I've just completed the first part (TDS-3) and it found 6 alerts. Here is the log.
20:03:12 [Init] Trojan Defence Suite v3.2.0 (UNLICENSED)
20:03:12 [Init] Started 24-02-05 20:03:12 GMT Standard Time (UTC: 0), Internet Time @877.22
20:03:12 [Init] Loading TDS-3 Systems ...
20:03:12 [Init] Token successfully adjusted.
20:03:13 [Init] • TDS Privileges : OK. Adjusted TDS-3 token privileges to maximum
20:03:14 [Init] • Plugins : OK. Loaded 13
20:03:14 [Init] • Exec Protection : Not Installed
20:03:15 [Init] WARNING: Your Radius.TD3 database needs to be updated!
20:03:15 [Init] Please download the latest from
http://tds.diamondcs.com.au/radius.td3
20:03:15 [Init] Licensed users can use the Update facility from the TDS menu
20:03:16 [Init] Loading Radius Advanced Scanning Systems ... <R3 Engine, DCS Labs>
20:03:32 [Init] • Radius Advanced Specialist Extensions on standby for 13 trojan families
20:03:32 [Init] • Systems Initialised [47949 references - 23637 primaries/12150 traces/12162 variants/other]
20:03:32 [Init] Radius Systems loaded. <Databases updated 24-02-2005>
20:03:33 [Init] TDS-3 Ready. <Roadster@192.168.1.5, 127.0.0.1 - United Kingdom>
20:03:33 [Tip Of The Day] Did you know? - TDS-3 is the only anti-trojan system that can detect trojans by scanning for the memory-resident mutexes that they use.
20:03:33 [TDS] Good evening Roadster.
20:04:28 [Mutex Memory Scan] Started...
20:04:30 [Mutex Memory Scan] Finished (no trojan mutexes found).
20:04:30 [TDS-3] NOTICE - TDS-3 was not properly shut down.
20:04:30 [TDS-3] This is an EVALUATION demo of TDS-3. Please see the help file for help on registering.
20:04:45 [CRC32] Started - verifying 29 files ...
20:04:50 [CRC32] Test finished.
20:08:18 [Memory Scan] Memory scan started, please wait a moment ...
20:08:19 [Memory Scan] Memory scan complete.
20:08:20 [Mutex Memory Scan] Started...
20:08:22 [Mutex Memory Scan] Finished (no trojan mutexes found).
20:08:22 [Trace Scan] Started...
20:23:31 [Trace Scan] Finished.
20:23:31 [ServiceScan] Scanning for services and drivers ...
20:23:45 [ServiceScan] Scanned 335 services and drivers.
20:23:46 [File Scan] Scanning in C:\ ...
22:37:05 [Locked File] Couldn't open c:\recycler\nprotect\00000004.exe for read access, file is locked
22:37:06 [Locked File] Couldn't open c:\recycler\nprotect\00000072.exe for read access, file is locked
22:37:06 [Locked File] Couldn't open c:\recycler\nprotect\00000074.exe for read access, file is locked
22:37:23 [Locked File] Couldn't open c:\recycler\nprotect\00000396.exe for read access, file is locked
22:37:24 [Locked File] Couldn't open c:\recycler\nprotect\00000419.exe for read access, file is locked
22:37:24 [Locked File] Couldn't open c:\recycler\nprotect\00000421.exe for read access, file is locked
22:37:25 [Locked File] Couldn't open c:\recycler\nprotect\00000428.exe for read access, file is locked
22:37:25 [Locked File] Couldn't open c:\recycler\nprotect\00000433.exe for read access, file is locked
22:37:25 [Locked File] Couldn't open c:\recycler\nprotect\00000439.exe for read access, file is locked
22:37:26 [Locked File] Couldn't open c:\recycler\nprotect\00000462.exe for read access, file is locked
22:37:26 [Locked File] Couldn't open c:\recycler\nprotect\00000468.exe for read access, file is locked
22:37:26 [Locked File] Couldn't open c:\recycler\nprotect\00000480.exe for read access, file is locked
22:37:27 [Locked File] Couldn't open c:\recycler\nprotect\00000494.exe for read access, file is locked
22:37:27 [Locked File] Couldn't open c:\recycler\nprotect\00000500.exe for read access, file is locked
22:37:28 [Locked File] Couldn't open c:\recycler\nprotect\00000513.exe for read access, file is locked
22:37:28 [Locked File] Couldn't open c:\recycler\nprotect\00000525.exe for read access, file is locked
22:37:28 [Locked File] Couldn't open c:\recycler\nprotect\00000531.exe for read access, file is locked
22:38:03 [Locked File] Couldn't open c:\recycler\nprotect\00000863.exe for read access, file is locked
22:38:13 [Locked File] Couldn't open c:\recycler\nprotect\00001063.exe for read access, file is locked
22:38:37 [Locked File] Couldn't open c:\recycler\nprotect\00001403.exe for read access, file is locked
22:58:04 [File Scan] Scanned 87938 files: 6 alarms in 9258.109 seconds (Avg 10.5 files/sec)
22:58:04 [File Scan] Scanning in D:\ ...
22:58:05 [File Scan] Scanned 0 files: 6 alarms in 0.03125 seconds (Avg 1. files/sec)
22:58:05 [Scan] Finished.
-----------------------------------------------------------------
Scan Control Dumped @ 23:02:07 24-02-05
Trojan Client\EditServer found: FTP.FtpSmtp 2.31 (Utility)
File: c:\old computer\program files\icq\received files\captain stable\new folder\windows setup.exe
Positive identification: Riskware.ProcessRestart
File: c:\old computer\program files\kodak\kodak software updater\7288971\6.1.4.37-7288971l\program\restart.exe
Positive identification: Riskware.Proxy.Hltv
File: c:\old computer\sierra\half-life\hltv.exe
Positive identification (embedded in file): Worm.Mabutu.a (dll)
File: c:\program files\norton systemworks\norton antivirus\quarantine\08a4756a.tmp
Positive identification (embedded in file): Worm.Mabutu.a (dll)
File: c:\program files\norton systemworks\norton antivirus\quarantine\3a68057d.tmp
Positive identification (embedded in file): Worm.Mabutu.a (dll)
File: c:\program files\norton systemworks\norton antivirus\quarantine\4d533eab.tmp
I'm just about to do the next suggestion. :D
Ok, so this is the startdreck log.
StartDreck (build 2.1.7 public stable) - 2005-02-24 @ 23:24:16 (GMT +00:00)
Platform: Windows XP (Win NT 5.1.2600 Service Pack 2)
Internet Explorer: 6.0.2900.2180
Logged in as Roadster at EUNOS
»Registry
»Run Keys
»Current User
»Run
*Norton SystemWorks="C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
*MSMSGS="C:\Program Files\Messenger\msmsgs.exe" /background
»RunOnce
»Default User
»Run
*CTFMON.EXE=C:\WINDOWS\system32\CTFMON.EXE
*Norton SystemWorks="C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
»RunOnce
»Local Machine
»Run
*IgfxTray=C:\WINDOWS\system32\igfxtray.exe
*HotKeysCmds=C:\WINDOWS\system32\hkcmd.exe
*PCMService="C:\Program Files\Dell\Media Experience\PCMService.exe"
*CTSysVol=C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
*UpdReg=C:\WINDOWS\UpdReg.EXE
*dla=C:\WINDOWS\system32\dla\tfswctrl.exe
*ccApp="C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
*SpeedTouch USB Diagnostics="C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
*Symantec NetDriver Monitor=C:\PROGRA~1\SYMNET~1\SNDMon.exe
*EPSON Stylus CX5200=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX5200" /O6 "USB001" /M "Stylus CX5200"
*P17Helper=Rundll32 P17.dll,P17Helper
+OptionalComponents
+MSFS
*Installed=1
+MAPI
*NoChange=1
*Installed=1
+MAPI
*NoChange=1
*Installed=1
»RunOnce
»RunServices
»RunServicesOnce
»RunOnceEx
»RunServicesOnceEx
»File Associations (CR)
+.bat
*batfile="%1" %*
+.com
*comfile="%1" %*
+.exe
*exefile="%1" %*
+.hta
*htafile=C:\WINDOWS\system32\mshta.exe "%1" %*
+.htm
*htmlfile="C:\Program Files\Internet Explorer\iexplore.exe" -nohome
+.html
*htmlfile="C:\Program Files\Internet Explorer\iexplore.exe" -nohome
+.js
*JSFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.jse
*JSEFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.pif
*piffile="%1" %*
+.reg
*regfile=regedit.exe "%1"
+.scr
*scrfile="%1" /S
+.txt
*txtfile=%SystemRoot%\system32\NOTEPAD.EXE %1
+.vbs
*VBSFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.vbe
*VBEFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.wsh
*WSHFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.wsf
*WSFFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.lnk
`lnkfile= [key or value does not exist]
»Active Setup (LM)
+Microsoft Windows Media Player/>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
*StubPath=C:\WINDOWS\inf\unregmp2.exe /ShowWMP
+Internet Explorer/>{26923b43-4d38-484f-9b9e-de460746276c}
*StubPath=%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
+Outlook Express/>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
*StubPath=%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
+Themes Setup/{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
*StubPath=%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
+Microsoft Outlook Express 6/{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
*StubPath="%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
+NetMeeting 3.01/{44BBA842-CC51-11CF-AAFA-00AA00B6015B}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
+Internet Explorer/{4b218e3e-bc98-4770-93d3-2731b9329278}
*StubPath=%SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
+Windows Messenger 4.7/{5945c046-1e7d-11d1-bc44-00c04fd912be}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
+Microsoft Windows Media Player/{6BF52A52-394A-11d3-B153-00C04F79FAA6}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub
+Address Book 6/{7790769C-0471-11d2-AF11-00C04FA35D02}
*StubPath="%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
+Windows Desktop Update/{89820200-ECBD-11cf-8B85-00AA005B4340}
*StubPath=regsvr32.exe /s /n /i:U shell32.dll
+Internet Explorer 6/{89820200-ECBD-11cf-8B85-00AA005B4383}
*StubPath=%SystemRoot%\system32\ie4uinit.exe
+Fax/{8b15971b-5355-4c82-8c07-7e181ea07608}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
»Browser Helper Objects (LM)
*YBIOCtrl.CompanionBHO.4/{02478D38-C3F9-4efb-9B51-7695ECA05670}
`InprocServer32=C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
*AcroIEHelper.AcroIEHlprObj.1/{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
`InprocServer32=C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
*DriveLetterAccess/{5CA3D70E-1895-11CF-8E15-001234567890}
`InprocServer32=C:\WINDOWS\system32\dla\tfswshx.dll
*Nisbho.CNisExtBho.1/{9ECB9560-04F9-4bbc-943D-298DDF1699E1}
`InprocServer32=C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
*Navbho.CNavExtBho.1/{BDF3E430-B101-42AD-A544-FADC6B084872}
`InprocServer32=C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
»Internet Explorer
»Current User
*Default_Page_URL=http://www.dell.co.uk/myway
*Local Page=C:\WINDOWS\system32\blank.htm
*Search Bar=http://www.freeserve.com/iesearch/default.htm
*Search Page=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
*Start Page=http://www.google.co.uk/
*Window Title=Microsoft Internet Explorer provided by Freeserve
+SearchUrl
*provider=yaho
*(Default)=frsv
»Default User
*Default_Page_URL=http://www.dell.co.uk/myway
*First Home Page=http://www.dell.co.uk/myway
*Start Page=http://www.dell.co.uk/myway
»Local Machine
*Default_Page_URL=http://www.freeserve.com/
*Default_Search_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
*Local Page=%SystemRoot%\system32\blank.htm
*Search Page=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
*Start Page=http://www.dell.co.uk/myway
*CustomizeSearch=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
*SearchAssistant=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
»ShellServiceObjectDelayLoad (LM)
*PostBootReminder={7849596a-48ea-486e-8937-a2a3009f31a9}
`InprocServer32=%SystemRoot%\system32\SHELL32.dll
*CDBurn={fbeb8a05-beee-4442-804e-409d6c4515e9}
`InprocServer32=%SystemRoot%\system32\SHELL32.dll
*WebCheck={E6FB5E20-DE35-11CF-9C87-00AA005127ED}
`InprocServer32=%SystemRoot%\system32\webcheck.dll
*SysTray={35CEC8A3-2BE6-11D2-8773-92E220524153}
`InprocServer32=C:\WINDOWS\system32\stobject.dll
»Special NT Values
»Current User
*Load=
*Run=
*Programs=com exe bat pif cmd
*SHELL=
»Default User
*Load=
*Run=
*Programs=com exe bat pif cmd
*SHELL=
»Local Machine
*AppInit_DLLs=
*SHELL=Explorer.exe
*Userinit=C:\WINDOWS\system32\userinit.exe,
»Files
»Autostart Folders
»Current User
*C:\Documents and Settings\Roadster\Start Menu\Programs\Startup\CCProxy.lnk
*C:\Documents and Settings\Roadster\Start Menu\Programs\Startup\DESKTOP.INI
*C:\Documents and Settings\Roadster\Start Menu\Programs\Startup\HotSync Manager.lnk
»Default User
*C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\DESKTOP.INI
»Local Machine
*C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DESKTOP.INI
*C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Norton GoBack.lnk
»INI-Files
»WIN.INI\[windows]
*LOAD=
*RUN=
»SYSTEM.INI\[boot]
*SHELL=Explorer.exe
»Text Files
*C:\boot.ini
`[boot loader]
`timeout=30
`default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
`[operating systems]
`multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
*C:\msdos.sys
*C:\config.sys
*C:\WINDOWS\system32\config.nt
`dos=high, umb
`device=%SystemRoot%\system32\himem.sys
`files=40
*C:\autoexec.bat
*C:\WINDOWS\system32\autoexec.nt
`@echo off
`lh %SystemRoot%\system32\mscdexnt.exe
`lh %SystemRoot%\system32\redir
`lh %SystemRoot%\system32\dosx
`SET BLASTER=A220 I5 D1 P330 T3
*C:\WINDOWS\wininit.ini
`[Rename]
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
*C:\WINDOWS\system32\drivers\etc\hosts
`127.0.0.1 localhost
`64.91.255.87
www.dcsresearch.com
»Program Files
*C:\ntldr
*C:\ntdetect.com
*C:\io.sys
*C:\WINDOWS\system32\win.com
*C:\WINDOWS\explorer.exe
»%PATH% Companion Files
+C:\SETUP.EXE
*C:\WINDOWS\system32\SETUP.EXE
+C:\WINDOWS\system32\NOTEPAD.EXE
*C:\WINDOWS\NOTEPAD.EXE
+C:\WINDOWS\system32\TASKMAN.EXE
*C:\WINDOWS\TASKMAN.EXE
+C:\WINDOWS\system32\WINHLP32.EXE
*C:\WINDOWS\WINHLP32.EXE
»System/Drivers
»Running Processes
+0=<idle>
+4=<system>
+988=\SystemRoot\System32\smss.exe
+1052=\??\C:\WINDOWS\system32\csrss.exe
+1076=\??\C:\WINDOWS\system32\winlogon.exe
+1120=C:\WINDOWS\system32\services.exe
+1132=C:\WINDOWS\system32\lsass.exe
+1296=C:\WINDOWS\system32\svchost.exe
+1404=C:\WINDOWS\system32\svchost.exe
+1524=C:\WINDOWS\System32\svchost.exe
+1636=C:\WINDOWS\system32\svchost.exe
+1780=C:\WINDOWS\system32\svchost.exe
+1796=C:\WINDOWS\Explorer.EXE
+1952=C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
+1972=C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
+1984=C:\Program Files\Norton Personal Firewall\ISSVC.exe
+1996=C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
+2032=C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
+136=C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
+684=C:\WINDOWS\system32\spoolsv.exe
+928=C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
+1444=C:\WINDOWS\system32\CTsvcCDA.EXE
+1468=C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
+1748=C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
+1892=C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
+212=C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
+468=C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
+816=C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
+1452=C:\WINDOWS\system32\svchost.exe
+1516=C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
+1568=C:\WINDOWS\system32\MsPMSPSv.exe
+3472=C:\WINDOWS\system32\hkcmd.exe
+3528=C:\Program Files\Dell\Media Experience\PCMService.exe
+3564=C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
+3624=C:\WINDOWS\system32\dla\tfswctrl.exe
+3636=C:\Program Files\Common Files\Symantec Shared\ccApp.exe
+3712=C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
+4024=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
+268=C:\WINDOWS\system32\Rundll32.exe
+2156=C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
+2448=C:\CCProxy\CCProxy.exe
+2472=C:\Program Files\Handspring\HOTSYNC.EXE
+2972=C:\WINDOWS\System32\svchost.exe
+3808=C:\Program Files\startdreck\StartDreck.exe
+4052=C:\Program Files\Messenger\msmsgs.exe
»VMM32Files (LM)
»%System%\VMM32
»%System%\IOSUBSYS
»Application specific
»MS Office 97/8.0 STARTUP-PATH
»Current User
»Default User
»Local Machine
»ICQ NetDetect
»Current User
»Default User
I really appreictae you folks helping me out. Thanks :)