Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Virus.Ramnit... [Closed]

Started by Max Smith , Nov 24 2011 06:01 PM

  • This topic is locked This topic is locked

#1
Max Smith
Posted 24 November 2011 - 06:01 PM

Max Smith

    New Member

  • Member
  • Pip
  • 4 posts
Hi all,

I would really appreciate some help on what to do with a problem I have with my laptop.

A few months ago, lots of the icons for programmes on my laptop suddenly lost their individual icons, and were replaced with the blank generic icon Windows uses for .exe files - the one I think it uses when it doesn't with which programme it should open that .exe file...

This seemed strange and my McAfee Virus scanner also came up with the following warning: WIN32/NGVCK (virus) detected.

This didn't seem to affect the running of the laptop unduly so I didn't do anything. But I recently ran MBAM and over 2500 (!) files came up as infected, with the majority saying that the vendor of the virus is: Virus.Ramnit

I hope I do not have Ramnit.A, although I might do it would seem.

I have posted an OTL read-out below... any help with this would be MUCH appreciated! I do not want to quarantine all the files MBAM recommends as I'm sure it would take half the programmes on my computer away.

OTL logfile created on: 24/11/2011 23:28:25 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\All Users\Documents
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 0.58 Gb Available Physical Memory | 29.38% Memory free
3.84 Gb Paging File | 2.48 Gb Available in Paging File | 64.69% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 138.90 Gb Total Space | 0.62 Gb Free Space | 0.45% Space Free | Partition Type: NTFS

Computer Name: MAX | User Name: Maximillian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/24 23:27:59 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\All Users\Documents\OTL.exe
PRC - [2011/11/23 00:58:45 | 001,143,185 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2011/10/11 03:32:35 | 000,659,902 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2011/09/18 10:28:29 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/08/31 17:00:48 | 001,047,208 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2011/03/09 21:49:22 | 000,015,688 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Silverlight\4.0.60310.0\agcp.exe
PRC - [2010/07/12 12:55:03 | 000,218,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows NT\Accessories\wordpad.exe
PRC - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/09/16 09:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/07/09 23:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/07/08 13:48:48 | 000,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe
PRC - [2009/07/08 10:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 18:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/05/21 09:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/11/09 20:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/08/13 16:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/07/10 05:51:06 | 000,095,744 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\vlc.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/09 17:43:51 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PRC - [2007/06/06 15:28:18 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2007/02/21 11:19:40 | 000,294,912 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2006/11/02 14:05:50 | 000,282,624 | ---- | M] (Knowles Acoustics) -- C:\WINDOWS\system32\KADxMain.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/23 00:58:45 | 001,143,185 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
MOD - [2011/10/11 03:32:35 | 000,659,902 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
MOD - [2011/09/18 10:28:30 | 001,000,920 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
MOD - [2011/09/08 23:36:46 | 006,277,280 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/05/18 10:53:44 | 001,666,486 | ---- | M] () -- C:\Documents and Settings\Maximillian\Application Data\Mozilla\Firefox\Profiles\0isueiao.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
MOD - [2011/05/18 10:53:44 | 000,516,002 | ---- | M] () -- C:\Documents and Settings\Maximillian\Application Data\Mozilla\Firefox\Profiles\0isueiao.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
MOD - [2011/04/15 02:14:26 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\b06e49ed8cbe07dbb90e313fa634b27b\System.Xml.ni.dll
MOD - [2011/04/15 02:11:08 | 007,949,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\f02cf6430a9fc77908a74ab6925cb73c\System.ni.dll
MOD - [2011/04/15 02:10:32 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\62d5f089dd51f18472a7caf1593d9f6b\mscorlib.ni.dll
MOD - [2010/03/15 15:57:20 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/02/05 18:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2009/05/26 20:06:28 | 001,085,934 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2008/07/10 05:51:14 | 004,214,272 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libffmpeg_plugin.dll
MOD - [2008/07/10 05:51:14 | 002,763,264 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libwxwidgets_plugin.dll
MOD - [2008/07/10 05:51:14 | 001,839,616 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libskins2_plugin.dll
MOD - [2008/07/10 05:51:14 | 001,171,456 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libvorbis_plugin.dll
MOD - [2008/07/10 05:51:14 | 000,205,312 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libflacdec_plugin.dll
MOD - [2008/07/10 05:51:14 | 000,194,048 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libtheora_plugin.dll
MOD - [2008/07/10 05:51:14 | 000,179,200 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libpng_plugin.dll
MOD - [2008/07/10 05:51:14 | 000,111,616 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\liblibmpeg2_plugin.dll
MOD - [2008/07/10 05:51:14 | 000,107,008 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libspeex_plugin.dll
MOD - [2008/07/10 05:51:14 | 000,092,160 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libmpgatofixed32_plugin.dll
MOD - [2008/07/10 05:51:14 | 000,041,472 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libvout_directx_plugin.dll
MOD - [2008/07/10 05:51:14 | 000,023,040 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libvcd_plugin.dll
MOD - [2008/07/10 05:51:14 | 000,020,480 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libhotkeys_plugin.dll
MOD - [2008/07/10 05:51:14 | 000,012,800 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libmpeg_audio_plugin.dll
MOD - [2008/07/10 05:51:14 | 000,009,728 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\liblinear_resampler_plugin.dll
MOD - [2008/07/10 05:51:14 | 000,008,704 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\liblpcm_plugin.dll
MOD - [2008/07/10 05:51:14 | 000,008,704 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libfloat32tou16_plugin.dll
MOD - [2008/07/10 05:51:14 | 000,008,192 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libfloat32tou8_plugin.dll
MOD - [2008/07/10 05:51:14 | 000,008,192 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libfloat32tos8_plugin.dll
MOD - [2008/07/10 05:51:14 | 000,008,192 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libfloat32_mixer_plugin.dll
MOD - [2008/07/10 05:51:14 | 000,007,680 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libsimple_channel_mixer_plugin.dll
MOD - [2008/07/10 05:51:14 | 000,007,680 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libs16tofloat32swab_plugin.dll
MOD - [2008/07/10 05:51:14 | 000,007,680 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libs16tofloat32_plugin.dll
MOD - [2008/07/10 05:51:14 | 000,007,680 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libfixed32tofloat32_plugin.dll
MOD - [2008/07/10 05:51:14 | 000,007,168 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libugly_resampler_plugin.dll
MOD - [2008/07/10 05:51:14 | 000,007,168 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libtrivial_mixer_plugin.dll
MOD - [2008/07/10 05:51:14 | 000,007,168 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libs16tofixed32_plugin.dll
MOD - [2008/07/10 05:51:14 | 000,007,168 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libfloat32tos16_plugin.dll
MOD - [2008/07/10 05:51:14 | 000,007,168 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libfixed32tos16_plugin.dll
MOD - [2008/07/10 05:51:14 | 000,006,656 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libspdif_mixer_plugin.dll
MOD - [2008/07/10 05:51:12 | 000,290,816 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libfaad_plugin.dll
MOD - [2008/07/10 05:51:12 | 000,205,312 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libdvdnav_plugin.dll
MOD - [2008/07/10 05:51:12 | 000,148,992 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libdtstofloat32_plugin.dll
MOD - [2008/07/10 05:51:12 | 000,118,784 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libdshow_plugin.dll
MOD - [2008/07/10 05:51:12 | 000,050,688 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libasf_plugin.dll
MOD - [2008/07/10 05:51:12 | 000,040,448 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\liba52tofloat32_plugin.dll
MOD - [2008/07/10 05:51:12 | 000,023,040 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libbandlimited_resampler_plugin.dll
MOD - [2008/07/10 05:51:12 | 000,021,504 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libaraw_plugin.dll
MOD - [2008/07/10 05:51:12 | 000,018,432 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libaout_directx_plugin.dll
MOD - [2008/07/10 05:51:12 | 000,013,824 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libcinepak_plugin.dll
MOD - [2008/07/10 05:51:12 | 000,013,312 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libaccess_directory_plugin.dll
MOD - [2008/07/10 05:51:12 | 000,012,800 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libdts_plugin.dll
MOD - [2008/07/10 05:51:12 | 000,012,288 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libaccess_file_plugin.dll
MOD - [2008/07/10 05:51:12 | 000,010,752 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libdolby_surround_decoder_plugin.dll
MOD - [2008/07/10 05:51:12 | 000,010,752 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\liba52_plugin.dll
MOD - [2008/07/10 05:51:12 | 000,010,240 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libfake_plugin.dll
MOD - [2008/07/10 05:51:12 | 000,007,680 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\libdtstospdif_plugin.dll
MOD - [2008/07/10 05:51:12 | 000,006,656 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\liba52tospdif_plugin.dll
MOD - [2008/07/10 05:51:08 | 003,072,512 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\libvlc.dll
MOD - [2008/07/10 05:51:06 | 000,095,744 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\vlc.exe
MOD - [2008/04/14 04:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 04:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
MOD - [2007/02/21 11:13:02 | 000,118,784 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2006/11/05 10:28:18 | 004,587,520 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll
MOD - [2006/10/17 16:13:20 | 001,339,853 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\acAuth.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (stllssvr)
SRV - File not found [On_Demand | Stopped] -- -- (RoxMediaDB9)
SRV - File not found [On_Demand | Stopped] -- -- (IDriverT)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (FLEXnet Licensing Service)
SRV - File not found [On_Demand | Stopped] -- -- (Adobe LM Service)
SRV - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/09/16 10:23:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/09/16 09:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/09/16 08:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/07/09 23:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/07/08 13:48:48 | 000,026,640 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2009/07/08 10:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 18:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2008/11/09 20:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/08/13 16:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2007/02/21 11:19:40 | 000,294,912 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel®


========== Driver Services (SafeList) ==========

DRV - [2009/10/18 10:08:54 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/09/16 09:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 09:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 09:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 09:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 09:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/07/16 11:32:26 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2009/04/03 20:56:44 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2008/12/17 05:51:42 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2008/11/17 14:11:08 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2007/12/02 18:26:22 | 000,989,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/12/02 18:26:20 | 000,731,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/12/02 18:26:20 | 000,211,200 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/06/06 15:28:16 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/05/08 23:05:36 | 002,203,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®
DRV - [2007/05/08 21:49:02 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2007/05/08 21:46:12 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/05/08 21:46:08 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/05/08 21:46:06 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/02/21 11:16:12 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/11/02 12:31:38 | 000,103,168 | ---- | M] (Knowles Acoustics) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dxec02.sys -- (DXEC02)
DRV - [2006/08/18 13:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 13:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 13:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 13:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 13:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 13:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 13:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 13:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/11 10:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 10:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2002/10/20 19:37:16 | 000,515,803 | ---- | M] (Digital Camera) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\Ca533av.sys -- (Ca533av) Icatch(IV)
DRV - [2002/07/24 19:19:48 | 000,010,986 | ---- | M] (USB BULK) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Bulk533.sys -- (USBCamera) Icatch(IV)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = Reg Error: Unknown registry data type
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://partnerpage.g...smb&ibd=0080206
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://partnerpage.g...smb&ibd=0080206
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\w, = Reg Error: Unknown registry data type

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Reg Error: Unknown registry data type
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = Reg Error: Unknown registry data type
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Documents and Settings\Maximillian\Local Settings\Application Data\Octoshape\Octoshape Streaming Services\octoprogram-L03-NMS1101262_SUA_000\npoctoshape.dll (Octoshape ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/05 01:19:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/18 10:28:36 | 000,000,000 | ---D | M]

[2010/08/09 22:55:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Maximillian\Application Data\Mozilla\Extensions
[2011/11/23 01:10:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Maximillian\Application Data\Mozilla\Firefox\Profiles\0isueiao.default\extensions
[2009/10/01 23:33:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Maximillian\Application Data\Mozilla\Firefox\Profiles\0isueiao.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/10 19:19:21 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Maximillian\Application Data\Mozilla\Firefox\Profiles\0isueiao.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/07/09 15:11:56 | 000,000,000 | ---D | M] (jDownFF) -- C:\Documents and Settings\Maximillian\Application Data\Mozilla\Firefox\Profiles\0isueiao.default\extensions\{a3b24d40-bac4-11dc-95ff-0800200c9a66}
[2008/05/10 14:18:34 | 000,000,275 | ---- | M] () -- C:\Documents and Settings\Maximillian\Application Data\Mozilla\Firefox\Profiles\0isueiao.default\searchplugins\search.xml
[2011/11/23 01:10:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/04/09 17:42:31 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/04/09 17:42:17 | 000,000,000 | ---D | M] (Real Networks Settings) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2009/01/06 00:36:45 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

========== Chrome ==========


O1 HOSTS File: ([2009/05/27 14:57:26 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe File not found
O4 - HKLM..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s File not found
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe ()
O4 - HKLM..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" File not found
O4 - HKLM..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup File not found
O4 - HKLM..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start File not found
O4 - HKLM..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe (Knowles Acoustics)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime File not found
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Octoshape Streaming Services] C:\Documents and Settings\Maximillian\Local Settings\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
O4 - HKCU..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\DOCUME~1\MAXIMI~1\LOCALS~1\Temp\SSUPDATE.EXE Software\SUPERAntiSpyware.com\SUPERAntiSpyware File not found
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\Maximillian\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 227
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Search Protection - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\lspahd.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} https://signin3.valu...018/flashax.cab (FlashXControl Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{52F0DCD6-CA28-4CED-895A-BA26F67A579E}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Filter\application/x-internet-signup {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll ()
O20 - AppInit_DLLs: (C:\WINDOWS\system32\hapevapu.dll) - File not found
O20 - AppInit_DLLs: (C:\WINDOWS\system32\yojakagu.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Program Files\jgloygky\rmdbjgtp.exe) -C:\Program Files\jgloygky\rmdbjgtp.exe File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Maximillian\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Maximillian\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/24 23:27:25 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\All Users\Documents\OTL.exe
[2 C:\Documents and Settings\Maximillian\My Documents\*.tmp files -> C:\Documents and Settings\Maximillian\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Documents\*.tmp files -> C:\Documents and Settings\All Users\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/24 23:27:59 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\All Users\Documents\OTL.exe
[2011/11/24 23:02:48 | 000,060,943 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2011/11/23 01:09:20 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/11/23 01:08:17 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/23 00:52:02 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2011/11/23 00:51:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/23 00:51:23 | 2137,038,848 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/22 01:13:06 | 000,159,232 | ---- | M] () -- C:\Documents and Settings\Maximillian\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/20 22:36:28 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\null
[2011/11/05 01:30:05 | 000,443,480 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/05 01:30:04 | 000,072,580 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/01 01:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2 C:\Documents and Settings\Maximillian\My Documents\*.tmp files -> C:\Documents and Settings\Maximillian\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Documents\*.tmp files -> C:\Documents and Settings\All Users\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/19 23:09:13 | 000,009,392 | -HS- | C] () -- C:\Documents and Settings\Maximillian\Local Settings\Application Data\547eq3ocsl3hy386t8e2jfnolihd7c85p8h837815
[2011/06/19 23:09:13 | 000,009,392 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\547eq3ocsl3hy386t8e2jfnolihd7c85p8h837815
[2011/05/12 22:37:16 | 000,018,133 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011/04/22 23:38:46 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Maximillian\Application Data\chrtmp
[2010/03/11 01:01:28 | 000,013,082 | -HS- | C] () -- C:\Documents and Settings\Maximillian\Local Settings\Application Data\LPycuu127I6G1
[2010/02/02 02:07:08 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/02/02 02:07:06 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/02/02 02:07:06 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/02/02 02:07:03 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/06/06 01:12:06 | 000,002,119 | ---- | C] () -- C:\Documents and Settings\Maximillian\Application Data\waQ1P0bNat.gif
[2009/06/06 01:12:06 | 000,000,607 | ---- | C] () -- C:\Documents and Settings\Maximillian\Application Data\waQ1P0bNzn.gif
[2009/06/06 01:12:06 | 000,000,598 | ---- | C] () -- C:\Documents and Settings\Maximillian\Application Data\waQ1P0bNby.gif
[2008/12/22 04:59:26 | 000,025,312 | ---- | C] () -- C:\WINDOWS\System32\DivXVfWCodec.dll
[2008/12/22 04:59:24 | 000,025,312 | ---- | C] () -- C:\WINDOWS\System32\SamsungVfWCodec.dll
[2008/12/22 04:59:08 | 000,447,200 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2008/12/22 04:52:02 | 000,066,272 | ---- | C] () -- C:\WINDOWS\System32\libfaac.dll
[2008/09/23 17:59:30 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\sesogasi.dll
[2008/09/23 17:59:30 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\melaniji.dll
[2008/09/23 17:59:30 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\hudugaku.dll
[2008/06/05 08:55:28 | 000,000,676 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/05/22 22:22:18 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/05/22 22:18:54 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/05/18 09:50:57 | 000,000,010 | ---- | C] () -- C:\WINDOWS\n37st.dat
[2008/05/18 09:50:57 | 000,000,002 | ---- | C] () -- C:\WINDOWS\HQK_1.dat
[2008/04/09 17:46:58 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/04/09 17:44:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/03/20 12:33:46 | 000,004,820 | ---- | C] () -- C:\Documents and Settings\Maximillian\Application Data\wklnhst.dat
[2008/03/12 19:20:29 | 000,001,888 | ---- | C] () -- C:\WINDOWS\CA533A.INI
[2008/03/12 19:20:28 | 000,118,784 | ---- | C] () -- C:\WINDOWS\ShowBmp.exe
[2008/03/12 19:20:28 | 000,001,325 | ---- | C] () -- C:\WINDOWS\Remove.ini
[2008/03/02 12:20:55 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/02/18 08:14:16 | 000,159,232 | ---- | C] () -- C:\Documents and Settings\Maximillian\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/06 15:49:09 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/02/06 15:14:53 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2008/02/06 15:12:15 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/02/06 15:01:22 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2008/02/06 15:01:22 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/02/06 14:56:05 | 000,000,076 | RHS- | C] () -- C:\WINDOWS\CT4CET.bin
[2008/02/06 14:15:36 | 000,910,304 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2008/02/06 14:15:36 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4831.dll
[2008/02/06 14:15:35 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2008/02/06 14:15:34 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2008/02/06 14:13:06 | 000,001,201 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/08/06 12:17:40 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerLang.dll
[2007/08/02 17:11:28 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLA.dll
[2007/08/02 17:11:14 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLW.dll
[2007/07/27 14:49:02 | 000,225,355 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiW.dll
[2007/07/27 14:49:02 | 000,196,683 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiA.dll
[2007/06/13 10:10:34 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerUninstaller.exe
[2006/11/07 04:25:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2005/12/05 19:25:22 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\lnod32umc.dll
[2005/12/05 12:37:10 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\lnod32upd.dll
[2004/08/11 17:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 17:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 17:12:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 17:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 17:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 17:06:43 | 001,622,152 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 17:00:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/11 17:00:28 | 000,443,480 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 17:00:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/11 17:00:28 | 000,072,580 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 17:00:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/11 17:00:27 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/11 17:00:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/11 17:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/11 17:00:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/11 17:00:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/11 17:00:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/11 17:00:04 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/10/15 22:54:04 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

========== LOP Check ==========

[2011/04/16 12:16:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dIo28610aJgOp28610
[2008/03/20 12:03:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2008/05/10 11:29:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGS
[2008/05/10 12:38:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microgaming
[2008/02/06 15:14:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2009/01/06 00:43:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/06/07 00:13:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/01/14 21:23:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/10/02 23:07:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{4818E394-673B-4AF1-A300-763D20B4BF94}
[2009/01/25 12:27:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maximillian\Application Data\BSplayer
[2008/04/10 14:46:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maximillian\Application Data\BSplayer Pro
[2011/10/02 23:09:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maximillian\Application Data\FXTS2
[2009/01/22 01:22:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maximillian\Application Data\GetRightToGo
[2010/02/16 01:09:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maximillian\Application Data\KDE
[2008/06/14 18:38:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maximillian\Application Data\NetMedia Providers
[2009/01/23 00:54:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maximillian\Application Data\OpenOffice.org
[2008/06/14 18:38:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maximillian\Application Data\Publish Providers
[2010/05/16 22:42:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maximillian\Application Data\Red Kawa
[2008/06/14 18:37:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maximillian\Application Data\Sony
[2011/04/16 11:51:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maximillian\Application Data\Template
[2011/01/06 14:00:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maximillian\Application Data\uTorrent
[2011/10/15 00:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2011/11/01 01:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job
[2011/11/23 00:52:02 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A11F741D

< End of report >
  • 0

Advertisements

#2
ali.B
Posted 25 November 2011 - 12:41 AM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Step 1

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
O20 - AppInit_DLLs: (C:\WINDOWS\system32\hapevapu.dll) - File not found
O20 - AppInit_DLLs: (C:\WINDOWS\system32\yojakagu.dll) - File not found
O20 - HKLM Winlogon: UserInit - (C:\Program Files\jgloygky\rmdbjgtp.exe) -C:\Program Files\jgloygky\rmdbjgtp.exe File not found
[2011/06/19 23:09:13 | 000,009,392 | -HS- | C] () -- C:\Documents and Settings\Maximillian\Local Settings\Application Data\547eq3ocsl3hy386t8e2jfnolihd7c85p8h837815
[2011/06/19 23:09:13 | 000,009,392 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\547eq3ocsl3hy386t8e2jfnolihd7c85p8h837815
[2010/03/11 01:01:28 | 000,013,082 | -HS- | C] () -- C:\Documents and Settings\Maximillian\Local Settings\Application Data\LPycuu127I6G1
[2008/09/23 17:59:30 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\sesogasi.dll
[2008/09/23 17:59:30 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\melaniji.dll
[2008/09/23 17:59:30 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\hudugaku.dll
[2011/04/16 12:16:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dIo28610aJgOp28610

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step 2

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

Things I would like to see in your reply:
  • OTL log
  • MBAM log

  • 0

#3
Max Smith
Posted 25 November 2011 - 03:34 PM

Max Smith

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Thanks - here are the logs, OTL first:

OTL logfile created on: 25/11/2011 21:12:59 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\All Users\Documents
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 1.20 Gb Available Physical Memory | 60.21% Memory free
3.84 Gb Paging File | 3.01 Gb Available in Paging File | 78.46% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 138.90 Gb Total Space | 13.18 Gb Free Space | 9.49% Space Free | Partition Type: NTFS

Computer Name: MAX | User Name: Maximillian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/25 21:07:28 | 000,659,902 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2011/11/25 21:04:24 | 001,143,185 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2011/11/25 20:36:18 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\All Users\Documents\OTL.exe
PRC - [2011/09/18 10:28:29 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/08/31 17:00:48 | 001,047,208 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2009/10/29 06:54:44 | 001,497,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcshell.exe
PRC - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/09/16 09:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/07/09 23:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/07/08 13:48:48 | 000,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe
PRC - [2009/07/08 10:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 18:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/05/21 09:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/11/09 20:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/08/13 16:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PRC - [2007/06/06 15:28:18 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2007/02/21 11:19:40 | 000,294,912 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2006/11/02 14:05:50 | 000,282,624 | ---- | M] (Knowles Acoustics) -- C:\WINDOWS\system32\KADxMain.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/18 10:28:30 | 001,000,920 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
MOD - [2011/09/08 23:36:46 | 006,277,280 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/05/18 10:53:44 | 001,666,486 | ---- | M] () -- C:\Documents and Settings\Maximillian\Application Data\Mozilla\Firefox\Profiles\0isueiao.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
MOD - [2011/05/18 10:53:44 | 000,516,002 | ---- | M] () -- C:\Documents and Settings\Maximillian\Application Data\Mozilla\Firefox\Profiles\0isueiao.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
MOD - [2011/04/15 02:14:26 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\b06e49ed8cbe07dbb90e313fa634b27b\System.Xml.ni.dll
MOD - [2011/04/15 02:11:08 | 007,949,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\f02cf6430a9fc77908a74ab6925cb73c\System.ni.dll
MOD - [2011/04/15 02:10:32 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\62d5f089dd51f18472a7caf1593d9f6b\mscorlib.ni.dll
MOD - [2010/03/15 15:57:20 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/02/05 18:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2009/05/26 20:06:28 | 001,085,934 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2008/10/29 21:07:38 | 000,068,112 | ---- | M] () -- C:\Program Files\McAfee\MSHR\2057\ShrRes.dll
MOD - [2008/04/14 04:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 04:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
MOD - [2007/02/21 11:13:02 | 000,118,784 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2006/11/05 10:28:18 | 004,587,520 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll
MOD - [2006/10/17 16:13:20 | 001,339,853 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\acAuth.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (stllssvr)
SRV - File not found [On_Demand | Stopped] -- -- (RoxMediaDB9)
SRV - File not found [On_Demand | Stopped] -- -- (IDriverT)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (FLEXnet Licensing Service)
SRV - File not found [On_Demand | Stopped] -- -- (Adobe LM Service)
SRV - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/09/16 10:23:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/09/16 09:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/09/16 08:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/07/09 23:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/07/08 13:48:48 | 000,026,640 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2009/07/08 10:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 18:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2008/11/09 20:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/08/13 16:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2007/02/21 11:19:40 | 000,294,912 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel®


========== Driver Services (SafeList) ==========

DRV - [2009/10/18 10:08:54 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/09/16 09:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 09:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 09:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 09:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 09:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/07/16 11:32:26 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2009/04/03 20:56:44 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2008/12/17 05:51:42 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2008/11/17 14:11:08 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2007/12/02 18:26:22 | 000,989,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/12/02 18:26:20 | 000,731,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/12/02 18:26:20 | 000,211,200 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/06/06 15:28:16 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/05/08 23:05:36 | 002,203,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®
DRV - [2007/05/08 21:49:02 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2007/05/08 21:46:12 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/05/08 21:46:08 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/05/08 21:46:06 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/02/21 11:16:12 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/11/02 12:31:38 | 000,103,168 | ---- | M] (Knowles Acoustics) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dxec02.sys -- (DXEC02)
DRV - [2006/08/18 13:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 13:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 13:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 13:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 13:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 13:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 13:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 13:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/11 10:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 10:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2002/10/20 19:37:16 | 000,515,803 | ---- | M] (Digital Camera) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\Ca533av.sys -- (Ca533av) Icatch(IV)
DRV - [2002/07/24 19:19:48 | 000,010,986 | ---- | M] (USB BULK) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Bulk533.sys -- (USBCamera) Icatch(IV)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = Reg Error: Unknown registry data type
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://partnerpage.g...smb&ibd=0080206
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://partnerpage.g...smb&ibd=0080206
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\w, = Reg Error: Unknown registry data type

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Reg Error: Unknown registry data type
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = Reg Error: Unknown registry data type
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Documents and Settings\Maximillian\Local Settings\Application Data\Octoshape\Octoshape Streaming Services\octoprogram-L03-NMS1101262_SUA_000\npoctoshape.dll (Octoshape ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/05 01:19:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/18 10:28:36 | 000,000,000 | ---D | M]

[2010/08/09 22:55:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Maximillian\Application Data\Mozilla\Extensions
[2011/11/23 01:10:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Maximillian\Application Data\Mozilla\Firefox\Profiles\0isueiao.default\extensions
[2009/10/01 23:33:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Maximillian\Application Data\Mozilla\Firefox\Profiles\0isueiao.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/10 19:19:21 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Maximillian\Application Data\Mozilla\Firefox\Profiles\0isueiao.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/07/09 15:11:56 | 000,000,000 | ---D | M] (jDownFF) -- C:\Documents and Settings\Maximillian\Application Data\Mozilla\Firefox\Profiles\0isueiao.default\extensions\{a3b24d40-bac4-11dc-95ff-0800200c9a66}
[2008/05/10 14:18:34 | 000,000,275 | ---- | M] () -- C:\Documents and Settings\Maximillian\Application Data\Mozilla\Firefox\Profiles\0isueiao.default\searchplugins\search.xml
[2011/11/23 01:10:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/04/09 17:42:31 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/04/09 17:42:17 | 000,000,000 | ---D | M] (Real Networks Settings) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2009/01/06 00:36:45 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

========== Chrome ==========


O1 HOSTS File: ([2011/11/25 20:37:43 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe File not found
O4 - HKLM..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s File not found
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" File not found
O4 - HKLM..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup File not found
O4 - HKLM..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start File not found
O4 - HKLM..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe (Knowles Acoustics)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime File not found
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Octoshape Streaming Services] C:\Documents and Settings\Maximillian\Local Settings\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
O4 - HKCU..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\DOCUME~1\MAXIMI~1\LOCALS~1\Temp\SSUPDATE.EXE Software\SUPERAntiSpyware.com\SUPERAntiSpyware File not found
O4 - Startup: C:\Documents and Settings\Maximillian\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 227
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Search Protection - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\lspahd.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} https://signin3.valu...018/flashax.cab (FlashXControl Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{52F0DCD6-CA28-4CED-895A-BA26F67A579E}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Filter\application/x-internet-signup {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Program Files\jgloygky\rmdbjgtp.exe) -C:\Program Files\jgloygky\rmdbjgtp.exe File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Maximillian\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Maximillian\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/25 20:42:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/11/25 20:37:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/25 20:36:14 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\All Users\Documents\OTL.exe
[2 C:\Documents and Settings\Maximillian\My Documents\*.tmp files -> C:\Documents and Settings\Maximillian\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Documents\*.tmp files -> C:\Documents and Settings\All Users\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/25 21:09:39 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/11/25 21:09:27 | 000,061,231 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2011/11/25 20:43:52 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/25 20:41:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/25 20:41:42 | 2137,038,848 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/25 20:36:18 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\All Users\Documents\OTL.exe
[2011/11/23 01:08:17 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/22 01:13:06 | 000,159,232 | ---- | M] () -- C:\Documents and Settings\Maximillian\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/20 22:36:28 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\null
[2011/11/05 01:30:05 | 000,443,480 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/05 01:30:04 | 000,072,580 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/01 01:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2 C:\Documents and Settings\Maximillian\My Documents\*.tmp files -> C:\Documents and Settings\Maximillian\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Documents\*.tmp files -> C:\Documents and Settings\All Users\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/12 22:37:16 | 000,018,133 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011/04/22 23:38:46 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Maximillian\Application Data\chrtmp
[2010/02/02 02:07:08 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/02/02 02:07:06 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/02/02 02:07:06 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/02/02 02:07:03 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/06/06 01:12:06 | 000,002,119 | ---- | C] () -- C:\Documents and Settings\Maximillian\Application Data\waQ1P0bNat.gif
[2009/06/06 01:12:06 | 000,000,607 | ---- | C] () -- C:\Documents and Settings\Maximillian\Application Data\waQ1P0bNzn.gif
[2009/06/06 01:12:06 | 000,000,598 | ---- | C] () -- C:\Documents and Settings\Maximillian\Application Data\waQ1P0bNby.gif
[2008/12/22 04:59:26 | 000,025,312 | ---- | C] () -- C:\WINDOWS\System32\DivXVfWCodec.dll
[2008/12/22 04:59:24 | 000,025,312 | ---- | C] () -- C:\WINDOWS\System32\SamsungVfWCodec.dll
[2008/12/22 04:59:08 | 000,447,200 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2008/12/22 04:52:02 | 000,066,272 | ---- | C] () -- C:\WINDOWS\System32\libfaac.dll
[2008/06/05 08:55:28 | 000,000,676 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/05/22 22:22:18 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/05/22 22:18:54 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/05/18 09:50:57 | 000,000,010 | ---- | C] () -- C:\WINDOWS\n37st.dat
[2008/05/18 09:50:57 | 000,000,002 | ---- | C] () -- C:\WINDOWS\HQK_1.dat
[2008/04/09 17:46:58 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/04/09 17:44:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/03/20 12:33:46 | 000,004,820 | ---- | C] () -- C:\Documents and Settings\Maximillian\Application Data\wklnhst.dat
[2008/03/12 19:20:29 | 000,001,888 | ---- | C] () -- C:\WINDOWS\CA533A.INI
[2008/03/12 19:20:28 | 000,118,784 | ---- | C] () -- C:\WINDOWS\ShowBmp.exe
[2008/03/12 19:20:28 | 000,001,325 | ---- | C] () -- C:\WINDOWS\Remove.ini
[2008/03/02 12:20:55 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/02/18 08:14:16 | 000,159,232 | ---- | C] () -- C:\Documents and Settings\Maximillian\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/06 15:49:09 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/02/06 15:14:53 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2008/02/06 15:12:15 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/02/06 15:01:22 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2008/02/06 15:01:22 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/02/06 14:56:05 | 000,000,076 | RHS- | C] () -- C:\WINDOWS\CT4CET.bin
[2008/02/06 14:15:36 | 000,910,304 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2008/02/06 14:15:36 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4831.dll
[2008/02/06 14:15:35 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2008/02/06 14:15:34 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2008/02/06 14:13:06 | 000,001,201 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/08/06 12:17:40 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerLang.dll
[2007/08/02 17:11:28 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLA.dll
[2007/08/02 17:11:14 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLW.dll
[2007/07/27 14:49:02 | 000,225,355 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiW.dll
[2007/07/27 14:49:02 | 000,196,683 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiA.dll
[2007/06/13 10:10:34 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerUninstaller.exe
[2006/11/07 04:25:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2005/12/05 19:25:22 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\lnod32umc.dll
[2005/12/05 12:37:10 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\lnod32upd.dll
[2004/08/11 17:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 17:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 17:12:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 17:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 17:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 17:06:43 | 001,622,152 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 17:00:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/11 17:00:28 | 000,443,480 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 17:00:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/11 17:00:28 | 000,072,580 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 17:00:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/11 17:00:27 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/11 17:00:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/11 17:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/11 17:00:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/11 17:00:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/11 17:00:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/11 17:00:04 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/10/15 22:54:04 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

========== LOP Check ==========

[2011/04/16 12:16:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dIo28610aJgOp28610
[2008/03/20 12:03:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2008/05/10 11:29:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGS
[2008/05/10 12:38:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microgaming
[2008/02/06 15:14:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2009/01/06 00:43:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/06/07 00:13:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/01/14 21:23:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/10/02 23:07:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{4818E394-673B-4AF1-A300-763D20B4BF94}
[2009/01/25 12:27:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maximillian\Application Data\BSplayer
[2008/04/10 14:46:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maximillian\Application Data\BSplayer Pro
[2011/10/02 23:09:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maximillian\Application Data\FXTS2
[2009/01/22 01:22:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maximillian\Application Data\GetRightToGo
[2010/02/16 01:09:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maximillian\Application Data\KDE
[2008/06/14 18:38:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maximillian\Application Data\NetMedia Providers
[2009/01/23 00:54:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maximillian\Application Data\OpenOffice.org
[2008/06/14 18:38:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maximillian\Application Data\Publish Providers
[2010/05/16 22:42:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maximillian\Application Data\Red Kawa
[2008/06/14 18:37:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maximillian\Application Data\Sony
[2011/04/16 11:51:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maximillian\Application Data\Template
[2011/01/06 14:00:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maximillian\Application Data\uTorrent
[2011/10/15 00:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2011/11/01 01:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A11F741D

< End of report >

MBAM REPORT:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8221

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

25/11/2011 21:33:05
mbam-log-2011-11-25 (21-33-01).txt

Scan type: Quick scan
Objects scanned: 191283
Time elapsed: 9 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 19
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 28

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\program files\openoffice.org 3\Basis\program\shlxthdl\shlxthdl.dll (Virus.Ramnit) -> No action taken.
c:\documents and settings\maximillian\application data\Mozilla\Firefox\Profiles\0isueiao.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll (Virus.Ramnit) -> No action taken.
c:\documents and settings\maximillian\application data\Mozilla\Firefox\Profiles\0isueiao.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll (Virus.Ramnit) -> No action taken.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9} (Virus.Ramnit) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{CA6319C0-31B7-401E-A518-A07C3DB8F777} (Virus.Ramnit) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{3EE33958-7381-4E7B-A4F3-6E43098E9E9C} (Virus.Ramnit) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{68352C65-F3D2-44D3-8404-B02E54FE0EFD} (Virus.Ramnit) -> No action taken.
HKEY_CLASSES_ROOT\BAE.BrowserHelperObject.1 (Virus.Ramnit) -> No action taken.
HKEY_CLASSES_ROOT\BAE.BrowserHelperObject (Virus.Ramnit) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777} (Virus.Ramnit) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA6319C0-31B7-401E-A518-A07C3DB8F777} (Virus.Ramnit) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} (Virus.Ramnit) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435B-BC74-9C25C1C588A9} (Virus.Ramnit) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9} (Virus.Ramnit) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (Virus.Ramnit) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{D85100D8-894D-4F80-9697-C220AF4202EB} (Virus.Ramnit) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{AD5FB04F-5A8D-44D4-8206-6A8734186EA2} (Virus.Ramnit) -> No action taken.
HKEY_CLASSES_ROOT\ieplugin.JQSIEStartDetectorImpl.1 (Virus.Ramnit) -> No action taken.
HKEY_CLASSES_ROOT\ieplugin.JQSIEStartDetectorImpl (Virus.Ramnit) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (Virus.Ramnit) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (Virus.Ramnit) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6} (Virus.Ramnit) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{087B3AE3-E237-4467-B8DB-5A38AB959AC9} (Virus.Ramnit) -> Value: {087B3AE3-E237-4467-B8DB-5A38AB959AC9} -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\DELL\BAE\BAE.DLL (Virus.Ramnit) -> Value: BAE.DLL -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files\openoffice.org 3\Basis\program\shlxthdl\shlxthdl.dll (Virus.Ramnit) -> No action taken.
c:\documents and settings\maximillian\application data\Mozilla\Firefox\Profiles\0isueiao.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll (Virus.Ramnit) -> No action taken.
c:\documents and settings\maximillian\application data\Mozilla\Firefox\Profiles\0isueiao.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll (Virus.Ramnit) -> No action taken.
c:\program files\Dell\BAE\BAE.dll (Virus.Ramnit) -> No action taken.
c:\program files\Java\jre6\bin\jp2ssv.dll (Virus.Ramnit) -> No action taken.
c:\program files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Virus.Ramnit) -> No action taken.
c:\documents and settings\maximillian\Desktop\fileassassin.dll (Virus.Ramnit) -> No action taken.
c:\program files\internet explorer\custsat.dll (Virus.Ramnit) -> No action taken.
c:\program files\internet explorer\ieproxy.dll (Virus.Ramnit) -> No action taken.
c:\program files\internet explorer\PLUGINS\npqtplugin.dll (Virus.Ramnit) -> No action taken.
c:\program files\internet explorer\PLUGINS\npqtplugin2.dll (Virus.Ramnit) -> No action taken.
c:\program files\internet explorer\PLUGINS\npqtplugin3.dll (Virus.Ramnit) -> No action taken.
c:\program files\internet explorer\PLUGINS\npqtplugin4.dll (Virus.Ramnit) -> No action taken.
c:\program files\internet explorer\PLUGINS\npqtplugin5.dll (Virus.Ramnit) -> No action taken.
c:\program files\internet explorer\PLUGINS\npqtplugin6.dll (Virus.Ramnit) -> No action taken.
c:\program files\internet explorer\PLUGINS\npqtplugin7.dll (Virus.Ramnit) -> No action taken.
c:\program files\mozilla firefox\firefoxmgr.exe (Spyware.Passwords.XGen) -> No action taken.
c:\program files\mozilla firefox\plugins\np32dsw.dll (Virus.Ramnit) -> No action taken.
c:\program files\mozilla firefox\plugins\npdivxplayerplugin.dll (Virus.Ramnit) -> No action taken.
c:\program files\mozilla firefox\plugins\npqtplugin.dll (Virus.Ramnit) -> No action taken.
c:\program files\mozilla firefox\plugins\npqtplugin2.dll (Virus.Ramnit) -> No action taken.
c:\program files\mozilla firefox\plugins\npqtplugin3.dll (Virus.Ramnit) -> No action taken.
c:\program files\mozilla firefox\plugins\npqtplugin4.dll (Virus.Ramnit) -> No action taken.
c:\program files\mozilla firefox\plugins\npqtplugin5.dll (Virus.Ramnit) -> No action taken.
c:\program files\mozilla firefox\plugins\npqtplugin6.dll (Virus.Ramnit) -> No action taken.
c:\program files\mozilla firefox\plugins\npqtplugin7.dll (Virus.Ramnit) -> No action taken.
c:\program files\mozilla firefox\plugins\nprpjplug.dll (Virus.Ramnit) -> No action taken.
c:\documents and settings\maximillian\local settings\Temp\svchost.exe (Spyware.Passwords.XGen) -> No action taken.
  • 0

#4
Max Smith
Posted 25 November 2011 - 04:08 PM

Max Smith

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Sorry here is the correct version of the MBAM log:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8221

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

25/11/2011 21:37:41
mbam-log-2011-11-25 (21-37-41).txt

Scan type: Quick scan
Objects scanned: 191283
Time elapsed: 9 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 19
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 28

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\program files\openoffice.org 3\Basis\program\shlxthdl\shlxthdl.dll (Virus.Ramnit) -> Delete on reboot.
c:\documents and settings\maximillian\application data\Mozilla\Firefox\Profiles\0isueiao.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll (Virus.Ramnit) -> Delete on reboot.
c:\documents and settings\maximillian\application data\Mozilla\Firefox\Profiles\0isueiao.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll (Virus.Ramnit) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9} (Virus.Ramnit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{CA6319C0-31B7-401E-A518-A07C3DB8F777} (Virus.Ramnit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3EE33958-7381-4E7B-A4F3-6E43098E9E9C} (Virus.Ramnit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{68352C65-F3D2-44D3-8404-B02E54FE0EFD} (Virus.Ramnit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\BAE.BrowserHelperObject.1 (Virus.Ramnit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\BAE.BrowserHelperObject (Virus.Ramnit) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777} (Virus.Ramnit) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA6319C0-31B7-401E-A518-A07C3DB8F777} (Virus.Ramnit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} (Virus.Ramnit) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435B-BC74-9C25C1C588A9} (Virus.Ramnit) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9} (Virus.Ramnit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (Virus.Ramnit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{D85100D8-894D-4F80-9697-C220AF4202EB} (Virus.Ramnit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{AD5FB04F-5A8D-44D4-8206-6A8734186EA2} (Virus.Ramnit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ieplugin.JQSIEStartDetectorImpl.1 (Virus.Ramnit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ieplugin.JQSIEStartDetectorImpl (Virus.Ramnit) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (Virus.Ramnit) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (Virus.Ramnit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6} (Virus.Ramnit) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{087B3AE3-E237-4467-B8DB-5A38AB959AC9} (Virus.Ramnit) -> Value: {087B3AE3-E237-4467-B8DB-5A38AB959AC9} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\DELL\BAE\BAE.DLL (Virus.Ramnit) -> Value: BAE.DLL -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files\openoffice.org 3\Basis\program\shlxthdl\shlxthdl.dll (Virus.Ramnit) -> Delete on reboot.
c:\documents and settings\maximillian\application data\Mozilla\Firefox\Profiles\0isueiao.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll (Virus.Ramnit) -> Delete on reboot.
c:\documents and settings\maximillian\application data\Mozilla\Firefox\Profiles\0isueiao.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll (Virus.Ramnit) -> Delete on reboot.
c:\program files\Dell\BAE\BAE.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\Java\jre6\bin\jp2ssv.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\documents and settings\maximillian\Desktop\fileassassin.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\internet explorer\custsat.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\internet explorer\ieproxy.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\internet explorer\PLUGINS\npqtplugin.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\internet explorer\PLUGINS\npqtplugin2.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\internet explorer\PLUGINS\npqtplugin3.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\internet explorer\PLUGINS\npqtplugin4.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\internet explorer\PLUGINS\npqtplugin5.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\internet explorer\PLUGINS\npqtplugin6.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\internet explorer\PLUGINS\npqtplugin7.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\firefoxmgr.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\plugins\np32dsw.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\plugins\npdivxplayerplugin.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\plugins\npqtplugin.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\plugins\npqtplugin2.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\plugins\npqtplugin3.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\plugins\npqtplugin4.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\plugins\npqtplugin5.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\plugins\npqtplugin6.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\plugins\npqtplugin7.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\plugins\nprpjplug.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\documents and settings\maximillian\local settings\Temp\svchost.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8221

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

25/11/2011 21:37:41
mbam-log-2011-11-25 (21-37-41).txt

Scan type: Quick scan
Objects scanned: 191283
Time elapsed: 9 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 19
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 28

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\program files\openoffice.org 3\Basis\program\shlxthdl\shlxthdl.dll (Virus.Ramnit) -> Delete on reboot.
c:\documents and settings\maximillian\application data\Mozilla\Firefox\Profiles\0isueiao.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll (Virus.Ramnit) -> Delete on reboot.
c:\documents and settings\maximillian\application data\Mozilla\Firefox\Profiles\0isueiao.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll (Virus.Ramnit) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9} (Virus.Ramnit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{CA6319C0-31B7-401E-A518-A07C3DB8F777} (Virus.Ramnit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3EE33958-7381-4E7B-A4F3-6E43098E9E9C} (Virus.Ramnit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{68352C65-F3D2-44D3-8404-B02E54FE0EFD} (Virus.Ramnit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\BAE.BrowserHelperObject.1 (Virus.Ramnit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\BAE.BrowserHelperObject (Virus.Ramnit) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777} (Virus.Ramnit) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA6319C0-31B7-401E-A518-A07C3DB8F777} (Virus.Ramnit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} (Virus.Ramnit) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435B-BC74-9C25C1C588A9} (Virus.Ramnit) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9} (Virus.Ramnit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (Virus.Ramnit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{D85100D8-894D-4F80-9697-C220AF4202EB} (Virus.Ramnit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{AD5FB04F-5A8D-44D4-8206-6A8734186EA2} (Virus.Ramnit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ieplugin.JQSIEStartDetectorImpl.1 (Virus.Ramnit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ieplugin.JQSIEStartDetectorImpl (Virus.Ramnit) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (Virus.Ramnit) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (Virus.Ramnit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6} (Virus.Ramnit) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{087B3AE3-E237-4467-B8DB-5A38AB959AC9} (Virus.Ramnit) -> Value: {087B3AE3-E237-4467-B8DB-5A38AB959AC9} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\DELL\BAE\BAE.DLL (Virus.Ramnit) -> Value: BAE.DLL -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files\openoffice.org 3\Basis\program\shlxthdl\shlxthdl.dll (Virus.Ramnit) -> Delete on reboot.
c:\documents and settings\maximillian\application data\Mozilla\Firefox\Profiles\0isueiao.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll (Virus.Ramnit) -> Delete on reboot.
c:\documents and settings\maximillian\application data\Mozilla\Firefox\Profiles\0isueiao.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll (Virus.Ramnit) -> Delete on reboot.
c:\program files\Dell\BAE\BAE.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\Java\jre6\bin\jp2ssv.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\documents and settings\maximillian\Desktop\fileassassin.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\internet explorer\custsat.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\internet explorer\ieproxy.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\internet explorer\PLUGINS\npqtplugin.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\internet explorer\PLUGINS\npqtplugin2.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\internet explorer\PLUGINS\npqtplugin3.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\internet explorer\PLUGINS\npqtplugin4.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\internet explorer\PLUGINS\npqtplugin5.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\internet explorer\PLUGINS\npqtplugin6.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\internet explorer\PLUGINS\npqtplugin7.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\firefoxmgr.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\plugins\np32dsw.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\plugins\npdivxplayerplugin.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\plugins\npqtplugin.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\plugins\npqtplugin2.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\plugins\npqtplugin3.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\plugins\npqtplugin4.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\plugins\npqtplugin5.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\plugins\npqtplugin6.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\plugins\npqtplugin7.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\plugins\nprpjplug.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\documents and settings\maximillian\local settings\Temp\svchost.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
  • 0

#5
ali.B
Posted 26 November 2011 - 03:02 PM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Step 1

Update MalwareBytes AntiMalware and Run a Quick Scan.
Post the log it produces

Step 2

ESET Online Scanner


  • Click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


Things i would like to see in your reply:
  • Malwarebytes Results.
  • Eset scanner report.
  • Update on how your computer is running

  • 0

#6
Max Smith
Posted 28 November 2011 - 04:00 PM

Max Smith

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Hi thanks for your help:

MBAM Log>>>

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8221

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

25/11/2011 20:33:46
mbam-log-2011-11-25 (20-33-38).txt

Scan type: Quick scan
Objects scanned: 207767
Time elapsed: 23 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 4
Registry Keys Infected: 20
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 89

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\program files\openoffice.org 3\Basis\program\shlxthdl\shlxthdl.dll (Virus.Ramnit) -> No action taken.
c:\program files\7-Zip\7-zip.dll (Virus.Ramnit) -> No action taken.
c:\documents and settings\maximillian\application data\Mozilla\Firefox\Profiles\0isueiao.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll (Virus.Ramnit) -> No action taken.
c:\documents and settings\maximillian\application data\Mozilla\Firefox\Profiles\0isueiao.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll (Virus.Ramnit) -> No action taken.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9} (Virus.Ramnit) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{23170F69-40C1-278A-1000-000100020000} (Virus.Ramnit) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{CA6319C0-31B7-401E-A518-A07C3DB8F777} (Virus.Ramnit) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{3EE33958-7381-4E7B-A4F3-6E43098E9E9C} (Virus.Ramnit) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{68352C65-F3D2-44D3-8404-B02E54FE0EFD} (Virus.Ramnit) -> No action taken.
HKEY_CLASSES_ROOT\BAE.BrowserHelperObject.1 (Virus.Ramnit) -> No action taken.
HKEY_CLASSES_ROOT\BAE.BrowserHelperObject (Virus.Ramnit) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777} (Virus.Ramnit) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA6319C0-31B7-401E-A518-A07C3DB8F777} (Virus.Ramnit) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} (Virus.Ramnit) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435B-BC74-9C25C1C588A9} (Virus.Ramnit) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9} (Virus.Ramnit) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (Virus.Ramnit) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{D85100D8-894D-4F80-9697-C220AF4202EB} (Virus.Ramnit) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{AD5FB04F-5A8D-44D4-8206-6A8734186EA2} (Virus.Ramnit) -> No action taken.
HKEY_CLASSES_ROOT\ieplugin.JQSIEStartDetectorImpl.1 (Virus.Ramnit) -> No action taken.
HKEY_CLASSES_ROOT\ieplugin.JQSIEStartDetectorImpl (Virus.Ramnit) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (Virus.Ramnit) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (Virus.Ramnit) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6} (Virus.Ramnit) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{087B3AE3-E237-4467-B8DB-5A38AB959AC9} (Virus.Ramnit) -> Value: {087B3AE3-E237-4467-B8DB-5A38AB959AC9} -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{23170F69-40C1-278A-1000-000100020000} (Virus.Ramnit) -> Value: {23170F69-40C1-278A-1000-000100020000} -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\DELL\BAE\BAE.DLL (Virus.Ramnit) -> Value: BAE.DLL -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files\openoffice.org 3\Basis\program\shlxthdl\shlxthdl.dll (Virus.Ramnit) -> No action taken.
c:\program files\7-Zip\7-zip.dll (Virus.Ramnit) -> No action taken.
c:\documents and settings\maximillian\application data\Mozilla\Firefox\Profiles\0isueiao.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll (Virus.Ramnit) -> No action taken.
c:\documents and settings\maximillian\application data\Mozilla\Firefox\Profiles\0isueiao.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll (Virus.Ramnit) -> No action taken.
c:\program files\Dell\BAE\BAE.dll (Virus.Ramnit) -> No action taken.
c:\program files\Java\jre6\bin\jp2ssv.dll (Virus.Ramnit) -> No action taken.
c:\program files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Virus.Ramnit) -> No action taken.
c:\documents and settings\maximillian\Desktop\fileassassin.dll (Virus.Ramnit) -> No action taken.
c:\program files\internet explorer\custsat.dll (Virus.Ramnit) -> No action taken.
c:\program files\internet explorer\ieproxy.dll (Virus.Ramnit) -> No action taken.
c:\program files\internet explorer\PLUGINS\npqtplugin.dll (Virus.Ramnit) -> No action taken.
c:\program files\internet explorer\PLUGINS\npqtplugin2.dll (Virus.Ramnit) -> No action taken.
c:\program files\internet explorer\PLUGINS\npqtplugin3.dll (Virus.Ramnit) -> No action taken.
c:\program files\internet explorer\PLUGINS\npqtplugin4.dll (Virus.Ramnit) -> No action taken.
c:\program files\internet explorer\PLUGINS\npqtplugin5.dll (Virus.Ramnit) -> No action taken.
c:\program files\internet explorer\PLUGINS\npqtplugin6.dll (Virus.Ramnit) -> No action taken.
c:\program files\internet explorer\PLUGINS\npqtplugin7.dll (Virus.Ramnit) -> No action taken.
c:\program files\mozilla firefox\firefoxmgr.exe (Spyware.Passwords.XGen) -> No action taken.
c:\program files\mozilla firefox\plugins\np32dsw.dll (Virus.Ramnit) -> No action taken.
c:\program files\mozilla firefox\plugins\npdivxplayerplugin.dll (Virus.Ramnit) -> No action taken.
c:\program files\mozilla firefox\plugins\npqtplugin.dll (Virus.Ramnit) -> No action taken.
c:\program files\mozilla firefox\plugins\npqtplugin2.dll (Virus.Ramnit) -> No action taken.
c:\program files\mozilla firefox\plugins\npqtplugin3.dll (Virus.Ramnit) -> No action taken.
c:\program files\mozilla firefox\plugins\npqtplugin4.dll (Virus.Ramnit) -> No action taken.
c:\program files\mozilla firefox\plugins\npqtplugin5.dll (Virus.Ramnit) -> No action taken.
c:\program files\mozilla firefox\plugins\npqtplugin6.dll (Virus.Ramnit) -> No action taken.
c:\program files\mozilla firefox\plugins\npqtplugin7.dll (Virus.Ramnit) -> No action taken.
c:\program files\mozilla firefox\plugins\nprpjplug.dll (Virus.Ramnit) -> No action taken.
c:\rmdbjgtp.exe (Spyware.Passwords.XGen) -> No action taken.
c:\documents and settings\maximillian\local settings\Temp\gcapi_dll.dll (Virus.Ramnit) -> No action taken.
c:\documents and settings\maximillian\local settings\Temp\svchost.exe (Spyware.Passwords.XGen) -> No action taken.
c:\documents and settings\maximillian\local settings\Temp\ywiseext.dll (Virus.Ramnit) -> No action taken.
c:\documents and settings\maximillian\local settings\Temp\jkos-maximillian\binaries\FSSync.dll (Virus.Ramnit) -> No action taken.
c:\documents and settings\maximillian\local settings\Temp\jkos-maximillian\binaries\ikave.dll (Virus.Ramnit) -> No action taken.
c:\documents and settings\maximillian\local settings\Temp\jkos-maximillian\binaries\kave.dll (Virus.Ramnit) -> No action taken.
c:\documents and settings\maximillian\local settings\Temp\jkos-maximillian\binaries\prLoader.dll (Virus.Ramnit) -> No action taken.
c:\documents and settings\maximillian\local settings\Temp\jkos-maximillian\binaries\prremote.dll (Virus.Ramnit) -> No action taken.
c:\documents and settings\maximillian\local settings\Temp\opencandy\ocsetuphlp.dll (Virus.Ramnit) -> No action taken.
c:\documents and settings\maximillian\local settings\Temp\Patcher\patcher1188\CAPS\adobe_caps.dll (Virus.Ramnit) -> No action taken.
c:\documents and settings\maximillian\local settings\Temp\Patcher\patcher1188\stagingarea\1315.dll (Virus.Ramnit) -> No action taken.
c:\documents and settings\maximillian\local settings\Temp\Patcher\patcher1188\stagingarea\1339.dll (Virus.Ramnit) -> No action taken.
c:\documents and settings\maximillian\local settings\Temp\Patcher\patcher1188\stagingarea\1374.dll (Virus.Ramnit) -> No action taken.
c:\documents and settings\maximillian\local settings\Temp\Patcher\patcher1188\stagingarea\1451.dll (Virus.Ramnit) -> No action taken.
c:\documents and settings\maximillian\local settings\Temp\Patcher\patcher1188\stagingarea\1557.dll (Virus.Ramnit) -> No action taken.
c:\documents and settings\maximillian\local settings\Temp\Patcher\patcher1188\stagingarea\1661.dll (Virus.Ramnit) -> No action taken.
c:\documents and settings\maximillian\local settings\Temp\Patcher\patcher1188\stagingarea\1783.dll (Virus.Ramnit) -> No action taken.
c:\documents and settings\maximillian\local settings\Temp\Patcher\patcher1188\stagingarea\1903.dll (Virus.Ramnit) -> No action taken.
c:\documents and settings\maximillian\local settings\Temp\Patcher\patcher1188\stagingarea\1912.dll (Virus.Ramnit) -> No action taken.
c:\documents and settings\maximillian\local settings\Temp\Patcher\patcher1188\stagingarea\1966.dll (Virus.Ramnit) -> No action taken.
c:\documents and settings\maximillian\local settings\Temp\Patcher\patcher1188\stagingarea\1982.dll (Virus.Ramnit) -> No action taken.
c:\documents and settings\maximillian\local settings\Temp\Patcher\patcher1188\stagingarea\1983.dll (Virus.Ramnit) -> No action taken.
c:\documents and settings\maximillian\local settings\Temp\Patcher\patcher1188\stagingarea\1987.dll (Virus.Ramnit) -> No action taken.
c:\documents and settings\maximillian\local settings\Temp\Patcher\patcher1188\stagingarea\1997.dll (Virus.Ramnit) -> No action taken.
c:\documents and settings\maximillian\local settings\Temp\Patcher\patcher1188\stagingarea\2018.dll (Virus.Ramnit) -> No action taken.
c:\documents and settings\maximillian\local settings\Temp\Patcher\patcher1188\stagingarea\2053.dll (Virus.Ramnit) -> No action taken.
c:\documents and settings\maximillian\local settings\Temp\Patcher\patcher1188\stagingarea\2065.dll (Virus.Ramnit) -> No action taken.
c:\documents and settings\maximillian\local settings\Temp\Patcher\patcher1188\stagingarea\2086.dll (Virus.Ramnit) -> No action taken.
c:\documents and settings\maximillian\local settings\Temp\Patcher\patcher1188\stagingarea\2104.dll (Virus.Ramnit) -> No action taken.
c:\documents and settings\maximillian\local settings\Temp\Patcher\patcher1188\stagingarea\2111.dll (Virus.Ramnit) -> No action taken.
c:\documents and settings\maximillian\local settings\Temp\Patcher\patcher1188\stagingarea\2149.dll (Virus.Ramnit) -> No action taken.
c:\documents and settings\maximillian\local settings\Temp\Patcher\patcher1188\stagingarea\2162.dll (Virus.Ramnit) -> No action taken.
c:\documents and settings\maximillian\local settings\Temp\Patcher\patcher1188\stagingarea\2195.dll (Virus.Ramnit) -> No action taken.
c:\documents and settings\maximillian\local settings\Temp\Patcher\patcher1188\stagingarea\2196.dll (Virus.Ramnit) -> No action taken.
c:\documents and settings\maximillian\local settings\Temp\Patcher\patcher2916\CAPS\adobe_caps.dll (Virus.Ramnit) -> No action taken.
c:\documents and settings\maximillian\local settings\Temp\Patcher\patcher4020\CAPS\adobe_caps.dll (Virus.Ramnit) -> No action taken.
c:\documents and settings\maximillian\local settings\Temp\Patcher\patcher4124\CAPS\adobe_caps.dll (Virus.Ramnit) -> No action taken.
c:\documents and settings\maximillian\local settings\Temp\Patcher\patcher4196\CAPS\adobe_caps.dll (Virus.Ramnit) -> No action taken.
c:\documents and settings\maximillian\local settings\Temp\Patcher\patcher4220\CAPS\adobe_caps.dll (Virus.Ramnit) -> No action taken.
c:\documents and settings\maximillian\local settings\Temp\Patcher\patcher4220\stagingarea\1004.dll (Virus.Ramnit) -> No action taken.
c:\documents and settings\maximillian\local settings\Temp\Patcher\patcher4220\stagingarea\1005.dll (Virus.Ramnit) -> No action taken.
c:\documents and settings\maximillian\local settings\Temp\Patcher\patcher5184\CAPS\adobe_caps.dll (Virus.Ramnit) -> No action taken.
c:\documents and settings\maximillian\local settings\Temp\Patcher\patcher5184\stagingarea\5324.dll (Virus.Ramnit) -> No action taken.
c:\documents and settings\maximillian\local settings\Temp\Patcher\patcher5184\stagingarea\5325.dll (Virus.Ramnit) -> No action taken.
c:\documents and settings\maximillian\local settings\Temp\Patcher\patcher5184\stagingarea\5329.dll (Virus.Ramnit) -> No action taken.
c:\documents and settings\maximillian\local settings\Temp\Patcher\patcher5184\stagingarea\5332.dll (Virus.Ramnit) -> No action taken.
c:\documents and settings\maximillian\local settings\Temp\Patcher\patcher5184\stagingarea\5339.dll (Virus.Ramnit) -> No action taken.
c:\documents and settings\maximillian\local settings\Temp\Patcher\patcher5184\stagingarea\5362.dll (Virus.Ramnit) -> No action taken.
c:\documents and settings\maximillian\local settings\Temp\Patcher\patcher5184\stagingarea\5363.dll (Virus.Ramnit) -> No action taken.
c:\documents and settings\maximillian\local settings\Temp\Patcher\patcher5184\stagingarea\5382.dll (Virus.Ramnit) -> No action taken.
c:\documents and settings\maximillian\local settings\Temp\Patcher\patcher5184\stagingarea\5390.dll (Virus.Ramnit) -> No action taken.
c:\documents and settings\maximillian\local settings\Temp\Patcher\patcher5184\stagingarea\5406.dll (Virus.Ramnit) -> No action taken.
c:\documents and settings\maximillian\local settings\Temp\Patcher\patcher5512\CAPS\adobe_caps.dll (Virus.Ramnit) -> No action taken.
c:\documents and settings\maximillian\local settings\Temp\Patcher\patcher5512\stagingarea\1001.dll (Virus.Ramnit) -> No action taken.
c:\documents and settings\maximillian\local settings\Temp\Patcher\patcher5512\stagingarea\1002.dll (Virus.Ramnit) -> No action taken.
c:\documents and settings\maximillian\local settings\Temp\Patcher\patcher5512\stagingarea\1004.dll (Virus.Ramnit) -> No action taken.
c:\documents and settings\maximillian\local settings\Temp\Patcher\patcher5512\stagingarea\1007.dll (Virus.Ramnit) -> No action taken.
c:\documents and settings\maximillian\local settings\Temp\Patcher\patcher5512\stagingarea\1013.dll (Virus.Ramnit) -> No action taken.
c:\documents and settings\maximillian\local settings\Temp\Patcher\patcher5512\stagingarea\1014.dll (Virus.Ramnit) -> No action taken.
c:\documents and settings\maximillian\local settings\Temp\Patcher\patcher5768\CAPS\adobe_caps.dll (Virus.Ramnit) -> No action taken.
  • 0

#7
ali.B
Posted 29 November 2011 - 05:51 AM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
Why are you not removing what Malwarebytes finds?

please update again malwarebytes and do a quick scan than follow these instructions


When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
  • 0

#8
ali.B
Posted 04 December 2011 - 03:44 AM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP