Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Invisible malware

Started by Jaabbe , Apr 02 2011 08:56 AM

  • Please log in to reply

#1
Jaabbe
Posted 02 April 2011 - 08:56 AM

Jaabbe

    New Member

  • Member
  • Pip
  • 1 posts
Hello

I've been having a problem lately, which is links from google redirecting to malicious sites.

What I've tried is,
to run fullscan with Bullguard, Malwarebyte's and Advances Systemcare in Windows safe mode,
to delete processes in the jobwindow (and it seems like when I shut down a process called FlashUtil10i_ActiveX.exe, the redirecting stops, untill the process starts again),
to erase all the temporary internet files.

Also Malwarebytes blocks some of internet explorer's activity. Both outgoing and ingoing. And sometimes blocks the sites I get redirected to.

I hope it was describtive enough.
Best regards Jeppe

And here's the text from the OTL log :D

OTL logfile created on: 02-04-2011 16:36:08 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\x\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000406 | Country: Danmark | Language: DAN | Date Format: dd-MM-yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 65,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,85 Gb Total Space | 106,01 Gb Free Space | 47,57% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 203,73 Gb Free Space | 87,48% Space Free | Partition Type: NTFS
Drive E: | 10,03 Gb Total Space | 1,68 Gb Free Space | 16,78% Space Free | Partition Type: NTFS

Computer Name: X-PC | User Name: x | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011-04-02 16:35:43 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\x\Desktop\OTL.exe
PRC - [2011-01-20 15:47:08 | 000,357,504 | ---- | M] (BullGuard Ltd.) -- C:\Programmer\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
PRC - [2011-01-14 09:56:36 | 001,294,848 | ---- | M] (Synaptics, Inc.) -- C:\Programmer\Synaptics\Scrybe\Service\ScrybeUpdater.exe
PRC - [2010-12-20 19:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) -- C:\Programmer\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010-12-20 19:08:56 | 000,443,728 | ---- | M] (Malwarebytes Corporation) -- C:\Programmer\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2010-12-16 17:19:34 | 002,402,512 | ---- | M] (IObit) -- C:\Programmer\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2010-11-20 14:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation) -- C:\Programmer\Internet Explorer\iexplore.exe
PRC - [2010-11-20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programmer\Windows Media Player\wmpnetwk.exe
PRC - [2010-11-20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010-11-20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010-11-20 14:17:00 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2010-10-11 18:38:42 | 000,305,032 | ---- | M] (BullGuard Ltd.) -- C:\Programmer\BullGuard Ltd\BullGuard\BullGuardScanner.exe
PRC - [2010-10-03 02:13:42 | 000,470,544 | ---- | M] () -- D:\GEM\Core Temp.exe
PRC - [2010-09-21 14:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Programmer\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010-09-21 14:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Programmer\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2010-09-06 13:42:47 | 000,232,912 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10i_ActiveX.exe
PRC - [2010-08-04 03:51:36 | 000,380,928 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010-08-04 03:51:10 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2010-02-18 19:27:40 | 000,241,789 | ---- | M] (Creative Technology Ltd) -- C:\Programmer\Creative\Sound Blaster X-Fi Surround 5.1 Pro\Volume Panel\VolPanlu.exe
PRC - [2009-10-22 01:32:48 | 000,164,352 | ---- | M] () -- c:\altera\91\quartus\bin\jtagserver.exe
PRC - [2009-08-25 15:51:38 | 000,077,824 | ---- | M] (National Instruments) -- C:\Programmer\National Instruments\Shared\Update Service\BackgroundService.exe
PRC - [2009-07-21 09:17:46 | 000,323,584 | ---- | M] (Logitech Inc.) -- C:\Programmer\Logitech\SetPoint II\SetPointII.exe
PRC - [2009-07-10 12:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Programmer\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2009-06-18 08:01:50 | 000,356,912 | ---- | M] (National Instruments Corporation) -- C:\Programmer\National Instruments\Shared\Security\nidmsrv.exe
PRC - [2009-06-18 07:57:28 | 000,042,544 | ---- | M] (National Instruments Corporation) -- C:\Windows\System32\lkads.exe
PRC - [2009-06-18 07:56:32 | 000,053,296 | ---- | M] (National Instruments Corporation) -- C:\Windows\System32\lktsrv.exe
PRC - [2009-06-04 05:14:28 | 000,013,896 | ---- | M] (National Instruments Corporation) -- C:\Windows\System32\nisvcloc.exe
PRC - [2006-10-26 14:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Programmer\Common Files\microsoft shared\VS7DEBUG\mdm.exe


========== Modules (SafeList) ==========

MOD - [2011-04-02 16:35:43 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\x\Desktop\OTL.exe
MOD - [2010-11-20 13:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011-01-20 15:50:11 | 000,171,136 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programmer\BullGuard Ltd\BullGuard\BsMain.dll -- (BsMain)
SRV - [2011-01-20 15:47:08 | 000,357,504 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programmer\BullGuard Ltd\BullGuard\BullGuardUpdate.exe -- (BsUpdate)
SRV - [2011-01-14 09:56:36 | 001,294,848 | ---- | M] (Synaptics, Inc.) [Auto | Running] -- C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe -- (ScrybeUpdater)
SRV - [2011-01-05 11:06:07 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2011-01-05 11:04:58 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010-12-20 19:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010-12-17 09:27:48 | 000,384,344 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programmer\BullGuard Ltd\BullGuard\BsFire.dll -- (BsFire)
SRV - [2010-12-17 09:27:48 | 000,272,216 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programmer\BullGuard Ltd\BullGuard\BsFileScan.dll -- (BsFileScan)
SRV - [2010-10-11 18:38:42 | 000,305,032 | ---- | M] (BullGuard Ltd.) [On_Demand | Running] -- C:\Programmer\BullGuard Ltd\BullGuard\BullGuardScanner.exe -- (BsScanner)
SRV - [2010-09-21 16:24:02 | 000,175,496 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programmer\BullGuard Ltd\BullGuard\BsMailProxy\BsMailProxy.dll -- (BsMailProxy)
SRV - [2010-08-24 16:21:00 | 000,122,760 | ---- | M] (BullGuard Ltd.) [On_Demand | Stopped] -- C:\Program Files\BullGuard Ltd\BullGuard\Support\BgRaSvc.exe -- (BgRaSvc)
SRV - [2010-08-24 16:21:00 | 000,058,248 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programmer\BullGuard Ltd\BullGuard\BsBrowser.dll -- (BsBrowser)
SRV - [2010-08-04 03:51:10 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010-05-24 03:00:57 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010-02-12 04:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [On_Demand | Stopped] -- C:\Programmer\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009-10-22 01:32:48 | 000,164,352 | ---- | M] () [Auto | Running] -- c:\altera\91\quartus\bin\jtagserver.exe -- (JTAGServer)
SRV - [2009-09-18 11:10:28 | 001,007,616 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License Manager)
SRV - [2009-07-14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009-07-14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009-07-14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programmer\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009-06-18 08:01:50 | 000,356,912 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService)
SRV - [2009-06-18 07:57:28 | 000,042,544 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\System32\lkads.exe -- (lkClassAds)
SRV - [2009-06-18 07:56:32 | 000,053,296 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\System32\lktsrv.exe -- (lkTimeSync)
SRV - [2009-06-04 05:14:28 | 000,013,896 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\System32\nisvcloc.exe -- (niSvcLoc)
SRV - [2009-04-16 16:40:02 | 000,237,568 | ---- | M] (SMServer) [On_Demand | Stopped] -- C:\Windows\System32\snmvtsvc.exe -- (SMServer)
SRV - [2008-10-31 15:52:54 | 000,695,136 | ---- | M] (National Instruments, Inc.) [On_Demand | Stopped] -- C:\Windows\System32\lkcitdl.exe -- (LkCitadelServer)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (ALSysIO)
DRV - [2010-12-20 19:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010-12-17 09:27:47 | 000,058,592 | ---- | M] (BullGuard Ltd.) [File_System | System | Running] -- C:\Windows\System32\drivers\BdSpy.sys -- (BdSpy)
DRV - [2010-11-20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010-11-20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010-11-20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010-11-20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010-11-20 12:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010-11-20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010-11-20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010-11-20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010-08-04 04:21:42 | 006,096,384 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2010-08-04 04:21:42 | 006,096,384 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010-08-04 03:15:28 | 000,214,016 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010-07-30 03:32:44 | 001,255,168 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ksaud.sys -- (ksaud)
DRV - [2009-12-04 12:00:14 | 000,318,488 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afwcore.sys -- (afwcore)
DRV - [2009-12-04 12:00:14 | 000,029,208 | ---- | M] (Agnitum Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\afw.sys -- (AFW)
DRV - [2009-12-04 11:59:52 | 000,014,720 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Stopped] -- C:\Programmer\BullGuard Ltd\BullGuard\Antirootkit\profos.sys -- (Profos)
DRV - [2009-10-21 22:37:50 | 000,076,288 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2009-10-21 22:37:50 | 000,026,120 | ---- | M] (Rainbow Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SNTNLUSB.SYS -- (Sntnlusb)
DRV - [2009-08-19 11:47:00 | 000,058,960 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbblstr.sys -- (AlteraUSBBlaster)
DRV - [2009-07-17 16:53:38 | 000,080,384 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2009-07-14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009-07-14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\serial.sys -- (Serial)
DRV - [2009-06-17 09:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2009-06-17 09:56:18 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009-06-17 09:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009-05-29 11:00:00 | 000,004,096 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cvintdrv.sys -- (cvintdrv)
DRV - [2009-04-16 13:18:42 | 000,003,768 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SndTVideo.sys -- (SndTVideo)
DRV - [2009-04-16 13:18:38 | 000,023,096 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SndTAudio.sys -- (SndTAudio)
DRV - [2008-10-22 17:42:10 | 000,107,360 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008-04-27 11:07:44 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007-12-22 10:41:38 | 000,012,344 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\zntport.sys -- (zntport)
DRV - [2007-04-25 12:50:02 | 000,032,256 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2006-10-16 12:19:22 | 000,194,362 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\windrvr6.sys -- (WinDriver6)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://dk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = da
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\antiphishing@bullguard: C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\FF\antiphishing@bullguard\ [2010-05-17 23:30:55 | 000,000,000 | ---D | M]

[2011-01-12 19:46:33 | 000,000,000 | ---D | M] (No name found) -- C:\Programmer\Mozilla Firefox\extensions
[2010-11-02 13:53:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Programmer\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010-12-23 21:18:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Programmer\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010-11-12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programmer\Mozilla Firefox\plugins\npdeployJava1.dll
[2008-12-10 15:49:34 | 000,023,040 | ---- | M] (National Instruments) -- C:\Programmer\Mozilla Firefox\plugins\nplv86win32.dll
[2009-10-07 17:11:28 | 000,025,088 | ---- | M] (National Instruments) -- C:\Programmer\Mozilla Firefox\plugins\nplv90win32.dll

O1 HOSTS File: ([2010-10-21 23:13:29 | 000,000,961 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 genuine.microsoft.com
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O1 - Hosts: 127.0.0.1 sls.microsoft.com
O1 - Hosts: 127.0.0.1 validation.sls.microsoft.com
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programmer\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (BGAntiphishingBHO Class) - {FC872B94-35E3-4B94-B028-184A2A1C7CCE} - C:\Programmer\BullGuard Ltd\BullGuard\Antiphishing\IE\BGAntiphishingIEBHO.dll (BullGuard Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [BullGuard] C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe (BullGuard Ltd.)
O4 - HKLM..\Run: [Creative SB Monitoring Utility] C:\Windows\System32\SBAVMon.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [DriverChecker.exe] C:\Programmer\Driver Checker\DriverChecker.exe ()
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Module Loader] C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [NI Background Service] C:\Programmer\National Instruments\Shared\Update Service\BackgroundService.exe (National Instruments)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi Surround 5.1 Pro\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: LXEFJNDSF = rundll32 "C:\Users\x\AppData\Roaming\lz32Y.dll",Unusdwaa
O8 - Extra context menu item: E&ksporter til Microsoft Excel - C:\Programmer\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmer\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmer\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Programmer\BullGuard Ltd\BullGuard\Antiphishing\IE\BgAntiphishingIE.dll (BullGuard Ltd.)
O9 - Extra Button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Programmer\SoundTaxi\YouTubeRipper.dll ()
O9 - Extra 'Tools' menuitem : Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Programmer\SoundTaxi\YouTubeRipper.dll ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmer\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmer\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programmer\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programmer\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programmer\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programmer\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: danid.dk ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: danid.dk ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: danid.dk ([]http in Websteder, du har tillid til)
O15 - HKCU\..Trusted Domains: danid.dk ([]https in Websteder, du har tillid til)
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} https://www.portalba...e-prod-1.30.cab (ActiveX sikkerhedssoftware Control)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Value error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...15113/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 84.238.0.66 84.238.1.4
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programmer\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programmer\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programmer\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programmer\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programmer\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2fc171bc-f0a6-11df-8bac-001eece83494}\Shell - "" = AutoRun
O33 - MountPoints2\{2fc171bc-f0a6-11df-8bac-001eece83494}\Shell\AutoRun\command - "" = G:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011-04-02 16:35:41 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\x\Desktop\OTL.exe
[2011-03-16 20:50:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011-03-16 20:49:23 | 000,000,000 | ---D | C] -- C:\Programmer\iPod
[2011-03-07 22:22:18 | 000,000,000 | ---D | C] -- C:\Programmer\iTunes
[2011-03-05 05:49:47 | 000,000,000 | ---D | C] -- C:\Programmer\Common Files\Java
[2011-03-05 05:45:23 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2010-12-02 01:28:59 | 000,086,528 | RHS- | C] (Microsoft Corporation) -- C:\Users\x\AppData\Roaming\lz32Y.dll
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011-04-02 16:35:43 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\x\Desktop\OTL.exe
[2011-04-02 16:23:49 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\AWC Update.job
[2011-04-02 04:45:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011-04-01 20:56:38 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011-04-01 20:56:38 | 000,470,324 | ---- | M] () -- C:\Windows\System32\perfh006.dat
[2011-04-01 20:56:38 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011-04-01 20:56:38 | 000,079,926 | ---- | M] () -- C:\Windows\System32\perfc006.dat
[2011-04-01 20:09:09 | 000,017,264 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011-04-01 20:09:09 | 000,017,264 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011-04-01 08:10:39 | 000,000,368 | ---- | M] () -- C:\Windows\tasks\AWC AutoSweep.job
[2011-04-01 08:09:45 | 000,000,362 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
[2011-04-01 08:09:30 | 2414,211,072 | -HS- | M] () -- C:\hiberfil.sys
[2011-03-31 14:48:44 | 000,001,001 | ---- | M] () -- C:\Users\x\Desktop\Dropbox.lnk
[2011-03-29 09:47:01 | 000,000,853 | ---- | M] () -- C:\Users\x\quartus2.ini
[2011-03-29 09:46:02 | 000,000,016 | -H-- | M] () -- C:\Users\x\5vFfCOufnM8
[2011-03-28 14:26:13 | 000,000,166 | ---- | M] () -- C:\Users\x\Desktop\Malware and Spyware Cleaning Guide - Geeks to Go Forums.url
[2011-03-26 19:46:24 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011-03-16 20:50:16 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011-03-28 14:26:13 | 000,000,166 | ---- | C] () -- C:\Users\x\Desktop\Malware and Spyware Cleaning Guide - Geeks to Go Forums.url
[2011-03-26 19:46:24 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011-03-16 20:50:16 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011-02-26 11:09:56 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011-02-26 11:08:41 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011-01-05 11:08:52 | 000,181,760 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2011-01-05 11:08:52 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2011-01-05 11:08:27 | 000,044,795 | R--- | C] () -- C:\Windows\System32\kschimp.ini
[2011-01-05 11:08:07 | 000,034,637 | ---- | C] () -- C:\Windows\System32\ksaud.ini
[2011-01-05 11:08:07 | 000,001,772 | ---- | C] () -- C:\ProgramData\cfSB1095.ini
[2010-12-20 07:54:06 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2010-09-19 21:08:02 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2010-09-06 22:59:31 | 000,212,992 | ---- | C] () -- C:\Windows\System32\WMIMPLEX.dll
[2010-09-06 22:59:31 | 000,031,232 | ---- | C] () -- C:\Windows\System32\maplec.dll
[2010-09-06 22:59:31 | 000,020,480 | ---- | C] () -- C:\Windows\System32\maplecompat.dll
[2010-08-20 12:27:29 | 000,290,904 | R--- | C] () -- C:\Windows\System32\vc6-re200l.dll
[2010-07-21 19:49:32 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010-06-16 15:22:56 | 000,219,348 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010-06-16 00:28:54 | 000,002,857 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010-06-07 14:24:50 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010-05-18 01:27:17 | 000,306,636 | ---- | C] () -- C:\Windows\System32\perfi006.dat
[2010-05-18 01:27:16 | 000,470,324 | ---- | C] () -- C:\Windows\System32\perfh006.dat
[2010-05-18 01:27:16 | 000,079,926 | ---- | C] () -- C:\Windows\System32\perfc006.dat
[2010-05-18 01:27:16 | 000,039,236 | ---- | C] () -- C:\Windows\System32\perfd006.dat
[2010-05-17 15:32:00 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009-07-14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009-07-14 06:33:53 | 000,362,864 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009-07-14 04:05:48 | 000,616,008 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009-07-14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009-07-14 04:05:48 | 000,106,388 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009-07-14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009-07-14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009-07-14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009-07-14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009-07-14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009-07-14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009-06-10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009-05-29 11:00:00 | 000,004,096 | ---- | C] () -- C:\Windows\System32\drivers\cvintdrv.sys

========== LOP Check ==========

[2010-11-15 11:15:31 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\BullGuard
[2010-05-26 11:52:13 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Cryptomathic
[2011-03-31 14:48:56 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Dropbox
[2010-11-07 17:37:01 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\IObit
[2010-05-28 20:33:27 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Leadertech
[2010-08-24 09:30:50 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Maple
[2010-08-24 08:52:09 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\National Instruments
[2010-08-10 01:49:57 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Opera
[2011-02-21 00:41:21 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Synaptics
[2010-10-04 20:40:45 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\TS3Client
[2011-03-08 11:09:24 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Windows Live Writer
[2011-04-01 08:10:39 | 000,000,368 | ---- | M] () -- C:\Windows\Tasks\AWC AutoSweep.job
[2011-04-01 08:09:45 | 000,000,362 | ---- | M] () -- C:\Windows\Tasks\AWC Startup.job
[2011-04-02 16:23:49 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\AWC Update.job
[2011-02-03 17:43:52 | 000,032,550 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP