Jump to content

monster1999

Members
  • Posts

    8
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Here ya go. As youll see, I'm all cleaned up now! By the way, I've run Adaware, Spybot and run a full virus scan. All came up clean. Thanks, once again, for your help! mbam_log_2009_08_12__20_16_11_.txt
  2. Looks like your advice was sound! ComboFix appears to have found a few more now! Here's the log file. Let me know what it was would you? I like to learn as much as I can! log.txt log.txt
  3. Thanks for the advice, but I'd already tried Combo-Fix with no joy. However, I believe I've cracked it. Whilst doing a search for the 'windowsclick' issue, I came across a site that suggested removing UACd.sys from the services. this entailed using the Repair option after booting from the XP installation disc. Once at the c:\ prompt I entered 'listsrv' and scrolled down. UACd.sys was there so I typed 'DISABLE UACd.sys' and rebooted in the normal manner. It certainly seems to have worked because Malwarebytes and Spybot both run fine now (Malwarebytes found 30+ infections! I've attached the log file four your information). The 'windowsclick' issue seems to have been removed, as does 'MSA.exe' and 'b.exe'. So, a big thankyou to you for your help, but I think we can class this particular case as 'closed'! mbam_log_2009_08_11__21_54_34_.txt mbam_log_2009_08_11__21_54_34_.txt
  4. Don't supppose anyone's had any luck with my problem?
  5. Here you go, as requested. Couldn't do part 3. I've already got Malwarebytes installed. That won't run at all. Downloaded the installation file, and that doesn't want to run either! (Yes, I have Admin priveledges. It is my computer!). While I remember, all of my System Restore Points have gone too! OTL 'Extras' text: OTL Extras logfile created on: 11/08/2009 00:22:23 - Run 1 OTL by OldTimer - Version 3.0.10.5 Folder = C:\Documents and Settings\Marky\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1023.48 Mb Total Physical Memory | 532.82 Mb Available Physical Memory | 52.06% Memory free 3.83 Gb Paging File | 3.22 Gb Available in Paging File | 83.88% Paging File free Paging file location(s): [binary data over 100 bytes] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 29.29 Gb Total Space | 19.63 Gb Free Space | 67.00% Space Free | Partition Type: NTFS Drive D: | 58.10 Gb Total Space | 35.64 Gb Free Space | 61.34% Space Free | Partition Type: NTFS Drive E: | 61.65 Gb Total Space | 48.43 Gb Free Space | 78.56% Space Free | Partition Type: NTFS Drive F: | 37.26 Gb Total Space | 16.05 Gb Free Space | 43.07% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded Drive I: | 111.79 Gb Total Space | 42.22 Gb Free Space | 37.77% Space Free | Partition Type: NTFS Computer Name: HOME Current User Name: Marky Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 1 "FirewallOverride" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 "3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping "3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4 "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 "9872:TCP" = 9872:TCP:*:Enabled:RDC "9872:UDP" = 9872:UDP:*:Enabled:RDC2 "3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping "3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP) ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation) "D:\Program Files\Malwarebytes' Anti-Malware\MalwarebytesPortable\App\Malwarebytes\mbam.exe" = D:\Program Files\Malwarebytes' Anti-Malware\MalwarebytesPortable\App\Malwarebytes\mbam.exe:*:Enabled:Malwarebytes -- (Malwarebytes Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation) "C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation) "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation) "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.) "D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.) "D:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = D:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.) "D:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = D:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.) "D:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = D:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.) "D:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = D:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.) "D:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = D:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- () "D:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = D:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard) "D:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = D:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.) "D:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = D:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard) "D:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = D:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.) "D:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = D:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- () "D:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = D:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( ) "D:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = D:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.) "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated) "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) "D:\Program Files\VMware\VMware Workstation\vmware-authd.exe" = D:\Program Files\VMware\VMware Workstation\vmware-authd.exe:*:Enabled:VMware Authd -- (VMware, Inc.) "D:\Program Files\Paltalk Messenger\paltalk.exe" = D:\Program Files\Paltalk Messenger\paltalk.exe:*:Enabled:PaltalkScene -- (AVM Software Inc.) "C:\Program Files\Internet Explorer\IEXPLORE.EXE" = C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer -- (Microsoft Corporation) "D:\Program Files\LimeWire\LimeWire.exe" = D:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC) "D:\Program Files\Mozilla Firefox\firefox.exe" = D:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation) "D:\Program Files\Java\jre6\launch4j-tmp\JDownloader.exe" = D:\Program Files\Java\jre6\launch4j-tmp\JDownloader.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.) "C:\WINDOWS\system32\java.exe" = C:\WINDOWS\system32\java.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.) "D:\Program Files\Java\jre6\bin\javaw.exe" = D:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.) "D:\Program Files\Java\jre6\bin\java.exe" = D:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.) "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation) "D:\Program Files\DAP\DAP.exe" = D:\Program Files\DAP\DAP.exe:*:Enabled:Download Accelerator Plus (DAP) -- (Speedbit Ltd.) "D:\Program Files\Malwarebytes' Anti-Malware\MalwarebytesPortable\App\Malwarebytes\mbam.exe" = D:\Program Files\Malwarebytes' Anti-Malware\MalwarebytesPortable\App\Malwarebytes\mbam.exe:*:Enabled:Malwarebytes -- (Malwarebytes Corporation) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call "{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4 "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4 "{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1 "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler "{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4 "{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations "{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger "{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan "{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4 "{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup "{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4 "{0E6ED660-498C-42F7-9EF4-FB0C96DFC01A}" = Snagit 9.1 "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4 "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4 "{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4 "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB "{171198DA-B256-47EE-9B3B-E079C831FBD7}" = Digital Camera Driver "{172975EB-9465-4861-95B5-C7BB6D3DE62A}" = DocumentViewer "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{18472E28-FCA0-421F-BDAC-AC65012E29F2}" = MediaImpression "{193DB24F-9A66-4896-8404-22D53EA89075}" = 1400_Help "{1965C9BB-9114-4A50-AEC7-E62414BB117B}" = EASEUS Data Recovery Wizard Professional 4.3.6 "{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR "{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3 "{1CA7ACD6-B21B-4240-AA05-4FC55F6E1033}" = Nero 8 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform "{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config "{266959FA-0AEE-41D0-A88E-F1EAC10A7C14}" = 1400 "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 11 "{2A1E27FF-BE53-45B4-950F-060236E98E3D}" = TMPGEnc Plus 2.5 "{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload "{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp "{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4 "{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1 "{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4 "{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4 "{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension "{4C0A8D65-4286-4B58-87FE-18AD24289285}" = NVIDIA Performance Drivers "{4CEBE5E6-D1FD-4BDF-8C9C-29A9A3CC2B7C}" = ESET Smart Security "{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder "{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy "{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009 "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap "{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg "{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3 "{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1 "{5B622B7A-60FB-4630-B11D-F121D20BCCD6}" = MarketResearch "{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B "{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder "{638EBB3E-04BC-40DB-9176-DDEC2C5CB2BC}" = ArcSoft MediaConverter 2.5 "{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4 "{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support "{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1 "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4 "{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK "{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7BB40A22-8D98-43F9-A08A-E7EFF5AB1324}" = Camtasia Studio 5 "{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder "{7C9B95B7-B598-4398-B30F-7F6827192E6C}" = ProductContext "{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4 "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4 "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4 "{865A8951-8D9A-46CB-84A2-3D67BA38B923}" = EASEUS Deleted File Recovery 2.0.1 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules "{8F722FA9-B994-4C9B-B292-FD32D6206EDF}" = ASUS WLAN Card Utilities/Driver "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12 "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme "{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4 "{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation "{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour "{A8909951-A3EE-4095-B354-33966953986D}" = TRUST 320SPACEC@M "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.3 "{B047C9CE-1B9B-45A9-89A0-7E6F81C16FEF}" = Camtasia Studio 6 "{B29AD377-CC12-490A-A480-1452337C618D}" = Connect "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone "{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4 "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2 "{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module "{BBD3F66B-1180-4785-B679-3F91572CD3B4}_is1" = iolo technologies' System Mechanic Professional "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3 "{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan "{C510CA36-98D6-4F07-8AFF-81E7399A075B}" = 1400Trb "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4 "{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw "{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D642ACC5-F7E9-48F3-A7EE-B49C5447A10E}" = Samsung PC Studio 3 "{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials "{DC4605F3-2896-11D7-A220-0000E884021F}" = ALi RAID Driver "{DD1865F0-AD73-40FB-B23E-1822E02396FF}" = NVIDIA PhysX "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware "{E142615E-5ED8-4511-9BF0-0284BFA25766}" = ArcSoft PhotoImpression "{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant "{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4 "{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter "{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer "{ED10343F-D30A-4200-9B00-665FC45F52B4}" = ArcSoft VideoImpression 1.6 "{EF901A4B-A25A-4962-83C6-C6691D062ED9}" = Nero Mega Plugin Pack "{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status "{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform "{F7EC885B-6F58-45B2-9E6A-D4A957EB8333}_is1" = yDGpatch v1.2 "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4 "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4 "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All "{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update "7-Zip" = 7-Zip 4.64 "Adobe Acrobat 5.0" = Adobe Acrobat 5.0 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4 "Amadis AVI/DIVX/WMV/MPEG/MOV/SWF/FLV/MKV/RM/RMVB~B26EE446_is1" = Amadis AVI/DIVX/WMV/MPEG/MOV/SWF/FLV/MKV/RM/RMVB Video Converte "AVI & MPEG Splitter_is1" = AVI & MPEG Splitter 1.48 "AVI MPEG RM WMV Joiner_is1" = AVI/MPEG/RM/WMV Joiner 4.11 "Camtasia Studio 2" = Camtasia Studio 2 "CCleaner" = CCleaner (remove only) "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "Cool MP3 Splitter" = Cool MP3 Splitter "Cucusoft AVI to DVD/VCD/SVCD/MPEG Converter Pro_is1" = Cucusoft AVI to DVD/VCD/SVCD/MPEG Converter Pro 4.29 "Cucusoft Ultimate DVD + Video Converter Suite_is1" = Cucusoft Ultimate DVD + Video Converter Suite 7.13.7.7 "dBpowerAMP Music Converter" = dBpowerAMP Music Converter "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "Download Accelerator Plus (DAP)" = Download Accelerator Plus (DAP) "Easy Video Joiner_is1" = Easy Video Joiner 5.01 "Easy Video Splitter_is1" = Easy Video Splitter 1.28 "ENTERPRISE" = Microsoft Office Enterprise 2007 "Evidence Eliminator" = Evidence Eliminator "Fast AVI MPEG Joiner_is1" = Fast AVI MPEG Joiner 1.0.2 "Firebird SQL Server US" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (US) "FLV Player" = FLV Player 2.0 (build 25) "GSpot" = GSpot Codec Information Appliance "HijackThis" = HijackThis 2.0.2 "HP Document Viewer" = HP Document Viewer 5.3 "HP Imaging Device Functions" = HP Imaging Device Functions 5.3 "HP Photo & Imaging" = HP Image Zone 5.3 "HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3 "HPExtendedCapabilities" = HP Extended Capabilities 5.3 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ImTOO YouTube Video Converter" = ImTOO YouTube Video Converter "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager "InstallShield_{2A1E27FF-BE53-45B4-950F-060236E98E3D}" = TMPGEnc Plus 2.5 "IsoBuster_is1" = IsoBuster 2.1 "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.3.1 "LimeWire" = LimeWire PRO 5.1.2 "Magic FLAC to MP3 Converter_is1" = Magic FLAC to MP3 Converter 3.7 "MAGIX Movie Edit Pro 12 e-version US" = MAGIX Movie Edit Pro 12 e-version 6.5.4.2 (US) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.0.13)" = Mozilla Firefox (3.0.13) "NavNet_is1" = NavNet "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "NVIDIA Drivers" = NVIDIA Drivers "OJOsoft MKV Converter1,5,3,0118" = OJOsoft MKV Converter "PalTalk8.2" = PaltalkScene "Perfect Uninstaller_is1" = Perfect Uninstaller v6.2.8 "RealPlayer 6.0" = RealPlayer "Registry Mechanic_is1" = Registry Mechanic 8.0 "SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set "SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software "Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software "SopCast" = SopCast 3.0.3 "SUPER RootRepeal_report_08_11_09__01_04_29_.txt RootRepeal_report_08_11_09__01_04_29_.txt
  6. OK, done. It's here: http://www.malwarebytes.org/forums/index.php?showtopic=21322 Thanks for getting back to me so fast! I'll keep my fingers crossed!
  7. Here's the log as requested. I'd already attempted this!
  8. Hey guys. I'm very new here, but have been a keen user of Malwarebytes for some time now. I'm certainly no novice when it comes to PC's, but this one has me stumped. I'm running WinXP Pro (fully updated) and seem to have obtained a virus (or possibly a few virii?!) The 1st symptom, on opening an email from a known, reliable source (paypal) was (forgive me if I'm wrong here) AVClean popping up and telling me I'd been infected. (It may not have been AVClean, but it was certainly something with a similar name). This was 5 hours ago, and in my attempts to remove it, I've forgotten exactly what it was called. Anyhow, I disabled it in 'processes', searched my hard-drive and registry for any traces, and removed them all. That seemed to have resolved that particular problem. Now tho, I'm getting 'msa.exe' and 'b.exe' running. I can shut them down but they restart themselves a little later. Also, in IE7 and Firefox, when ever I click on a link, I'm taken via a site called 'http://windowsclick.com/' which seems to be a total wrong turn.(I've blocked that site in my ESET Smart Security). I've tried running Malwarebytes in normal and safe modes, but it simply will not run It's showing in 'processes', but nothing happens. Same with Spybot. I dl'd 'Combofix' and that has the same problem (it shows in processes but nothing happens). AdAware shows nothing untoward. ESET scans, finds upto 3 infections, then the PC reboots on its own. I've also run ESET in safe mode with no apparent success. So, can anyone help me out here? I'd really appreciate it!!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.