Malware infection [Solved]

Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic of your own. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!

> Geeks to Go! » Security » Virus, Spyware and Trojan Removal

Malware infection [Solved]

Options

immac View Member Profile	Sep 10 2009, 08:11 AM Post #1
Member Posts: 11 OS: XP	Hi GeekstoGo, Been looking on the site for about a month now since I decided my malware infection was apparently getting out of hand, and I've been amazed at the info and resources so many have chosen to place here. So a big thank you before I say anything else. OK, down to biz: I have a PC running windows XP, SP3. My browser was Firefox; today I switched to IE8. The computer's been getting increasingly cranky; first problem I had, which I chose to live with, was Windows Media Player stopped working; that was about 18 months ago and have tried lots of remedies, reloading the program, etc, to no avail. Other programs, like Real Player and Quicktime, mostly work. I run CCleaner regularly, and have used it as a Registry fix too. My compu is protected with AVG Free. Next problem I noticed was a reluctance for the computer to load the website I choose on Google. Quite often, about every third time, it would go to one with a similar name instead. It would also run fake scans that were difficult to turn off. More recently, I'd get a window within a minute or two of going online that said "jusched has encountered a problem and has had to close" and offering a send error report. Other programs seem to get this now. I ran various anti-spyware progs that seemed to find infections but the prob continued. SpyBot was downloaded but won't run. Someone recommended an online fix but whenever I opened the company's website it always appeared blank despite the fact that the laptop in the next room could find it in working order. When I boot up, the computer says there is no Firewall every time. So I put one on manually. Also, if I try to update AVG manually, I am told it can't log on to the site. The regular once-a-day auto AVG update seems to work ok. So I've gone thru the Malware and Spyware cleaning process as described on geeks to go. Trouble was found but it still seems like no cure has taken place. Here are the logs: Malwarebytes' Anti-Malware 1.40 Database version: 2551 Windows 5.1.2600 Service Pack 3 10/09/2009 12:06:10 mbam-log-2009-09-10 (12-06-00).txt Scan type: Quick Scan Objects scanned: 100012 Time elapsed: 8 minute(s), 4 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 5 Registry Values Infected: 1 Registry Data Items Infected: 4 Folders Infected: 1 Files Infected: 4 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3aa42713-5c1e-48e2-b432-d8bf420dd31d} (Rogue.AntiVirus2008) -> No action taken. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> No action taken. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\aux4 (Trojan.JSRedir.H) -> Bad: (C:\WINDOWS\system32\..\dfhu.ryn) Good: (wdmaud.drv) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\sdra64.exe -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: system32\sdra64.exe -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> No action taken. Folders Infected: C:\WINDOWS\system32\lowsec (Stolen.data) -> No action taken. Files Infected: C:\WINDOWS\dfhu.ryn (Trojan.JSRedir.H) -> No action taken. C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> No action taken. C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> No action taken. C:\WINDOWS\system32\sdra64.exe (Trojan.FakeAlert) -> No action taken. OTL logfile created on: 10/09/2009 13:38:38 - Run 1 OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Ian\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 \| Country: United Kingdom \| Language: ENG \| Date Format: dd/MM/yyyy 1022.95 Mb Total Physical Memory \| 576.52 Mb Available Physical Memory \| 56.36% Memory free 1.65 Gb Paging File \| 1.29 Gb Available in Paging File \| 78.15% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\WINDOWS \| %ProgramFiles% = C:\Program Files Drive C: \| 74.52 Gb Total Space \| 57.45 Gb Free Space \| 77.09% Space Free \| Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded Drive F: \| 372.52 Gb Total Space \| 345.98 Gb Free Space \| 92.88% Space Free \| Partition Type: FAT32 G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MR_COMPUTER Current User Name: Ian Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2009/07/06 09:30:23 \| 01,029,456 \| ---- \| M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe PRC - [2005/12/30 09:15:16 \| 00,036,864 \| ---- \| M] () -- C:\WINDOWS\System32\acs.exe PRC - [2004/10/20 05:47:54 \| 00,098,304 \| ---- \| M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe PRC - [2008/06/08 11:26:13 \| 00,282,904 \| ---- \| M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe PRC - [2005/04/06 16:03:28 \| 00,110,592 \| ---- \| M] () -- C:\Program Files\Sitecom\IVT BlueSoleil\BTNtService.exe PRC - [1999/12/13 02:01:00 \| 00,044,032 \| ---- \| M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.EXE PRC - [2009/07/25 05:23:10 \| 00,153,376 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2003/06/20 00:25:00 \| 00,322,120 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE PRC - [2004/10/20 04:40:46 \| 00,118,784 \| ---- \| M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe PRC - [2003/07/02 16:40:08 \| 00,045,056 \| ---- \| M] ( ) -- C:\WINDOWS\System32\slserv.exe PRC - [2008/06/08 11:26:14 \| 00,311,576 \| ---- \| M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe PRC - [2002/08/29 13:00:00 \| 00,016,896 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\unsecapp.exe PRC - [2004/08/04 08:56:57 \| 00,218,112 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe PRC - [2004/08/04 08:56:57 \| 00,013,824 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe PRC - [2007/06/13 11:23:07 \| 01,033,216 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE PRC - [2004/05/25 21:10:00 \| 00,339,968 \| ---- \| M] (ATI Technologies, Inc.) -- C:\ATI-CPanel\atiptaxx.exe PRC - [2001/12/13 12:44:40 \| 00,143,360 \| ---- \| M] (Rockstar Software) -- C:\Program Files\Gearbox Connection Kit\bin\confsvr.exe PRC - [2002/09/10 21:26:26 \| 00,368,706 \| ---- \| M] () -- C:\Program Files\BroadJump\Client Foundation\CFD.exe PRC - [2003/12/30 10:40:24 \| 00,380,928 \| ---- \| M] (Motive Communications, Inc.) -- C:\Program Files\ntl\broadband medic\SmartBridge\MotiveSB.exe PRC - [2003/12/31 17:39:04 \| 00,040,960 \| ---- \| M] () -- C:\WINDOWS\vsnpstd.exe PRC - [2005/05/12 00:12:54 \| 00,049,152 \| ---- \| M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe PRC - [2007/06/29 06:24:52 \| 00,286,720 \| ---- \| M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe PRC - [2007/08/15 20:15:24 \| 00,271,672 \| ---- \| M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe PRC - [2007/01/13 12:22:06 \| 00,311,296 \| ---- \| M] (Info Linker Limited) -- C:\Program Files\MSI\MSI.exe PRC - [2008/06/08 11:26:14 \| 01,177,368 \| ---- \| M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe PRC - [2009/05/13 11:16:01 \| 00,198,160 \| ---- \| M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe PRC - [2009/07/06 09:30:27 \| 00,520,024 \| ---- \| M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe PRC - [2009/07/25 05:23:12 \| 00,149,280 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe PRC - [2003/04/23 01:43:44 \| 00,413,775 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE PRC - [2004/10/13 17:24:37 \| 01,694,208 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe PRC - [2004/12/02 18:23:34 \| 00,102,400 \| ---- \| M] (Creative Technology Ltd) -- C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe PRC - [2007/05/18 21:01:01 \| 00,068,856 \| ---- \| M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe PRC - [2005/04/05 19:01:36 \| 00,282,624 \| ---- \| M] (FUJI PHOTO FILM CO., LTD.) -- C:\Program Files\FinePixViewer\QuickDCF.exe PRC - [2006/02/14 11:53:48 \| 03,338,296 \| ---- \| M] (Freecom) -- C:\Program Files\Freecom Personal Media Suite\FCPMS.exe PRC - [2001/12/13 12:44:50 \| 00,028,672 \| ---- \| M] (Rockstar Software) -- C:\Program Files\Gearbox Connection Kit\bin\gbConMon.exe PRC - [2001/12/13 12:46:30 \| 00,032,768 \| ---- \| M] (Rockstar Software) -- C:\Program Files\Gearbox Connection Kit\bin\gbTask.exe PRC - [2007/08/15 20:15:16 \| 00,501,048 \| ---- \| M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe PRC - [2009/09/10 13:35:46 \| 00,514,048 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\Ian\Desktop\OTL.exe ========== Win32 Services (SafeList) ========== SRV - [2005/12/30 09:15:16 \| 00,036,864 \| ---- \| M] () -- C:\WINDOWS\System32\acs.exe -- (ACS [Auto \| Running]) SRV - [2004/10/20 05:47:54 \| 00,098,304 \| ---- \| M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor [Auto \| Running]) SRV - [2005/09/23 07:28:32 \| 00,029,896 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand \| Stopped]) SRV - [2008/06/08 11:26:13 \| 00,282,904 \| ---- \| M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto \| Running]) SRV - [2005/04/06 16:03:28 \| 00,110,592 \| ---- \| M] () -- C:\Program Files\Sitecom\IVT BlueSoleil\BTNtService.exe -- (BlueSoleil Hid Service [Auto \| Running]) SRV - [2005/09/23 07:28:56 \| 00,066,240 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand \| Stopped]) SRV - [1999/12/13 02:01:00 \| 00,044,032 \| ---- \| M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.EXE -- (Creative Service for CDROM Access [Auto \| Running]) SRV - [2009/03/23 16:02:18 \| 00,183,280 \| ---- \| M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto \| Stopped]) SRV - [2004/08/04 08:56:44 \| 00,038,912 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto \| Running]) SRV - [2004/10/22 03:24:18 \| 00,073,728 \| ---- \| M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand \| Stopped]) SRV - [2007/08/15 20:15:16 \| 00,501,048 \| ---- \| M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand \| Running]) SRV - [2009/07/25 05:23:10 \| 00,153,376 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto \| Running]) SRV - [2009/07/06 09:30:23 \| 01,029,456 \| ---- \| M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto \| Running]) SRV - [2003/06/20 00:25:00 \| 00,322,120 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto \| Running]) SRV - [2003/07/28 13:28:22 \| 00,089,136 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand \| Stopped]) SRV - [2004/10/20 04:40:46 \| 00,118,784 \| ---- \| M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe -- (PhotoshopElementsDeviceConnect [Auto \| Running]) SRV - [2003/07/02 16:40:08 \| 00,045,056 \| ---- \| M] ( ) -- C:\WINDOWS\System32\slserv.exe -- (SLService [Auto \| Running]) SRV - [2006/10/18 21:05:24 \| 00,913,408 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand \| Stopped]) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com/home.html IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Yahoo.co.uk" FF - prefs.js..browser.startup.homepage: "https://login.yahoo.com/config/login_verify2?.intl=us&.src=ym&.done=http%3a%2f%2fus.mc537.mail.yahoo.com%2fmc%2fshowFolder%3ffid%3dInbox%26.rand%3d1930485186" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.14 FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1" FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/05/13 11:16:33 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/04/17 11:21:54 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/10 13:31:25 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/10 13:31:25 \| 00,000,000 \| ---D \| M] [2008/07/02 14:37:05 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Ian\Application Data\mozilla\Extensions [2008/07/02 14:37:05 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Ian\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009/08/11 09:40:21 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Ian\Application Data\mozilla\Firefox\Profiles\zxfrjelz.default\extensions [2009/09/10 11:07:02 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions [2009/09/10 13:31:15 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009/04/17 11:22:10 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2009/08/11 09:06:05 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [2009/09/10 13:31:15 \| 00,023,032 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll [2009/09/10 13:31:15 \| 00,134,648 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll [2009/07/25 05:23:01 \| 00,411,368 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll [2008/06/27 16:03:12 \| 01,446,440 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll [2009/09/10 13:31:16 \| 00,065,528 \| ---- \| M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll [2009/02/07 11:36:06 \| 00,001,538 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml [2009/02/07 11:36:06 \| 00,002,193 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml [2009/02/07 11:36:06 \| 00,000,947 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml [2009/02/07 11:36:06 \| 00,001,534 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml [2009/02/07 11:36:06 \| 00,000,759 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml [2009/02/07 11:36:06 \| 00,001,706 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2009/02/07 11:36:06 \| 00,001,178 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml [2009/02/07 11:36:06 \| 00,000,831 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml O1 HOSTS File: (822 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll (Google Inc.) O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.) O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.) O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft) O4 - HKLM..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe (ATI Technologies, Inc.) O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe () O4 - HKLM..\Run: [Compaq32 Service Drivers] File not found O4 - HKLM..\Run: [FirstSteps] File not found O4 - HKLM..\Run: [Gearbox] C:\Program Files\Gearbox Connection Kit\bin\confsvr.exe (Rockstar Software) O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.) O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [Motive SmartBridge] C:\Program Files\ntl\broadband medic\SmartBridge\MotiveSB.exe (Motive Communications, Inc.) O4 - HKLM..\Run: [MSI] C:\Program Files\MSI\MSI.exe (Info Linker Limited) O4 - HKLM..\Run: [NAV_Update] C:\NAV_Update.exe (Fujitsu Siemens Computer) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.) O4 - HKLM..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe () O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Wizard] File not found O4 - HKCU..\Run: [Compaq32 Service Drivers] File not found O4 - HKCU..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd) O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE (Microsoft Corporation) O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKLM..\RunServices: [Compaq32 Service Drivers] File not found O4 - HKLM..\RunServices: [Gearbox Deferal Check] C:\Program Files\Gearbox Connection Kit\bin\gbdefer.exe (Rockstar Software) O4 - HKCU..\RunServices: [Compaq32 Service Drivers] File not found O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe (FUJI PHOTO FILM CO., LTD.) O4 - Startup: C:\Documents and Settings\Ian\Start Menu\Programs\Startup\Freecom Personal Media Suite.lnk = C:\Program Files\Freecom Personal Media Suite\FCPMS.exe (Freecom) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll (Picasa, Inc.) O9 - Extra 'Tools' menuitem : Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll (Picasa, Inc.) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b...heckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class) O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} http://musicstore.connect.com/XSL/mb_us//h...ALStreaming.cab (MALPlaybackCtrl Class) O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine) O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} http://download.microsoft.com/download/b/d.../WebCleaner.cab (Malicious Software Removal Tool) O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-48.cab (EPUImageControl Class) O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/Facebo...otoUploader.cab (Facebook Photo Uploader Control) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1122670772074 (WUWebControl Class) O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} http://updates.lifescapeinc.com/installers...ll/pinstall.cab (Install Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1135696917671 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.com/controls/cpcScanner.cab (Crucial cpcScan) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100 O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\aatp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.) O20 - AppInit_DLLs: (avgrsstx.dll) - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\sdra64.exe) - C:\WINDOWS\System32\sdra64.exe () O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\System32\dimsntfy.dll File not found O24 - Desktop Components:0 (My Current Home Page) - About:Home O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004/08/10 12:11:08 \| 00,000,000 \| ---- \| M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: () - File not found O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe () NetSvcs: 6to4 - Service key not found. File not found NetSvcs: Ias - Service key not found. File not found NetSvcs: Iprip - Service key not found. File not found NetSvcs: Irmon - Service key not found. File not found NetSvcs: NWCWorkstation - Service key not found. File not found NetSvcs: Nwsapagent - Service key not found. File not found NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - Service key not found. File not found NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation) ========== Files/Folders - Created Within 14 Days ========== [1 C:\WINDOWS\.tmp files] [2009/09/10 13:35:40 \| 00,514,048 \| ---- \| C] (OldTimer Tools) -- C:\Documents and Settings\Ian\Desktop\OTL.exe [2009/09/10 13:30:29 \| 00,001,888 \| ---- \| C] () -- C:\Documents and Settings\Ian\My Documents\rootrepeal.exe [2009/09/10 12:40:51 \| 00,000,000 \| ---- \| C] () -- C:\Documents and Settings\Ian\Desktop\settings.dat [2009/09/10 12:25:00 \| 00,000,000 \| -H-D \| C] -- C:\WINDOWS\ie8 [2009/09/10 12:23:05 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Microsoft Silverlight [2009/09/10 12:17:58 \| 00,000,000 \| -H-D \| C] -- C:\WINDOWS\msdownld.tmp [2009/09/10 11:15:29 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Ian\Application Data\Malwarebytes [2009/09/10 11:15:24 \| 00,000,704 \| ---- \| C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/09/10 11:15:17 \| 00,038,160 \| ---- \| C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/09/10 11:15:15 \| 00,019,096 \| ---- \| C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/09/10 11:15:15 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009/09/10 11:15:15 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2009/09/10 11:13:34 \| 03,942,048 \| ---- \| C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Ian\Desktop\mbam-setup.exe [2009/09/10 11:07:15 \| 00,000,000 \| ---D \| C] -- C:\WINDOWS\ERDNT [2009/09/10 11:06:43 \| 00,000,619 \| ---- \| C] () -- C:\Documents and Settings\Ian\Desktop\NTREGOPT.lnk [2009/09/10 11:06:42 \| 00,000,600 \| ---- \| C] () -- C:\Documents and Settings\Ian\Desktop\ERUNT.lnk [2009/09/10 11:06:37 \| 00,000,000 \| ---D \| C] -- C:\Program Files\ERUNT [2009/09/10 11:05:21 \| 00,791,393 \| ---- \| C] (Lars Hederer ) -- C:\Documents and Settings\Ian\Desktop\erunt_setup.exe [2009/09/10 11:01:16 \| 00,021,504 \| ---- \| C] (Doug Knox) -- C:\Documents and Settings\Ian\Desktop\SysRestorePoint.exe [2009/09/10 10:46:09 \| 00,272,384 \| ---- \| C] (OldTimer Tools) -- C:\Documents and Settings\Ian\Desktop\TFC.exe [2009/09/08 22:41:10 \| 04,361,329 \| R--- \| C] () -- C:\Documents and Settings\Ian\Desktop\Sound Clips.rar [2009/09/03 19:32:34 \| 00,000,162 \| -H-- \| C] () -- C:\Documents and Settings\Ian\Desktop\~$NYL SEPTEMBER.rtf [2009/09/03 19:31:16 \| 00,391,688 \| ---- \| C] () -- C:\Documents and Settings\Ian\Desktop\VINYL SEPTEMBER.rtf ========== Files - Modified Within 14 Days ========== [1 C:\WINDOWS\.tmp files] [9 C:\Documents and Settings\Ian\My Documents\.tmp files] [2009/09/10 13:35:46 \| 00,514,048 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\Ian\Desktop\OTL.exe [2009/09/10 13:30:29 \| 00,001,888 \| ---- \| M] () -- C:\Documents and Settings\Ian\My Documents\rootrepeal.exe [2009/09/10 12:40:51 \| 00,000,000 \| ---- \| M] () -- C:\Documents and Settings\Ian\Desktop\settings.dat [2009/09/10 12:39:41 \| 00,000,868 \| ---- \| M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2009/09/10 12:34:17 \| 00,054,156 \| -H-- \| M] () -- C:\WINDOWS\QTFont.qfn [2009/09/10 12:32:06 \| 00,001,158 \| ---- \| M] () -- C:\WINDOWS\System32\wpa.dbl [2009/09/10 12:31:17 \| 00,000,006 \| -H-- \| M] () -- C:\WINDOWS\tasks\SA.DAT [2009/09/10 12:31:10 \| 00,002,048 \| --S- \| M] () -- C:\WINDOWS\bootstat.dat [2009/09/10 12:31:09 \| 10,727,13728 \| -HS- \| M] () -- C:\hiberfil.sys [2009/09/10 11:15:24 \| 00,000,704 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/09/10 11:13:57 \| 03,942,048 \| ---- \| M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Ian\Desktop\mbam-setup.exe [2009/09/10 11:06:43 \| 00,000,619 \| ---- \| M] () -- C:\Documents and Settings\Ian\Desktop\NTREGOPT.lnk [2009/09/10 11:06:42 \| 00,000,600 \| ---- \| M] () -- C:\Documents and Settings\Ian\Desktop\ERUNT.lnk [2009/09/10 11:05:27 \| 00,791,393 \| ---- \| M] (Lars Hederer ) -- C:\Documents and Settings\Ian\Desktop\erunt_setup.exe [2009/09/10 11:01:21 \| 00,021,504 \| ---- \| M] (Doug Knox) -- C:\Documents and Settings\Ian\Desktop\SysRestorePoint.exe [2009/09/10 10:46:14 \| 00,272,384 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\Ian\Desktop\TFC.exe [2009/09/08 22:41:10 \| 04,361,329 \| R--- \| M] () -- C:\Documents and Settings\Ian\Desktop\Sound Clips.rar [2009/09/06 13:06:58 \| 04,317,680 \| -H-- \| M] () -- C:\Documents and Settings\Ian\Local Settings\Application Data\IconCache.db [2009/09/03 19:34:09 \| 00,391,688 \| ---- \| M] () -- C:\Documents and Settings\Ian\Desktop\VINYL SEPTEMBER.rtf [2009/09/03 19:32:34 \| 00,000,162 \| -H-- \| M] () -- C:\Documents and Settings\Ian\Desktop\~$NYL SEPTEMBER.rtf [2009/09/03 14:57:05 \| 00,000,284 \| ---- \| M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2009/08/31 09:29:16 \| 00,000,472 \| ---- \| M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job ========== LOP Check ========== [2009/09/10 11:15:15 \| 00,000,000 \| RH-D \| M] -- C:\Documents and Settings\All Users\Application Data [2009/06/02 09:27:18 \| 00,000,000 \| -H-D \| M] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F} [2005/05/01 19:17:47 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Ahead [2005/09/26 11:27:09 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\ArcSoft [2007/05/21 10:29:46 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Bluetooth [2009/03/13 12:50:23 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\MSN6 [2005/07/23 13:28:01 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\OD2 [2004/08/10 12:15:09 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\SBSI [2007/01/10 14:10:51 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems [2009/09/10 11:15:29 \| 00,000,000 \| RH-D \| M] -- C:\Documents and Settings\Ian\Application Data [2006/06/28 22:36:14 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Ian\Application Data\Ahead [2008/06/18 11:05:09 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Ian\Application Data\Azureus [2007/02/24 14:30:58 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Ian\Application Data\FUJIFILM [2005/12/03 17:38:18 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Ian\Application Data\InterVideo [2009/05/13 11:22:24 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Ian\Application Data\licenses [2005/10/23 16:19:36 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Ian\Application Data\Motive [2009/03/13 12:50:37 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Ian\Application Data\MSN6 [2005/07/23 15:53:19 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Ian\Application Data\OD2 [2009/05/13 11:21:32 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Ian\Application Data\PCMM2009 [2006/04/08 21:15:56 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Ian\Application Data\Steinberg [2005/05/01 19:19:34 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Ian\Application Data\Template [2006/01/22 18:19:50 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Ian\Application Data\Ulead Systems [2006/10/23 22:56:00 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Ian\Application Data\WinPatrol [2009/08/31 09:29:16 \| 00,000,472 \| ---- \| M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job [2009/09/03 14:57:05 \| 00,000,284 \| ---- \| M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job [2002/08/29 13:00:00 \| 00,000,065 \| RH-- \| M] () -- C:\WINDOWS\Tasks\desktop.ini [2009/09/10 12:39:41 \| 00,000,868 \| ---- \| M] () -- C:\WINDOWS\Tasks\Google Software Updater.job [2009/09/10 12:31:17 \| 00,000,006 \| -H-- \| M] () -- C:\WINDOWS\Tasks\SA.DAT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > [2002/11/11 16:16:53 \| 00,020,480 \| ---- \| M] (Fujitsu Siemens Computer) -- C:\fastboot.exe [2003/07/02 07:49:04 \| 00,520,192 \| ---- \| M] (Fujitsu Siemens Computer) -- C:\FirstSteps.exe [2003/03/13 11:37:35 \| 00,032,768 \| ---- \| M] (Fujitsu Siemens Computer) -- C:\NAV_Update.exe < %systemroot%\system32\eventlog.dll > [2004/08/04 08:56:42 \| 00,055,808 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll < %systemroot%\system32\scecli.dll > [2004/08/04 08:56:44 \| 00,180,224 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll < %systemroot%\netlogon.dll > < %systemroot%\system32\cngaudit.dll > < %systemroot%\system32\sceclt.dll > < %systemroot%\ntelogon.dll > < %systemroot%\system32\logevent.dll > < End of report > ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2009/09/10 12:41 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP3 ================================================== Drivers ------------------- Name: dump_atapi.sys Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xB6CD7000 Size: 98304 File Visible: No Signed: - Status: - Name: dump_WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xF7DD1000 Size: 8192 File Visible: No Signed: - Status: - Name: rootrepeal[1].sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal[1].sys Address: 0xB562D000 Size: 49152 File Visible: No Signed: - Status: - SSDT ------------------- #: 041 Function Name: NtCreateKey Status: Hooked by "Lbd.sys" at address 0xf78d187e #: 247 Function Name: NtSetValueKey Status: Hooked by "Lbd.sys" at address 0xf78d1bfe ==EOF== I hope this helps. Can anyone tell me what I can do, please? Many thanks for reading, Immac

Posts in this topic

immac Malware infection [Solved] Sep 10 2009, 08:11 AM

BHowett Hello and welcome to Geeks To Go! My name is B... Sep 12 2009, 09:50 AM

immac Dear BHowett Many many many thanks for all your h... Sep 12 2009, 01:59 PM

BHowett Hello again, how are things running now? lets ... Sep 12 2009, 04:29 PM

immac Hi again BHowett, Thank you once again for your k... Sep 13 2009, 12:51 PM

BHowett Hi Ian, I am glad to hear thing are running bett... Sep 13 2009, 03:02 PM

immac I am laughing out loud because it is so much bette... Sep 13 2009, 03:43 PM

BHowett also let me know if running combofix again fixes y... Sep 13 2009, 04:03 PM

immac Hello again BHowett, Thank you again for attentio... Sep 15 2009, 03:40 PM

BHowett Hi immac, Please see the following links, to see... Sep 15 2009, 04:12 PM

immac Hello again BHowett, I hope all is well. Re WMP:... Sep 16 2009, 02:02 AM

BHowett Hi immac, For the icon title problem do the foll... Sep 16 2009, 07:31 AM

immac Hi again, Wow are you quick! Thank you. The ... Sep 16 2009, 03:03 PM

BHowett Hi immac, quartz.dll is a library with functions... Sep 17 2009, 09:06 AM

immac Dear BHowett I hope all is well. Apologies for ta... Sep 19 2009, 04:41 AM

BHowett Hi Ian, QUOTE and voila! It worked like magi... Sep 19 2009, 06:54 AM

immac Hi BHowett Oh, you replied too quickly this time ... Sep 19 2009, 07:09 AM

BHowett Hi Ian, It sounds like a communication problem, ... Sep 19 2009, 12:03 PM

immac Dear Bhowett Apologies that it has taken me so lo... Sep 26 2009, 02:49 AM

BHowett Hi Ian, Well done, I glad we got everything runni... Sep 27 2009, 07:10 PM

BHowett Since this issue appears to be resolved ... this T... Sep 29 2009, 07:16 AM

« Next Oldest · Virus, Spyware and Trojan Removal · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies / Views	Topic Information
Virus, Spyware and Trojan Removal Cant Run .exe files on Vista (Malware Infection) [Solved]	18 / 925	11th October 2009 - 03:17 PM jhedrixz started - last by Transience
Virus, Spyware and Trojan Removal FakeSpyPro Malware Infection [Solved]	20 / 304	18th December 2009 - 01:59 AM mrmizrable started - last by chamber
Virus, Spyware and Trojan Removal Possible Malware infection [Solved]	5 / 128	20th February 2010 - 09:39 AM NWkee started - last by Essexboy
Virus, Spyware and Trojan Removal Unknown Virus/malware infection [Solved]	34 / 658	19th March 2010 - 07:17 AM jojobo36 started - last by azarl