I have Avira Anti Virus and Full Symantec, I have downloaded the DRR and the rootkit as advised from the New Rules on Posting thread so im ready to go. Be great if you could help, cheers.
Dazzler82
- Status
Hello Dazzler82 Welcome to the TSF Virus/Trojan/Spyware Help forum. I will be assisting you in cleaning up your system.
I ask that you refrain from running tools other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
After 3 days if a topic is not replied to we assume it has been abandoned and it is closed.
I need for you to post both the DDS logs and the one from GMER which you should have before we can proceed as was shown in the instruction page.
We will proceed when you have those up for me to look at.
Thanks,
thewall
I ask that you refrain from running tools other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
After 3 days if a topic is not replied to we assume it has been abandoned and it is closed.
I need for you to post both the DDS logs and the one from GMER which you should have before we can proceed as was shown in the instruction page.
We will proceed when you have those up for me to look at.
Thanks,
thewall
Hi,
Thank you for your quick reply. I have the dds logs done but not uploaded them. I have tried to follow the instructions to get a log for the gmer however i am unsuccessful in doing this in safe mode. Have just checked the screen shot and find there is a save option underneath scan,copy. I cant seem to get to this in safe mode as no side scroll bar is located. I will run full and save a copy. Every time I go to normal windows it takes a while to get anywhere because of virus scanning, uploading/and or spyware. I will do this hopefully tonight if not it will be first thing tomorrow.
Thank you for your help and I appreciate your patience.
Regards
Adi
Thank you for your quick reply. I have the dds logs done but not uploaded them. I have tried to follow the instructions to get a log for the gmer however i am unsuccessful in doing this in safe mode. Have just checked the screen shot and find there is a save option underneath scan,copy. I cant seem to get to this in safe mode as no side scroll bar is located. I will run full and save a copy. Every time I go to normal windows it takes a while to get anywhere because of virus scanning, uploading/and or spyware. I will do this hopefully tonight if not it will be first thing tomorrow.
Thank you for your help and I appreciate your patience.
Regards
Adi
OK, I'll wait on your logs because I really can't be of any help without them. I need you to run the GMER scan in regular mode, if you can't let me know.
Hi
Here is the logs.
Cheers.
DDS (Ver_09-09-29.01) - FAT32x86
Run by Recruitment at 19:24:11.64 on 10/10/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.511.241 [GMT 1:00]
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Generic\Power4 Gear\BatteryLife.exe
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Recruitment\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\Recruitment\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Recruitment\My Documents\Downloads\dds.scr
c:\windows\system32\rundll32.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.ask.com/?o=13920&l=dis
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Cooliris Plug-In for Internet Explorer: {eaee5c74-6d0d-4aca-9232-0da4a7b866ba} - c:\program files\piclensie\cooliris.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\recruitment\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [HControl] c:\windows\atk0100\HControl.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [SMSERIAL] sm56hlpr.exe
mRun: [PSQLLauncher] "c:\program files\protector suite ql\launcher.exe" /startup
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Power_Gear] c:\program files\generic\power4 gear\BatteryLife.exe 1
mRun: [RemoteControl] "c:\program files\asustek\asusdvd\PDVDServ.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\START.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {3437D640-C91A-458f-89F5-B9095EA4C28B} - {04F93351-81D2-4484-9982-0D55DEFFFAE6} - c:\program files\piclensie\cooliris.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: NavLogon - c:\windows\system32\NavLogon.dll
Notify: psfus - psqlpwd.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
LSA: Notification Packages = scecli psqlpwd
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\recrui~1\applic~1\mozilla\firefox\profiles\x407n4ra.default\
FF - prefs.js: browser.search.defaulturl - hxxp://uk.search.yahoo.com/search?ei=UTF-8&fr=ytff-sunm&p=
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13917&gct=&gc=1&q=
FF - component: c:\program files\mozilla firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
============= SERVICES / DRIVERS ===============
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-9-14 11608]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-9-14 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-9-14 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-9-14 55656]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2007-5-29 192104]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2007-5-29 169576]
R2 FdRedir;FdRedir;c:\program files\common files\protector suite ql\drivers\FdRedir.sys [2006-7-10 13568]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\common files\protector suite ql\drivers\filedisk.sys [2006-7-10 33152]
R2 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2007-10-7 116664]
R2 smihlp;SMI helper driver;c:\program files\protector suite ql\smihlp.sys [2006-7-10 3456]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2007-10-7 1822648]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2007-7-24 102448]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20091003.004\naveng.sys [2009-10-4 84912]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20091003.004\navex15.sys [2009-10-4 1323568]
S2 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\ASKUpgrade.exe [2009-8-23 234888]
=============== Created Last 30 ================
2009-10-09 08:26 <DIR> --dsh--- C:\FOUND.004
2009-10-04 20:01 <DIR> --dsh--- C:\FOUND.003
2009-10-04 11:52 <DIR> --dsh--- C:\FOUND.002
2009-10-04 10:59 <DIR> --d-h--- c:\windows\system32\GroupPolicy
2009-10-03 16:09 195,440 -------- c:\windows\system32\MpSigStub.exe
2009-09-21 18:57 <DIR> --d----- c:\program files\Hazard Perception 2003
2009-09-21 18:56 <DIR> --d----- c:\program files\Driving Test Success Plus 2003
2009-09-15 20:52 3,252 a------- c:\windows\system32\wbem\Outlook_01ca363e179c28fc.mof
2009-09-14 21:23 55,656 a------- c:\windows\system32\drivers\avgntflt.sys
2009-09-14 21:22 <DIR> --d----- c:\program files\Avira
2009-09-14 21:22 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-09-14 21:22 <DIR> --d----- c:\docume~1\recrui~1\applic~1\Malwarebytes
2009-09-14 21:21 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-14 21:21 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-14 21:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-09-14 21:21 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-11 21:18 <DIR> --d----- c:\windows\system32\appmgmt
==================== Find3M ====================
2009-08-13 16:16 512,000 -------- c:\windows\system32\dllcache\jscript.dll
2009-08-06 19:24 327,896 a------- c:\windows\system32\dllcache\wucltui.dll
2009-08-06 19:24 209,632 a------- c:\windows\system32\dllcache\wuweb.dll
2009-08-06 19:24 35,552 a------- c:\windows\system32\dllcache\wups.dll
2009-08-06 19:24 53,472 a------- c:\windows\system32\dllcache\wuauclt.exe
2009-08-06 19:24 96,480 a------- c:\windows\system32\dllcache\cdm.dll
2009-08-06 19:23 575,704 a------- c:\windows\system32\dllcache\wuapi.dll
2009-08-06 19:23 1,929,952 a------- c:\windows\system32\dllcache\wuaueng.dll
2009-08-06 19:23 274,288 a------- c:\windows\system32\mucltui.dll
2009-08-06 19:23 215,920 a------- c:\windows\system32\muweb.dll
2009-08-05 10:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-05 10:01 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-03 15:07 403,816 a------- c:\windows\system32\OGACheckControl.dll
2009-08-03 15:07 322,928 a------- c:\windows\system32\OGAAddin.dll
2009-08-03 15:07 230,768 a------- c:\windows\system32\OGAEXEC.exe
2009-07-29 05:37 119,808 a------- c:\windows\system32\t2embed.dll
2009-07-29 05:37 81,920 a------- c:\windows\system32\fontsub.dll
2009-07-29 05:37 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-07-29 05:37 81,920 -------- c:\windows\system32\dllcache\fontsub.dll
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-07-19 14:33 3,597,824 -------- c:\windows\system32\dllcache\mshtml.dll
2009-07-19 14:33 6,067,200 -------- c:\windows\system32\dllcache\ieframe.dll
2009-07-17 20:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-17 20:01 58,880 -------- c:\windows\system32\dllcache\atl.dll
2009-07-13 23:43 10,841,088 a------- c:\windows\system32\dllcache\wmp.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\dllcache\wmpdxm.dll
============= FINISH: 19:24:53.53 ===============
Here is the logs.
Cheers.
DDS (Ver_09-09-29.01) - FAT32x86
Run by Recruitment at 19:24:11.64 on 10/10/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.511.241 [GMT 1:00]
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Generic\Power4 Gear\BatteryLife.exe
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Recruitment\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\Recruitment\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Recruitment\My Documents\Downloads\dds.scr
c:\windows\system32\rundll32.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.ask.com/?o=13920&l=dis
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Cooliris Plug-In for Internet Explorer: {eaee5c74-6d0d-4aca-9232-0da4a7b866ba} - c:\program files\piclensie\cooliris.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\recruitment\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [HControl] c:\windows\atk0100\HControl.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [SMSERIAL] sm56hlpr.exe
mRun: [PSQLLauncher] "c:\program files\protector suite ql\launcher.exe" /startup
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Power_Gear] c:\program files\generic\power4 gear\BatteryLife.exe 1
mRun: [RemoteControl] "c:\program files\asustek\asusdvd\PDVDServ.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\START.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {3437D640-C91A-458f-89F5-B9095EA4C28B} - {04F93351-81D2-4484-9982-0D55DEFFFAE6} - c:\program files\piclensie\cooliris.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: NavLogon - c:\windows\system32\NavLogon.dll
Notify: psfus - psqlpwd.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
LSA: Notification Packages = scecli psqlpwd
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\recrui~1\applic~1\mozilla\firefox\profiles\x407n4ra.default\
FF - prefs.js: browser.search.defaulturl - hxxp://uk.search.yahoo.com/search?ei=UTF-8&fr=ytff-sunm&p=
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13917&gct=&gc=1&q=
FF - component: c:\program files\mozilla firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
============= SERVICES / DRIVERS ===============
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-9-14 11608]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-9-14 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-9-14 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-9-14 55656]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2007-5-29 192104]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2007-5-29 169576]
R2 FdRedir;FdRedir;c:\program files\common files\protector suite ql\drivers\FdRedir.sys [2006-7-10 13568]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\common files\protector suite ql\drivers\filedisk.sys [2006-7-10 33152]
R2 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2007-10-7 116664]
R2 smihlp;SMI helper driver;c:\program files\protector suite ql\smihlp.sys [2006-7-10 3456]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2007-10-7 1822648]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2007-7-24 102448]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20091003.004\naveng.sys [2009-10-4 84912]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20091003.004\navex15.sys [2009-10-4 1323568]
S2 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\ASKUpgrade.exe [2009-8-23 234888]
=============== Created Last 30 ================
2009-10-09 08:26 <DIR> --dsh--- C:\FOUND.004
2009-10-04 20:01 <DIR> --dsh--- C:\FOUND.003
2009-10-04 11:52 <DIR> --dsh--- C:\FOUND.002
2009-10-04 10:59 <DIR> --d-h--- c:\windows\system32\GroupPolicy
2009-10-03 16:09 195,440 -------- c:\windows\system32\MpSigStub.exe
2009-09-21 18:57 <DIR> --d----- c:\program files\Hazard Perception 2003
2009-09-21 18:56 <DIR> --d----- c:\program files\Driving Test Success Plus 2003
2009-09-15 20:52 3,252 a------- c:\windows\system32\wbem\Outlook_01ca363e179c28fc.mof
2009-09-14 21:23 55,656 a------- c:\windows\system32\drivers\avgntflt.sys
2009-09-14 21:22 <DIR> --d----- c:\program files\Avira
2009-09-14 21:22 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-09-14 21:22 <DIR> --d----- c:\docume~1\recrui~1\applic~1\Malwarebytes
2009-09-14 21:21 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-14 21:21 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-14 21:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-09-14 21:21 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-11 21:18 <DIR> --d----- c:\windows\system32\appmgmt
==================== Find3M ====================
2009-08-13 16:16 512,000 -------- c:\windows\system32\dllcache\jscript.dll
2009-08-06 19:24 327,896 a------- c:\windows\system32\dllcache\wucltui.dll
2009-08-06 19:24 209,632 a------- c:\windows\system32\dllcache\wuweb.dll
2009-08-06 19:24 35,552 a------- c:\windows\system32\dllcache\wups.dll
2009-08-06 19:24 53,472 a------- c:\windows\system32\dllcache\wuauclt.exe
2009-08-06 19:24 96,480 a------- c:\windows\system32\dllcache\cdm.dll
2009-08-06 19:23 575,704 a------- c:\windows\system32\dllcache\wuapi.dll
2009-08-06 19:23 1,929,952 a------- c:\windows\system32\dllcache\wuaueng.dll
2009-08-06 19:23 274,288 a------- c:\windows\system32\mucltui.dll
2009-08-06 19:23 215,920 a------- c:\windows\system32\muweb.dll
2009-08-05 10:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-05 10:01 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-03 15:07 403,816 a------- c:\windows\system32\OGACheckControl.dll
2009-08-03 15:07 322,928 a------- c:\windows\system32\OGAAddin.dll
2009-08-03 15:07 230,768 a------- c:\windows\system32\OGAEXEC.exe
2009-07-29 05:37 119,808 a------- c:\windows\system32\t2embed.dll
2009-07-29 05:37 81,920 a------- c:\windows\system32\fontsub.dll
2009-07-29 05:37 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-07-29 05:37 81,920 -------- c:\windows\system32\dllcache\fontsub.dll
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-07-19 14:33 3,597,824 -------- c:\windows\system32\dllcache\mshtml.dll
2009-07-19 14:33 6,067,200 -------- c:\windows\system32\dllcache\ieframe.dll
2009-07-17 20:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-17 20:01 58,880 -------- c:\windows\system32\dllcache\atl.dll
2009-07-13 23:43 10,841,088 a------- c:\windows\system32\dllcache\wmp.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\dllcache\wmpdxm.dll
============= FINISH: 19:24:53.53 ===============
I'd like us to scan your machine with ESET OnlineScan
- Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan - Click the
button.
![Image]()
- For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on
to download the ESET Smart Installer. Save it to your desktop.
![Image]()
- Double click on the
icon on your desktop.
![Image]()
- Click on
- Check
![Image]()
- Click the
button.
![Image]()
- Accept any security warnings from your browser.
- Check
![Image]()
- Push the Start button.
- ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
- When the scan completes, push
![Image]()
- Push
, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
![Image]()
- Push the
button.
![Image]()
- Push
![Image]()
I ran the ESET scan as requested and here is the text results.
C:\Documents and Settings\Recruitment\My Documents\Downloads\DriverRobot_Setup.exe Win32/Adware.DriverRobot application deleted - quarantined
C:\System Volume Information\_restore{A8D489FE-F446-4EEB-BADC-62B92696D4C0}\RP80\A0014355.exe Win32/Adware.DriverRobot application cleaned by deleting - quarantined
Cheers
C:\Documents and Settings\Recruitment\My Documents\Downloads\DriverRobot_Setup.exe Win32/Adware.DriverRobot application deleted - quarantined
C:\System Volume Information\_restore{A8D489FE-F446-4EEB-BADC-62B92696D4C0}\RP80\A0014355.exe Win32/Adware.DriverRobot application cleaned by deleting - quarantined
Cheers
Are you experiencing any symptoms at this time..things such as redirections or pop-ups trying to sell you rogue programs?
Evening 
On general web browseing last night i think google chrome blocked an add from alliance and liecster - english bank and virgin I think. However at the minute i have searched for random things and no pop ups. Still experiencing 3 pop ups at a time from avira anti virus for the spy.ambler.j and symantec kicks in about 10 minutes later...shows how rubbish it is!
Cheers
Adi
On general web browseing last night i think google chrome blocked an add from alliance and liecster - english bank and virgin I think. However at the minute i have searched for random things and no pop ups. Still experiencing 3 pop ups at a time from avira anti virus for the spy.ambler.j and symantec kicks in about 10 minutes later...shows how rubbish it is!
Cheers
Adi
Oops, I'm glad you mentioned that. I forgot to bring it up. Having 2 AVs on your system can cause more harm than good because they will often interfere with each other and can cause slow down and even lockup your computer.
I think I know which of your AVs you prefer from what you posted above so I would suggest you uninstall the Symantec. It can be a pain to get rid of sometime so let me know how it goes.
I think I know which of your AVs you prefer from what you posted above so I would suggest you uninstall the Symantec. It can be a pain to get rid of sometime so let me know how it goes.
Hmmmm. For some reason my email message from my PDA hasnt come through. Very sorry.
I wrote after my last message, as to what you suggested doing next? I wrote an email to your reply which i received at 6:37am GMT - London 30 minutes later and can see that has not been posted on here.
So yes I'm still here and still have a poorly laptop. However good news is, I've finally got the beast of a desktop top built.
Cheers
Adi
I wrote after my last message, as to what you suggested doing next? I wrote an email to your reply which i received at 6:37am GMT - London 30 minutes later and can see that has not been posted on here.
So yes I'm still here and still have a poorly laptop. However good news is, I've finally got the beast of a desktop top built.
Cheers
Adi
What are the symptoms you are still experiencing? Did you get one of the AVs taken off your machine?
Morning
Avira anti Virus still picls up the Trojan about three different warning pop ups from Avira anti virus ever 15 seconds. Symantec kicks in about 10 minutes after. Can't remove symantec as its a works laptop and it is a requirement to have this installed when you connect to works network. So I have removed avira and symantec auto protect kicks in yet again ages into web browsing, brining up multi attempts of the trojan which i presume is to gain access to the registry. This is still suggests that there's still something here.
Cheers
Adi
Avira anti Virus still picls up the Trojan about three different warning pop ups from Avira anti virus ever 15 seconds. Symantec kicks in about 10 minutes after. Can't remove symantec as its a works laptop and it is a requirement to have this installed when you connect to works network. So I have removed avira and symantec auto protect kicks in yet again ages into web browsing, brining up multi attempts of the trojan which i presume is to gain access to the registry. This is still suggests that there's still something here.
Cheers
Adi
Please download ComboFix from one of these locations:
Link 1
Link 2
* IMPORTANT !!! Save ComboFix.exe to your Desktop
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
![Image]()
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
![Image]()
Click on Yes, to continue scanning for malware.
When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Link 1
Link 2
* IMPORTANT !!! Save ComboFix.exe to your Desktop
- Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Instruction can be found HERE
- Double click on ComboFix.exe & follow the prompts.
- As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Due to the lack of feedback This Topic is closed.
Should you need it reopened, please contact my by PM. Include the address of this thread in your request.
If you have a new issue, please start a New Topic.
This applies only to the original poster. Everyone else please begin a New Topic.
Should you need it reopened, please contact my by PM. Include the address of this thread in your request.
If you have a new issue, please start a New Topic.
This applies only to the original poster. Everyone else please begin a New Topic.
- Status
-
?
-
?
-
?
-
?
-
?
-
?
-
?
-
?
-
?
-
?
-
?
-
?
-
?
-
?
-
?
-
?
-
?
-
?
-
?
-
?
