Hi Dan,
I only ran combofix once.
I have done what you said and for the following results:
C:\WINDOWS\system32\dllhost.exe - No threat detected
C:\WINDOWS\system\ws32ntfl.dat - OK
C:\WINDOWS\system32\98BA9CD33F.sys - OK
C:\WINDOWS\system32\CdI5T.drv - OK
C:\WINDOWS\system32\KGyGaAvL.sys - OK
C:\WINDOWS\system32\jqwnw64l.exe - INFECTED/MALWARE - Adware.Zenosearch.Am
C:\WINDOWS\system32\N90-002.ico - OK
My logs are below:
ComboFix 08-03-14.2 - Jamíe 2008-03-15 0:22:41.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1483 [GMT 0:00]
Running from: C:\Documents and Settings\Jamíe\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\JamÝe\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((( Files Created from 2008-02-15 to 2008-03-15 )))))))))))))))))))))))))))))))
.
2008-03-13 23:44 . 2008-03-13 23:44 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-11 17:40 . 2008-03-14 17:22 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-03-11 17:40 . 2008-03-11 17:40 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-03-11 17:40 . 2008-03-14 17:21 74,760 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-03-11 17:40 . 2008-03-14 17:21 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-03-11 17:37 .a 2008-03-11 17:37 <DIR> d-------- C:\Program Files\AVG
2008-03-11 17:37 . 2008-03-12 18:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-03-11 17:37 . 2008-03-11 17:37 45,568 --a------ C:\WINDOWS\system32\avgfwdx.dll
2008-03-11 17:37 . 2008-03-11 17:37 22,528 --a------ C:\WINDOWS\system32\drivers\avgfwdx.sys
2008-03-10 08:27 . 2008-03-10 08:27 49,172 --a------ C:\WINDOWS\system32\jqwnw64l.exe
2008-03-10 01:02 . 2008-03-11 17:35 <DIR> d-------- C:\Program Files\RogueRemover FREE
2008-03-10 00:28 . 2008-03-10 00:28 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-03-10 00:28 . 2008-03-10 00:28 1,152 --a------ C:\WINDOWS\system32\windrv.sys
2008-03-09 01:25 . 2008-03-09 01:25 49,187 --a------ C:\WINDOWS\system32\jrwnw64p.exe
2008-03-09 01:09 . 2008-03-09 01:09 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconUK.ico
2008-03-09 01:05 . 2008-03-09 01:05 <DIR> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-03-09 01:05 . 2008-03-09 01:05 <DIR> d--hs---- C:\AVSystemCare
2008-03-09 01:04 . 2008-03-09 01:04 13,942 --a------ C:\WINDOWS\system32\N90-002.ico
2008-03-09 00:59 . 2008-03-10 00:19 <DIR> d--hs---- C:\WINDOWS\SmFt7WU
2008-03-09 00:59 . 2008-03-09 00:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2008-03-09 00:51 . 2008-03-09 00:51 <DIR> d-------- C:\Documents and Settings\Jamíe\Application Data\Intelore
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-15 00:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kontiki
2008-03-13 08:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-11 18:13 --------- d-----w C:\Documents and Settings\Jamíe\Application Data\uTorrent
2008-03-09 22:13 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-02-09 00:52 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-05 20:49 3,902,784 ----a-w C:\Documents and Settings\Jamíe\gosetup.exe
2007-12-05 20:49 3,902,784 ----a-w C:\Documents and Settings\Jamíe\gosetup.exe
2007-11-27 23:37 1,031 --sh--w C:\WINDOWS\system\ws32ntfl.dat
2006-07-29 13:29 88 --sh--r C:\WINDOWS\system32\98BA9CD33F.sys
2002-04-16 10:27 5 --sha-w C:\WINDOWS\system32\CdI5T.drv
2006-07-29 13:29 3,922 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( snapshot_2008-03-14_17.31.39.82 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-14 23:40:52 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_1d4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00E78F4D-3E92-4CB3-B99C-303701C7D93B}]
C:\Program Files\.\jaqi89104.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5C3F6257-3E00-45C2-88D5-CB0F3A17BF0E}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6632E9BF-0123-7FD9-5714-5F00BBB28BCE}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6F87F145-DC2D-4766-AF03-3A3B96FFAD98}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eyeBeam SIP Client"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 04:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 16:48 32881]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 17:48 761947]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-04-06 13:58 1032192]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 10:55 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 10:56 602182]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 09:44 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 09:44 81920]
"BluetoothAuthenticationAgent"="rundll32.exe" [2004-08-10 04:00 33280 C:\WINDOWS\system32\rundll32.exe]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47 31016]
"eFax 4.3"="C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" [2007-03-06 17:21 116224]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-08-15 19:15 271672]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 18:05 1117184]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 19:29 49152]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-03-14 17:21 1172760]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 04:00 15360]
C:\Documents and Settings\Jam¡e\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 19:24:54 98632]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-07-03 15:00:59 24576]
eFax 4.3.lnk - C:\Program Files\eFax Messenger 4.3\J2GTray.exe [2007-08-22 00:07:13 629248]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 14:40:46 118784]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 14:39 294400]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, xlibgfl254.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Kontiki\\KService.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-03-11 17:40]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-03-14 17:21]
R2 avgfws8;AVG8 Firewall;C:\PROGRA~1\AVG\AVG8\avgfws8.exe [2008-03-14 17:21]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-03-14 17:21]
R3 Avgfwdx;Avgfwdx;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-03-11 17:37]
S0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys []
S3 Avgfwfd;AVG network filter service;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-03-11 17:37]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 16:57]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 16:58]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 16:59]
S3 wwEngineSvc;Window Washer Engine;C:\Program Files\Webroot\Washer\WasherSvc.exe [2007-08-09 12:56]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-03-15 00:00:00 C:\WINDOWS\Tasks\A3D50312913EB632.job"
- c:\docume~1\jame~1\applic~1\stopba~1\size ping surf.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-03-15 00:24:48
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-03-15 0:25:33
ComboFix-quarantined-files.txt 2008-03-15 00:25:25
ComboFix2.txt 2008-03-14 17:31:59
ComboFix3.txt 2007-11-18 23:30:58
.
2008-03-13 17:52:08 --- E O F ---
Malwarebytes' Anti-Malware 1.08
Database version: 493
Scan type: Full Scan (C:\|)
Objects scanned: 87299
Time elapsed: 20 minute(s), 29 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 10
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 67
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\Typelib\{ea7522f6-87cf-411e-8a55-19ee4344b676} (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{ea7522f6-87cf-411e-8a55-19ee4344b676} (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d761645b-6b20-4698-aee8-729981152a82} (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6f87f145-dc2d-4766-af03-3a3b96ffad98} (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5c3f6257-3e00-45c2-88d5-cb0f3a17bf0e} (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\xInsiDERexe (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\pblock.DLL (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ugac (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\{59a40ac9-e67d-4155-b31d-4b7330fcd2d6} (Adware.PurityScan) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Documents and Settings\All Users\Application Data\Rabio\Search Enhancer (Adware.SearchEnhancer) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Rabio (Adware.Rabio) -> Quarantined and deleted successfully.
Files Infected:
C:\qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\gpqnufyr.dll.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\qjqpmpaf.dll.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\radevope.dll.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\qoobox\Quarantine\C\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\qoobox\Quarantine\C\Documents and Settings\Jamíe\Start Menu\Programs\Startup\findfast.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\qoobox\Quarantine\C\Program Files\Common Files\Yazzle1281OinAdmin.exe.vir (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\qoobox\Quarantine\C\Program Files\Common Files\Yazzle1281OinUninstaller.exe.vir (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\qoobox\Quarantine\C\Program Files\JavaCore\JavaCore.exe.vir (Trojan.Insider) -> Quarantined and deleted successfully.
C:\qoobox\Quarantine\C\WINDOWS\b153.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\qoobox\Quarantine\C\WINDOWS\shell.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\qoobox\Quarantine\C\WINDOWS\system32\printer.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\qoobox\Quarantine\C\WINDOWS\system32\spoolvs.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\qoobox\Quarantine\C\WINDOWS\system32\b4\sysdr659.exe.vir (Adware.ZenoSearch) -> Quarantined and deleted successfully.
C:\qoobox\Quarantine\C\WINDOWS\system32\drivers\dhlp.sys.vir (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
C:\qoobox\Quarantine\C\WINDOWS\system32\iDlo01\iDlo011065.exe.vir (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\qoobox\Quarantine\C\WINDOWS\system32\x1\crecomdll1.exe.vir (Adware.RABCO) -> Quarantined and deleted successfully.
C:\qoobox\Quarantine\C\WINDOWS\system32\z8\key89104.exe.vir (Adware.TTC) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP146\A0084978.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP147\A0085038.exe (Adware.RABCO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP147\A0085039.exe (Adware.RABCO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP147\A0085042.dll (Adware.RABCO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP147\A0085044.exe (Adware.Rabio) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP147\A0085046.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP147\A0085047.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP147\A0085049.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP147\A0085052.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP147\A0085053.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP147\A0085082.exe (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP147\A0085083.old (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP147\A0086160.dll (Adware.TargetSaver) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP147\A0086217.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP147\A0086218.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP147\A0086219.exe (Trojan.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP147\A0086220.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP147\A0086222.vbs (Malware.Trace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP147\A0086243.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP147\A0086244.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP147\A0086245.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP147\A0086259.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP147\A0086260.exe (Trojan.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP147\A0086281.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP147\A0086315.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP147\A0086350.exe (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP147\A0086351.exe (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP147\A0086352.exe (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP147\A0086353.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP147\A0086355.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP147\A0086357.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP148\A0088448.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP149\A0089501.dll (Adware.TTC) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP153\A0090680.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP153\A0090681.exe (Trojan.Insider) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP153\A0090682.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP153\A0090683.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP153\A0090684.exe (Trojan.Matcash) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP153\A0090685.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP153\A0090689.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP155\A0090746.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP155\A0090747.exe (Trojan.Insider) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP155\A0090751.sys (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP155\A0090765.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP155\A0090766.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP155\A0090767.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP155\A0090772.exe (Adware.ZenoSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP155\A0090773.exe (Adware.RABCO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP155\A0090774.exe (Adware.TTC) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\ultra.PNF (Malware.Trace) -> Quarantined and deleted successfully.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:49:50, on 15/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\eFax Messenger 4.3\J2GTray.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.co.ukR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://uk.red.clientapps.yahoo.com/cust ... _side.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.dell.co.uk/mywayR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://uk.red.clientapps.yahoo.com/cust ... yahoo.com/O2 - BHO: (no name) - {00E78F4D-3E92-4CB3-B99C-303701C7D93B} - C:\Program Files\.\jaqi89104.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {6632E9BF-0123-7FD9-5714-5F00BBB28BCE} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [eFax 4.3] "C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: eFax 4.3.lnk = C:\Program Files\eFax Messenger 4.3\J2GTray.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=58813O16 - DPF: {29672A49-C193-7F7F-4853-2E36619C7CD4} -
http://bsa.safetydownload.com/trustedan ... all_en.cabO16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) -
http://www.first4fotos.com/ImageUploader4.cabO16 - DPF: {7876E4A5-78B7-4020-B08F-C960A1ED54C9} (WebWatch Class) -
http://www.cancunwebcam.net/WinWebPush.cabO16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) -
http://www.pixdiscount.cz/clients/uploader_v2.2.0.6.cabO16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) -
https://flashcasino.ladbrokes.com/insta ... lashAX.cabO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe
--
End of file - 8793 bytes