Jump to content
IObit Forum
Top Free Driver Updater Tools Best 25 PC Optimization Software Best 22 Antimalware Best 22 Uninstaller Software IObit Coupons & Discount Offers PC Optimizer Mac Boost Advice IObit Coupons A Good Utility Program From IObit IObit Promo Codes IObit Coupon Codes IObit Coupons and Deals FAQs Driver Booster Pro Review

Malware/virus? problems [SOLVED]


Recommended Posts

malware problem

 

Hi Superdave

 

Hjt log as requested:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 01:44:32, on 29/03/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe

C:\Program Files\Sonic\Product\Media Experience\DMXLauncher.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\V0350Mon.exe

C:\WINDOWS\UMStor\Res.EXE

C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\IObit\IObit Security 360\IS360tray.exe

C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe

C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\Orange\Launcher\Launcher.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe

C:\Program Files\IObit\IObit Security 360\IS360srv.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

C:\Program Files\Orange\systray\systrayapp.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Orange\Deskboard\deskboard.exe

C:\Program Files\Orange\connectivity\connectivitymanager.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\fxssvc.exe

C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe

C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\IObit\IObit Security 360\is360.exe

C:\Program Files\Trend Micro\sniper.exe\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.ke.voila.fr/S/voila?kw=

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll

R3 - URLSearchHook: IObitCom Toolbar - {31c7d459-9cc3-44f2-9dca-fc11795309b4} - C:\Program Files\IObitCom\tbIObi.dll

O2 - BHO: (no name) - {130D5D84-1B65-44B2-893C-414B1850A092} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {26B29E66-C8DC-4E44-9F27-7884642B7F9E} - (no file)

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: IObitCom Toolbar - {31c7d459-9cc3-44f2-9dca-fc11795309b4} - C:\Program Files\IObitCom\tbIObi.dll

O2 - BHO: (no name) - {41E38F90-DD5E-4392-93A9-A8EE78D23857} - (no file)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: (no name) - {DD55C8EA-62A7-40AB-8E95-1C65EA165722} - (no file)

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: (no name) - {F753EB8E-A475-4A3D-AA53-62DF52EF10EB} - (no file)

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: IObitCom Toolbar - {31c7d459-9cc3-44f2-9dca-fc11795309b4} - C:\Program Files\IObitCom\tbIObi.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe

O4 - HKLM\..\Run: [showLOMControl] �

O4 - HKLM\..\Run: [iSUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [ulead Memory Card Detector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe

O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Sonic\Product\Media Experience\DMXLauncher.exe"

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [V0350Mon.exe] C:\WINDOWS\V0350Mon.exe

O4 - HKLM\..\Run: [uSB Storage Toolbox] C:\WINDOWS\UMStor\Res.EXE

O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun

O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe

O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"

O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [iObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart

O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot

O4 - HKLM\..\Run: [smartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\NetWaiting.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup

O4 - HKCU\..\Run: [ProxyWay] C:\Program Files\ProxyWay\proxyway.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O15 - Trusted Zone: http://*.mappy.com

O15 - Trusted Zone: http://*.orange.fr

O15 - Trusted Zone: http://rw.search.ke.voila.fr

O15 - Trusted Zone: http://orange.weborama.fr

O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab

O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15106/CTPID.cab

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe

O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

 

--

End of file - 15290 bytes

 

upwards and onwards......I hope

Link to comment
Share on other sites

  • Replies 66
  • Created
  • Last Reply

Open HijackThis and select Do a system scan only

 

Place a check mark next to the following entries: (if there)

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: (no name) - {130D5D84-1B65-44B2-893C-414B1850A092} - (no file)

O2 - BHO: (no name) - {26B29E66-C8DC-4E44-9F27-7884642B7F9E} - (no file)

O2 - BHO: (no name) - {41E38F90-DD5E-4392-93A9-A8EE78D23857} - (no file)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)

O2 - BHO: (no name) - {DD55C8EA-62A7-40AB-8E95-1C65EA165722} - (no file)

O2 - BHO: (no name) - {F753EB8E-A475-4A3D-AA53-62DF52EF10EB} - (no file)

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)

 

Internet Explorer's security is based upon a set of zones. Each zone has different security in terms of what scripts and applications can be run from a site that is in that zone. There is a security zone called the Trusted Zone. This zone has the lowest security and allows scripts and applications from sites in this zone to run without your knowledge. It is therefore a popular setting for malware sites to use so that future infections can be easily done on your computer without your knowledge as these sites will be in the Trusted Zone. Therefore, I recommend that nothing be allowed in the trusted zone. If you agree, please put a check mark on the following lines. It will not affect the running of your computer in any way except to make it more secure.

 

O15 - Trusted Zone: http://*.mappy.com

O15 - Trusted Zone: http://*.orange.fr

O15 - Trusted Zone: http://rw.search.ke.voila.fr

O15 - Trusted Zone: http://orange.weborama.fr

Important: Close all open windows except for HijackThis and then click Fix checked.

 

Once completed, exit HijackThis.

 

=========================================

 

Download ComboFix by sUBs from one of the below links. Be sure to save it to the Desktop.

 

link # 1

link #2

 

Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

 

Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

 

Vista users Right-click combofix.exe and select Run as Administrator and follow the prompts. (you will receive a UAC prompt, please allow it)

 

Double-click combofix.exe and follow the prompts.

When finished, ComboFix will produce a log for you.

Post the ComboFix log and a new HijackThis log in your next reply.

 

NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

 

Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.

 

If you have problems with ComboFix usage, see How to use ComboFix

Link to comment
Share on other sites

malware problem

 

Hi Superdave

 

Combofix log, this was after a freeze and restart.

 

ComboFix 10-03-28.03 - Stephen 29/03/2010 13:21:38.2.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1446 [GMT 2:00]

Running from: c:\documents and settings\Stephen\Desktop\ComboFix.exe

AV: avast! antivirus 4.8.1368 [VPS 100329-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

c:\windows\system32\AdddLnnn.ini

c:\windows\system32\AdddLnnn.ini2

c:\windows\system32\gOppYcdd.ini

c:\windows\system32\gOppYcdd.ini2

c:\windows\system32\logs\{4E8507D2-2172-43CD-9260-C5C0EDF2B741}.log

c:\windows\system32\MmVxyyxx.ini

c:\windows\system32\MmVxyyxx.ini2

c:\windows\system32\oqrAbccf.ini

c:\windows\system32\oqrAbccf.ini2

c:\windows\system32\oqrrAJlm.ini

c:\windows\system32\oqrrAJlm.ini2

c:\windows\system32\qrrtvyxx.ini

c:\windows\system32\RsBdLnnn.ini

c:\windows\system32\RsBdLnnn.ini2

c:\windows\system32\WwFLlUtv.ini

c:\windows\system32\WwFLlUtv.ini2

 

.

((((((((((((((((((((((((( Files Created from 2010-02-28 to 2010-03-29 )))))))))))))))))))))))))))))))

.

 

2010-03-28 23:13 . 2010-03-28 23:13 -------- d-----w- c:\program files\Common Files\Skype

2010-03-26 21:27 . 2010-03-26 21:27 -------- d-----w- c:\documents and settings\Stephen\Application Data\Malwarebytes

2010-03-26 21:26 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-03-26 21:26 . 2010-03-26 21:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-03-26 21:25 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-03-26 21:25 . 2010-03-26 21:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-03-24 06:41 . 2010-03-24 06:41 -------- d-----w- c:\program files\Conduit

2010-03-24 06:41 . 2010-03-24 06:41 -------- d-----w- c:\documents and settings\Stephen\Local Settings\Application Data\Conduit

2010-03-24 06:41 . 2010-03-29 05:54 -------- d-----w- c:\documents and settings\Stephen\Local Settings\Application Data\IObitCom

2010-03-24 06:41 . 2010-03-24 06:43 -------- d-----w- c:\program files\IObitCom

2010-03-24 06:41 . 2009-11-04 15:49 635664 ----a-w- c:\documents and settings\Stephen\Application Data\IObit\Common\TB_Helper.exe

2010-03-21 16:03 . 2009-01-10 19:12 60 ----a-w- c:\documents and settings\Stephen\Application Data\WinPatrol\Autoexec.bat

2010-03-21 16:03 . 2004-08-10 12:04 0 ----a-w- c:\documents and settings\Stephen\Application Data\WinPatrol\Config.sys

2010-03-21 05:15 . 2010-03-21 05:15 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE

2010-03-21 05:15 . 2010-03-21 05:15 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Threat Expert

2010-03-20 16:49 . 2010-03-20 16:49 -------- d-----w- c:\documents and settings\Stephen\Local Settings\Application Data\Threat Expert

2010-03-20 04:58 . 2010-03-20 05:00 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Temp

2010-03-20 04:49 . 2010-03-20 04:49 -------- d-----w- c:\windows\system32\wbem\Repository

2010-03-20 00:25 . 2010-03-20 00:25 -------- d-----w- c:\documents and settings\Administrator\IETldCache

2010-03-14 00:57 . 2010-03-21 16:03 -------- d-----w- c:\documents and settings\Stephen\Application Data\WinPatrol

2010-03-14 00:56 . 2010-03-14 00:56 -------- d-----w- c:\program files\BillP Studios

2010-03-11 20:20 . 2010-03-20 04:29 -------- d-----w- c:\program files\Windows Live Safety Center

2010-03-07 07:52 . 2010-03-07 07:52 -------- d-----w- c:\documents and settings\Stephen\IECompatCache

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-03-29 11:17 . 2007-08-23 17:30 -------- d-----w- c:\documents and settings\Stephen\Application Data\Skype

2010-03-29 06:34 . 2009-01-11 01:15 -------- d-----w- c:\documents and settings\Stephen\Application Data\skypePM

2010-03-28 23:43 . 2008-05-20 22:52 -------- d-----w- c:\program files\Trend Micro

2010-03-27 00:57 . 2008-12-06 00:04 411368 ----a-w- c:\windows\system32\deploytk.dll

2010-03-27 00:43 . 2006-04-20 00:54 -------- d-----w- c:\program files\Java

2010-03-27 00:36 . 2009-12-05 05:32 152576 ----a-w- c:\documents and settings\Stephen\Application Data\Sun\Java\jre1.6.0_17\lzma.dll

2010-03-27 00:28 . 2009-12-05 05:31 79488 ----a-w- c:\documents and settings\Stephen\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll

2010-03-24 07:07 . 2009-03-17 08:16 117760 ----a-w- c:\documents and settings\Stephen\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-03-24 06:41 . 2008-12-06 11:42 -------- d-----w- c:\documents and settings\Stephen\Application Data\IObit

2010-03-21 05:17 . 2007-09-14 13:18 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-03-20 16:56 . 2010-02-25 04:18 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit

2010-03-20 16:56 . 2008-03-24 23:54 -------- d-----w- c:\program files\IObit

2010-03-20 04:29 . 2008-05-14 07:11 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-02-15 17:56 . 2006-04-20 01:00 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-02-15 17:56 . 2010-02-15 17:56 -------- d-----w- c:\program files\ITEDO Software

2010-02-12 10:03 . 2010-02-26 04:11 293376 ------w- c:\windows\system32\browserchoice.exe

2010-01-30 13:30 . 2006-04-20 01:03 -------- d-----w- c:\program files\Microsoft Works

2010-01-30 07:41 . 2010-01-30 07:41 52224 ----a-w- c:\documents and settings\Stephen\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

2010-01-30 07:39 . 2006-04-28 17:32 -------- d-----w- c:\program files\Google

2010-01-27 04:14 . 2010-01-27 04:14 503808 ----a-w- c:\documents and settings\Stephen\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-307c800d-n\msvcp71.dll

2010-01-27 04:14 . 2010-01-27 04:14 499712 ----a-w- c:\documents and settings\Stephen\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-307c800d-n\jmc.dll

2010-01-27 04:14 . 2010-01-27 04:14 348160 ----a-w- c:\documents and settings\Stephen\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-307c800d-n\msvcr71.dll

2010-01-27 04:14 . 2010-01-27 04:14 61440 ----a-w- c:\documents and settings\Stephen\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-61d324b1-n\decora-sse.dll

2010-01-27 04:14 . 2010-01-27 04:14 12800 ----a-w- c:\documents and settings\Stephen\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-61d324b1-n\decora-d3d.dll

2009-12-31 16:50 . 2006-04-20 00:34 353792 ----a-w- c:\windows\system32\drivers\srv.sys

2009-03-21 14:06 . 2004-08-10 11:51 384 --sha-r- c:\windows\inf\sdatabl.sav.bin

2006-07-10 22:49 . 2006-07-10 22:49 56 -csh--r- c:\windows\system32\35ACF1024C.sys

2009-06-16 22:56 . 2006-04-24 18:33 88 -csh--r- c:\windows\system32\D9A28820E7.sys

2009-06-16 22:56 . 2006-04-24 18:33 6060 -csha-w- c:\windows\system32\KGyGaAvL.sys

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{31c7d459-9cc3-44f2-9dca-fc11795309b4}"= "c:\program files\IObitCom\tbIOb1.dll" [2010-03-29 2349080]

 

[HKEY_CLASSES_ROOT\clsid\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]

2010-03-29 05:53 2349080 ----a-w- c:\program files\IObitCom\tbIOb1.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{31c7d459-9cc3-44f2-9dca-fc11795309b4}"= "c:\program files\IObitCom\tbIOb1.dll" [2010-03-29 2349080]

 

[HKEY_CLASSES_ROOT\clsid\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{31C7D459-9CC3-44F2-9DCA-FC11795309B4}"= "c:\program files\IObitCom\tbIOb1.dll" [2010-03-29 2349080]

 

[HKEY_CLASSES_ROOT\clsid\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ModemOnHold"="c:\program files\NetWaiting\NetWaiting.exe" [2003-09-10 20480]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2007-08-30 205480]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-02 68856]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]

"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-02-08 2343632]

"ProxyWay"="c:\program files\ProxyWay\proxyway.exe" [2009-07-31 405504]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-01-08 2002160]

"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-03-09 26100520]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ShowLOMControl"="1 (0x1)" [X]

"Device Detector"="DevDetect.exe -autorun" [X]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]

"SigmatelSysTrayApp"="stsystra.exe" [2005-09-09 393216]

"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-12-15 839680]

"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2007-08-30 205480]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2007-08-28 73728]

"Ulead Memory Card Detector"="c:\program files\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe" [2002-09-10 28672]

"DMXLauncher"="c:\program files\Sonic\Product\Media Experience\DMXLauncher.exe" [2007-04-02 113400]

"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-09-21 127036]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 761947]

"V0350Mon.exe"="c:\windows\V0350Mon.exe" [2007-08-23 28672]

"USB Storage Toolbox"="c:\windows\UMStor\Res.EXE" [2005-09-14 65536]

"ORAHSSSessionManager"="c:\program files\Orange\SessionManager\SessionManager.exe" [2007-12-12 107248]

"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-16 282624]

"avast!"="c:\program files\Alwil Software\Avast4\ashDisp.exe" [2009-11-24 81000]

"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2009-12-24 1280272]

"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-10-10 320832]

"SmartDefrag"="c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" [2010-01-06 2705752]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-4-27 113664]

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-4-20 24576]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-23 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-08 21:00 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]

2004-09-07 15:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ \0

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]

2006-02-09 22:34 106496 ----a-w- c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Live! Cam Manager]

2007-06-07 13:01 155648 ------w- c:\program files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]

2009-05-21 08:55 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]

2007-11-15 07:24 16384 -c--a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]

2004-10-30 13:59 385024 ----a-w- c:\program files\Intel\Wireless\Bin\iFrmewrk.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2008-12-02 21:41 3882312 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2007-02-16 09:54 282624 ----a-w- c:\program files\QuickTime\qttask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

2010-01-08 02:22 2002160 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2007-06-02 21:26 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2009-05-05 12:34 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"c:\\Program Files\\Orange\\Browser\\Browser.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"=

"c:\\Program Files\\ProxyWay\\proxyway.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

 

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [27/07/2009 14:07 114768]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [29/02/2008 16:03 9968]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [29/02/2008 16:03 74480]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [27/07/2009 14:07 20560]

R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [20/03/2010 18:56 311568]

R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [16/02/2006 16:51 4096]

R3 VF0350Afx;VF0350 Audio FX;c:\windows\system32\drivers\V0350Afx.sys [11/01/2009 02:29 142656]

R3 VF0350Vfx;VF0350 Video FX;c:\windows\system32\drivers\V0350Vfx.sys [11/01/2009 02:29 7424]

R3 VF0350Vid;Live! Cam Video IM (VF0350);c:\windows\system32\drivers\V0350Vid.sys [11/01/2009 02:28 170368]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [30/01/2010 09:39 135664]

.

Contents of the 'Scheduled Tasks' folder

 

2010-03-25 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 14:42]

 

2010-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 07:39]

 

2010-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 07:39]

 

2010-03-28 c:\windows\Tasks\ParetoLogic Registration.job

- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59]

 

2010-03-28 c:\windows\Tasks\ParetoLogic Update Version2.job

- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]

 

2010-03-28 c:\windows\Tasks\SmartDefrag.job

- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-03-24 14:30]

 

2010-03-29 c:\windows\Tasks\User_Feed_Synchronization-{A2C9AD61-7DB8-4377-A116-166A215A160C}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]

.

.

------- Supplementary Scan -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://www.google.co.uk/

uInternet Connection Wizard,ShellNext = hxxp://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

.

- - - - ORPHANS REMOVED - - - -

 

BHO-{41E38F90-DD5E-4392-93A9-A8EE78D23857} - (no file)

MSConfigStartUp-Eraser - c:\program files\Eraser\Eraser.exe

MSConfigStartUp-ISTray - c:\program files\Spyware Doctor\pctsTray.exe

AddRemove-Eusing Free Registry Cleaner - c:\progra~1\Eusing Free Registry Cleaner\UNWISE.EXE

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-03-29 13:34

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,97,34,8f,cd,5c,de,b4,48,b1,22,60,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,97,34,8f,cd,5c,de,b4,48,b1,22,60,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'winlogon.exe'(628)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

c:\program files\Intel\Wireless\Bin\LgNotify.dll

c:\windows\system32\igfxdev.dll

 

- - - - - - - > 'explorer.exe'(23008)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2010-03-29 13:49:05

ComboFix-quarantined-files.txt 2010-03-29 11:48

 

Pre-Run: 8,917,516,288 bytes free

Post-Run: 8,871,583,744 bytes free

 

- - End Of File - - 0CBA6F237E7B3EE5BE94D1ECD58A18EC

 

 

 

 

Hjt log to follow

 

regards and many thanks!!!!

 

fridgedoc

Link to comment
Share on other sites

malware problem

 

NEW......Hjt log:

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 01:44:32, on 29/03/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe

C:\Program Files\Sonic\Product\Media Experience\DMXLauncher.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\V0350Mon.exe

C:\WINDOWS\UMStor\Res.EXE

C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\IObit\IObit Security 360\IS360tray.exe

C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe

C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\Orange\Launcher\Launcher.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe

C:\Program Files\IObit\IObit Security 360\IS360srv.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

C:\Program Files\Orange\systray\systrayapp.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Orange\Deskboard\deskboard.exe

C:\Program Files\Orange\connectivity\connectivitymanager.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\fxssvc.exe

C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe

C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\IObit\IObit Security 360\is360.exe

C:\Program Files\Trend Micro\sniper.exe\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.ke.voila.fr/S/voila?kw=

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll

R3 - URLSearchHook: IObitCom Toolbar - {31c7d459-9cc3-44f2-9dca-fc11795309b4} - C:\Program Files\IObitCom\tbIObi.dll

O2 - BHO: (no name) - {130D5D84-1B65-44B2-893C-414B1850A092} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {26B29E66-C8DC-4E44-9F27-7884642B7F9E} - (no file)

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: IObitCom Toolbar - {31c7d459-9cc3-44f2-9dca-fc11795309b4} - C:\Program Files\IObitCom\tbIObi.dll

O2 - BHO: (no name) - {41E38F90-DD5E-4392-93A9-A8EE78D23857} - (no file)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: (no name) - {DD55C8EA-62A7-40AB-8E95-1C65EA165722} - (no file)

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: (no name) - {F753EB8E-A475-4A3D-AA53-62DF52EF10EB} - (no file)

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: IObitCom Toolbar - {31c7d459-9cc3-44f2-9dca-fc11795309b4} - C:\Program Files\IObitCom\tbIObi.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe

O4 - HKLM\..\Run: [showLOMControl] �

O4 - HKLM\..\Run: [iSUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [ulead Memory Card Detector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe

O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Sonic\Product\Media Experience\DMXLauncher.exe"

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [V0350Mon.exe] C:\WINDOWS\V0350Mon.exe

O4 - HKLM\..\Run: [uSB Storage Toolbox] C:\WINDOWS\UMStor\Res.EXE

O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun

O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe

O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"

O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [iObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart

O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot

O4 - HKLM\..\Run: [smartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\NetWaiting.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup

O4 - HKCU\..\Run: [ProxyWay] C:\Program Files\ProxyWay\proxyway.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O15 - Trusted Zone: http://*.mappy.com

O15 - Trusted Zone: http://*.orange.fr

O15 - Trusted Zone: http://rw.search.ke.voila.fr

O15 - Trusted Zone: http://orange.weborama.fr

O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab

O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15106/CTPID.cab

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe

O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

 

--

End of file - 15290 bytes

 

 

regards

 

fridgedoc

Link to comment
Share on other sites

P2P - I see you have P2P software installed on your machine. (LimeWire) We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

 

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

 

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

======================================

 

Please go to Jotti's malware scan

(If more than one file needs scanned they must be done separately and logs posted for each one)

 

* Copy the file path in the below Code box:

 

c:\windows\system32\35ACF1024C.sys
c:\windows\system32\D9A28820E7.sys

 

* At the upload site, click once inside the window next to Browse.

* Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.

* Next click Submit file

* Your file will possibly be entered into a queue which normally takes less than a minute to clear.

* This will perform a scan across multiple different virus scanning engines.

* Important: Wait for all of the scanning engines to complete.

* Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.

 

=================================

You did not do the fixes in HJT that I outlined. Please do them now and send me a new HJT log.

 

Open HijackThis and select Do a system scan only

 

Place a check mark next to the following entries: (if there)

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: (no name) - {130D5D84-1B65-44B2-893C-414B1850A092} - (no file)

O2 - BHO: (no name) - {26B29E66-C8DC-4E44-9F27-7884642B7F9E} - (no file)

O2 - BHO: (no name) - {41E38F90-DD5E-4392-93A9-A8EE78D23857} - (no file)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)

O2 - BHO: (no name) - {DD55C8EA-62A7-40AB-8E95-1C65EA165722} - (no file)

O2 - BHO: (no name) - {F753EB8E-A475-4A3D-AA53-62DF52EF10EB} - (no file)

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)

 

Internet Explorer's security is based upon a set of zones. Each zone has different security in terms of what scripts and applications can be run from a site that is in that zone. There is a security zone called the Trusted Zone. This zone has the lowest security and allows scripts and applications from sites in this zone to run without your knowledge. It is therefore a popular setting for malware sites to use so that future infections can be easily done on your computer without your knowledge as these sites will be in the Trusted Zone. Therefore, I recommend that nothing be allowed in the trusted zone. If you agree, please put a check mark on the following lines. It will not affect the running of your computer in any way except to make it more secure.

 

O15 - Trusted Zone: http://*.mappy.com

O15 - Trusted Zone: http://*.orange.fr

O15 - Trusted Zone: http://rw.search.ke.voila.fr

O15 - Trusted Zone: http://orange.weborama.fr

 

Important: Close all open windows except for HijackThis and then click Fix checked.

 

Once completed, exit HijackThis.

================================

Next post please include two links from Jotti's scanner and a new HJT log.

Link to comment
Share on other sites

malware problem

 

I think I may have sent the wrong log?.........I have just done another hjt scan and cannot find any of the codes you wanted he to tick.

 

New log:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:36:46, on 29/03/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe

C:\Program Files\IObit\IObit Security 360\IS360srv.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\fxssvc.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\stsystra.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe

C:\Program Files\Sonic\Product\Media Experience\DMXLauncher.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\V0350Mon.exe

C:\WINDOWS\UMStor\Res.EXE

C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\IObit\IObit Security 360\IS360tray.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe

C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe

C:\Program Files\Orange\Launcher\Launcher.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\NetWaiting\NetWaiting.exe

C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe

C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Orange\systray\systrayapp.exe

C:\Program Files\Orange\Deskboard\deskboard.exe

C:\Program Files\Orange\connectivity\connectivitymanager.exe

C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe

C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe

C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\IObit\IObit Security 360\is360.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\Trend Micro\sniper.exe\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll

R3 - URLSearchHook: IObitCom Toolbar - {31c7d459-9cc3-44f2-9dca-fc11795309b4} - C:\Program Files\IObitCom\tbIOb1.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: IObitCom Toolbar - {31c7d459-9cc3-44f2-9dca-fc11795309b4} - C:\Program Files\IObitCom\tbIOb1.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: IObitCom Toolbar - {31c7d459-9cc3-44f2-9dca-fc11795309b4} - C:\Program Files\IObitCom\tbIOb1.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe

O4 - HKLM\..\Run: [showLOMControl] �

O4 - HKLM\..\Run: [iSUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [ulead Memory Card Detector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe

O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Sonic\Product\Media Experience\DMXLauncher.exe"

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [V0350Mon.exe] C:\WINDOWS\V0350Mon.exe

O4 - HKLM\..\Run: [uSB Storage Toolbox] C:\WINDOWS\UMStor\Res.EXE

O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun

O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe

O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"

O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [iObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart

O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot

O4 - HKLM\..\Run: [smartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\NetWaiting.exe

O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup

O4 - HKCU\..\Run: [ProxyWay] C:\Program Files\ProxyWay\proxyway.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O15 - Trusted Zone: http://*.mappy.com

O15 - Trusted Zone: http://*.orange.fr

O15 - Trusted Zone: http://rw.search.ke.voila.fr

O15 - Trusted Zone: http://orange.weborama.fr

O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab

O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15106/CTPID.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe

O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

 

--

End of file - 13713 bytes

 

regards and thanks for your time

 

fridgedoc

Link to comment
Share on other sites

I have just done another hjt scan and cannot find any of the codes you wanted he to tick.

These four are still there. I strongly urge you to remove them.

 

O15 - Trusted Zone: http://*.mappy.com

O15 - Trusted Zone: http://*.orange.fr

O15 - Trusted Zone: http://rw.search.ke.voila.fr

O15 - Trusted Zone: http://orange.weborama.fr

======================

 

BTW, how's your computer running? I've checked over you post and I can't really determine what was wrong at the start.

 

ESET Online Scan

 

Scan your computer with the ESET FREE Online Virus Scan

 

* Click the ESET Online Scanner button.

 

* For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

* Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop

* Double click on the esetsmartinstaller_enu.exe icon on your desktop.

* Place a check mark next to YES, I accept the Terms of Use.

 

* Click the Start button.

* Accept any security warnings from your browser.

* Leave the check mark next to Remove found threats and place a check next to Scan archives.

* Click the Start button.

* ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.

* When the scan completes, click List of found threats.

* Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.

* Click the Back button then click Finish.

 

In your next reply please include the ESET Online Scan Log

Link to comment
Share on other sites

malware problem

 

Hi Superdave

 

New scan with items removed as advised:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 07:51:59, on 30/03/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe

C:\Program Files\IObit\IObit Security 360\IS360srv.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\fxssvc.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\stsystra.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe

C:\Program Files\Sonic\Product\Media Experience\DMXLauncher.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\V0350Mon.exe

C:\WINDOWS\UMStor\Res.EXE

C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\IObit\IObit Security 360\IS360tray.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe

C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe

C:\Program Files\Orange\Launcher\Launcher.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\NetWaiting\NetWaiting.exe

C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe

C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Orange\systray\systrayapp.exe

C:\Program Files\Orange\Deskboard\deskboard.exe

C:\Program Files\Orange\connectivity\connectivitymanager.exe

C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe

C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe

C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\IObit\IObit Security 360\is360.exe

C:\Program Files\Orange\browser\browser.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\Trend Micro\sniper.exe\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll

R3 - URLSearchHook: IObitCom Toolbar - {31c7d459-9cc3-44f2-9dca-fc11795309b4} - C:\Program Files\IObitCom\tbIOb1.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: IObitCom Toolbar - {31c7d459-9cc3-44f2-9dca-fc11795309b4} - C:\Program Files\IObitCom\tbIOb1.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: IObitCom Toolbar - {31c7d459-9cc3-44f2-9dca-fc11795309b4} - C:\Program Files\IObitCom\tbIOb1.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe

O4 - HKLM\..\Run: [showLOMControl] �

O4 - HKLM\..\Run: [iSUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [ulead Memory Card Detector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe

O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Sonic\Product\Media Experience\DMXLauncher.exe"

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [V0350Mon.exe] C:\WINDOWS\V0350Mon.exe

O4 - HKLM\..\Run: [uSB Storage Toolbox] C:\WINDOWS\UMStor\Res.EXE

O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun

O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe

O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"

O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [iObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart

O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot

O4 - HKLM\..\Run: [smartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\NetWaiting.exe

O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup

O4 - HKCU\..\Run: [ProxyWay] C:\Program Files\ProxyWay\proxyway.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab

O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15106/CTPID.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe

O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

 

--

End of file - 13669 bytes

 

 

The original problem was 4 malware programs could not be removed, after running 360 and other programs they would state "all removed" then these programs would reappear tey now sem to have gone, after a little thought now I think I will delete limewire.

 

Thank you for your time and effort

 

fridgedoc

Link to comment
Share on other sites

We are not finished yet. Please run this scan and post the results. If this scan turns out ok, we'll have to do some cleanup afterwards.

 

ESET Online Scan

 

Scan your computer with the ESET FREE Online Virus Scan

 

* Click the ESET Online Scanner button.

 

* For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

* Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop

* Double click on the esetsmartinstaller_enu.exe icon on your desktop.

* Place a check mark next to YES, I accept the Terms of Use.

 

* Click the Start button.

* Accept any security warnings from your browser.

* Leave the check mark next to Remove found threats and place a check next to Scan archives.

* Click the Start button.

* ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.

* When the scan completes, click List of found threats.

* Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.

* Click the Back button then click Finish.

 

In your next reply please include the ESET Online Scan Log

Link to comment
Share on other sites

malware problem

 

Hi Superdave

 

Well it all went pear shape, while running Eset we had a power failure, I am guessing eset had not finished and when I looked prior to power off it had 8 threats, so I ran eset again and left it as my internet connection is slow the last time I looked it showed 15 threats, I had to be at the hospital today at

8am so have only just got to computer "now", on touching the mouse the screen came up slowly and had frozen, had to turn off power and on again,

not sure what to do, can I still get the logs and where do I get them from.

 

regards

 

fridgedoc

Link to comment
Share on other sites

That's Ok. If there are any logs they would be on your C: drive under ESET. We'll try another scan.

 

Run the BitDefender Online Scanner.

 

Agree to the license and then select Scan. DO NOT CHANGE THE OPTIONS TO SHOW ALL FILES SCANNED. That will make your logs huge and we don't need to see clean files.

 

Once Bitdefender completes the scan:

Click-on the Detected Problems tab.

Then select Click here to export the scan report.

 

When the window comes up to save the report, change the Save as type: box to:

Text (Tab Delimited) (*.txt) and then in the File name box enter change to bdscan then click Save.

 

This will save a file named bdscan.txt. I would suggest saving it to the Desktop so you can easily find it. (take notice of where you save it so you can find it later).

This bdcan.txt file will actually contain HTML code that we can easily view later while reviewing your log. All we have to do is rename the file to bdscan.html.

 

If you do not follow these step, you will have an incorrect log or worse a log summary which is useless to us.

Post the bdscan.txt file as an Attachment.

Link to comment
Share on other sites

malware problem

 

Hi Superdave

 

Found the eset log (one only,the last one) that's good news.

 

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=ec4accd445bdaf478c2a711c5087bf51

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2010-03-31 06:03:34

# local_time=2010-03-31 08:03:34 (+0100, W. Europe Daylight Time)

# country="United Kingdom"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 165426 165426 0 0

# compatibility_mode=769 16775141 100 92 16865 206269973 9943 0

# compatibility_mode=8192 67108863 100 0 55375 55375 0 0

# scanned=94568

# found=15

# cleaned=15

# scan_time=30217

C:\Qoobox\Quarantine\C\WINDOWS\system32\AdddLnnn.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\WINDOWS\system32\AdddLnnn.ini2.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\WINDOWS\system32\gOppYcdd.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\WINDOWS\system32\gOppYcdd.ini2.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\WINDOWS\system32\MmVxyyxx.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\WINDOWS\system32\MmVxyyxx.ini2.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\WINDOWS\system32\oqrAbccf.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\WINDOWS\system32\oqrAbccf.ini2.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\WINDOWS\system32\oqrrAJlm.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\WINDOWS\system32\oqrrAJlm.ini2.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\WINDOWS\system32\qrrtvyxx.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\WINDOWS\system32\RsBdLnnn.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\WINDOWS\system32\RsBdLnnn.ini2.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\WINDOWS\system32\WwFLlUtv.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\WINDOWS\system32\WwFLlUtv.ini2.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Link to comment
Share on other sites

malware problem

 

Hi Superdave

 

Your link did not work for some reason so I went to their site and used the scan, here in France it was 3am and it said 2.5 hours still to go so I went to bed, here this morning 6.50am and computer has done an auto restart so no "BLOODY" log again, do I re-scan? or is the log hidden?

 

Thanks

 

fridgedoc

Link to comment
Share on other sites

malware problem

 

Hi Superdave

 

Log for BitDefender as requested, showing all clear:

 

 

 

 

Statistics

 

Time

03:15:11

 

Files

306954

 

Folders

11361

 

Boot Sectors

0

 

Archives

6888

 

Packed Files

12464

 

 

 

 

Results

 

Identified Viruses

0

 

Infected Files

0

 

Suspect Files

0

 

Warnings

0

 

Disinfected

0

 

Deleted Files

0

 

 

 

 

Engines Info

 

Virus Definitions

5559578

 

Engine build

AVCORE v2.1 Windows/i386 11.0.0.33 (Feb 25 2010)

 

Scan plugins

17

 

Archive plugins

44

 

Unpack plugins

8

 

E-mail plugins

6

 

System plugins

4

 

 

 

 

Scan Settings

 

First Action

Disinfect

 

Second Action

Delete

 

Heuristics

Yes

 

Enable Warnings

Yes

 

Scanned Extensions

*;

 

Exclude Extensions

 

 

Scan Emails

Yes

 

Scan Archives

Yes

 

Scan Packed

Yes

 

Scan Files

Yes

 

Scan Boot

Yes

 

 

 

 

Scanned File

Status

 

No virus found.

Link to comment
Share on other sites

It would appear that all our scans have removed all the malware from your computer. If there are no other issues, it's time for some clean-up. You can uninstall HTJ if you wish. You can delete DDS and ESET if still there.

 

To uninstall ComboFix

  • Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  • In the field, type in ComboFix /uninstall

http://i582.photobucket.com/albums/ss269/Cat_Byte/Combofix_uninstall_image.jpg

 

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

  • Then, press Enter, or click OK.
  • This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

=====================================

 

Clean out your temporary internet files and temp files.

 

Download TFC by OldTimer to your desktop.

 

Double-click TFC.exe to run it.

 

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

 

TFC will close all programs when run, so make sure you have saved all your work before you begin.

 

* Click the Start button to begin the cleaning process.

* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.

* Please let TFC run uninterrupted until it is finished.

 

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

 

========================================

Looking over your log it seems you don't have any evidence of a third party firewall.

 

Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.

 

Remember only install ONE firewall

 

1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)

2) Online Armor

3) Agnitum Outpost

4) PC Tools Firewall Plus

 

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

========================================

Use the Secunia Software Inspector to check for out of date software.

 

•Click Start Now

 

•Check the box next to Enable thorough system inspection.

 

•Click Start

 

•Allow the scan to finish and scroll down to see if any updates are needed.

•Update anything listed.

.

----------

 

Go to Microsoft Windows Update and get all critical updates.

 

----------

 

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

 

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.

* Using SpywareBlaster to protect your computer from Spyware and Malware

* If you don't know what ActiveX controls are, see here

 

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

 

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

 

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.

Safe Surfing! Joyeuses Pâques :mrgreen:

Link to comment
Share on other sites

malware problem

 

Hi Superdave

 

just a line to say I have not forgotten you, apart from following your instructions I've baked the bread made some scones, continued with the wireing in my daughters room (nearly finished) and grabbed a couple of hours sleep.

 

Thank you for your kind Easter greetings and the same to you and your family.

 

fridgedoc

Link to comment
Share on other sites

malware problem

 

Hi Superdave

 

At last all completed, I hope I have followed all your instructions correctly, I feel a lot wiser thanks to you, quite frightening really what can go wrong.

 

Thank you so very much for all your time effort and patience, I would like to think over the years I have given help to others (in different fields) and will continue to do so, I am a great believer in what goes around comes around and meeting you is a prime example, may you have a wonderful life.

 

I hope we meet again.

 

Kind regards to you and your family

 

Stephen

 

(fridgedoc)

Link to comment
Share on other sites

Hello Stephen. It was a pleasure helping you with your problems. I was helped about 4 years ago by another Malware expert and since then I've been studying to get my degree in Malware removal. It is certainly gratifying to help others in need such as I was. Hopefully, you won't need my services anytime in the future and it has been a pleasure. Best wishes to you and your family. Dave

Link to comment
Share on other sites

  • 4 weeks later...

Superdave I'm still having problems

 

Hello Superdave

 

Sorry but I'm still having problems, iexplorer keeps freezing also if you have say 3 or 4 iexplorer windows open and then close one of them they ALL close, then you cannot open iexplorer again unless you reboot, I have tried a few things (malware) but no luck, could you or anyone reading this and knowing the answer please help.

 

many thanks

 

fridgedoc

Link to comment
Share on other sites

Help Please

 

Hi Evil

 

I have had these problems since "clearing malware" thought it was me, I have auto update on MS. critical updates, when I try to update it looks as if it is updateing but it does NOT update, I went to the MS. website and up loaded the critical update which it said I had up loaded and installed successfully only to find 10 min's later it was trying to up load the same update, and from what I have read this is one of the things that a certain malware does ie. it will not allow you to download and install MS. critical updates, this is why I posted in the malware section, I will go to the MS. site and try again to download the critical updates..........fingers crossed.

 

fridgedoc

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.


×
×
  • Create New...