reesboi6522
-
Content Count
3 -
Joined
-
Last visited
Content Type
Profiles
Forums
Calendar
Posts posted by reesboi6522
-
-
Thanks mate
here is a copy of the report, however, the pop up and changed browser remain!!
SDFix: Version 1.240
Run by Gareth on 08/12/2008 at 16:39
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
Checking Files :
Trojan Files Found:
C:\DOCUME~1\Gareth\LOCALS~1\Temp\atmadm2.exe.bat - Deleted
C:\DOCUME~1\Gareth\LOCALS~1\Temp\bindsrv2.exe.bat - Deleted
C:\DOCUME~1\Gareth\LOCALS~1\Temp\lwpwer.exe.bat - Deleted
C:\DOCUME~1\Gareth\LOCALS~1\Temp\scksexde.exe.bat - Deleted
C:\DOCUME~1\Gareth\LOCALS~1\Temp\sfsrv.exe.bat - Deleted
C:\DOCUME~1\Gareth\LOCALS~1\Temp\tmp1F.tmp - Deleted
C:\DOCUME~1\Gareth\LOCALS~1\Temp\tmp2C.tmp - Deleted
C:\DOCUME~1\Gareth\LOCALS~1\Temp\tmp2D.tmp - Deleted
C:\DOCUME~1\Gareth\LOCALS~1\Temp\tmp37.tmp - Deleted
C:\DOCUME~1\Gareth\LOCALS~1\Temp\tmp49.tmp - Deleted
C:\DOCUME~1\Gareth\LOCALS~1\Temp\removalfile.bat - Deleted
C:\DOCUME~1\Gareth\LOCALS~1\Temp\s1265.php.bat - Deleted
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-08 17:18:05
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\BitTorrent_DNA\\dna.exe"="C:\\Program Files\\BitTorrent_DNA\\dna.exe:*:Enabled:BitTorrent DNA"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\Program Files\\BearShare\\BearShare.exe"="C:\\Program Files\\BearShare\\BearShare.exe:*:Enabled:BearShare"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\WINDOWS\\system32\\LEXPPS.EXE"="C:\\WINDOWS\\system32\\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\Arcade Tribe\\arcadetribe.exe"="C:\\Program Files\\Arcade Tribe\\arcadetribe.exe:*:Enabled:Arcade Tribe"
"C:\\Program Files\\BitLord\\BitLord.exe"="C:\\Program Files\\BitLord\\BitLord.exe:*:Enabled:BitLord"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\IP Hider\\IP Hider.exe"="C:\\Program Files\\IP Hider\\IP Hider.exe:*:Enabled:IP Hider"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Tue 24 Jul 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 7 Feb 2005 59,392 A..H. --- "C:\Documents and Settings\Gareth\My Documents\~WRL0446.tmp"
Thu 3 Feb 2005 58,880 A..H. --- "C:\Documents and Settings\Gareth\My Documents\~WRL3153.tmp"
Mon 7 Feb 2005 70,144 A..H. --- "C:\Documents and Settings\Gareth\My Documents\~WRL3494.tmp"
Sat 5 Feb 2005 59,392 A..H. --- "C:\Documents and Settings\Gareth\My Documents\~WRL4081.tmp"
Fri 27 Jul 2007 72 A..H. --- "C:\Program Files\InterActual\InterActual Player\iti7D.tmp"
Fri 18 May 2007 729,088 A..H. --- "C:\Documents and Settings\All Users\Documents\My Pictures\~WRL1155.tmp"
Fri 18 May 2007 3,080,704 A..H. --- "C:\Documents and Settings\All Users\Documents\My Pictures\~WRL1906.tmp"
Fri 2 May 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Fri 22 Jul 2005 21,504 A..H. --- "C:\Documents and Settings\Gareth\My Documents\Personal File\~WRL0864.tmp"
Wed 9 Mar 2005 72,704 A..H. --- "C:\Documents and Settings\Gareth\My Documents\Personal File\~WRL1371.tmp"
Wed 9 Mar 2005 59,904 A..H. --- "C:\Documents and Settings\Gareth\My Documents\Personal File\~WRL2018.tmp"
Sun 30 Oct 2005 19,456 A..H. --- "C:\Documents and Settings\Gareth\My Documents\Personal File\~WRL2448.tmp"
Sat 19 Mar 2005 72,704 A..H. --- "C:\Documents and Settings\Gareth\My Documents\Personal File\~WRL2799.tmp"
Sat 19 Mar 2005 72,704 A..H. --- "C:\Documents and Settings\Gareth\My Documents\Personal File\~WRL3686.tmp"
Fri 15 Jul 2005 19,456 A..H. --- "C:\Documents and Settings\Gareth\My Documents\Personal File\~WRL3711.tmp"
Sat 19 Nov 2005 70,656 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Templates\~WRL0067.tmp"
Thu 8 Mar 2007 125,440 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Templates\~WRL1407.tmp"
Fri 4 Mar 2005 44,032 A..H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Templates\~WRL1685.tmp"
Wed 23 Mar 2005 46,080 A..H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Templates\~WRL3884.tmp"
Thu 6 Apr 2006 84,992 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Templates\~WRL4077.tmp"
Sat 19 Jul 2008 23,552 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL0005.tmp"
Fri 4 Nov 2005 19,456 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL0061.tmp"
Sat 26 May 2007 40,448 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL0123.tmp"
Thu 21 Dec 2006 22,016 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL0237.tmp"
Mon 9 Apr 2007 20,480 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL0298.tmp"
Thu 14 Jun 2007 41,472 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL0378.tmp"
Tue 6 Mar 2007 19,968 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL0475.tmp"
Sun 30 Apr 2006 19,456 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL0524.tmp"
Thu 29 Jun 2006 96,256 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL0709.tmp"
Thu 29 Jun 2006 128,000 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL0732.tmp"
Fri 23 Dec 2005 19,968 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL0770.tmp"
Sun 29 Oct 2006 24,064 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL1007.tmp"
Thu 21 Jun 2007 29,184 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL1102.tmp"
Mon 9 Apr 2007 19,968 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL1147.tmp"
Thu 2 Dec 2004 41,984 A..H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL1215.tmp"
Sat 19 May 2007 39,424 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL1390.tmp"
Sun 30 Apr 2006 19,456 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL1494.tmp"
Thu 31 May 2007 36,352 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL1557.tmp"
Wed 1 Nov 2006 19,456 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL1744.tmp"
Thu 21 Dec 2006 20,480 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL1778.tmp"
Thu 2 Dec 2004 42,496 A..H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL1873.tmp"
Mon 8 Nov 2004 40,448 A..H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL1990.tmp"
Tue 6 Mar 2007 21,504 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL2173.tmp"
Fri 13 Oct 2006 102,912 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL2185.tmp"
Tue 6 Mar 2007 19,456 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL2220.tmp"
Tue 6 Mar 2007 24,064 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL2265.tmp"
Sun 20 May 2007 39,424 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL2582.tmp"
Mon 9 Apr 2007 19,456 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL2609.tmp"
Sat 14 Oct 2006 103,424 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL2614.tmp"
Tue 8 May 2007 37,376 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL2628.tmp"
Sun 12 Jun 2005 91,648 A..H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL2635.tmp"
Wed 2 Feb 2005 46,592 A..H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL2675.tmp"
Wed 25 Apr 2007 34,304 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL2684.tmp"
Wed 20 Apr 2005 102,400 A..H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL2718.tmp"
Tue 6 Mar 2007 24,576 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL2722.tmp"
Tue 6 Mar 2007 19,456 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL2754.tmp"
Wed 1 Nov 2006 19,456 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL2769.tmp"
Sun 6 May 2007 39,936 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL2782.tmp"
Mon 9 Apr 2007 20,480 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL2865.tmp"
Tue 6 Mar 2007 20,992 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL2958.tmp"
Sun 6 May 2007 32,256 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL2959.tmp"
Thu 27 Jul 2006 22,016 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL3139.tmp"
Tue 21 Nov 2006 19,456 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL3359.tmp"
Fri 4 Nov 2005 19,456 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL3372.tmp"
Sun 6 May 2007 38,912 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL3416.tmp"
Sun 6 May 2007 36,864 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL3552.tmp"
Tue 29 May 2007 40,448 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL3722.tmp"
Sat 5 May 2007 35,840 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL3788.tmp"
Sun 29 Oct 2006 19,456 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL3907.tmp"
Fri 23 Dec 2005 20,480 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL3920.tmp"
Wed 20 Apr 2005 54,784 A..H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL3983.tmp"
Tue 21 Nov 2006 19,456 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL4019.tmp"
Tue 6 Mar 2007 19,456 ...H. --- "C:\Documents and Settings\Gareth\Application Data\Microsoft\Word\~WRL4087.tmp"
Wed 19 Jul 2006 19,456 ...H. --- "C:\Documents and Settings\Gareth\My Documents\Personal File\Leisure\~WRL2302.tmp"
Sun 3 Sep 2006 24,064 ...H. --- "C:\Documents and Settings\Gareth\My Documents\Personal File\Leisure\~WRL2719.tmp"
Thu 31 Aug 2006 19,968 ...H. --- "C:\Documents and Settings\Gareth\My Documents\Personal File\Leisure\~WRL3449.tmp"
Sun 6 Aug 2006 23,040 ...H. --- "C:\Documents and Settings\Gareth\My Documents\Personal File\Leisure\~WRL3785.tmp"
Tue 31 Oct 2006 23,552 ...H. --- "C:\Documents and Settings\Gareth\My Documents\Personal File\Leisure\Christmas Lists\~WRL0809.tmp"
Mon 30 Oct 2006 23,040 ...H. --- "C:\Documents and Settings\Gareth\My Documents\Personal File\Leisure\Christmas Lists\~WRL0955.tmp"
Mon 30 Oct 2006 19,456 ...H. --- "C:\Documents and Settings\Gareth\My Documents\Personal File\Leisure\Christmas Lists\~WRL2994.tmp"
Fri 27 Apr 2007 30,720 ...H. --- "C:\Documents and Settings\Gareth\My Documents\Personal File\WWE\Main\~WRL0827.tmp"
Fri 20 Oct 2006 27,648 ...H. --- "C:\Documents and Settings\Gareth\My Documents\Personal File\WWE\Main\~WRL1090.tmp"
Wed 28 Feb 2007 28,160 ...H. --- "C:\Documents and Settings\Gareth\My Documents\Personal File\WWE\Main\~WRL2053.tmp"
Sat 31 Mar 2007 25,088 ...H. --- "C:\Documents and Settings\Gareth\My Documents\Personal File\WWE\Main\~WRL2474.tmp"
Finished!
-
Hi
I have attempted to rid my computer of this virus a number of times now and although the infection itself has been said to be removed, the effects, namely pop-ups of a bogus trojan warning leading to an anti-spyware webpage still occur every ten minutes. I have enclosed the log, please help mates, thanks.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:16:01, on 08/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.skybroadband.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.iqon.ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided By Sky Broadband
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: TBSB06180 Class - {4A2E1038-0885-4C92-8E28-A04CF8B94911} - C:\PROGRA~1\WINSTR~1\tbu5BC0\WIN_ST~1.DLL (file missing)
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [bitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] "C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com (file missing)
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.iqon.ie
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - http://imlive.com/chatsource/ImlCID.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-03.sun.com/s/ESD5/JSCDL/jdk...ows-i586-jc.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{30E6958D-2E25-4006-B133-4D74B8433018}: NameServer = 192.168.0.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O24 - Desktop Component 0: Privacy Protection - (no file)
--
End of file - 8572 bytes
Zlob.g Trojan Infection[INACTIVE]
in Malware Removal
Posted
Disregard last msg m8, i restarted once more and the popups and browser change have completely gone. Thx for the advice, keep up the gd work