WiredWX Hobby Weather ToolsLog in

 


Security Tool 2010 - Infected on Windows XP Home Edition SP3

2 posters

descriptionSecurity Tool 2010 - Infected on Windows XP Home Edition SP3 - Page 2 EmptyRe: Security Tool 2010 - Infected on Windows XP Home Edition SP3

more_horiz
Hi,

Managed to use the internet at a hotel today, so I will try your new suggestions later.

I also logged into another user account on the laptop in safe mode and ran MBAM and Comofix...both programs found something....logs below:

MBAM LOG:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 6.0.2900.5512

19/09/2010 04:55:34
mbam-log-2010-09-19 (04-55-34).txt

Scan type: Quick scan
Objects scanned: 126672
Time elapsed: 7 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\com+ manager (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Web\Local Settings\Temp\hjkr1p.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Web\Local Settings\Temp\jkr2hs7fqw.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Web\Local Settings\Temp\kqt4n6dlkw.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Web\Local Settings\Temp\tpcuqc.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Web\Local Settings\Temp\u3dwyosn.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Web\Local Settings\Temp\zmo0cie0.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Web\Start Menu\Programs\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully.


COMBOFIX LOG:
ComboFix 10-09-16.04 - Web 19/09/2010 5:00.1.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.807 [GMT 1:00]
Running from: c:\documents and settings\Web\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Web\.COMMgr
c:\documents and settings\Web\Local Settings\Application Data\bnquqfngg\bsuvbheuqiw.exe
c:\documents and settings\Web\Local Settings\Application Data\edrsqkdmi\bpghquduqiw.exe
c:\windows\atidalosa.dll
c:\windows\eputibof.dll
c:\windows\ulibiyovoxanetix.dll
c:\windows\wimgxft.dll

c:\windows\system32\winlogon.exe . . . is infected!!

c:\windows\explorer.exe . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2010-08-19 to 2010-09-19 )))))))))))))))))))))))))))))))
.

2010-09-17 12:02 . 2010-09-17 12:02 -------- d-----w- c:\documents and settings\Admin\Application Data\vlc
2010-09-17 11:51 . 2010-09-17 11:51 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Google
2010-09-17 11:44 . 2010-09-17 12:12 -------- d-----w- c:\documents and settings\Admin\Application Data\Apple Computer
2010-09-17 02:44 . 2010-09-17 02:53 -------- d-----w- C:\Combo-Fix
2010-09-14 06:34 . 2010-09-14 06:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-09-14 06:34 . 2010-09-14 06:34 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-09-14 04:14 . 2010-09-14 04:14 -------- d-----w- c:\documents and settings\Admin\Application Data\PC Tools
2010-09-14 04:13 . 2010-09-14 06:08 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-09-14 02:02 . 2010-09-14 02:02 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-09-14 02:02 . 2010-09-14 02:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-14 01:56 . 2010-09-14 04:14 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-09-13 00:43 . 2010-09-14 01:48 0 ----a-w- c:\windows\Qtuweqetalaj.bin
2010-09-13 00:43 . 2010-09-14 03:47 2838 ----a-w- c:\windows\Ojefuyag.dat
2010-09-13 00:42 . 2010-09-19 04:08 841216 ----a-w- c:\windows\system32\drivers\lggtctm.sys
2010-09-11 11:14 . 2010-09-11 11:14 -------- d-----w- c:\program files\Convar

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-17 12:12 . 2009-02-07 11:28 60464 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-17 02:21 . 2010-09-14 02:00 60464 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-14 02:01 . 2010-09-14 02:00 136 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\fusioncache.dat
2010-09-13 00:11 . 2009-10-17 00:36 -------- d-----w- c:\program files\Telstra Turbo Connection Manager
2010-08-23 01:36 . 2009-04-12 21:51 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2010-08-04 00:11 . 2010-07-21 11:28 27591840 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\msgup1000_1270_us_u2.exe
2010-08-02 07:30 . 2010-08-02 07:30 -------- d-----w- c:\program files\Ableton
2010-08-02 04:46 . 2009-02-18 21:42 -------- d-----w- c:\program files\Google
2010-08-02 00:18 . 2010-07-10 10:47 -------- d-----w- c:\program files\Mediafour
2010-07-25 14:40 . 2010-07-25 14:35 -------- d-----w- c:\documents and settings\All Users\Application Data\WindSolutions
2010-07-25 14:37 . 2010-07-25 14:37 -------- d-----w- c:\program files\Music Rescue
2010-07-25 14:35 . 2010-07-25 14:35 -------- d-----w- c:\program files\WindSolutions
2010-07-10 04:53 . 2010-07-10 04:53 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2008-05-07 08:34 . 2008-07-05 02:55 15523560 ----a-w- c:\program files\U1 Setup.exe
.

------- Sigcheck -------

[-] 2008-04-14 . 858A92ABBFA4395FDEAE9CE8404D0DF5 . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

[-] 2008-04-14 . ED8230261CDBB41414A152098A5E1293 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-24 104984]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-24 121368]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-24 100888]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2008-06-03 98304]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2008-06-03 479232]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2008-05-21 94208]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2008-07-23 335872]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-05-26 85160]
"autodetect"="c:\windows\system32\SupportAppXL\AutoDect.exe" [2008-08-07 91648]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-16 16806400]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"wupdate"="c:\windows\system32\wupdate.exe" [BU]
"utlegodg"="c:\documents and settings\Web\Local Settings\Application Data\bnquqfngg\bsuvbheuqiw.exe" [BU]
"aopgomts"="c:\documents and settings\Web\Local Settings\Application Data\edrsqkdmi\bpghquduqiw.exe" [BU]
"Wmimefameteq"="c:\windows\onuyohuy.dll" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-2-3 113664]
SuperHybridEngine.lnk - c:\program files\Asus\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2008-7-5 303104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-10-11 02:51 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-06-19 08:20 57344 ----a-w- c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
2008-06-19 08:42 2808832 ----a-w- c:\windows\alcwzrd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 16:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2008-06-18 10:01 77824 ----a-w- c:\windows\SoundMan.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\igfxtray.exe"=

S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys --> c:\windows\system32\DRIVERS\epfwtdir.sys [?]
S2 0028831284690044mcinstcleanup;McAfee Application Installer Cleanup (0028831284690044);c:\docume~1\ADMINI~1\LOCALS~1\Temp\002883~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\002883~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S2 gupdate1c9921256115394;Google Update Service (gupdate1c9921256115394);c:\program files\Google\Update\GoogleUpdate.exe [18/02/2009 22:46 133104]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [17/10/2009 01:37 7680]

--- Other Services/Drivers In Memory ---

*Deregistered* - lggtctm
.
Contents of the 'Scheduled Tasks' folder

2010-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-18 21:46]

2010-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-18 21:46]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Connection Wizard,ShellNext = hxxp://eeepc.asus.com/global
uInternet Settings,ProxyServer = http=127.0.0.1:6092
uInternet Settings,ProxyOverride =
IE: Save Flash - c:\program files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
IE: Save YouTube Video - c:\program files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/217
FF - ProfilePath - c:\documents and settings\Web\Application Data\Mozilla\Firefox\Profiles\zirmi4w0.default\
FF - prefs.js: browser.startup.homepage - www.google.com.au
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdjvu.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: XULRunner: {0FED6A9D-2712-4322-8209-E040FCB5E084} - c:\documents and settings\Web\Local Settings\Application Data\{0FED6A9D-2712-4322-8209-E040FCB5E084}
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-DriverUpdaterPro - c:\program files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe
HKCU-Run-Wcoluj - c:\windows\wimgxft.dll
HKCU-Run-utlegodg - c:\documents and settings\Web\Local Settings\Application Data\bnquqfngg\bsuvbheuqiw.exe
HKCU-Run-aopgomts - c:\documents and settings\Web\Local Settings\Application Data\edrsqkdmi\bpghquduqiw.exe
HKCU-Run-sdsetup_aff - c:\documents and settings\Web\Desktop\sdsetup_aff.exe
HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-19 05:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lggtctm]

.
Completion time: 2010-09-19 05:10:25
ComboFix-quarantined-files.txt 2010-09-19 04:10
ComboFix2.txt 2010-09-17 02:53
ComboFix3.txt 2010-09-14 08:17
ComboFix4.txt 2010-09-14 07:46

Pre-Run: 2,011,340,800 bytes free
Post-Run: 2,358,132,736 bytes free

- - End Of File - - F9D228B21C98CAF298F0247ACB869F59


I'll try the OTL thing later and hopefully get online and post the log tomorrow. |Thanks so much for all your help!!

Martin

descriptionSecurity Tool 2010 - Infected on Windows XP Home Edition SP3 - Page 2 EmptyRe: Security Tool 2010 - Infected on Windows XP Home Edition SP3

more_horiz
Hey,

Here's the log created by OTL:

OTL logfile created on: 19/09/2010 13:15:29 - Run 2
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Documents and Settings\Web\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,015.00 Mb Total Physical Memory | 809.00 Mb Available Physical Memory | 80.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 1522 1522 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 40.00 Gb Total Space | 2.18 Gb Free Space | 5.46% Space Free | Partition Type: NTFS
Drive D: | 34.49 Gb Total Space | 0.15 Gb Free Space | 0.44% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 14.92 Gb Total Space | 0.37 Gb Free Space | 2.48% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MARTLIN
Current User Name: Web
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/15 11:54:30 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Web\Desktop\OTL.com
PRC - [2008/04/14 13:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/05/26 06:33:26 | 000,021,185 | R--- | M] () -- F:\malware software n logs.exe


========== Modules (SafeList) ==========

MOD - [2010/09/15 11:54:30 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Web\Desktop\OTL.com
MOD - [2008/04/14 13:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Combo-Fix20529C\PEV.cfx -- (PEVSystemStart)
SRV - File not found [On_Demand | Stopped] -- C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe -- (McSysmon)
SRV - File not found [Unknown | Stopped] -- C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe -- (McShield)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\002883~1.EXE -- (0028831284690044mcinstcleanup) McAfee Application Installer Cleanup (0028831284690044)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2007/01/05 03:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\DRIVERS\epfwtdir.sys -- (epfwtdir)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\DRIVERS\easdrv.sys -- (easdrv)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\DRIVERS\eamon.sys -- (eamon)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Web\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2009/05/23 00:08:32 | 000,029,696 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VClone.sys -- (VClone)
DRV - [2009/02/17 18:11:30 | 000,024,232 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2008/08/12 10:30:54 | 000,007,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)
DRV - [2008/07/16 11:52:00 | 004,747,776 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/07/14 07:12:06 | 000,025,088 | ---- | M] (ELANTECH Devices Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ETD.sys -- (Ktp)
DRV - [2008/04/19 06:05:22 | 000,103,936 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2008/04/19 06:05:22 | 000,103,936 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2008/04/19 06:05:22 | 000,103,936 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2008/04/14 13:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/03/12 03:37:00 | 000,036,864 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1e51x86.sys -- (L1e)
DRV - [2007/07/27 04:00:38 | 000,011,264 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASUSACPI.SYS -- (AsusACPI)
DRV - [2007/05/03 12:00:58 | 000,546,976 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2006/10/10 23:24:00 | 001,181,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2001/08/17 15:05:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\OVCD.sys -- (QCDonner)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com.au"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {0FED6A9D-2712-4322-8209-E040FCB5E084}:1.9.1

FF - HKLM\software\mozilla\Firefox\Extensions\\{0FED6A9D-2712-4322-8209-E040FCB5E084}: C:\Documents and Settings\Web\Local Settings\Application Data\{0FED6A9D-2712-4322-8209-E040FCB5E084} [2010/09/13 01:43:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/12 16:25:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/10 06:03:36 | 000,000,000 | ---D | M]

[2008/12/25 14:05:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Web\Application Data\Mozilla\Extensions
[2010/08/21 12:03:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Web\Application Data\Mozilla\Firefox\Profiles\zirmi4w0.default\extensions
[2009/05/02 09:10:09 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Web\Application Data\Mozilla\Firefox\Profiles\zirmi4w0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/09/12 02:29:37 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2005/11/10 19:21:00 | 001,499,136 | ---- | M] (LizardTech) -- C:\Program Files\Mozilla Firefox\plugins\npdjvu.dll
[2009/08/22 05:00:30 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2009/08/22 05:00:30 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2009/08/22 05:00:30 | 000,000,759 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2009/08/22 05:00:30 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/09/19 05:07:46 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (IEButton Class) - {F81D52BF-F2F1-4F49-BF5F-05664E803039} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (UnH Solutions)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Save Flash) - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll (TODO: )
O3 - HKCU\..\Toolbar\WebBrowser: (&Save Flash) - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll (TODO: )
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [aopgomts] C:\Documents and Settings\Web\Local Settings\Application Data\edrsqkdmi\bpghquduqiw.exe File not found
O4 - HKLM..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [autodetect] C:\WINDOWS\system32\SupportAppXL\AutoDect.exe ()
O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCTRL.EXE (ELANTECH Devices Corp.)
O4 - HKLM..\Run: [Flashy Bot] C:\WINDOWS\system32\Flashy.exe ()
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe File not found
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [ocernwasxm.tmp] C:\DOCUME~1\Web\LOCALS~1\Temp\ocernwasxm.tmp File not found
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [utlegodg] C:\Documents and Settings\Web\Local Settings\Application Data\bnquqfngg\bsuvbheuqiw.exe File not found
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKLM..\Run: [Wmimefameteq] C:\WINDOWS\onuyohuy.DLL File not found
O4 - HKLM..\Run: [wupdate] C:\WINDOWS\System32\wupdate.exe File not found
O4 - HKCU..\Run: [aopgomts] C:\Documents and Settings\Web\Local Settings\Application Data\edrsqkdmi\bpghquduqiw.exe File not found
O4 - HKCU..\Run: [DriverUpdaterPro] C:\Program Files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe File not found
O4 - HKCU..\Run: [sdsetup_aff] C:\Documents and Settings\Web\Desktop\sdsetup_aff.exe File not found
O4 - HKCU..\Run: [utlegodg] C:\Documents and Settings\Web\Local Settings\Application Data\bnquqfngg\bsuvbheuqiw.exe File not found
O4 - HKCU..\Run: [Wcoluj] C:\WINDOWS\wimgxft.DLL File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SuperHybridEngine.lnk = C:\Program Files\Asus\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.)
O4 - Startup: C:\Documents and Settings\Web\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\Web\Start Menu\Programs\Startup\systemID.pif ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O8 - Extra context menu item: Save Flash - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (UnH Solutions)
O8 - Extra context menu item: Save YouTube Video - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (UnH Solutions)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\lspnuj.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Web\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Web\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/05 02:52:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{bf1dda54-9bba-11df-a5e5-00235411e6aa}\Shell\AutoRun\command - "" = F:\Autorun.exe -- File not found
O33 - MountPoints2\{bf1dda54-9bba-11df-a5e5-00235411e6aa}\Shell\Shell00\Command - "" = F:\Autorun.exe -- File not found
O33 - MountPoints2\{bf1dda54-9bba-11df-a5e5-00235411e6aa}\Shell\Shell01\Command - "" = F:\Autorun.exe -- File not found
O33 - MountPoints2\{bf1dda54-9bba-11df-a5e5-00235411e6aa}\Shell\Shell02\Command - "" = F:\Autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/09/19 13:14:34 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Web\Desktop\OTL.com
[2010/09/19 05:17:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Web\Desktop\sort this crap
[2010/09/19 05:10:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/09/19 04:59:30 | 000,000,000 | ---D | C] -- C:\Combo-Fix20529C
[2010/09/17 03:44:44 | 000,000,000 | ---D | C] -- C:\Combo-Fix
[2010/09/14 08:37:19 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/09/14 08:25:41 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/09/14 08:25:41 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/09/14 08:25:41 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/09/14 08:25:41 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/09/14 08:25:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/09/14 08:25:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/09/14 07:34:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/09/14 07:34:09 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/09/14 05:13:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/09/14 03:15:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Web\Application Data\Malwarebytes
[2010/09/14 03:02:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/09/14 02:56:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/09/13 01:43:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Web\Local Settings\Application Data\{0FED6A9D-2712-4322-8209-E040FCB5E084}
[2010/09/13 01:40:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Web\Local Settings\Application Data\edrsqkdmi
[2010/09/13 01:40:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Web\Local Settings\Application Data\bnquqfngg
[2010/09/13 01:39:32 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Documents\Server
[2010/09/13 01:39:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Web\Application Data\F24339461A107A09551E960FE262B144
[2010/09/11 12:14:59 | 000,000,000 | ---D | C] -- C:\Program Files\Convar
[2010/08/02 08:30:14 | 000,000,000 | ---D | C] -- C:\Program Files\Ableton
[2010/08/02 01:18:07 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/07/25 15:37:36 | 000,000,000 | ---D | C] -- C:\Program Files\Music Rescue
[2010/07/25 15:37:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Web\Local Settings\Application Data\Downloaded Installations
[2010/07/25 15:35:44 | 000,000,000 | ---D | C] -- C:\Program Files\WindSolutions
[2010/07/25 15:35:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Web\Application Data\WindSolutions
[2010/07/25 15:35:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
[2010/07/10 11:47:18 | 000,000,000 | ---D | C] -- C:\Program Files\Mediafour
[2010/07/10 06:07:01 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/07/10 06:06:48 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/07/10 06:02:24 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/07/10 05:55:41 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/26 09:36:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Web\Desktop\Programs
[2010/06/26 09:23:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Web\Desktop\Documents
[2008/07/05 03:55:03 | 015,523,560 | ---- | C] (Macrovision Corporation) -- C:\Program Files\U1 Setup.exe
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/09/19 13:18:02 | 000,841,216 | ---- | M] () -- C:\WINDOWS\System32\drivers\lggtctm.sys
[2010/09/19 13:11:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/19 13:10:49 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/19 13:05:46 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/19 05:18:14 | 006,029,312 | -H-- | M] () -- C:\Documents and Settings\Web\NTUSER.DAT
[2010/09/19 05:18:14 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Web\ntuser.ini
[2010/09/19 05:18:07 | 004,084,248 | -H-- | M] () -- C:\Documents and Settings\Web\Local Settings\Application Data\IconCache.db
[2010/09/19 05:07:56 | 000,000,284 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/09/19 05:07:46 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/09/19 04:25:16 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/19 04:12:42 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/17 03:16:16 | 000,008,212 | ---- | M] () -- C:\WINDOWS\mfebcdata
[2010/09/16 06:53:44 | 000,003,056 | ---- | M] () -- C:\Documents and Settings\Web\Local Settings\Application Data\syssvc.exe
[2010/09/15 11:54:30 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Web\Desktop\OTL.com
[2010/09/14 08:37:24 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/09/14 04:47:48 | 000,002,838 | ---- | M] () -- C:\WINDOWS\Ojefuyag.dat
[2010/09/14 02:48:56 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Qtuweqetalaj.bin
[2010/09/13 10:04:55 | 000,077,824 | ---- | M] () -- C:\Documents and Settings\Web\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/13 01:11:18 | 000,002,155 | ---- | M] () -- C:\Documents and Settings\Web\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2010/08/17 10:41:19 | 000,005,360 | ---- | M] () -- C:\Documents and Settings\Web\Application Data\wklnhst.dat
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/19 13:13:46 | 000,021,185 | R--- | C] () -- C:\Documents and Settings\Web\Start Menu\Programs\Startup\systemID.pif
[2010/09/19 13:13:46 | 000,021,185 | -H-- | C] () -- C:\WINDOWS\System32\Flashy.exe
[2010/09/17 03:16:16 | 000,008,212 | ---- | C] () -- C:\WINDOWS\mfebcdata
[2010/09/16 06:53:44 | 000,003,056 | ---- | C] () -- C:\Documents and Settings\Web\Local Settings\Application Data\syssvc.exe
[2010/09/14 08:37:24 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/09/14 08:37:20 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/09/14 08:25:41 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/09/14 08:25:41 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/09/14 08:25:41 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/09/14 08:25:41 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/09/14 08:25:41 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/09/13 01:43:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Qtuweqetalaj.bin
[2010/09/13 01:43:48 | 000,002,838 | ---- | C] () -- C:\WINDOWS\Ojefuyag.dat
[2010/09/13 01:42:14 | 000,841,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\lggtctm.sys
[2010/07/26 12:44:38 | 000,002,155 | ---- | C] () -- C:\Documents and Settings\Web\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2009/05/15 13:17:11 | 000,749,568 | ---- | C] () -- C:\WINDOWS\System32\AGISSI.DLL
[2009/05/15 13:17:09 | 011,194,368 | ---- | C] () -- C:\WINDOWS\System32\ZHHP_RES.DLL
[2009/02/17 18:11:30 | 000,024,232 | ---- | C] () -- C:\WINDOWS\System32\drivers\ElbyCDIO.sys
[2009/01/13 12:29:15 | 000,005,360 | ---- | C] () -- C:\Documents and Settings\Web\Application Data\wklnhst.dat
[2009/01/04 22:25:29 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2008/12/26 23:23:10 | 000,077,824 | ---- | C] () -- C:\Documents and Settings\Web\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/26 03:00:55 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Web\Local Settings\Application Data\fusioncache.dat
[2008/12/11 13:27:24 | 000,000,259 | ---- | C] () -- C:\Documents and Settings\Web\Application Data\com.kennettnet.MusicRescue4.Profiles.plist
[2008/12/11 12:53:20 | 000,000,207 | ---- | C] () -- C:\Documents and Settings\Web\Application Data\com.kennettnet.MusicRescue4.plist
[2008/07/05 04:34:15 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/07/05 03:37:44 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/07/05 03:37:44 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/07/05 03:37:44 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/07/05 03:37:44 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/07/05 03:37:44 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/07/05 03:37:44 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/07/05 02:59:40 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4704.dll
[2008/07/03 05:32:06 | 000,005,312 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/03/17 23:54:36 | 000,012,208 | ---- | C] () -- C:\WINDOWS\AsTrayLang.ini

========== LOP Check ==========

[2010/06/11 14:14:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ableton
[2008/12/25 16:56:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ECAP
[2008/12/25 12:29:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010/09/14 07:34:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/09/14 07:08:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/07/25 15:40:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
[2010/08/02 08:30:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Web\Application Data\Ableton
[2009/08/20 10:52:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Web\Application Data\avidemux
[2009/06/04 22:08:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Web\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2010/09/13 01:39:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Web\Application Data\F24339461A107A09551E960FE262B144
[2010/01/05 13:13:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Web\Application Data\InterVideo
[2009/09/26 05:03:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Web\Application Data\OpenOffice.org
[2009/11/08 12:50:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Web\Application Data\ScummVM
[2009/07/19 18:51:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Web\Application Data\Spotify
[2009/01/13 12:29:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Web\Application Data\Template
[2010/07/25 15:40:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Web\Application Data\WindSolutions

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: EXPLORER.EXE >
[2008/04/14 13:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=ED8230261CDBB41414A152098A5E1293 -- C:\WINDOWS\explorer.exe

< MD5 for: WINLOGON.EXE >
[2008/04/14 13:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=858A92ABBFA4395FDEAE9CE8404D0DF5 -- C:\WINDOWS\system32\winlogon.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >


Hope this helps.
Thanks, once it's all fixed I'll definately be making a donation!

Martin

descriptionSecurity Tool 2010 - Infected on Windows XP Home Edition SP3 - Page 2 EmptyRe: Security Tool 2010 - Infected on Windows XP Home Edition SP3

more_horiz
Hello.
Do you have an XP disc you can borrow from a friend?

descriptionSecurity Tool 2010 - Infected on Windows XP Home Edition SP3 - Page 2 EmptyRe: Security Tool 2010 - Infected on Windows XP Home Edition SP3

more_horiz
Unfortunately not, and even if I found someone with an XP disc, as I mentioned in the first post, this EEEpc doesn't have a CD or DVD drive Sad tearing

Seems like I'm right by the finish line but I just can't cross it.

descriptionSecurity Tool 2010 - Infected on Windows XP Home Edition SP3 - Page 2 EmptyRe: Security Tool 2010 - Infected on Windows XP Home Edition SP3

more_horiz
Aslong as you have USB ports, external CD drives can be bought.

descriptionSecurity Tool 2010 - Infected on Windows XP Home Edition SP3 - Page 2 EmptyRe: Security Tool 2010 - Infected on Windows XP Home Edition SP3

more_horiz
That is very true, however they are fairly hard to come by up in the North West of Australia, as are people with an XP, and also fresh water. lol

Is there any other way to re create the system files that were corrupt? If I could get System Restore to work and could do a system restore to before the computer became infected would that restore them?

After running OTL I can now open most programs however it still gives me the RUNDLL dialog boxes when I enter windows saying two files are missing.

So close!!

descriptionSecurity Tool 2010 - Infected on Windows XP Home Edition SP3 - Page 2 EmptyRe: Security Tool 2010 - Infected on Windows XP Home Edition SP3

more_horiz
I managed to get online using the laptop last night to make the post previous to yours, however another fake spyware page loaded, so I disconnected and ran the MBAM again in both user accounts, logs follow:

LOG FROM ACCOUNT 1:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

20/09/2010 01:44:37
mbam-log-2010-09-20 (01-44-37).txt

Scan type: Quick scan
Objects scanned: 120256
Time elapsed: 8 minute(s), 46 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
C:\WINDOWS\system32\Flashy.exe (Trojan.Downloader) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\flashy bot (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> Delete on reboot.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\Flashy.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Start Menu\Programs\Startup\systemID.pif (Trojan.Downloader) -> Quarantined and deleted successfully.


LOG FROM ACCOUNT 2:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

20/09/2010 01:56:12
mbam-log-2010-09-20 (01-56-12).txt

Scan type: Quick scan
Objects scanned: 127618
Time elapsed: 7 minute(s), 19 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
C:\Documents and Settings\Web\Start Menu\Programs\Startup\systemID.pif (Trojan.Downloader) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> Delete on reboot.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Web\Start Menu\Programs\Startup\systemID.pif (Trojan.Downloader) -> Quarantined and deleted successfully.




I won't be logging on on the laptop again until I have it totally fixed and a new and up to date virus/spyware/maleware protection on it!

Thanks for all your help...hope I haven't take steps backwards when going online on the laptop.

Martin.


descriptionSecurity Tool 2010 - Infected on Windows XP Home Edition SP3 - Page 2 EmptyRe: Security Tool 2010 - Infected on Windows XP Home Edition SP3

more_horiz
Hello.
The problem isn't what MBAM detected, it's that your system files are infected and there isn't much options left. We need to get them infected files clean somehow, and getting them from a CD is probably the best option.

descriptionSecurity Tool 2010 - Infected on Windows XP Home Edition SP3 - Page 2 EmptyRe: Security Tool 2010 - Infected on Windows XP Home Edition SP3

more_horiz
Are there any other options aside from finding someone with the CD and then finding someone with a USB CD drive?

Is there any software that can run a fix and re create the system files? I'm just asking for alternatives as my chances of finding the CD ad CD drive are quite slim.

Thanks again,
Martin

descriptionSecurity Tool 2010 - Infected on Windows XP Home Edition SP3 - Page 2 EmptyRe: Security Tool 2010 - Infected on Windows XP Home Edition SP3

more_horiz
Nope, sadly not.

descriptionSecurity Tool 2010 - Infected on Windows XP Home Edition SP3 - Page 2 EmptyRe: Security Tool 2010 - Infected on Windows XP Home Edition SP3

more_horiz
It seems to be running fine without apart for the two RUNDLL boxes that appear on loading so I'll just have to stick with this until I either buy a new laptop or meet someone with the CD and a USB CD drive!

Thanks for everything.

descriptionSecurity Tool 2010 - Infected on Windows XP Home Edition SP3 - Page 2 EmptyRe: Security Tool 2010 - Infected on Windows XP Home Edition SP3

more_horiz
Hello.
That error is easy to fix.

Please download the current version of HijackThis from HERE

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.

descriptionSecurity Tool 2010 - Infected on Windows XP Home Edition SP3 - Page 2 EmptyRe: Security Tool 2010 - Infected on Windows XP Home Edition SP3

more_horiz
Sorry about the delay, I had to drive 1200km to get to the next place I can get online!

here's the log from HijackThis....hope it helps...

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:04:15, on 24/09/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\SupportAppXL\AutoDect.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Asus\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://eeepc.asus.com/global
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6092
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: IEButton Class - {F81D52BF-F2F1-4F49-BF5F-05664E803039} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [autodetect] C:\WINDOWS\system32\SupportAppXL\AutoDect.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ocernwasxm.tmp] "C:\DOCUME~1\Web\LOCALS~1\Temp\ocernwasxm.tmp"
O4 - HKLM\..\Run: [wupdate] %SystemRoot%\system32\wupdate.exe
O4 - HKLM\..\Run: [utlegodg] C:\Documents and Settings\Web\Local Settings\Application Data\bnquqfngg\bsuvbheuqiw.exe
O4 - HKLM\..\Run: [aopgomts] C:\Documents and Settings\Web\Local Settings\Application Data\edrsqkdmi\bpghquduqiw.exe
O4 - HKLM\..\Run: [Wmimefameteq] rundll32.exe "C:\WINDOWS\onuyohuy.dll",Startup
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Program Files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe -t
O4 - HKCU\..\Run: [Wcoluj] rundll32.exe "C:\WINDOWS\wimgxft.dll",Startup
O4 - HKCU\..\Run: [utlegodg] C:\Documents and Settings\Web\Local Settings\Application Data\bnquqfngg\bsuvbheuqiw.exe
O4 - HKCU\..\Run: [aopgomts] C:\Documents and Settings\Web\Local Settings\Application Data\edrsqkdmi\bpghquduqiw.exe
O4 - HKCU\..\Run: [sdsetup_aff] C:\Documents and Settings\Web\Desktop\sdsetup_aff.exe -min
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: SuperHybridEngine.lnk = ?
O8 - Extra context menu item: Save Flash - res://C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
O8 - Extra context menu item: Save YouTube Video - res://C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/217
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\lspnuj.dll' missing
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: McAfee Application Installer Cleanup (0028831284690044) (0028831284690044mcinstcleanup) - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\002883~1.EXE (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1c9921256115394) (gupdate1c9921256115394) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: PEVSystemStart - Unknown owner - C:\Combo-Fix20529C\PEV.cfxxe (file missing)

--
End of file - 10931 bytes


It was a very quick scan!
What might be the next steps I should take?
Thanks again,
Martin

descriptionSecurity Tool 2010 - Infected on Windows XP Home Edition SP3 - Page 2 EmptyRe: Security Tool 2010 - Infected on Windows XP Home Edition SP3

more_horiz
So another pop up window appeared whilst logging on to post that log, so i ran MBAM again, found more system files corrupted apparently...so here's the MBAM log and a new Hijack this log...hope I'm not just posting useless info to you now....

MBAM:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4662

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

24/09/2010 10:32:09
mbam-log-2010-09-24 (10-32-09).txt

Scan type: Quick scan
Objects scanned: 150780
Time elapsed: 13 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 1
Registry Data Items Infected: 3
Folders Infected: 1
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\idid (Trojan.Sasfix) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: c:\windows\system32\sdra64.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: system32\sdra64.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:
C:\WINDOWS\system32\lowsec (Stolen.data) -> Delete on reboot.

Files Infected:
C:\WINDOWS\system32\gepn.fyo (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Delete on reboot.
C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Delete on reboot.
C:\WINDOWS\system32\sdra64.exe (Spyware.Zbot) -> Delete on reboot.


HIJACK:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:03:10, on 24/09/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\WINDOWS\system32\SupportAppXL\AutoDect.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\igfxext.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Asus\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AVG\AVG9\avgui.exe
C:\Program Files\AVG\AVG9\avgscanx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\iTunes\iTunes.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://eeepc.asus.com/global
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6092
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: IEButton Class - {F81D52BF-F2F1-4F49-BF5F-05664E803039} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [autodetect] C:\WINDOWS\system32\SupportAppXL\AutoDect.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ocernwasxm.tmp] "C:\DOCUME~1\Web\LOCALS~1\Temp\ocernwasxm.tmp"
O4 - HKLM\..\Run: [wupdate] %SystemRoot%\system32\wupdate.exe
O4 - HKLM\..\Run: [utlegodg] C:\Documents and Settings\Web\Local Settings\Application Data\bnquqfngg\bsuvbheuqiw.exe
O4 - HKLM\..\Run: [aopgomts] C:\Documents and Settings\Web\Local Settings\Application Data\edrsqkdmi\bpghquduqiw.exe
O4 - HKLM\..\Run: [Wmimefameteq] rundll32.exe "C:\WINDOWS\onuyohuy.dll",Startup
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Program Files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe -t
O4 - HKCU\..\Run: [Wcoluj] rundll32.exe "C:\WINDOWS\wimgxft.dll",Startup
O4 - HKCU\..\Run: [utlegodg] C:\Documents and Settings\Web\Local Settings\Application Data\bnquqfngg\bsuvbheuqiw.exe
O4 - HKCU\..\Run: [aopgomts] C:\Documents and Settings\Web\Local Settings\Application Data\edrsqkdmi\bpghquduqiw.exe
O4 - HKCU\..\Run: [sdsetup_aff] C:\Documents and Settings\Web\Desktop\sdsetup_aff.exe -min
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: SuperHybridEngine.lnk = ?
O8 - Extra context menu item: Save Flash - res://C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
O8 - Extra context menu item: Save YouTube Video - res://C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/217
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\lspnuj.dll' missing
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: McAfee Application Installer Cleanup (0028831284690044) (0028831284690044mcinstcleanup) - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\002883~1.EXE (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1c9921256115394) (gupdate1c9921256115394) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: PEVSystemStart - Unknown owner - C:\Combo-Fix20529C\PEV.cfxxe (file missing)

--
End of file - 10967 bytes


Can you recommend a virus checker program to buy that will stop all this nonsense happening to my computer too? So much of a headache! I really appreciate all your help!

Martin

descriptionSecurity Tool 2010 - Infected on Windows XP Home Edition SP3 - Page 2 EmptyRe: Security Tool 2010 - Infected on Windows XP Home Edition SP3

more_horiz
I did mention there isn't much we can do until we can repair them 2 infected files because they keep downloading more malware.

descriptionSecurity Tool 2010 - Infected on Windows XP Home Edition SP3 - Page 2 EmptyRe: Security Tool 2010 - Infected on Windows XP Home Edition SP3

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum