBtnMgr_X84-X85.exe" [2002-09-04 53248]

"PrinTray"="c:\windows\System32\spool\DRIVERS\W32X86\3\printray.exe" [2002-09-18 36864]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]

"lxdjamon"="c:\program files\Lexmark 1400 Series\lxdjamon.exe" [2007-03-05 20480]

"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-13 1117184]

"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-08 645328]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]

"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-11-16 397312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 443968]

c:\docume~1\ALLUSE~1\STARTM~1\Programs\Startup\

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-6-13 24576]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\WINDOWS\\system32\\lxdjcoms.exe"=

"c:\\Program Files\\Lexmark 1400 Series\\lxdjamon.exe"=

"c:\\Program Files\\Lexmark 1400 Series\\App4r.exe"=

"c:\\Program Files\\Lexmark 1400 Series\\Wireless\\lxdjwpss.exe"=

"c:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=

"c:\\Program Files\\Spotify\\spotify.exe"=

"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjpswx.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjjswx.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjtime.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [01/10/2008 19:32 210216]

S2 lxdjCATSCustConnectService;lxdjCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdjserv.exe [22/02/2008 18:51 99248]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [16/07/2009 21:29 38160]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

- - - - ORPHANS REMOVED - - - -

URLSearchHooks-CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

HKLM-Run-lxdjmon.exe - c:\program files\Lexmark 1400 Series\lxdjmon.exe

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www1.la.dell.com/content/default.aspx?c=vg&l=en&s=gen

uInternet Connection Wizard,ShellNext = hxxp://www1.la.dell.com/content/default.aspx?c=vg&l=en&s=gen

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

DPF: {BD4C7EDB-A392-11D9-8BFB-0040953018D7} - hxxp://www.streamerp2p.com/sfiles/phasex.cab

FF - ProfilePath - c:\docume~1\CHRIST~1\APPLIC~1\Mozilla\Firefox\Profiles\3nysa2sb.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk

FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll

FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll

FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-07-17 23:30

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2009-07-17 23:32

ComboFix-quarantined-files.txt 2009-07-17 22:31

Pre-Run: 3,055,722,496 bytes free

Post-Run: 3,208,470,528 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

228 --- E O F --- 2009-07-16 12:56

Thanks!

Chris

Link to post
Share on other sites

Sysclean Log:

2009-07-20, 12:17:37, Auto-clean mode specified.

2009-07-20, 12:17:38, Initialized Rootkit Driver version 2.2.0.1004.

2009-07-20, 12:17:38, Running scanner "C:\DCE\TSC.BIN"...

2009-07-20, 12:18:23, Scanner "C:\DCE\TSC.BIN" has finished running.

2009-07-20, 12:18:23, TSC Log:

Link to post
Share on other sites

Hello Chris,

This system has an old version of Java Run-time.

Uninstall jre1.6 (or any earlier) + any other (JRE Runtime Environment ) Sun Java package via Add/Remove Programs.

If you see any other Java versions there,

such as

J2SE Runtime Environment 5.0

Java SE Runtime Environment

Java 6

uninstall all of them. After uninstalling, reboot if directed to do so.

In Windows Explorer, navigate to and delete C:\Program Files\Java <=this folder, if found.

Do NOT delete C:\Program Files\JavaVM <=this folder, if found!

Open an IE window and go to http://java.sun.com/javase/downloads/index.jsp

> In top of the page ( 5th in the list), click on the Download button to the right of Java Runtime Environment (JRE) 6 Update 14

> If Information Bar pop-ups up, right-click on it and say it's OK to display the blocked content; You do not have to install the Java Web Start ActiveX Control

> Accept the license agreement

> Click on Windows Offline Installation, Multi-language and Save the file to your desktop; do not Run it.

When the download is complete, close all browser windows and double-click on the saved file to install the update.

Tip: Choose Custom install to select only the part(s) you need/want.

Delete the downloaded installation file after completing the above procedure and reboot if prompted to do so.

If you were /not/ prompted to reboot, please do so now.

=

Unless you have purchased Malwarebytes' Anti Malware {MBAM}, you should to un-install it. Go to Control Panel and Add-or-Remove programs.

Look for it and click the line for it. Select Change/Remove to de-install it.

Also de-install Eset online scan.

OK & Exit out of Control Panel

If you should need MBAM in future, you would download the latest version.

Locate the download you did for Sysclean; delete the downloaded files and the folder holding them ( C:\DCE was suggested)

I see that you are clear of your original issues.

If you have a problem with these steps, or something does not quite work here, do let me know.

The following few steps will remove tools we used; followed by advice on staying safer.

To remove Combofix properly, click Start button, select RUN

type in

something.exe /u

and press Enter-key

Be sure you include the /u with a single space before the slash.

Wait for Combofix to remove itself. It will run in a command window and usually goes fairly fast.

  • Download OTL by OldTimer, saving it to your desktop: http://oldtimer.geekstogo.com/OTL.exe
  • Please Double-click OTL.exe to start it.
  • Click on the CleanUp! button {at top right corner}. When you do this a text file named cleanup.txt will be downloaded from the internet. If you get a warning from your firewall or other security programs regarding OTListIt2 attempting to contact the internet you should allow it to do so. After the list has been download you'll be asked if you want to Begin cleanup process? Select Yes.
  • This step removes the files, folders, and shortcuts created by the tools I had you download and run.

We are finished here. Best regards.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.