Hi Guys, I'm using NOD 32 & thought it was pretty good but it seems to have missed this Trojan. Would I have been any better off with Smart Security??
Any way here is my DDS file and attachments as requested in the sticky.
Thanks heaps in advance for any help. Cheers, Ian
DDS (Ver_09-06-26.01) - NTFSx86
Run by User at 21:14:06.67 on 29/06/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Business 6.0.6001.1.1252.61.1033.18.2936.1760 [GMT 10:00]
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\system32\TAMSvr.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
c:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\NET_Down\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [AirCardEnabler]
mRun: [<NO NAME>]
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
dRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
dRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: citec.com.au\
www.confirm
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
TCP: NameServer = 85.255.112.197,85.255.112.183
TCP: {1BD4AF72-123A-47EE-AAAD-C332BAD4E808} = 85.255.112.197,85.255.112.183
TCP: {E53E3CE5-30DE-4EB5-BA1D-CD9B780241CE} = 85.255.112.197,85.255.112.183
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Notify: igfxcui - igfxdev.dll
================= FIREFOX ===================
FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\ji9ehv6z.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - component: c:\program files\nokia\nokia pc suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
============= SERVICES / DRIVERS ===============
R0 AlfaFF;AlfaFF mini-filter driver;c:\windows\system32\drivers\AlfaFF.sys [2008-11-26 42608]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-5-14 107256]
R2 Authentec memory manager;Authentec memory manager service;c:\windows\system32\TAMSvr.exe [2008-11-26 49152]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\microsoft small business\business contact manager\BcmSqlStartupSvc.exe [2008-1-11 30312]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-17 40960]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-5-14 731840]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2009-5-14 93312]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-4 126976]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-6-27 112128]
R3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2008-11-24 29263712]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2008-5-6 3658752]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-4-15 51160]
R3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys [2007-4-10 8192]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\toshiba\smartfacev\SmartFaceVWatchSrv.exe [2008-4-25 73728]
S3 SWNC8U52;Sierra Wireless MUX NDIS Driver (UMTS52);c:\windows\system32\drivers\swnc8u52.sys [2007-9-21 164480]
S3 SWUMX52;Sierra Wireless USB MUX Driver (UMTS52);c:\windows\system32\drivers\swumx52.sys [2007-9-21 140672]
=============== Created Last 30 ================
2009-06-29 20:44 <DIR> a-d----- c:\programdata\TEMP
2009-06-29 15:47 <DIR> --d----- c:\program files\CCleaner
2009-06-24 20:18 <DIR> --d----- c:\windows\pss
2009-06-16 18:25 <DIR> --d----- c:\users\user\appdata\roaming\RootsMagic
2009-06-16 18:25 <DIR> --d----- c:\programdata\RootsMagic
2009-06-16 18:25 <DIR> --d----- c:\progra~2\RootsMagic
2009-06-16 18:25 <DIR> --d----- c:\program files\RootsMagic 4
2009-06-11 15:53 2,033,152 a------- c:\windows\system32\win32k.sys
2009-06-11 15:53 636,928 a------- c:\windows\system32\localspl.dll
2009-06-10 20:40 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-06-10 20:40 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-06-10 20:40 <DIR> --d----- c:\program files\iPod
2009-06-10 20:39 <DIR> --d----- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-10 20:39 <DIR> --d----- c:\program files\iTunes
2009-06-10 20:39 <DIR> --d----- c:\progra~2\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-10 20:39 <DIR> --d----- c:\program files\Bonjour
==================== Find3M ====================
2009-06-29 15:19 51,200 a------- c:\windows\inf\infpub.dat
2009-06-29 15:19 143,360 a------- c:\windows\inf\infstrng.dat
2009-06-10 20:39 86,016 a------- c:\windows\inf\infstor.dat
2009-05-14 15:49 93,312 a------- c:\windows\system32\drivers\epfwwfpr.sys
2009-05-14 15:47 107,256 a------- c:\windows\system32\drivers\ehdrv.sys
2009-05-14 15:41 114,472 a------- c:\windows\system32\drivers\eamon.sys
2009-05-02 04:30 3,366,912 a------- c:\windows\system32\GPhotos.scr
2009-04-25 02:05 827,904 a------- c:\windows\system32\wininet.dll
2009-04-25 02:02 78,336 a------- c:\windows\system32\ieencode.dll
2009-04-24 23:44 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-04-23 22:43 784,896 a------- c:\windows\system32\rpcrt4.dll
2008-11-27 07:06 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-21 12:43 174 a--sh--- c:\program files\desktop.ini
2006-11-02 22:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 22:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 22:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 22:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 19:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 19:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 19:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 19:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
============= FINISH: 21:14:28.03 ===============
This is my laptop on Vista Business not my home system.
Ian