Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Win32:Malware-Gen Infecting my Win 7 Pro 64bit

Started by Aidanmw , Feb 07 2011 02:47 PM

  • Please log in to reply

#1
Aidanmw
Posted 07 February 2011 - 02:47 PM

Aidanmw

    New Member

  • Member
  • Pip
  • 6 posts
My system is infected with win32:malware-gen. This was reported to my by the free version of Avast 5.x. I called their tech support but they want money to clean it. So I uninstalled Avast using their uninstall utility and installed Microsoft Security Essentials. I remembered how good geekstogo is so I am asking for help in removing this malware. I have MBAM installed on my system. I have run OTL.exe. Attached is the log from the OTL run. This win32:malware-gen I believe was hooking a utility I use, cryrcon.exe. I have uninstalled the cryrcon utility for now. Can you please help?


---------------------------------------------------

OTL logfile created on: 2/7/2011 3:33:56 PM - Run 2
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Downloads\Software
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.7930.16406)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 68.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596.07 Gb Total Space | 247.16 Gb Free Space | 41.47% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 318.33 Gb Free Space | 68.35% Space Free | Partition Type: NTFS
Drive F: | 596.17 Gb Total Space | 360.98 Gb Free Space | 60.55% Space Free | Partition Type: NTFS
Drive G: | 100.00 Mb Total Space | 70.36 Mb Free Space | 70.37% Space Free | Partition Type: NTFS
Drive H: | 119.14 Gb Total Space | 51.27 Gb Free Space | 43.03% Space Free | Partition Type: NTFS

Computer Name: JIM-PC | User Name: Jim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/07 15:32:02 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Downloads\Software\OTL.exe
PRC - [2011/01/05 11:59:50 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/10/11 15:12:08 | 000,273,672 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe
PRC - [2010/09/23 15:47:59 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/03/18 09:37:26 | 002,787,224 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Imperator\RazerImperatorTray.exe
PRC - [2010/03/05 14:33:20 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/02/23 11:02:44 | 000,079,360 | ---- | M] (Autodesk) -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
PRC - [2009/09/10 17:15:12 | 000,030,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe
PRC - [2009/01/06 23:25:02 | 000,689,464 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
PRC - [2009/01/06 23:24:54 | 000,656,696 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\apcsystray.exe


========== Modules (SafeList) ==========

MOD - [2011/02/07 15:32:02 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Downloads\Software\OTL.exe
MOD - [2010/08/21 00:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/11/25 21:54:12 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/11/11 14:36:38 | 000,282,616 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2010/11/11 14:36:38 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/10/09 16:33:14 | 001,436,424 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2010/09/22 01:05:24 | 000,165,032 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel® PROSet Monitoring Service)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2007/09/24 17:07:18 | 000,065,536 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_64server.exe -- (mi-raysat_3dsMax2008_64)
SRV:64bit: - [2007/06/07 01:50:32 | 000,567,280 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\dlbtcoms.exe -- (dlbt_device)
SRV - [2011/01/05 11:59:50 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/09/23 15:47:59 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/23 11:36:21 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/02/23 11:02:44 | 000,079,360 | ---- | M] (Autodesk) [Auto | Running] -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2009/09/10 17:15:12 | 000,030,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe -- (XTUService) Intel®
SRV - [2009/07/16 17:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/06 23:25:02 | 000,689,464 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)
SRV - [2007/09/24 17:05:26 | 000,065,536 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe -- (mi-raysat_3dsMax2008_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/11/25 23:20:20 | 008,120,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/11/25 21:16:46 | 000,289,792 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/11/17 07:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/10/24 21:25:38 | 000,072,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2010/10/22 01:19:57 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/04/07 15:04:00 | 000,290,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y62x64.sys -- (e1yexpress) Intel®
DRV:64bit: - [2010/01/28 09:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/11/25 23:05:28 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:64bit: - [2009/11/10 15:50:18 | 000,014,336 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\copperhd.sys -- (copperhd)
DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/13 15:31:02 | 000,063,616 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\intelsmb.sys -- (smbusp) Intel®
DRV - [2009/12/18 11:58:52 | 000,017,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys -- (cpudrv64)
DRV - [2009/07/09 10:53:00 | 000,027,096 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\ProgramData\Intel\Extreme Tuning Utility\IOCbios\64bit\iOCbios.sys -- (IOCBIOS)
DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4B E6 68 D0 F4 B3 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 206.190.38.26:80

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/05 14:33:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/10/27 11:33:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/10/27 11:33:12 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/02/23 11:44:42 | 000,001,755 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 2 more lines...
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll ()
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Bing Bar] C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [Copperhead] File not found
O4 - HKLM..\Run: [Display] C:\Program Files (x86)\APC\APC PowerChute Personal Edition\DataCollectionLauncher.exe (American Power Conversion Corporation)
O4 - HKLM..\Run: [Razer Imperator Driver] C:\Program Files (x86)\Razer\Imperator\RazerImperatorTray.exe (Razer USA Ltd)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - Startup: C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8:64bit: - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8:64bit: - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8:64bit: - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.3.13.0.cab (SysInfo Class)
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} http://service.futur...eivers/FMSI.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{09a51486-1ffc-11df-aac4-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{09a51486-1ffc-11df-aac4-806e6f6e6963}\Shell\AutoRun\command - "" = E:\LCD.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/07 14:26:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2011/02/07 14:26:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/02/03 13:19:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\easy gadget
[2011/02/02 22:18:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/02/02 22:18:37 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/02/02 22:18:37 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/02/01 19:25:25 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\ICS
[2011/01/31 22:58:59 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011/01/31 22:56:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2011/01/31 22:56:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2011/01/31 22:56:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011/01/31 22:55:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2011/01/31 22:55:12 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2011/01/31 22:55:10 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2011/01/28 01:16:17 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Roaming\vlc
[2011/01/28 01:16:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011/01/16 23:07:26 | 000,188,216 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/01/16 23:07:26 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2010/12/28 21:08:40 | 000,020,480 | ---- | C] (Wandering Samurai Studios) -- C:\Users\Jim\AppData\Roaming\MwllTorrent.dll
[2010/07/12 19:10:04 | 000,445,440 | ---- | C] (Dino Chiesa) -- C:\Users\Jim\AppData\Roaming\Ionic.Zip.dll
[2010/07/12 19:10:04 | 000,133,632 | ---- | C] (Wandering Samurai Studios) -- C:\Users\Jim\AppData\Roaming\MWLL.AutoUpdater.exe
[2010/07/12 19:10:04 | 000,007,168 | ---- | C] (Wandering Samurai Studios) -- C:\Users\Jim\AppData\Roaming\MwllLibTorrent.dll

========== Files - Modified Within 30 Days ==========

[2011/02/07 14:36:32 | 000,013,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/07 14:36:32 | 000,013,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/07 14:35:44 | 001,462,498 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/02/07 14:35:44 | 000,389,900 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/02/07 14:35:44 | 000,005,828 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/02/07 14:28:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/07 14:28:27 | 527,822,847 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/07 14:27:00 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/02/07 14:26:42 | 000,005,794 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/02/07 14:22:06 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/02/07 13:46:15 | 000,003,304 | ---- | M] () -- C:\bootsqm.dat
[2011/02/05 02:16:06 | 000,001,836 | ---- | M] () -- C:\Users\Jim\AppData\Roaming\ImperatorProfile1.dat
[2011/02/05 02:16:06 | 000,001,834 | ---- | M] () -- C:\Users\Jim\AppData\Roaming\ImperatorProfile0.dat
[2011/01/25 18:01:13 | 000,133,632 | ---- | M] (Wandering Samurai Studios) -- C:\Users\Jim\AppData\Roaming\MWLL.AutoUpdater.exe
[2011/01/25 17:32:31 | 000,101,888 | ---- | M] () -- C:\Users\Jim\AppData\Roaming\Shd.dll
[2011/01/23 11:58:19 | 000,001,993 | ---- | M] () -- C:\Users\Jim\Desktop\MWLL.Launcher.lnk
[2011/01/16 00:26:11 | 000,001,988 | ---- | M] () -- C:\Users\Jim\Desktop\MWLL Wars 64 bit.lnk
[2011/01/15 14:55:06 | 000,321,806 | ---- | M] () -- C:\Users\Jim\Documents\BC5000_Brief_123109.pdf
[2011/01/13 03:47:35 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/01/13 03:47:32 | 000,188,216 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe

========== Files Created - No Company Name ==========

[2011/02/07 14:27:00 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/02/07 14:26:31 | 000,001,897 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/02/07 13:46:15 | 000,003,304 | ---- | C] () -- C:\bootsqm.dat
[2011/02/03 13:19:58 | 000,000,913 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\easy gadget.lnk
[2011/01/23 11:58:19 | 000,001,993 | ---- | C] () -- C:\Users\Jim\Desktop\MWLL.Launcher.lnk
[2011/01/16 00:25:49 | 000,001,988 | ---- | C] () -- C:\Users\Jim\Desktop\MWLL Wars 64 bit.lnk
[2011/01/15 14:55:06 | 000,321,806 | ---- | C] () -- C:\Users\Jim\Documents\BC5000_Brief_123109.pdf
[2010/12/28 21:08:40 | 000,101,888 | ---- | C] () -- C:\Users\Jim\AppData\Roaming\Shd.dll
[2010/10/14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/09/10 20:11:19 | 000,001,836 | ---- | C] () -- C:\Users\Jim\AppData\Roaming\ImperatorProfile1.dat
[2010/09/08 12:50:16 | 000,001,834 | ---- | C] () -- C:\Users\Jim\AppData\Roaming\ImperatorProfile0.dat
[2010/08/30 19:18:25 | 000,202,048 | ---- | C] () -- C:\Windows\SysWow64\AVLibrary.dll
[2010/07/12 19:10:04 | 001,806,336 | ---- | C] () -- C:\Users\Jim\AppData\Roaming\mwll_torrent.dll
[2010/03/06 11:57:39 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2010/02/23 11:02:14 | 000,000,231 | ---- | C] () -- C:\Windows\SysWow64\3dsmax.ini
[2010/02/23 11:02:14 | 000,000,043 | ---- | C] () -- C:\Windows\SysWow64\InstallSettings.ini
[2010/02/22 16:52:39 | 000,000,091 | ---- | C] () -- C:\Users\Jim\AppData\Local\fusioncache.dat
[2010/02/22 16:44:49 | 000,005,794 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/04/15 14:04:38 | 000,104,520 | ---- | C] () -- C:\Windows\SysWow64\OSD.dll
[2008/10/07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008/02/05 13:28:20 | 000,000,051 | ---- | C] () -- C:\Users\Jim\AppData\Local\setup.txt

========== LOP Check ==========

[2010/03/19 09:43:11 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Amazon
[2010/03/20 18:56:53 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\AnvSoft
[2010/05/28 19:41:07 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Audacity
[2010/10/09 16:44:45 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Autodesk
[2010/02/24 14:57:36 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/10/22 01:26:16 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\DAEMON Tools Lite
[2011/02/07 12:59:52 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\FileZilla
[2011/02/07 15:32:41 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Free Download Manager
[2010/12/29 20:49:21 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Hi-Rez Studios
[2010/09/12 00:18:51 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\ImgBurn
[2010/12/03 16:44:09 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\MapWindow
[2010/12/14 12:46:33 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Notepad++
[2010/07/25 16:58:29 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Screaming Bee
[2010/06/28 22:44:58 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\TeamViewer
[2010/07/25 20:24:32 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\TS3Client
[2010/09/02 11:00:00 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2010/04/17 11:49:29 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\UnknownApplicationVendor
[2011/02/07 03:05:46 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\uTorrent
[2010/08/24 15:07:12 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\VSO
[2010/10/01 16:50:12 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\W
[2010/10/01 16:48:10 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\wargaming.net
[2010/10/22 18:28:22 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Windows Live Writer
[2011/01/01 11:26:56 | 000,032,572 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >



------------------------------------- Log from MBAM Quick Scan Follows

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5706

Windows 6.1.7600
Internet Explorer 9.0.7930.16406

2/7/2011 3:57:11 PM
mbam-log-2011-02-07 (15-57-11).txt

Scan type: Quick scan
Objects scanned: 169873
Time elapsed: 2 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Attached Files

  • Attached File  OTL.Txt   62.69KB   68 downloads

Edited by Aidanmw, 07 February 2011 - 03:00 PM.

  • 0

Advertisements

#2
Aidanmw
Posted 07 February 2011 - 09:54 PM

Aidanmw

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Is anyone reviewing this?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP