Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Pretty sure I have a virus

Started by Lard , May 19 2011 08:29 AM

  • Please log in to reply

#1
Lard
Posted 19 May 2011 - 08:29 AM

Lard

    Member

  • Member
  • PipPipPip
  • 140 posts
Positive I have a virus. Here is my OTL log.

I'm getting redirected from sites quite often.

Also when I say "text is funny", text on various sites I visit will appear as gibberish.

Ex. when I made this topic today, I typed "Pretty sure I have a virus" and the word came up as "virgo" on screen.

I have officially now have had icons disappear as well.

Over 75% of the sites I try and visit now, sites I visit regularly, get redirected.

I could really use some help.

I don't see my OTL log on here, and I thought I had included it already. Here it is.

Also have tried the Google redirect removal method. Didn't seem to work. Here is my log.

Okay. I NEED HELP.

I literally cannot view ANYTHING I try and see. Every site I try and go to gets redirected and I have to press the stop button just to try and get it to stay on the correct page.

I need help. Please.

Attached Files

  • Attached File  OTL.Txt   42.29KB   89 downloads
  • Attached File  OTM.txt   3.76KB   103 downloads

Edited by rshaffer61, 21 May 2011 - 09:39 PM.

  • 0

Advertisements

#2
emeraldnzl
Posted 22 May 2011 - 12:54 AM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello Lard,

Please download and run unhide.exe

Once the program has been downloaded, double-click on the Unhide.exe icon on your desktop and allow the program to run.

Next

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
  • 0

#3
Lard
Posted 22 May 2011 - 06:12 PM

Lard

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts
Okay, I did what you said.

I ran Malware, although it appears to be a trial version and didn't delete anything.

Here's my log.
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6644

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

22/05/2011 8:08:47 PM
mbam-log-2011-05-22 (20-08-47).txt

Scan type: Quick scan
Objects scanned: 140885
Time elapsed: 14 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


But it appears there's no problem now. I'm not sure what the issue was. I've hopped around to a few various sites and it seems to be okay now.

Thanks for the help, I genuinely appreciate it. That re-direction was really annoying.
  • 0

#4
emeraldnzl
Posted 22 May 2011 - 07:02 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hi Lard,

I ran Malware, although it appears to be a trial version and didn't delete anything.


Shouldn't be but if it didn't find anything it wouldn't delete anything.

But it appears there's no problem now.


That sounds good.

I would just like to check a couple of things before you go though. That OTL log showed infection and we want to make sure it is gone.

Also - are those icons you said had disappeared back?

Tell me when you return.

For now

  • Double click on the OTL icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  • Under the Custom Scan box paste this in:
    netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
%USERPROFILE%\..|smtmp;true;true;true /FP
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
hklm\software\clients\startmenuinternet|command /rs
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and paste them into your reply.

Note: Unless otherwise instructed always post the logs in the forum. If reports don't fit on one post. It might be necessary to break the logs up to get them on the forum. Just use as many posts as you need, that's fine. :)
  • 0

#5
Lard
Posted 23 May 2011 - 09:28 AM

Lard

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts
Okay, well the redirecting started again this morning.

Here is the OTL log.

OTL logfile created on: 23/05/2011 11:21:30 AM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Neal Power\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1,014.00 Mb Total Physical Memory | 393.00 Mb Available Physical Memory | 39.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.97 Gb Total Space | 127.89 Gb Free Space | 87.61% Space Free | Partition Type: NTFS
Drive D: | 111.79 Gb Total Space | 23.01 Gb Free Space | 20.59% Space Free | Partition Type: NTFS
Drive E: | 6.15 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 931.28 Gb Total Space | 40.25 Gb Free Space | 4.32% Space Free | Partition Type: FAT32

Computer Name: TARDIS | User Name: Neal Power | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/19 02:00:29 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Neal Power\My Documents\Downloads\OTL.exe
PRC - [2011/05/02 03:15:04 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/25 13:50:00 | 002,516,296 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/27 22:04:00 | 001,213,736 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007/06/27 22:03:40 | 000,152,872 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2005/07/19 20:32:18 | 000,221,184 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE
PRC - [2005/06/08 18:14:44 | 000,217,088 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\LogiTray.exe
PRC - [2005/06/08 17:44:56 | 000,192,512 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\FxSvr2.exe
PRC - [2005/03/22 20:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe


========== Modules (SafeList) ==========

MOD - [2011/05/19 02:00:29 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Neal Power\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (AppMgmt)
SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)


========== Driver Services (SafeList) ==========

DRV - [2011/05/19 01:23:07 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/04/28 10:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2005/11/16 18:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/05/27 12:31:28 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2004/10/08 14:59:12 | 000,326,656 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Camdrl.sys -- (CamDrL) Logitech QuickCam Pro 3000(CamDrl)
DRV - [2001/08/22 11:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.21.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:0.4b
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/21 20:16:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/02 03:15:13 | 000,000,000 | ---D | M]

[2010/08/04 21:42:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Neal Power\Application Data\Mozilla\Extensions
[2011/05/23 01:33:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Neal Power\Application Data\Mozilla\Firefox\Profiles\xzkdh8df.default\extensions
[2010/08/18 16:15:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Neal Power\Application Data\Mozilla\Firefox\Profiles\xzkdh8df.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/14 15:35:07 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Documents and Settings\Neal Power\Application Data\Mozilla\Firefox\Profiles\xzkdh8df.default\extensions\[email protected]
[2011/04/15 19:04:19 | 000,000,000 | ---D | M] (MafiaaFire Redirector) -- C:\Documents and Settings\Neal Power\Application Data\Mozilla\Firefox\Profiles\xzkdh8df.default\extensions\[email protected]
[2011/05/22 00:37:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/06 18:37:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/03 03:01:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/04 19:19:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/01 23:17:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010/08/06 18:37:40 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/03/05 23:52:10 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2011/03/05 23:52:10 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2011/03/05 23:52:10 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2011/03/05 23:52:11 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/05/19 22:15:43 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - File not found
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [messenger.exe] C:\Program Files\Common Files\Microsoft Shared\Web Components\messenger.exe (© AI Project corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [messenger.exe] C:\Program Files\Common Files\Microsoft Shared\Web Components\messenger.exe (© AI Project corporation)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1280972798229 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Neal Power\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Neal Power\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/08/03 01:26:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/01/06 15:07:06 | 000,000,000 | ---D | M] - F:\autorun -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.divxa32 - C:\WINDOWS\System32\divxa32.acm (Kristal StudioDFileDescription)
Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3fhg - C:\WINDOWS\System32\mp3fhg.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - lameACM.acm File not found
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS http://hp.vector.co....thors/VA012897/)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIV3 - C:\WINDOWS\System32\DivXc32.dll (Hacked with Joy !)
Drivers32: VIDC.DIV4 - C:\WINDOWS\System32\DivXc32f.dll (Hacked with Joy !)
Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: VIDC.HFYU - C:\WINDOWS\System32\huffyuv.dll (Disappearing Inc.)
Drivers32: vidc.i263 - C:\WINDOWS\System32\I263_32.drv (Intel Corporation)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.VP60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP62 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP70 - C:\WINDOWS\System32\vp7vfw.dll (On2.com)
Drivers32: VIDC.X264 - C:\WINDOWS\System32\x264vfw.dll ()
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2011/05/22 19:53:10 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/22 19:53:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/22 19:53:06 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/21 21:28:34 | 000,000,000 | ---D | C] -- C:\2803f12f0c9537f3ee
[2011/05/20 20:15:10 | 000,000,000 | ---D | C] -- C:\Program Files\SiteAdvisor
[2011/05/20 20:12:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Mcafee
[2011/05/20 20:12:11 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2011/05/19 22:15:17 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/05/19 22:13:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/05/19 01:53:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Neal Power\Application Data\Uniblue
[2011/05/19 01:49:22 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2011/05/19 01:46:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Neal Power\Local Settings\Application Data\PackageAware
[2011/05/19 01:43:39 | 000,000,000 | ---D | C] -- C:\Program Files\Alcohol Soft
[2011/05/19 00:38:42 | 000,000,000 | ---D | C] -- C:\Program Files\Franzis
[2011/05/18 21:44:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Padus DiscJuggler
[2011/05/18 21:44:50 | 000,000,000 | ---D | C] -- C:\Program Files\Padus
[2011/05/18 21:22:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Neal Power\Local Settings\Application Data\Padus
[2011/05/15 14:26:53 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/05/10 18:51:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2011/05/04 11:55:04 | 000,093,761 | ---- | C] (© AI Project corporation) -- C:\messenger.exe

========== Files - Modified Within 30 Days ==========

[2011/05/23 03:16:21 | 000,434,026 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/23 03:16:21 | 000,068,998 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/23 02:22:47 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/05/22 22:44:18 | 000,214,016 | ---- | M] () -- C:\Documents and Settings\Neal Power\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/22 19:53:11 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/21 21:31:52 | 000,000,310 | -HS- | M] () -- C:\WINDOWS\tasks\Ltlrlvat.job
[2011/05/21 21:31:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/19 22:15:43 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/05/19 01:22:41 | 000,106,496 | RHS- | M] () -- C:\WINDOWS\System32\resetc.dll
[2011/05/19 01:22:21 | 000,050,320 | ---- | M] () -- C:\WINDOWS\System32\cmhehitavaxjhurw.exe
[2011/05/19 01:22:13 | 000,425,786 | ---- | M] () -- C:\Program Files\Drivers_pack_v3.25.63.exe
[2011/05/18 21:44:51 | 000,001,762 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DiscJuggler.lnk
[2011/05/18 16:03:59 | 000,000,133 | ---- | M] () -- C:\Documents and Settings\Neal Power\default.pls
[2011/05/17 06:05:48 | 000,697,856 | ---- | M] () -- C:\WINDOWS\System32\.dll
[2011/05/15 14:26:53 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/05/04 11:55:04 | 000,093,761 | ---- | M] (© AI Project corporation) -- C:\messenger.exe
[2011/04/29 18:17:51 | 000,000,151 | ---- | M] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2011/04/26 22:49:49 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/04/26 22:46:22 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

========== Files Created - No Company Name ==========

[2011/05/22 19:53:11 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/19 01:22:42 | 000,000,310 | -HS- | C] () -- C:\WINDOWS\tasks\Ltlrlvat.job
[2011/05/19 01:22:41 | 000,106,496 | RHS- | C] () -- C:\WINDOWS\System32\resetc.dll
[2011/05/19 01:14:04 | 000,050,320 | ---- | C] () -- C:\WINDOWS\System32\cmhehitavaxjhurw.exe
[2011/05/19 01:13:59 | 000,425,786 | ---- | C] () -- C:\Program Files\Drivers_pack_v3.25.63.exe
[2011/05/18 21:44:51 | 000,001,762 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DiscJuggler.lnk
[2011/05/17 06:05:48 | 000,697,856 | ---- | C] () -- C:\WINDOWS\System32\.dll
[2010/12/15 21:54:41 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2010/10/19 20:08:23 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/09/27 02:13:03 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/09/26 23:57:22 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\InstMed.exe
[2010/09/26 23:57:16 | 000,006,812 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/09/26 23:23:21 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/09/21 04:03:33 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/08/09 02:08:28 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/08/09 02:08:28 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/08/09 02:08:24 | 003,200,512 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2010/08/09 02:08:21 | 000,790,528 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/08/09 02:08:21 | 000,134,144 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/08/09 02:08:20 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/08/04 22:02:49 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2010/08/04 21:42:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/08/03 01:44:02 | 000,214,016 | ---- | C] () -- C:\Documents and Settings\Neal Power\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/03 01:35:11 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/08/03 01:24:21 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/08/02 18:19:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/08/02 18:18:46 | 000,120,544 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/07/16 16:54:55 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/07/16 16:54:54 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/07/16 16:41:25 | 000,434,026 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/07/16 16:41:25 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/07/16 16:41:23 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/07/16 16:41:21 | 000,068,998 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/07/16 16:39:07 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/07/16 16:33:50 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/07/16 16:33:39 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/07/16 16:27:41 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/07/16 16:26:37 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/01/07 11:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/08/03 01:26:30 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/08/04 23:47:49 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010/08/03 01:26:30 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/08/03 01:26:30 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/05/04 11:55:04 | 000,093,761 | ---- | M] (© AI Project corporation) -- C:\messenger.exe
[2010/08/03 01:26:30 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/08/04 23:45:18 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/08/07 15:57:51 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/05/21 21:31:43 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\*. /mp /s >

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< %systemroot%\System32\config\*.sav >
[2010/08/02 18:15:34 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/08/02 18:15:34 | 000,602,112 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/08/02 18:15:34 | 000,409,600 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-05-23 07:16:45

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/05/02 03:15:09 | 000,552,456 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/05/02 03:15:09 | 000,552,456 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/05/02 03:15:09 | 000,552,456 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/05/02 03:15:04 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/05/02 03:15:04 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/05/02 03:15:04 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2008/04/13 20:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2008/04/13 20:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2008/04/13 20:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "%programfiles%\Internet Explorer\iexplore.exe" [2008/04/13 20:12:22 | 000,093,184 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE" [2003/07/16 16:36:18 | 000,094,208 | ---- | M] (Microsoft Corporation)

< End of report >

It didn't give me an Extras log.

And text is turning to gibberish again. Virus is definitely not gone.

Edited by Lard, 23 May 2011 - 02:35 PM.

  • 0

#6
emeraldnzl
Posted 23 May 2011 - 03:11 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

It didn't give me an Extras log.


No, not expected this time.

And text is turning to gibberish again. Virus is definitely not gone.


No it hasn't gone, infection is still showing there.

You didn't tell me whether your icons are back? This is important for how we deal with the infection. Tell me when you return.

Now

  • C:\Program Files\Common Files\Microsoft Shared\Web Components\messenger.exe
  • Click on the Upload button
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.
Next

Please run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :processes
killallprocesses

:OTL
[2011/05/19 01:22:42 | 000,000,310 | -HS- | C] () -- C:\WINDOWS\tasks\Ltlrlvat.job
[2011/05/19 01:22:41 | 000,106,496 | RHS- | C] () -- C:\WINDOWS\System32\resetc.dll
[2011/05/19 01:14:04 | 000,050,320 | ---- | C] () -- C:\WINDOWS\System32\cmhehitavaxjhurw.exe
[2011/05/19 01:13:59 | 000,425,786 | ---- | C] () -- C:\Program Files\Drivers_pack_v3.25.63.exe
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.
Finally in this post

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Posted ImageClick the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

So when you return please post
  • Virscan results
  • OTL fix log
  • aswMBR log

  • 0

#7
Lard
Posted 23 May 2011 - 03:33 PM

Lard

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts
Okay here's my Virscan log.

Scanner results : 5% Scanner(s) (2/37) found malware!
Time : 2011/05/24 05:30:36 (CST)
Scanner ↓ Engine Ver Sig Ver Sig Date Scan result Time
a-squared 5.1.0.2 20110524031136 2011-05-24
-
7.589
AhnLab V3 2011.05.24.00 2011.05.24 2011-05-24
-
1.571
AntiVir 8.2.4.242 7.11.8.107 2011-05-23
-
0.324
Antiy 2.0.18 20110205.7694535 2011-02-05
-
0.122
Arcavir 2011 201105080215 2011-05-08
-
0.120
Authentium 5.1.1 201105231146 2011-05-23
-
1.593
AVAST! 4.7.4 110523-1 2011-05-23
NSIS:Downloader-OT [Trj]
0.028
AVG 8.5.850 271.1.1/3655 2011-05-23
-
0.554
BitDefender 7.90123.7401683 7.37555 2011-05-24
-
5.848
ClamAV 0.96.5 13105 2011-05-23
-
0.085
Comodo 4.0 8808 2011-05-23
-
1.454
CP Secure 1.3.0.5 2011.05.23 2011-05-23
-
0.072
Dr.Web 5.0.2.3300 2011.05.24 2011-05-24
-
13.095
F-Prot 4.4.4.56 20110523 2011-05-23
-
5.393
F-Secure 7.02.73807 2011.05.23.04 2011-05-23
-
0.684
Fortinet 4.2.257 13.251 2011-05-21
-
0.306
GData 22.417/22.118 20110523 2011-05-23
-
9.597
Ikarus T3.1.32.20.0 2011.05.23.78456 2011-05-23
-
5.552
JiangMin 13.0.900 2011.05.23 2011-05-23
-
1.495
Kaspersky 5.5.10 2011.05.23 2011-05-23
-
0.323
KingSoft 2009.2.5.15 2011.5.23.18 2011-05-23
-
0.929
McAfee 5400.1158 6340 2011-05-08
-
9.243
Microsoft 1.6903 2011.05.23 2011-05-23
-
3.539
NOD32 3.0.21 6138 2011-05-20
-
0.116
Norman 6.07.08 6.07.00 2011-05-23
-
12.014
nProtect 20110523.01 3455920 2011-05-23
-
6.246
Panda 9.05.01 2011.05.23 2011-05-23
Trj/Agent.OKR
2.236
Quick Heal 11.00 2011.05.22 2011-05-22
-
3.487
Rising 20.0 23.59.00.03 2011-05-23
-
2.644
Sophos 3.19.1 4.65 2011-05-24
-
3.728
Sunbelt 3.9.2493.2 9368 2011-05-23
-
1.339
Symantec 1.3.0.24 20110523.002 2011-05-23
-
0.096
The Hacker 6.7.0.1 v00176 2011-04-18
-
0.480
Trend Micro 9.200-1012 8.174.15 2011-05-23
-
0.106
VBA32 3.12.16.0 20110522.2056 2011-05-22
-
5.458
ViRobot 20110523 2011.05.23 2011-05-23
-
0.380
VirusBuster 5.2.0.28 13.6.367.0/5215060 2011-05-22
-
0.002
■Heuristic/Suspicious ■Exact
NOTICE: Results are not 100% accurate and can be reported as a false positive by some scannerswhen and if malware is found. Please judge these results for yourself.

Here's my OTL Log.

========== PROCESSES ==========
All processes killed
========== OTL ==========
File C:\WINDOWS\tasks\Ltlrlvat.job not found.
File C:\WINDOWS\System32\resetc.dll not found.
File C:\WINDOWS\System32\cmhehitavaxjhurw.exe not found.
File C:\Program Files\Drivers_pack_v3.25.63.exe not found.

OTL by OldTimer - Version 3.2.22.3 log created on 05232011_173457

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


aswmbr log

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-23 17:40:47
-----------------------------
17:40:47.937 OS Version: Windows 5.1.2600 Service Pack 3
17:40:47.937 Number of processors: 2 586 0x403
17:40:47.937 ComputerName: TARDIS UserName:
17:40:48.406 Initialize success
17:40:57.093 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-c
17:40:57.093 Disk 0 Vendor: ST3120022A 3.01 Size: 114473MB BusType: 3
17:40:57.093 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-17
17:40:57.093 Disk 1 Vendor: WDC_WD1600JS-75NCB1 10.02E01 Size: 152587MB BusType: 3
17:40:57.093 Disk 1 MBR read error 0
17:40:57.093 Disk 1 MBR scan
17:40:57.093 Disk 1 unknown MBR code
17:40:57.109 MBR BIOS signature not found 0
17:40:57.109 Disk 1 scanning sectors +312496380
17:40:57.109 Disk 1 scanning C:\WINDOWS\system32\drivers
17:41:04.500 Service scanning
17:41:06.265 Disk 1 trace - called modules:
17:41:06.281 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys sphy.sys hal.dll >>UNKNOWN [0x86587938]<<
17:41:06.281 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x8654fab8]
17:41:06.281 3 CLASSPNP.SYS[f75fefd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-17[0x86551b00]
17:41:06.281 Scan finished successfully
17:41:40.234 Disk 1 MBR has been saved successfully to "F:\Brock Stuff\MBR.dat"
17:41:40.281 The log file has been saved successfully to "F:\Brock Stuff\aswMBR.txt"

Edited by Lard, 23 May 2011 - 03:42 PM.

  • 0

#8
emeraldnzl
Posted 23 May 2011 - 03:41 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Thankyou for that. Some of those are finding malware with that file.

When you come back with the other logs and information tell me what you know about © AI Project corporation and messenger.exe. I don't want to remove it if it is something you know is okay.
  • 0

#9
Lard
Posted 23 May 2011 - 05:21 PM

Lard

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts
I assumed messenger.exe was a file for MSN messenger, but I'm not sure.

As for © AI Project corporation, it starts to install when I reboot, and I don't know what it is. I think it's a virus.
  • 0

#10
emeraldnzl
Posted 23 May 2011 - 05:37 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
You mentioned in your first post that icons had disappeared. Before I post the next action please tell me if that is still the case.
  • 0

Advertisements

#11
Lard
Posted 23 May 2011 - 06:44 PM

Lard

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts
Not anymore, no.
  • 0

#12
emeraldnzl
Posted 23 May 2011 - 06:56 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

I assumed messenger.exe was a file for MSN messenger, but I'm not sure.


No that one isn't MSN messenger. I will remove it.

Next

Please run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
O4 - HKLM..\Run: [messenger.exe] C:\Program Files\Common Files\Microsoft Shared\Web Components\messenger.exe (© AI Project corporation)
O4 - HKCU..\Run: [messenger.exe] C:\Program Files\Common Files\Microsoft Shared\Web Components\messenger.exe (© AI Project corporation)

:Commands
[emptytemp]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.
After that

  • Close all windows and open OTL again.
  • Click Run Scan and let the program run uninterrupted
  • It will produce a log for you. Post the log here.
When you return please post
  • OTL fix log
  • OTL scan log
  • 0

#13
Lard
Posted 23 May 2011 - 07:36 PM

Lard

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts
Fix Log:

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\messenger.exe deleted successfully.
C:\Program Files\Common Files\Microsoft Shared\Web Components\messenger.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\messenger.exe deleted successfully.
File C:\Program Files\Common Files\Microsoft Shared\Web Components\messenger.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Neal Power
->Temp folder emptied: 827519279 bytes
->Temporary Internet Files folder emptied: 136212 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 100278769 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 21835 bytes

User: NetworkService
->Temp folder emptied: 6210 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 654160 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 345601196 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,215.00 mb


[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService

User: Neal Power
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 05232011_212626

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


Scan log:

OTL logfile created on: 23/05/2011 9:33:34 PM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Neal Power\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1,014.00 Mb Total Physical Memory | 516.00 Mb Available Physical Memory | 51.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.97 Gb Total Space | 129.07 Gb Free Space | 88.42% Space Free | Partition Type: NTFS
Drive D: | 111.79 Gb Total Space | 23.01 Gb Free Space | 20.59% Space Free | Partition Type: NTFS
Drive F: | 931.28 Gb Total Space | 40.25 Gb Free Space | 4.32% Space Free | Partition Type: FAT32

Computer Name: TARDIS | User Name: Neal Power | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/19 02:00:29 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Neal Power\My Documents\Downloads\OTL.exe
PRC - [2010/11/30 14:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/03/25 13:50:00 | 002,516,296 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/27 22:04:00 | 001,213,736 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007/06/27 22:03:40 | 000,152,872 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2005/07/19 20:32:18 | 000,221,184 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE
PRC - [2005/06/08 18:14:44 | 000,217,088 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\LogiTray.exe
PRC - [2005/06/08 17:44:56 | 000,192,512 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\FxSvr2.exe
PRC - [2005/03/22 20:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe


========== Modules (SafeList) ==========

MOD - [2011/05/19 02:00:29 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Neal Power\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (AppMgmt)
SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)


========== Driver Services (SafeList) ==========

DRV - [2011/05/23 21:28:36 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A88C24E5-A163-4440-97E3-CCAEDB3A3A57}\MpKsl36bd6d8f.sys -- (MpKsl36bd6d8f)
DRV - [2011/05/23 19:40:22 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A88C24E5-A163-4440-97E3-CCAEDB3A3A57}\MpKsl8d663696.sys -- (MpKsl8d663696)
DRV - [2011/05/19 01:23:07 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/04/28 10:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2005/11/16 18:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/05/27 12:31:28 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2004/10/08 14:59:12 | 000,326,656 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Camdrl.sys -- (CamDrL) Logitech QuickCam Pro 3000(CamDrl)
DRV - [2001/08/22 11:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.21.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:0.4b
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/21 20:16:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/02 03:15:13 | 000,000,000 | ---D | M]

[2010/08/04 21:42:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Neal Power\Application Data\Mozilla\Extensions
[2011/05/23 17:49:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Neal Power\Application Data\Mozilla\Firefox\Profiles\xzkdh8df.default\extensions
[2010/08/18 16:15:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Neal Power\Application Data\Mozilla\Firefox\Profiles\xzkdh8df.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/14 15:35:07 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Documents and Settings\Neal Power\Application Data\Mozilla\Firefox\Profiles\xzkdh8df.default\extensions\[email protected]
[2011/04/15 19:04:19 | 000,000,000 | ---D | M] (MafiaaFire Redirector) -- C:\Documents and Settings\Neal Power\Application Data\Mozilla\Firefox\Profiles\xzkdh8df.default\extensions\[email protected]
[2011/05/23 17:49:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/06 18:37:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/03 03:01:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/04 19:19:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/01 23:17:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010/08/06 18:37:40 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/03/05 23:52:10 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2011/03/05 23:52:10 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2011/03/05 23:52:10 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2011/03/05 23:52:11 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/05/19 22:15:43 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - File not found
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1280972798229 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Neal Power\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Neal Power\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/08/03 01:26:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/01/06 15:07:06 | 000,000,000 | ---D | M] - F:\autorun -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/23 17:30:01 | 000,000,000 | ---D | C] -- C:\3619948caed0586c7713e15aa5f4a5
[2011/05/23 17:24:38 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/22 19:53:10 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/22 19:53:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/22 19:53:06 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/21 21:28:34 | 000,000,000 | ---D | C] -- C:\2803f12f0c9537f3ee
[2011/05/20 20:15:10 | 000,000,000 | ---D | C] -- C:\Program Files\SiteAdvisor
[2011/05/20 20:12:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Mcafee
[2011/05/20 20:12:11 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2011/05/19 22:15:17 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/05/19 22:13:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/05/19 01:53:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Neal Power\Application Data\Uniblue
[2011/05/19 01:49:22 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2011/05/19 01:46:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Neal Power\Local Settings\Application Data\PackageAware
[2011/05/19 01:43:39 | 000,000,000 | ---D | C] -- C:\Program Files\Alcohol Soft
[2011/05/19 00:38:42 | 000,000,000 | ---D | C] -- C:\Program Files\Franzis
[2011/05/18 21:44:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Padus DiscJuggler
[2011/05/18 21:44:50 | 000,000,000 | ---D | C] -- C:\Program Files\Padus
[2011/05/18 21:22:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Neal Power\Local Settings\Application Data\Padus
[2011/05/15 14:26:53 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/05/10 18:51:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2011/05/04 11:55:04 | 000,093,761 | ---- | C] (© AI Project corporation) -- C:\messenger.exe

========== Files - Modified Within 30 Days ==========

[2011/05/23 21:33:36 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/05/23 21:28:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/23 21:12:21 | 000,434,026 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/23 21:12:21 | 000,068,998 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/23 17:34:45 | 000,212,992 | ---- | M] () -- C:\Documents and Settings\Neal Power\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/23 13:17:09 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/05/22 19:53:11 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/19 22:15:43 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/05/18 21:44:51 | 000,001,762 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DiscJuggler.lnk
[2011/05/18 16:03:59 | 000,000,133 | ---- | M] () -- C:\Documents and Settings\Neal Power\default.pls
[2011/05/15 14:26:53 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/05/04 11:55:04 | 000,093,761 | ---- | M] (© AI Project corporation) -- C:\messenger.exe
[2011/04/29 18:17:51 | 000,000,151 | ---- | M] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2011/04/26 22:49:49 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/04/26 22:46:22 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

========== Files Created - No Company Name ==========

[2011/05/23 17:33:50 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/05/22 19:53:11 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/18 21:44:51 | 000,001,762 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DiscJuggler.lnk
[2011/05/17 06:05:48 | 000,697,856 | ---- | C] () -- C:\WINDOWS\System32\.dll
[2010/12/15 21:54:41 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2010/10/19 20:08:23 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/09/27 02:13:03 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/09/26 23:57:22 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\InstMed.exe
[2010/09/26 23:57:16 | 000,006,812 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/09/26 23:23:21 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/09/21 04:03:33 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/08/09 02:08:28 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/08/09 02:08:28 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/08/09 02:08:24 | 003,200,512 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2010/08/09 02:08:21 | 000,790,528 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/08/09 02:08:21 | 000,134,144 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/08/09 02:08:20 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/08/04 22:02:49 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2010/08/04 21:42:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/08/03 01:44:02 | 000,212,992 | ---- | C] () -- C:\Documents and Settings\Neal Power\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/03 01:35:11 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/08/03 01:24:21 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/08/02 18:19:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/08/02 18:18:46 | 000,120,544 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/07/16 16:54:55 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/07/16 16:54:54 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/07/16 16:41:25 | 000,434,026 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/07/16 16:41:25 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/07/16 16:41:23 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/07/16 16:41:21 | 000,068,998 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/07/16 16:39:07 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/07/16 16:33:50 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/07/16 16:33:39 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/07/16 16:27:41 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/07/16 16:26:37 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/01/07 11:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

< End of report >

Edited by Lard, 23 May 2011 - 07:37 PM.

  • 0

#14
emeraldnzl
Posted 23 May 2011 - 07:49 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello again Lard,

Please run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
[2011/05/04 11:55:04 | 000,093,761 | ---- | M] (© AI Project corporation) -- C:\messenger.exe

:Commands
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.
Next

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.

    Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat. http://www.appremove...ed-applications
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

When you return please post
  • OTL fix log
  • ComboFix.txt
  • 0

#15
Lard
Posted 23 May 2011 - 09:16 PM

Lard

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts
Okay, I ran OTL but it didn't produce a log for me.

Here is the log from Combofix.

ComboFix 11-05-23.02 - Neal Power 23/05/2011 23:07:55.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.520 [GMT -4:00]
Running from: c:\documents and settings\Neal Power\My Documents\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((( Files Created from 2011-04-24 to 2011-05-24 )))))))))))))))))))))))))))))))
.
.
2011-05-24 03:01 . 2011-05-24 03:01 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FA3482C8-CF80-43BE-886C-6172351D7DA1}\MpKsl0e5c131f.sys
2011-05-24 03:01 . 2011-05-09 20:46 6962000 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FA3482C8-CF80-43BE-886C-6172351D7DA1}\mpengine.dll
2011-05-24 02:29 . 2011-05-24 02:29 -------- d-----w- C:\e6d9c9ac1d4e1378c171be52942d9e
2011-05-23 21:30 . 2011-05-23 21:35 -------- d-----w- C:\3619948caed0586c7713e15aa5f4a5
2011-05-23 21:24 . 2011-05-23 21:24 -------- d-----w- C:\_OTL
2011-05-22 23:53 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-22 23:53 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-22 01:28 . 2011-05-22 01:28 -------- d-----w- C:\2803f12f0c9537f3ee
2011-05-20 02:15 . 2011-05-20 02:15 -------- d-----w- C:\_OTM
2011-05-19 05:53 . 2011-05-19 05:53 -------- d-----w- c:\documents and settings\Neal Power\Application Data\Uniblue
2011-05-19 05:49 . 2011-05-19 05:49 -------- d-----w- c:\program files\Uniblue
2011-05-19 05:46 . 2011-05-19 05:46 -------- d-----w- c:\documents and settings\Neal Power\Local Settings\Application Data\PackageAware
2011-05-19 05:43 . 2011-05-19 05:43 -------- d-----w- c:\program files\Alcohol Soft
2011-05-19 04:39 . 2011-05-19 05:23 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-05-19 04:38 . 2011-05-19 05:00 -------- d-----w- c:\program files\Franzis
2011-05-19 01:44 . 2011-05-19 01:44 -------- d-----w- c:\program files\Padus
2011-05-19 01:22 . 2011-05-19 01:22 -------- d-----w- c:\documents and settings\Neal Power\Local Settings\Application Data\Padus
2011-05-15 18:26 . 2011-05-15 18:26 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-10 22:51 . 2011-05-10 22:51 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-11 07:04 . 2010-08-08 06:12 7071056 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-03-07 05:33 . 2010-08-03 05:24 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:45 . 2003-07-16 20:49 434176 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2003-07-16 20:51 1857920 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-03-29 399736]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-28 152872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
"igfxtray"="c:\windows\System32\igfxtray.exe" [2006-03-24 94208]
"igfxhkcmd"="c:\windows\System32\hkcmd.exe" [2006-03-24 77824]
"igfxpers"="c:\windows\System32\igfxpers.exe" [2006-03-24 118784]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-20 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [19/05/2011 12:39 AM 691696]
R1 MpKsl0e5c131f;MpKsl0e5c131f;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FA3482C8-CF80-43BE-886C-6172351D7DA1}\MpKsl0e5c131f.sys [23/05/2011 11:01 PM 28752]
R1 MpKslcc100f4b;MpKslcc100f4b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4926718B-66DB-400E-BA5F-7C7272AAB49B}\MpKslcc100f4b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4926718B-66DB-400E-BA5F-7C7272AAB49B}\MpKslcc100f4b.sys [?]
S1 MpKsl4dd33e17;MpKsl4dd33e17;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{68B0BE51-077C-4076-88E5-0C4D79AB49B8}\MpKsl4dd33e17.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{68B0BE51-077C-4076-88E5-0C4D79AB49B8}\MpKsl4dd33e17.sys [?]
S1 MpKsl63be8c22;MpKsl63be8c22;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{54F2D9A3-DEB4-403A-B1BC-2A791D8F3ECE}\MpKsl63be8c22.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{54F2D9A3-DEB4-403A-B1BC-2A791D8F3ECE}\MpKsl63be8c22.sys [?]
S1 MpKsla0523959;MpKsla0523959;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B1023F42-55B5-47A3-AAA4-60453F5B780C}\MpKsla0523959.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B1023F42-55B5-47A3-AAA4-60453F5B780C}\MpKsla0523959.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL0E5C131F
*NewlyCreated* - MPKSL91F3CC3F
*Deregistered* - MpKsl91f3cc3f
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-24 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 17:26]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
FF - ProfilePath - c:\documents and settings\Neal Power\Application Data\Mozilla\Firefox\Profiles\xzkdh8df.default\
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: MafiaaFire Redirector : [email protected] - %profile%\extensions\[email protected]
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-23 23:13
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3400)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-05-23 23:15:16
ComboFix-quarantined-files.txt 2011-05-24 03:15
ComboFix2.txt 2011-05-24 02:47
.
Pre-Run: 137,751,707,648 bytes free
Post-Run: 137,741,733,888 bytes free
.
- - End Of File - - 85085955EF5A97E00667FB1B8352408F
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP