Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser hijacking


  • This topic is locked This topic is locked
4 replies to this topic

#1 nickelodian

nickelodian

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:19 PM

Posted 05 November 2011 - 12:53 PM

I am running Win XP with service pack 3. AMD Athlon XP2100MHz 2600+ Memory 2048Mb
Running on a wireless home network using Linksys router. Other computers on the network are unaffected by this problem.
I use Firefox as my browser but the same effects occur with IE. Using Google I am redirected to unwanted sites and assume
this is what is known as hijacking. I notice that the name Google-analytics often appears in the URL address box but then the address can
change rapidly many times before I am logged on to an unrequested site. The problem seems common but each occurence
seems to have its own differences so I have no idea where to start to try and cure the problem. Can you help?

Edit: Moved topic from Bleeping Computer Announcements, Comments, & Suggestions to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:19 PM

Posted 05 November 2011 - 08:37 PM

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 nickelodian

nickelodian
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:19 PM

Posted 11 November 2011 - 11:32 AM

Sorry to take so long, I have to use a different computer to access the net.

Running gmer the scan ran for around three hours then issued a warning about rootkit activity. it didn't give me any options but terminated the scan
I ran it again with the same result then on the third attempt I got the deadly bluescreenwith Windows closed down so the gmer log is probably not complete.
I ran the malaware program which I have used before and fixing the threats has prevented the computer seeing the net at all.
I have tried to use this program previously with the same result and had to do a restore to regain access to the internet last time.


Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
AVG Free 9.0
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
Spybot - Search & Destroy
CCleaner
Java Web Start
Java 2 Runtime Environment Standard Edition v1.3.1
Java 2 Runtime Environment, SE v1.4.1
Out of date Java installed!
Adobe Flash Player 11.0.1.152
Mozilla Firefox (x86 en-GB..)
Mozilla Thunderbird (3.1.9) Thunderbird Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
``````````End of Log````````````




MiniToolBox by Farbar
Ran by Neil (administrator) on 10-11-2011 at 19:10:12
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

127.0.0.1 localhost
127.0.0.1 .supercocklol.com
127.0.0.1 www..webloyalty.com
127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com

There are 10496 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Wireless Network Connection 2"

set address name="Wireless Network Connection 2" source=dhcp
set dns name="Wireless Network Connection 2" source=static addr=93.188.162.126 register=PRIMARY
add dns name="Wireless Network Connection 2" addr=93.188.161.216 index=2
set wins name="Wireless Network Connection 2" source=dhcp

# Interface IP Configuration for "LAN Connection"

set address name="LAN Connection" source=dhcp
set dns name="LAN Connection" source=static addr=93.188.162.126 register=PRIMARY
add dns name="LAN Connection" addr=93.188.161.216 index=2
set wins name="LAN Connection" source=dhcp


popd
# End of interface IP configuration


Windows IP Configuration Host Name . . . . . . . . . . . . : GALILEO Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : cable.virginmedia.netEthernet adapter Wireless Network Connection 2: Connection-specific DNS Suffix . : cable.virginmedia.net Description . . . . . . . . . . . : PCI 802.11b/g Wireless Adapter Physical Address. . . . . . . . . : 00-27-19-DF-75-E7 Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.1.103 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.1.1 DHCP Server . . . . . . . . . . . : 192.168.1.1 DNS Servers . . . . . . . . . . . : 93.188.162.126 93.188.161.216 Lease Obtained. . . . . . . . . . : 10 November 2011 10:59:20 Lease Expires . . . . . . . . . . : 11 November 2011 10:59:20Ethernet adapter LAN Connection: Media State . . . . . . . . . . . : Media disconnected Description . . . . . . . . . . . : VIA Compatable Fast Ethernet Adapter Physical Address. . . . . . . . . : 00-0C-76-16-92-48DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 93.188.162.126

Name: google.com
Addresses: 209.85.148.99, 209.85.148.103, 209.85.148.104, 209.85.148.105
209.85.148.106, 209.85.148.147

Pinging google.com [209.85.148.106] with 32 bytes of data:Reply from 209.85.148.106: bytes=32 time=40ms TTL=48Reply from 209.85.148.106: bytes=32 time=34ms TTL=48Ping statistics for 209.85.148.106: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 34ms, Maximum = 40ms, Average = 37msDNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 93.188.162.126

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Pinging yahoo.com [98.139.180.149] with 32 bytes of data:Reply from 98.139.180.149: bytes=32 time=167ms TTL=45Reply from 98.139.180.149: bytes=32 time=152ms TTL=45Ping statistics for 98.139.180.149: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 152ms, Maximum = 167ms, Average = 159msPinging 127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=64Reply from 127.0.0.1: bytes=32 time<1ms TTL=64Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 27 19 df 75 e7 ...... PCI 802.11b/g Wireless Adapter - Packet Scheduler Miniport
0x10004 ...00 0c 76 16 92 48 ...... VIA Compatable Fast Ethernet Adapter - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.103 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.103 192.168.1.103 20
192.168.1.0 255.255.255.0 192.168.1.103 192.168.1.103 25
192.168.1.103 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.1.255 255.255.255.255 192.168.1.103 192.168.1.103 25
224.0.0.0 240.0.0.0 192.168.1.103 192.168.1.103 25
255.255.255.255 255.255.255.255 192.168.1.103 10004 1
255.255.255.255 255.255.255.255 192.168.1.103 192.168.1.103 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 33 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 34 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 35 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/09/2011 07:48:03 PM) (Source: ESENT) (User: )
Description: svchost (1360) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (11/09/2011 07:48:01 PM) (Source: ESENT) (User: )
Description: svchost (1360) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (11/09/2011 07:48:00 PM) (Source: ESENT) (User: )
Description: svchost (1360) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (11/09/2011 07:47:58 PM) (Source: ESENT) (User: )
Description: svchost (1360) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (11/09/2011 07:47:56 PM) (Source: ESENT) (User: )
Description: svchost (1360) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (11/09/2011 07:47:55 PM) (Source: ESENT) (User: )
Description: svchost (1360) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (11/09/2011 07:47:54 PM) (Source: ESENT) (User: )
Description: svchost (1360) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (11/09/2011 07:47:52 PM) (Source: ESENT) (User: )
Description: svchost (1360) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (11/09/2011 07:47:51 PM) (Source: ESENT) (User: )
Description: svchost (1360) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (11/09/2011 07:47:50 PM) (Source: ESENT) (User: )
Description: svchost (1360) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).


System errors:
=============
Error: (11/10/2011 10:59:58 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdudf_xp

Error: (11/10/2011 10:59:33 AM) (Source: Service Control Manager) (User: )
Description: The Pinnacle Systems Media Service service failed to start due to the following error:
%%1053

Error: (11/10/2011 10:59:33 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Pinnacle Systems Media Service service to connect.

Error: (11/10/2011 10:59:33 AM) (Source: Service Control Manager) (User: )
Description: The DeltaCopy Server service failed to start due to the following error:
%%1069

Error: (11/10/2011 10:59:33 AM) (Source: Service Control Manager) (User: )
Description: The DeltaCopyService service was unable to log on as .\neil with the currently configured
password due to the following error:
%%1385

To ensure that the service is
configured properly, use the Services snap-in in Microsoft Management
Console (MMC).

Error: (11/09/2011 07:28:19 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdudf_xp

Error: (11/09/2011 07:28:18 PM) (Source: Service Control Manager) (User: )
Description: The Pinnacle Systems Media Service service failed to start due to the following error:
%%1053

Error: (11/09/2011 07:28:18 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Pinnacle Systems Media Service service to connect.

Error: (11/09/2011 07:28:18 PM) (Source: Service Control Manager) (User: )
Description: The DeltaCopy Server service failed to start due to the following error:
%%1069

Error: (11/09/2011 07:28:18 PM) (Source: Service Control Manager) (User: )
Description: The DeltaCopyService service was unable to log on as .\neil with the currently configured
password due to the following error:
%%1385

To ensure that the service is
configured properly, use the Services snap-in in Microsoft Management
Console (MMC).


Microsoft Office Sessions:
=========================
Error: (11/09/2011 07:48:03 PM) (Source: ESENT)(User: )
Description: svchost1360C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (11/09/2011 07:48:01 PM) (Source: ESENT)(User: )
Description: svchost1360C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (11/09/2011 07:48:00 PM) (Source: ESENT)(User: )
Description: svchost1360C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (11/09/2011 07:47:58 PM) (Source: ESENT)(User: )
Description: svchost1360C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (11/09/2011 07:47:56 PM) (Source: ESENT)(User: )
Description: svchost1360C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (11/09/2011 07:47:55 PM) (Source: ESENT)(User: )
Description: svchost1360C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (11/09/2011 07:47:54 PM) (Source: ESENT)(User: )
Description: svchost1360C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (11/09/2011 07:47:52 PM) (Source: ESENT)(User: )
Description: svchost1360C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (11/09/2011 07:47:51 PM) (Source: ESENT)(User: )
Description: svchost1360C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (11/09/2011 07:47:50 PM) (Source: ESENT)(User: )
Description: svchost1360C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.


=========================== Installed Programs ============================

Acrobat.com (Version: 1.7.258)
Ad-aware 6 Personal (Version: 6.0)
Adobe Flash Player 10 ActiveX (Version: 10.0.22.87)
Adobe Flash Player 11 Plugin (Version: 11.0.1.152)
Adobe PageMaker 7.0 (Version: 7.0)
Adobe Photoshop 7.0 (Version: 7.0)
Adobe Reader 9.4.5 (Version: 9.4.5)
Adobe Shockwave Player 11.5 (Version: 11.5)
AIDA32 v3.90
Apple Application Support (Version: 1.5.1)
Apple Mobile Device Support (Version: 3.4.0.25)
Apple Software Update (Version: 2.1.2.120)
Ashampoo ClipFisher1.21 (Version: 1.2.1)
Ashampoo Music Studio 3.50 (Version: 3.5.0)
Ashampoo Snap 3.01 (Version: 3.0.1)
Ashampoo WinOptimizer 2009 (Version: 5.0.5)
Ashampoo WinOptimizer 7.23 (Version: 7.2.3)
Ask Toolbar (Version: 4.1.0.5)
Audacity 1.2.6
AutoUpdate (Version: 1.0)
AVG Free 9.0
Axium Adventures
Before You Know It 3.5 Lite (Version: 3.5)
Before You Know It 3.6 (Version: 3.6)
Belkin F5D5000 Desktop PCI Card Driver (Version: 1.00.0000)
Bonjour (Version: 2.0.5.0)
Bonusprint Pix
Boris Graffiti (Version: 5.20.200)
Browser Optimizer Superiorads (Version: 1.0.7.3)
BUGS
Camera RAW Plug-In for EPSON Creativity Suite (Version: 2.2.0.0)
Canon Camera Access Library (Version: 8.4.0.1)
Canon Camera Support Core Library (Version: 7.3.1.6)
Canon G.726 WMP-Decoder (Version: 1.1.0.4)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (Version: 1.7.0.4)
Canon Internet Library for ZoomBrowser EX (Version: 1.6.3.9)
Canon iP4700 series Printer Driver
Canon iP4700 series User Registration
Canon MOV Decoder (Version: 1.4.0.15)
Canon MOV Encoder (Version: 1.2.0.10)
Canon MovieEdit Task for ZoomBrowser EX (Version: 3.3.0.15)
Canon RAW Image Task for ZoomBrowser EX (Version: 3.0.0.18)
Canon Utilities CameraWindow (Version: 7.3.0.4)
Canon Utilities CameraWindow DC (Version: 7.4.1.10)
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX (Version: 5.4.6.18)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (Version: 6.5.0.3)
Canon Utilities Easy-PhotoPrint EX
Canon Utilities EOS Utility (Version: 1.1.0.8)
Canon Utilities My Printer
Canon Utilities MyCamera (Version: 7.3.0.5)
Canon Utilities MyCamera DC (Version: 7.2.1.6)
Canon Utilities PhotoStitch (Version: 3.1.20.44)
Canon Utilities RemoteCapture DC (Version: 3.1.0.5)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (Version: 1.8.0.1)
Canon Utilities Solution Menu
Canon Utilities ZoomBrowser EX (Version: 6.4.1.11)
Canon ZoomBrowser EX Memory Card Utility (Version: 1.2.2.11)
CardRecovery 5.20
CCleaner (Version: 3.03)
CD-LabelPrint
CD Stomper 32 bit
CMN
Compatibility Pack for the 2007 Office system (Version: 12.0.6425.1000)
Corel Applications
CyberLink PhotoNow (Version: 1.1.6622)
CyberLink PowerDirector (Version: 8.0.1930)
DeltaCopy (Version: 1.00.0000)
Digital Camcorder Application v1.0
Digital Video Repair 1.0
Disc API (Version: 1.2.7)
DivX (Version: 5.2.1)
Driver Whiz (Version: 8.0.1)
DVD Creation Station 200
Emicsoft MTS Converter
eMule
EPSON Attach To Email (Version: 1.01.0000)
Epson Print CD (Version: 2.00.00)
EPSON Printer Software
EPSON Scan Assistant (Version: 1.10.00)
EPSON Stylus Photo R285_290 Manual
EPSON TWAIN 5
EPSON Web-To-Page
Firebird SQL Server - MAGIX Edition (Version: 2.0.1.13)
Firebird SQL Server - MAGIX Edition (Version: 2.0.1.8)
Focus Route Finder United Kingdom & Ireland
Google Earth (Version: 6.0.3.2197)
Google Update Helper (Version: 1.3.21.79)
Google Updater (Version: 2.4.1368.5602)
Hotfix 2050 for SQL Server 2000 ENU (KB948110) (Version: 1)
Hotfix 2055 for SQL Server 2000 ENU (KB960082) (Version: 1)
IrfanView (remove only)
IsoBuster 2.2 (Version: 2.2)
iTunes (Version: 10.2.2.14)
Java 2 Runtime Environment Standard Edition v1.3.1
Java 2 Runtime Environment, SE v1.4.1
Java Web Start
Jigsaws
Junk Mail filter update (Version: 14.0.8117.416)
Living Pictures (Version: 1.0.0.122)
Logitech Desktop Messenger (Version: 2.30.04)
Logitech Legacy USB Camera Driver Package
Logitech Vid HD (Version: 7.2 (7240))
Logitech Webcam Software (Version: 12.10.1113)
Logitech Webcam Software Driver Package (Version: 12.10.1110)
Magic Bullet Looks Studio
MAGIX Audio Cleaning Lab 12 deluxe 8.0.1.0 (UK) (Version: 8.0.1.0)
MAGIX Media Manager 2004 silver (Version: 2.0.7.0)
MAGIX Movie Edit Pro 2005 (Version: 4.0.1.7)
MAGIX Music Maker 14 13.0.1.1 (UK) (Version: 13.0.1.1)
MAGIX Music Manager (Version: 1.0.2.441)
MAGIX Photo Manager (Version: 2.0.2.550)
MAGIX Photos on CD & DVD 4.0 deLuxe (Version: 4.5.3.0)
MahJongg Master 3
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Disc 2 (Version: 9.00.2720)
Microsoft Office 2000 Premium (Version: 9.00.2720)
Microsoft Search Enhancement Pack (Version: 1.3.59.0)
Microsoft Silverlight (Version: 4.0.50826.0)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) (Version: 9.3.4035.00)
Microsoft SQL Server 2005 Tools Express Edition (Version: 9.3.4035.00)
Microsoft SQL Server Desktop Engine (PINNACLESYS) (Version: 8.00.2039)
Microsoft SQL Server Native Client (Version: 9.00.4035.00)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.4035.00)
Microsoft SQL Server VSS Writer (Version: 9.00.4035.00)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft XML Parser (Version: 8.0.7820.0)
Mini Golf Master
Miro (Version: 3.5.1)
MoRUN.net Sticker (Version: 4.1)
Mozilla Firefox 7.0.1 (x86 en-GB) (Version: 7.0.1)
Mozilla Thunderbird (3.1.9) (Version: 3.1.9 (en-US))
MSN Messenger 7.5 (Version: 7.5.0311.0)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
MSXML 6 Service Pack 2 (KB973686) (Version: 6.20.2003.0)
Mufin MusicFinder Base 1.0.1.240 (UK) (Version: 1.0.1.240)
Native Instruments Sibelius Player
NCH Toolbox
Nero 8 (Version: 8.3.31)
neroxml (Version: 1.0.0)
Nokia Connectivity Cable Driver (Version: 7.1.17.0)
Nokia PC Suite (Version: 6.83.14.1)
Nokia Software Updater (Version: 01.08.010.40008)
NoteWorthy Composer
NVIDIA Drivers
OLYMPUS C-3.0W95E
OLYMPUS CAMEDIA Master Pro
Panicware Pop-Up Stopper (Version: 2.2)
PC Connectivity Solution (Version: 7.7.10.0)
PCI Wireless Adapter Driver and Utility (Version: Package:1.02.0007 Driver:5.1100.717.2007 UI:502.1491.725.2007)
Pdf995
Picasa 2 (Version: 2.0)
Pinnacle Hollywood FX 4.6
Pinnacle Instant DVD Recorder
Pinnacle PCI Performance Enhancer (Version: 1.15.0000)
Pinnacle Studio 12 (Version: 12.1.3.6605)
Pinnacle Studio 12 Ultimate Plugins (Version: 12.0.0.0)
Pixie registration fix (Version: 1.00.0000)
Pixtra PanoStitcher
Platform (Version: 1.34)
Power Sound Editor Free
PowerDVD
Prism Video Converter
proDAD Vitascene 1.0
Quarry
QuickTime
QuickTime (Version: 7.69.80.9)
QuickTime for Windows (32-bit)
Rapport (Version: 3.5.1108.52)
RealPlayer
Realtek AC'97 Audio
Revo Uninstaller 1.92 (Version: 1.92)
RPS CRT (Version: 9.0.34)
Savage Demo 2.0
ScanSoft OmniPage 15 (Version: 15.2.0000)
Segoe UI (Version: 14.0.4327.805)
Serif ImpactPlus 5.0 (Version: 5.00)
Serif MoviePlus X3 (Version: 6.0.2.017)
Sibelius 3
Sibelius G7 Demo
Sibelius Scorch
SiSoftware Sandra Lite 2005 (Win64/32/CE) (Version: 10.37.2005.1)
Skype™ 4.1 (Version: 4.1.166)
Slice Uninstall
SmartFTP (Version: 1.0.981)
SmartSound Common Data (Version: 1.1.0)
SmartSound Quicktracks Plugin (Version: 3.0.3.0)
SmartSound Sonicfire Pro 5 (Version: 5.5.2)
Sony Sound Forge 8.0b (Version: 8.0.110)
Spybot - Search & Destroy (Version: 1.5.2)
Studio 10.8 Patch (Version: 10.8.0.4641)
Studio 9.4 Patch (Version: 9.4.3.70)
System Requirements Lab
Tablet Manager
Teaching-you French (Version: 9.0)
Text-To-Speech-Runtime (Version: 1.0.0.0)
TextBridge Pro 11.0 (Version: 11.00.0000)
The Sims Deluxe Edition
TomTom HOME 2.8.2.2264 (Version: 2.8.2.2264)
TomTom HOME Visual Studio Merge Modules (Version: 1.0.2)
Universal Guitar Workshop
USB 2.0 A/V Converter driver
V Stuff Backup v1.6.2.16478 (Version: 1.6.2.16478)
VIA Platform Device Manager (Version: 1.34)
Virgin Media HUB 3.5.12 (Version: 3.5.12)
VistaPrint Electronic Business Card (Version: 1.00.0000)
WavePad Uninstall
Webcast
WebFldrs XP (Version: 9.50.6513)
WebUpdate
Win32 (Version: 1.0.0)
Windows 7 Upgrade Advisor (Version: 2.0.3001.0)
Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1) (Version: 03/19/2007 6.83.31.1)
Windows Driver Package - Nokia Modem (02/15/2007 3.1) (Version: 02/15/2007 3.1)
Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1) (Version: 11/03/2006 6.82.0.1)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.5.0530.0)
Windows Imaging Component (Version: 3.0.0.0)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Mail (Version: 14.0.8117.0416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Photo Gallery (Version: 14.0.8117.416)
Windows Live Sign-in Assistant (Version: 5.000.818.6)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live Toolbar (Version: 14.0.8117.416)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8117.0416)
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series (Version: 9.00.2980)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR archiver
Yahoo! Address AutoComplete
Yahoo! Auto Outlook Import
Yahoo! Internet Mail
Yahoo! Messenger Explorer Bar
Yahoo! Photos Easy Upload Tool 1v7
Yahoo! Toolbar
YouTube Downloader 3.2

========================= Memory info: ===================================

Percentage of memory in use: 44%
Total physical RAM: 2047.48 MB
Available physical RAM: 1134.46 MB
Total Pagefile: 5992.87 MB
Available Pagefile: 4559.14 MB
Total Virtual: 2047.88 MB
Available Virtual: 1992.51 MB

========================= Partitions: =====================================

2 Drive c: (MT18G-4) (Fixed) (Total:146.8 GB) (Free:14.93 GB) NTFS
4 Drive e: (Big Audio disc) (Fixed) (Total:186.31 GB) (Free:55.85 GB) NTFS
6 Drive g: (8GB NDFIRE) (Removable) (Total:7.45 GB) (Free:6.3 GB) FAT32
11 Drive l: (Buffalo HD) (Fixed) (Total:232.88 GB) (Free:31.27 GB) NTFS

========================= Users: ========================================

User accounts for \\GALILEO

Administrator ASPNET Guest
HelpAssistant Neil SUPPORT_388945a0
Val


**** End of log ****




Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8134

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/11/2011 19:33:45
mbam-log-2011-11-10 (19-33-44).txt

Scan type: Quick scan
Objects scanned: 227614
Time elapsed: 13 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 25
Registry Values Infected: 3
Registry Data Items Infected: 4
Folders Infected: 4
Files Infected: 34

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3C2D2A1E-031F-4397-9614-87C932A848E0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04A38F6B-006F-4247-BA4C-02A139D5531C} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MiniBugTransporter.MiniBugTransporterX.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MiniBugTransporter.MiniBugTransporterX (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{F02C0AE1-D796-42C9-81E1-084D88F79B8E} (Adware.WhenU) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\GnucDNA.Core (Adware.WhenU) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{2850BDC7-2330-4E31-9FA0-88268846539A} (Adware.WhenU) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{0BE385A3-85A5-4722-B677-68DAE891FF21} (Adware.WhenU) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CAB59B4-55A3-4737-9FD5-B93C6430BF75} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CAB59B4-55A3-4737-9FD5-B93C6430BF75} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{16B435F6-B6CE-4F24-A568-944B27ED919C} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A26F07F-0D60-4835-91CF-1E1766A0EC56} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D8282E6-BC4F-469B-AAED-7E4FF077AD93} (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6FC3C36D-7635-4D43-BA62-0D9D2F2CD06E} (Adware.Fotomoto) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\superiorads (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\OTGV1DNWQQ (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XBV6RD5SZF (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\AdvRemoteDbg (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Quantic (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\COMMON FILES\REAL\WEATHERBUG\MINIBUGTRANSPORTER.DLL (Adware.Minibug) -> Value: MINIBUGTRANSPORTER.DLL -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC} (Adware.MywaySearch) -> Value: {0494D0D9-F8E0-41AD-92A3-14154ECE70AC} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC} (Adware.MywaySearch) -> Value: {0494D0D9-F8E0-41AD-92A3-14154ECE70AC} -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Bad: (93.188.162.126,93.188.161.216) Good: () -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C2835AE2-156D-456F-A614-D27AE43E14EC}\NameServer (Trojan.DNSChanger) -> Bad: (93.188.162.126,93.188.161.216) Good: () -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D131B127-0A8D-4BF0-8853-D3AE6E8BC619}\NameServer (Trojan.DNSChanger) -> Bad: (93.188.162.126,93.188.161.216) Good: () -> Quarantined and deleted successfully.

Folders Infected:
c:\program files\registrysmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\program files\registrysmart\Log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\program files\registrysmart\registry backups (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\nui4 (Trojan.Downloader) -> Quarantined and deleted successfully.

Files Infected:
c:\program files\common files\Real\weatherbug\minibugtransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\GnucDNA.dll (Adware.WhenU) -> Quarantined and deleted successfully.
c:\documents and settings\Neil\my documents\downloads\softonicdownloader_for_malwarebytes-anti-malware(1).exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\Neil\my documents\downloads\softonicdownloader_for_malwarebytes-anti-malware(2).exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\Neil\my documents\downloads\softonicdownloader_for_malwarebytes-anti-malware.exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\Neil\application data\urlredir.cfg (Adware.AdRotator) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\superiorads-uninst.exe (Trojan.BHO) -> Quarantined and deleted successfully.
c:\WINDOWS\Fonts\acrsecI.fon (Trojan.Agent) -> Quarantined and deleted successfully.
c:\program files\registrysmart\unins000.exe (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\program files\registrysmart\registry backups\2008-04-01_20-48-07.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\program files\registrysmart\registry backups\2006-11-20_19-59-35.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\program files\registrysmart\registry backups\2006-11-20_20-10-29.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\program files\registrysmart\registry backups\2007-01-28_17-10-20.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\program files\registrysmart\registry backups\2007-01-28_17-11-30.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\program files\registrysmart\registry backups\2007-01-28_17-12-21.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\program files\registrysmart\registry backups\2007-09-29_16-17-21.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\program files\registrysmart\registry backups\2007-09-29_16-22-42.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\program files\registrysmart\registry backups\2007-09-29_16-30-22.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\program files\registrysmart\registry backups\2007-09-29_16-31-28.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\program files\registrysmart\registry backups\2007-09-29_16-34-52.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\program files\registrysmart\registry backups\2007-09-29_16-35-04.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\program files\registrysmart\registry backups\2007-09-29_16-42-30.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\program files\registrysmart\registry backups\2007-11-27_09-29-28.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\program files\registrysmart\registry backups\2007-11-27_11-10-34.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\program files\registrysmart\registry backups\2007-12-24_20-21-51.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\program files\registrysmart\registry backups\2008-03-18_11-15-32.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\program files\registrysmart\registry backups\2008-04-01_20-41-37.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\program files\registrysmart\registry backups\2008-04-01_20-42-03.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\program files\registrysmart\registry backups\2008-04-01_20-42-52.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\program files\registrysmart\registry backups\2008-04-01_20-47-51.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\program files\registrysmart\registry backups\2008-04-01_20-55-22.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\program files\registrysmart\registry backups\2008-04-01_21-41-34.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\program files\registrysmart\registry backups\2008-04-02_11-23-21.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
c:\program files\registrysmart\registry backups\2008-04-02_11-32-07.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.




GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-11 06:36:06
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 ST3160021A rev.3.04
Running: vhg38z75.exe; Driver: C:\DOCUME~1\Neil\LOCALS~1\Temp\kxrdqpod.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwAssignProcessToJobObject [0xB87AB080]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwCreateFile [0xB87ABBDE]
SSDT \??\C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_32301.sys ZwCreateThread [0xB89F4750]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwDeleteFile [0xB87ABDD6]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwDeleteKey [0xB87AF5AC]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwDeleteValueKey [0xB87AF5DE]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwLoadKey [0xB87AF740]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwOpenFile [0xB87ABCF6]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwOpenProcess [0xB87AB1F6]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwOpenThread [0xB87AB3EA]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwProtectVirtualMemory [0xB87AB51C]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwQueryValueKey [0xB87AF6B6]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwRenameKey [0xB87AF620]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwReplaceKey [0xB87AF652]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwRestoreKey [0xB87AF684]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwSetContextThread [0xB87AB026]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwSetInformationFile [0xB87ABE7C]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwSetValueKey [0xB87AF544]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwSuspendThread [0xB87AAFC0]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwTerminateProcess [0xB87AAEE8]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwTerminateThread [0xB87AAF30]

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 24C 804E28B8 4 Bytes [EA, B3, 7A, B8]
.text ntoskrnl.exe!_abnormal_termination + 450 804E2ABC 8 Bytes CALL B106A56F
.text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xBA16F360, 0x37388D, 0xE8000020]
.reloc C:\WINDOWS\system32\drivers\acehlp10.sys section is executable [0xB9DFFB80, 0x37FC7, 0xE0000060]
? System32\Drivers\avgtdix.sys The system cannot find the path specified. !
.text C:\WINDOWS\system32\drivers\ACEDRV07.sys section is writeable [0xB7CE5000, 0x328BA, 0xE8000020]
.pklstb C:\WINDOWS\system32\drivers\ACEDRV07.sys entry point in ".pklstb" section [0xB7D29000]
.relo2 C:\WINDOWS\system32\drivers\ACEDRV07.sys unknown last section [0xB7D45000, 0x8E, 0x42000040]
.reloc C:\WINDOWS\system32\drivers\acedrv10.sys section is executable [0xB7955000, 0x459C1, 0xE0000060]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1308] ntdll.dll!KiUserApcDispatcher 7C90E450 5 Bytes JMP 00414B70 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (RapportMgmtService/Trusteer Ltd.)
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1308] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71A60001
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1308] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 71A00022
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1308] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 71A90022
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3052] ntdll.dll!KiUserApcDispatcher 7C90E450 5 Bytes JMP 00444F80 C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (RapportService/Trusteer Ltd.)
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3052] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71A80001
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3052] USER32.dll!GetGUIThreadInfo + FB 7E428023 6 Bytes JMP 71AE001E
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3052] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 719E0022
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3052] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 71A20022

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\Explorer.EXE[2024] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00CC2F20] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[2024] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00CC2C90] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[2024] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00CC2CF0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[2024] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00CC2CC0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2608] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [02A22F20] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2608] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [02A22C90] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2608] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [02A22CF0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2608] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [02A22CC0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Vid HD\Vid.exe[2840] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [02E42F20] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Vid HD\Vid.exe[2840] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [02E42C90] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Vid HD\Vid.exe[2840] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [02E42CF0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Vid HD\Vid.exe[2840] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [02E42CC0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Processes - GMER 1.0.15 ----

Library C:\WINDOWS\system32\avgrsstx.dll (*** hidden *** ) @ C:\WINDOWS\system32\winlogon.exe [928] 0x6C1B0000

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\System32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\System32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\System32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\System32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\System32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\System32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0x50 0x93 0xE5 0xAB ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\System32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\System32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\System32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\System32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\System32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\System32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...

---- EOF - GMER 1.0.15 ----

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:19 PM

Posted 11 November 2011 - 11:37 AM

This type of infection will need more advanced tools to deal with....

With the information you have provided I believe you will need help from the malware removal team.
Please make sure that you read the information about getting started first.
Then start a new thread HERE and include or required logs.
Including a link to this thread will be helpful.

Good luck and be patient. Help is on the way!

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,943 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:03:19 PM

Posted 24 November 2011 - 03:57 PM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/topic429159.html you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users