Facebook virus

[mattpaint]

My wife accepted something off facebook (which turned out to be a virus) i seemed to get it with malwarebytes but i dont pretend to be an expert so im not 100% sure ive got everything.....can someone have a look at the log below and tell me if my pc is clear? if not what should i do? thanks in advance

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:18:11, on 01/05/2010

Platform: Unknown Windows (WinNT 6.01.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\ESET\ESET Smart Security\egui.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10d.exe

C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sky.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Online Games Bar Toolbar - {5bd40c9f-1248-4a8f-8b23-e7861c1ad7a1} - C:\Program Files\Online_Games_Bar\tbOnli.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Online Games Bar Toolbar - {5bd40c9f-1248-4a8f-8b23-e7861c1ad7a1} - C:\Program Files\Online_Games_Bar\tbOnli.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Online Games Bar Toolbar - {5bd40c9f-1248-4a8f-8b23-e7861c1ad7a1} - C:\Program Files\Online_Games_Bar\tbOnli.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [PPAP] "C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe" -background

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe

O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe

O13 - Gopher Prefix:

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab

O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab

O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-29-0.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - http://www.vexcast.com/download/vexcast.cab

O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - http://imikimi.com/download/imikimi_plugin_0.5.1.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe

O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

--

End of file - 8224 bytes

[Maurice Naggar]

Hello Matt,

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

Set Windows to show all files and all folders.

• Click the Start button, and then click Computer.
  
• On the Organize menu, click Folder and Search Options.
  
• Click the View tab.
  
• Locate and uncheck Hide file extensions for known file types.
  
• Locate and uncheck Hide protected operating system files (Recommended).
  
• Locate and click Show hidden files and folders.
  
• Click Apply > OK.
  

Step 3

Download TFC by OldTimer to your desktop

• Please double-click TFC.exe to run it. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).
  
• It will close all programs when run, so make sure you have saved all your work before you begin.
  
• Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  
• IF prompted to Reboot, reply "Yes".
  

Step 4

De-install (remove) the current version of HijackThis that you have. There's a newer one.

Download and SAVE HijackThis

Save the HJT to your desktop or the folder of your choice, then navigate to that folder and RIGHT-click Hijackthis.exe and select Run As Administrator to start it.

Do a "Scan and Save log".

Next

Please print out, read and follow the directions here, skipping any steps you are unable to complete.

Please post here Gmer.txt log

the DDS logs

HijackThis log

and MBAM scan log

[wantefc]

i couldnt attach hijack this so its listed below

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 18:45:35, on 01/05/2010

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\ESET\ESET Smart Security\egui.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10d.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Clive\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sky.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Online Games Bar Toolbar - {5bd40c9f-1248-4a8f-8b23-e7861c1ad7a1} - C:\Program Files\Online_Games_Bar\tbOnli.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Online Games Bar Toolbar - {5bd40c9f-1248-4a8f-8b23-e7861c1ad7a1} - C:\Program Files\Online_Games_Bar\tbOnli.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Online Games Bar Toolbar - {5bd40c9f-1248-4a8f-8b23-e7861c1ad7a1} - C:\Program Files\Online_Games_Bar\tbOnli.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [PPAP] "C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe" -background

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe

O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab

O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab

O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-29-0.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - http://www.vexcast.com/download/vexcast.cab

O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - http://imikimi.com/download/imikimi_plugin_0.5.1.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe

O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

--

End of file - 8074 bytes

GMER log

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-05-01 19:16:34

Windows 6.1.7600

Running: q25f55pn.exe; Driver: C:\Users\Clive\AppData\Local\Temp\pxryipod.sys

---- System - GMER 1.0.15 ----

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C49AF8

INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C49104

INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C493F4

INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C322D8

INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C491DC

INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C49958

INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C496F8

INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C49F2C

INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C4A1A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82862599 1 Byte [06]

.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82886F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

.text peauth.sys 996DAC9D 28 Bytes [1E, 81, 23, 58, BB, 63, 28, ...]

.text peauth.sys 996DACC1 28 Bytes [1E, 81, 23, 58, BB, 63, 28, ...]

PAGE peauth.sys 996E102C 102 Bytes [41, 4C, A0, 1E, AA, 0E, 77, ...]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[1540] kernel32.dll!SetUnhandledExceptionFilter 76423162 4 Bytes [C2, 04, 00, 00]

.text C:\Program Files\Internet Explorer\iexplore.exe[1560] USER32.dll!CreateDialogParamW 771B9BFF 5 Bytes JMP 6E63C548 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1560] USER32.dll!EnableWindow 771BA72E 5 Bytes JMP 6E63C4C3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1560] USER32.dll!GetAsyncKeyState 771BC09A 5 Bytes JMP 6E5FD6C9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1560] USER32.dll!UnhookWindowsHookEx 771BCC7B 5 Bytes JMP 6E6F82FA C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1560] USER32.dll!CallNextHookEx 771BCC8F 5 Bytes JMP 6E6D9D00 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1560] USER32.dll!CreateWindowExW 771C0E51 5 Bytes JMP 6E6E80F7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1560] USER32.dll!SetWindowsHookExW 771C210A 5 Bytes JMP 6E6945DB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1560] USER32.dll!GetKeyState 771C4FDA 5 Bytes JMP 6E63D73A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1560] USER32.dll!IsDialogMessageW 771C6F06 5 Bytes JMP 6E60425C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1560] USER32.dll!CreateDialogParamA 771D3E79 5 Bytes JMP 6E80FE19 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1560] USER32.dll!IsDialogMessage 771D407A 5 Bytes JMP 6E80F6BA C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1560] USER32.dll!CreateDialogIndirectParamA 771D9110 5 Bytes JMP 6E80FE50 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1560] USER32.dll!CreateDialogIndirectParamW 771E08AD 5 Bytes JMP 6E80FE87 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1560] USER32.dll!DialogBoxIndirectParamW 771E4AA7 5 Bytes JMP 6E80F218 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1560] USER32.dll!EndDialog 771E555C 5 Bytes JMP 6E605AC1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1560] USER32.dll!DialogBoxParamW 771E564A 5 Bytes JMP 6E604B7F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1560] USER32.dll!SetKeyboardState 771E6B52 5 Bytes JMP 6E80FA1F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1560] USER32.dll!SendInput 771E7055 5 Bytes JMP 6E8105E8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1560] USER32.dll!SetCursorPos 771FC1D8 5 Bytes JMP 6E810640 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1560] USER32.dll!DialogBoxParamA 771FCF6A 5 Bytes JMP 6E80F1B5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1560] USER32.dll!DialogBoxIndirectParamA 771FD29C 5 Bytes JMP 6E80F27B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1560] USER32.dll!MessageBoxIndirectA 7720E8C9 5 Bytes JMP 6E80F14A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1560] USER32.dll!MessageBoxIndirectW 7720E9C3 5 Bytes JMP 6E80F0DF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1560] USER32.dll!MessageBoxExA 7720EA29 5 Bytes JMP 6E80F07D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1560] USER32.dll!MessageBoxExW 7720EA4D 5 Bytes JMP 6E80F01B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1560] USER32.dll!keybd_event 7720EC9B 5 Bytes JMP 6E810973 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1560] SHELL32.dll!SHChangeNotification_Lock + 45BA 7654B3E8 4 Bytes [11, 36, 7A, 69] {ADC [ESI], ESI; JP 0x6d}

.text C:\Program Files\Internet Explorer\iexplore.exe[1560] SHELL32.dll!SHChangeNotification_Lock + 45C2 7654B3F0 8 Bytes [5F, 35, 7A, 69, D0, 73, 79, ...] {POP EDI; XOR EAX, 0x73d0697a; JNS 0x71}

.text C:\Program Files\Internet Explorer\iexplore.exe[1560] ole32.dll!OleLoadFromStream 75D15B88 5 Bytes JMP 6E80F576 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1560] ole32.dll!CoCreateInstance 75D657FC 5 Bytes JMP 6E6E8BE5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1560] ws2_32.DLL!ioctlsocket 75F33131 5 Bytes JMP 02FF6BE0 C:\Program Files\Common Files\PPLiveNetwork\kernel\VAProxyD.dll (PP??????????????/Synacast)

.text C:\Program Files\Internet Explorer\iexplore.exe[1560] ws2_32.DLL!WSASocketW 75F33D1B 7 Bytes JMP 02FF6B30 C:\Program Files\Common Files\PPLiveNetwork\kernel\VAProxyD.dll (PP??????????????/Synacast)

.text C:\Program Files\Internet Explorer\iexplore.exe[1560] ws2_32.DLL!connect 75F348BE 5 Bytes JMP 02FF8720 C:\Program Files\Common Files\PPLiveNetwork\kernel\VAProxyD.dll (PP??????????????/Synacast)

.text C:\Program Files\Internet Explorer\iexplore.exe[1560] ws2_32.DLL!WSAEventSelect 75F36A10 5 Bytes JMP 02FF6BA0 C:\Program Files\Common Files\PPLiveNetwork\kernel\VAProxyD.dll (PP??????????????/Synacast)

.text C:\Program Files\Internet Explorer\iexplore.exe[1560] ws2_32.DLL!WSAConnect 75F3BB9B 5 Bytes JMP 02FF8B00 C:\Program Files\Common Files\PPLiveNetwork\kernel\VAProxyD.dll (PP??????????????/Synacast)

.text C:\Program Files\Internet Explorer\iexplore.exe[1560] ws2_32.DLL!WSAAsyncSelect 75F4AACC 5 Bytes JMP 02FF6B20 C:\Program Files\Common Files\PPLiveNetwork\kernel\VAProxyD.dll (PP??????????????/Synacast)

.text C:\Program Files\Internet Explorer\iexplore.exe[3036] USER32.dll!CreateWindowExW 771C0E51 5 Bytes JMP 6E6E80F7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3036] USER32.dll!DialogBoxIndirectParamW 771E4AA7 5 Bytes JMP 6E80F218 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3036] USER32.dll!DialogBoxParamW 771E564A 5 Bytes JMP 6E604B7F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3036] USER32.dll!DialogBoxParamA 771FCF6A 5 Bytes JMP 6E80F1B5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3036] USER32.dll!DialogBoxIndirectParamA 771FD29C 5 Bytes JMP 6E80F27B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3036] USER32.dll!MessageBoxIndirectA 7720E8C9 5 Bytes JMP 6E80F14A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3036] USER32.dll!MessageBoxIndirectW 7720E9C3 5 Bytes JMP 6E80F0DF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3036] USER32.dll!MessageBoxExA 7720EA29 5 Bytes JMP 6E80F07D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3036] USER32.dll!MessageBoxExW 7720EA4D 5 Bytes JMP 6E80F01B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3036] ws2_32.DLL!ioctlsocket 75F33131 5 Bytes JMP 10006BE0 C:\Program Files\Common Files\PPLiveNetwork\kernel\VAProxyD.dll (PP??????????????/Synacast)

.text C:\Program Files\Internet Explorer\iexplore.exe[3036] ws2_32.DLL!WSASocketW 75F33D1B 7 Bytes JMP 10006B30 C:\Program Files\Common Files\PPLiveNetwork\kernel\VAProxyD.dll (PP??????????????/Synacast)

.text C:\Program Files\Internet Explorer\iexplore.exe[3036] ws2_32.DLL!connect 75F348BE 5 Bytes JMP 10008720 C:\Program Files\Common Files\PPLiveNetwork\kernel\VAProxyD.dll (PP??????????????/Synacast)

.text C:\Program Files\Internet Explorer\iexplore.exe[3036] ws2_32.DLL!WSAEventSelect 75F36A10 5 Bytes JMP 10006BA0 C:\Program Files\Common Files\PPLiveNetwork\kernel\VAProxyD.dll (PP??????????????/Synacast)

.text C:\Program Files\Internet Explorer\iexplore.exe[3036] ws2_32.DLL!WSAConnect 75F3BB9B 5 Bytes JMP 10008B00 C:\Program Files\Common Files\PPLiveNetwork\kernel\VAProxyD.dll (PP??????????????/Synacast)

.text C:\Program Files\Internet Explorer\iexplore.exe[3036] ws2_32.DLL!WSAAsyncSelect 75F4AACC 5 Bytes JMP 10006B20 C:\Program Files\Common Files\PPLiveNetwork\kernel\VAProxyD.dll (PP??????????????/Synacast)

.text C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe[3044] kernel32.dll!CreateFileW 76420B7D 5 Bytes JMP 022B2930 C:\Program Files\Common Files\PPLiveNetwork\TipsClient.dll

.text C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe[3044] kernel32.dll!CreateFileA 7642291C 5 Bytes JMP 022B28D0 C:\Program Files\Common Files\PPLiveNetwork\TipsClient.dll

.text C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe[3044] USER32.dll!ShowWindow 771C147A 2 Bytes JMP 022B2750 C:\Program Files\Common Files\PPLiveNetwork\TipsClient.dll

.text C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe[3044] USER32.dll!ShowWindow + 3 771C147D 2 Bytes [0F, 8B]

.text C:\Program Files\Internet Explorer\iexplore.exe[3092] USER32.dll!CreateDialogParamW 771B9BFF 5 Bytes JMP 6E63C548 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3092] USER32.dll!EnableWindow 771BA72E 5 Bytes JMP 6E63C4C3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3092] USER32.dll!GetAsyncKeyState 771BC09A 5 Bytes JMP 6E5FD6C9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3092] USER32.dll!UnhookWindowsHookEx 771BCC7B 5 Bytes JMP 6E6F82FA C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3092] USER32.dll!CallNextHookEx 771BCC8F 5 Bytes JMP 6E6D9D00 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3092] USER32.dll!CreateWindowExW 771C0E51 5 Bytes JMP 6E6E80F7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3092] USER32.dll!SetWindowsHookExW 771C210A 5 Bytes JMP 6E6945DB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3092] USER32.dll!GetKeyState 771C4FDA 5 Bytes JMP 6E63D73A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3092] USER32.dll!IsDialogMessageW 771C6F06 5 Bytes JMP 6E60425C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3092] USER32.dll!CreateDialogParamA 771D3E79 5 Bytes JMP 6E80FE19 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3092] USER32.dll!IsDialogMessage 771D407A 5 Bytes JMP 6E80F6BA C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3092] USER32.dll!CreateDialogIndirectParamA 771D9110 5 Bytes JMP 6E80FE50 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3092] USER32.dll!CreateDialogIndirectParamW 771E08AD 5 Bytes JMP 6E80FE87 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3092] USER32.dll!DialogBoxIndirectParamW 771E4AA7 5 Bytes JMP 6E80F218 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3092] USER32.dll!EndDialog 771E555C 5 Bytes JMP 6E605AC1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3092] USER32.dll!DialogBoxParamW 771E564A 5 Bytes JMP 6E604B7F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3092] USER32.dll!SetKeyboardState 771E6B52 5 Bytes JMP 6E80FA1F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3092] USER32.dll!SendInput 771E7055 5 Bytes JMP 6E8105E8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3092] USER32.dll!SetCursorPos 771FC1D8 5 Bytes JMP 6E810640 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3092] USER32.dll!DialogBoxParamA 771FCF6A 5 Bytes JMP 6E80F1B5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3092] USER32.dll!DialogBoxIndirectParamA 771FD29C 5 Bytes JMP 6E80F27B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3092] USER32.dll!MessageBoxIndirectA 7720E8C9 5 Bytes JMP 6E80F14A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3092] USER32.dll!MessageBoxIndirectW 7720E9C3 5 Bytes JMP 6E80F0DF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3092] USER32.dll!MessageBoxExA 7720EA29 5 Bytes JMP 6E80F07D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3092] USER32.dll!MessageBoxExW 7720EA4D 5 Bytes JMP 6E80F01B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3092] USER32.dll!keybd_event 7720EC9B 5 Bytes JMP 6E810973 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3092] SHELL32.dll!SHChangeNotification_Lock + 45BA 7654B3E8 4 Bytes [11, 36, 7A, 69] {ADC [ESI], ESI; JP 0x6d}

.text C:\Program Files\Internet Explorer\iexplore.exe[3092] SHELL32.dll!SHChangeNotification_Lock + 45C2 7654B3F0 8 Bytes [5F, 35, 7A, 69, D0, 73, 79, ...] {POP EDI; XOR EAX, 0x73d0697a; JNS 0x71}

.text C:\Program Files\Internet Explorer\iexplore.exe[3092] ole32.dll!OleLoadFromStream 75D15B88 5 Bytes JMP 6E80F576 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3092] ole32.dll!CoCreateInstance 75D657FC 5 Bytes JMP 6E6E8BE5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3092] ws2_32.DLL!ioctlsocket 75F33131 5 Bytes JMP 03166BE0 C:\Program Files\Common Files\PPLiveNetwork\kernel\VAProxyD.dll (PP??????????????/Synacast)

.text C:\Program Files\Internet Explorer\iexplore.exe[3092] ws2_32.DLL!WSASocketW 75F33D1B 7 Bytes JMP 03166B30 C:\Program Files\Common Files\PPLiveNetwork\kernel\VAProxyD.dll (PP??????????????/Synacast)

.text C:\Program Files\Internet Explorer\iexplore.exe[3092] ws2_32.DLL!connect 75F348BE 5 Bytes JMP 03168720 C:\Program Files\Common Files\PPLiveNetwork\kernel\VAProxyD.dll (PP??????????????/Synacast)

.text C:\Program Files\Internet Explorer\iexplore.exe[3092] ws2_32.DLL!WSAEventSelect 75F36A10 5 Bytes JMP 03166BA0 C:\Program Files\Common Files\PPLiveNetwork\kernel\VAProxyD.dll (PP??????????????/Synacast)

.text C:\Program Files\Internet Explorer\iexplore.exe[3092] ws2_32.DLL!WSAConnect 75F3BB9B 5 Bytes JMP 03168B00 C:\Program Files\Common Files\PPLiveNetwork\kernel\VAProxyD.dll (PP??????????????/Synacast)

.text C:\Program Files\Internet Explorer\iexplore.exe[3092] ws2_32.DLL!WSAAsyncSelect 75F4AACC 5 Bytes JMP 03166B20 C:\Program Files\Common Files\PPLiveNetwork\kernel\VAProxyD.dll (PP??????????????/Synacast)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)

Device \Driver\ACPI_HAL \Device\00000049 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

MBAM scan log

Malwarebytes' Anti-Malware 1.45

www.malwarebytes.org

Database version: 4044

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

01/05/2010 18:50:51

mbam-log-2010-05-01 (18-50-51).txt

Scan type: Quick scan

Objects scanned: 132655

Time elapsed: 3 minute(s), 30 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DDS.txt

DDS (Ver_10-03-17.01) - NTFSx86

Run by Clive at 18:52:28.11 on 01/05/2010

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.3327.2304 [GMT 1:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\ESET\ESET Smart Security\ekrn.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\ESET\ESET Smart Security\egui.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10d.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\Clive\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O945U5WT\dds[1].scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.sky.com/

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: Online Games Bar Toolbar: {5bd40c9f-1248-4a8f-8b23-e7861c1ad7a1} - c:\program files\online_games_bar\tbOnli.dll

mURLSearchHooks: Online Games Bar Toolbar: {5bd40c9f-1248-4a8f-8b23-e7861c1ad7a1} - c:\program files\online_games_bar\tbOnli.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Online Games Bar Toolbar: {5bd40c9f-1248-4a8f-8b23-e7861c1ad7a1} - c:\program files\online_games_bar\tbOnli.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Online Games Bar Toolbar: {5bd40c9f-1248-4a8f-8b23-e7861c1ad7a1} - c:\program files\online_games_bar\tbOnli.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"

uRun: [PPAP] "c:\program files\common files\pplivenetwork\PPAP.exe" -background

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

IE: {95B3F550-91C4-4627-BCC4-521288C52977} - c:\program files\pplive\pptv\PPLive.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab

DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} - hxxp://www.vexcast.com/download/vexcast.cab

DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-4-28 28552]

R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2009-5-14 731840]

R2 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2009-5-14 38240]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-3-30 303952]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-3-22 20824]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-20 135664]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

=============== Created Last 30 ================

2010-05-01 17:51:30 0 ----a-w- c:\users\clive\defogger_reenable

2010-05-01 13:17:56 0 d-----w- c:\program files\Trend Micro

2010-04-29 13:17:37 0 d-----w- c:\programdata\F-Secure

2010-04-28 21:34:40 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys

2010-04-28 21:34:33 0 d-----w- c:\program files\Panda Security

2010-04-27 19:26:45 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys

2010-04-27 19:26:39 1037312 ----a-w- c:\windows\system32\lsasrv.dll

2010-04-27 19:26:38 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2010-04-26 22:49:11 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2010-04-26 22:49:10 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2010-04-26 22:49:10 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2010-04-26 22:48:57 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-04-26 22:48:56 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-04-26 22:48:54 427520 ----a-w- c:\windows\system32\vbscript.dll

2010-04-26 22:48:17 172032 ----a-w- c:\windows\system32\wintrust.dll

2010-04-26 22:47:50 132608 ----a-w- c:\windows\system32\cabview.dll

2010-04-26 11:10:45 0 d-----w- c:\program files\LBNL

2010-04-21 00:10:33 0 d-----w- c:\program files\BeeThink IP_Blocker_1.3

2010-04-20 23:58:31 0 d-----w- c:\program files\Wise Disk Cleaner

2010-04-20 23:42:26 0 d-----w- c:\programdata\AutoHideIP

2010-04-20 22:40:25 0 d-----w- c:\users\clive\appdata\roaming\PPStream

2010-04-02 10:58:45 293376 ----a-w- c:\windows\system32\browserchoice.exe

==================== Find3M ====================

2010-03-29 23:46:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-03-29 23:45:52 20824 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-03-06 18:55:52 87608 ----a-w- c:\users\clive\appdata\roaming\inst.exe

2010-03-06 18:55:52 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys

2010-03-06 18:55:52 47360 ----a-w- c:\users\clive\appdata\roaming\pcouffin.sys

2010-03-06 08:08:48 411368 ----a-w- c:\windows\system32\deploytk.dll

2010-02-24 09:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe

2010-02-23 07:56:00 977920 ----a-w- c:\windows\system32\wininet.dll

2010-02-09 15:37:30 65602 ----a-w- c:\windows\system32\cook3260.dll

2010-02-09 15:37:30 626688 ----a-w- c:\windows\system32\vp7vfw.dll

2010-02-09 15:37:30 217127 ----a-w- c:\windows\system32\drv43260.dll

2010-02-09 15:37:30 208935 ----a-w- c:\windows\system32\drv33260.dll

2010-02-09 15:37:30 176165 ----a-w- c:\windows\system32\drv23260.dll

2010-02-09 15:37:30 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll

2010-02-09 15:37:30 102439 ----a-w- c:\windows\system32\sipr3260.dll

2010-02-02 07:45:54 2048 ----a-w- c:\windows\system32\tzres.dll

2009-08-19 19:47:33 37052 ----a-w- c:\windows\inf\perflib\041d\perfd.dat

2009-08-19 19:47:33 37052 ----a-w- c:\windows\inf\perflib\041d\perfc.dat

2009-08-19 19:47:33 294764 ----a-w- c:\windows\inf\perflib\041d\perfi.dat

2009-08-19 19:47:33 294764 ----a-w- c:\windows\inf\perflib\041d\perfh.dat

2009-08-19 18:31:41 39446 ----a-w- c:\windows\inf\perflib\0419\perfd.dat

2009-08-19 18:31:41 39446 ----a-w- c:\windows\inf\perflib\0419\perfc.dat

2009-08-19 18:31:41 336704 ----a-w- c:\windows\inf\perflib\0419\perfi.dat

2009-08-19 18:31:41 336704 ----a-w- c:\windows\inf\perflib\0419\perfh.dat

2009-08-19 18:25:23 43068 ----a-w- c:\windows\inf\perflib\0413\perfd.dat

2009-08-19 18:25:23 43068 ----a-w- c:\windows\inf\perflib\0413\perfc.dat

2009-08-19 18:25:23 341322 ----a-w- c:\windows\inf\perflib\0413\perfi.dat

2009-08-19 18:25:23 341322 ----a-w- c:\windows\inf\perflib\0413\perfh.dat

2009-08-19 18:19:37 36156 ----a-w- c:\windows\inf\perflib\0414\perfd.dat

2009-08-19 18:19:37 36156 ----a-w- c:\windows\inf\perflib\0414\perfc.dat

2009-08-19 18:19:37 298300 ----a-w- c:\windows\inf\perflib\0414\perfi.dat

2009-08-19 18:19:37 298300 ----a-w- c:\windows\inf\perflib\0414\perfh.dat

2009-08-19 18:14:15 37534 ----a-w- c:\windows\inf\perflib\0410\perfd.dat

2009-08-19 18:14:15 37534 ----a-w- c:\windows\inf\perflib\0410\perfc.dat

2009-08-19 18:14:15 335478 ----a-w- c:\windows\inf\perflib\0410\perfi.dat

2009-08-19 18:14:15 335478 ----a-w- c:\windows\inf\perflib\0410\perfh.dat

2009-08-19 18:08:30 38160 ----a-w- c:\windows\inf\perflib\040c\perfd.dat

2009-08-19 18:08:30 38160 ----a-w- c:\windows\inf\perflib\040c\perfc.dat

2009-08-19 18:08:30 344522 ----a-w- c:\windows\inf\perflib\040c\perfi.dat

2009-08-19 18:08:30 344522 ----a-w- c:\windows\inf\perflib\040c\perfh.dat

2009-08-19 18:02:49 38258 ----a-w- c:\windows\inf\perflib\040b\perfd.dat

2009-08-19 18:02:49 38258 ----a-w- c:\windows\inf\perflib\040b\perfc.dat

2009-08-19 18:02:49 279790 ----a-w- c:\windows\inf\perflib\040b\perfi.dat

2009-08-19 18:02:49 279790 ----a-w- c:\windows\inf\perflib\040b\perfh.dat

2009-08-19 17:57:50 41390 ----a-w- c:\windows\inf\perflib\0c0a\perfd.dat

2009-08-19 17:57:50 41390 ----a-w- c:\windows\inf\perflib\0c0a\perfc.dat

2009-08-19 17:57:50 341432 ----a-w- c:\windows\inf\perflib\0c0a\perfi.dat

2009-08-19 17:57:50 341432 ----a-w- c:\windows\inf\perflib\0c0a\perfh.dat

2009-08-19 17:52:05 38104 ----a-w- c:\windows\inf\perflib\0407\perfd.dat

2009-08-19 17:52:05 38104 ----a-w- c:\windows\inf\perflib\0407\perfc.dat

2009-08-19 17:52:05 295922 ----a-w- c:\windows\inf\perflib\0407\perfi.dat

2009-08-19 17:52:05 295922 ----a-w- c:\windows\inf\perflib\0407\perfh.dat

2009-08-19 17:46:48 39236 ----a-w- c:\windows\inf\perflib\0406\perfd.dat

2009-08-19 17:46:48 39236 ----a-w- c:\windows\inf\perflib\0406\perfc.dat

2009-08-19 17:46:48 306636 ----a-w- c:\windows\inf\perflib\0406\perfi.dat

2009-08-19 17:46:48 306636 ----a-w- c:\windows\inf\perflib\0406\perfh.dat

2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat

2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat

2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat

2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat

2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini

2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat

2009-12-20 11:43:17 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 18:53:34.57 ===============

Attach.txt

Edited May 1, 2010 by Maurice Naggar
place some logs In-Line

[Maurice Naggar]

Do NOT use the attachment feature to post your reports !! ALWAYS use NOTEPAD and Copy and Paste the contents into main body of reply text-box.

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

You will be prompted that a new version needs to be applied. Answer affirmative to allow it.

When done, click the Scanner tab.

Do a Quick Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Step 2

You will want to print out or copy these instructions to Notepad for Safe Mode/offline reference!

Close all open browsers at this point.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Start Internet Explorer (fresh) by pressing Start >> Internet Explorer >> Right-Click and select Run As Administrator.

Using Internet Explorer browser only, go to ESET Online Scanner website:

http://www.eset.com/onlinescan/

• Accept the Terms of Use and press Start button;
  
• Approve the install of the required ActiveX Control, then follow on-screen instructions;
  
• Enable (check) the Remove found threats option, and run the scan.
  
• After the scan completes, the Details tab in the Results window will display what was found and removed.
  • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt.
    

  Look at contents of this file using Notepad or Wordpad.

  The Frequently Asked Questions for ESET Online Scanner can be viewed here

  http://www.eset.com/onlinescan/cac4.php?page=faq

  • From ESET Tech Support: If you have ESET NOD32 installed, you should disable it prior to running this scanner.
    Otherwise the scan will take twice as long to do:
    everytime the ESET online scanner opens a file on your computer to scan it, NOD32 on your machine will rescan the file as a result.
    
  • It is emphasized to temporarily disable any pc-resident {active} antivirus program prior to any on-line scan by any on-line scanner.
    (And the prompt re-enabling when finished.)
    
  • If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.
    
  • Do not use the system while the scan is running. Once the full scan is underway, go take a long break
    

Re-enable your antivirus program.

Reply with copy of the new MBAM scan log

the Eset scan log

Do NOT use the attachment feature to post your reports !! ALWAYS use NOTEPAD and Copy and Paste the contents into main body of reply text-box.

[wantefc]

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4052

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

01/05/2010 23:51:06

mbam-log-2010-05-01 (23-51-06).txt

Scan type: Quick scan

Objects scanned: 143124

Time elapsed: 4 minute(s), 19 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

For some reason i cant locate the Eset online scanner log file....though when the program finished it showed no virus's.

[Maurice Naggar]

Download Security Check by screen317 and save it to your Desktop: here or here

• Run Security Check
  
• Follow the onscreen instructions inside of the command window.
  
• A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!
  

If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.

[wantefc]

Results of screen317's Security Check version 0.99.4

Windows 7 (UAC is enabled)

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

ESET Smart Security

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java 6 Update 18

Out of date Java installed!

Adobe Flash Player

Adobe Reader 9.3.2

````````````````````````````````

Process Check:

objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe

Malwarebytes' Anti-Malware mbamgui.exe

````````````````````````````````

DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

[Maurice Naggar]

Let's STOP a moment. It appears you are NOT the member who originally started this topic. You are not mattpaint ?!?!

[mattpaint]

Apologies Maurice i am the same person....for some reason i thought it would be easier to create a diffierent log on as i had my laptop fixed by kenny94 earlier in the week and didnt want anyone to think i was upto anything coming back with another pc to fix. stupid now i look back especially as i mixed my logons up.

[Maurice Naggar]

Well, your use of 2 different accounts did make things confusing. Needless to restate, but do not do that folks !!

Update java for security fixes

See this topic in the AumHa Security forum and get the latest Java run-time

http://aumha.net/viewtopic.php?f=26&t=43792

I see that you are clear of your original issues.

If you have a problem with these steps, or something does not quite work here, do let me know.

The following few steps will remove tools we used; followed by advice on staying safer.

• Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe
  
• Please RIGHT-click OTL.exe and select Run As Administrator to start it.
  
• Click on the CleanUp! button at upper Right corner. When you do this a text file named cleanup.txt will be downloaded from the internet. If you get a warning from your firewall or other security programs regarding OTL attempting to contact the internet you should allow it to do so. After the list has been download you'll be asked if you want to Begin cleanup process? Select Yes.
  
• This step removes the files, folders, and shortcuts created by the tools I had you download and run.
  

• Configure your Antivirus software to check for updates daily, at a time in which you are sure the computer will be on.
  
• Check in at Windows Update and install any Critical Updates offered.
  
• Make certain that Automatic Updates is enabled.
  
• Check on other update issues as well, visit Secunia Online Software Inspector (OSI)
  
• Download, install, and keep updated Spyware Blaster (free): http://www.javacoolsoftware.com/spywareblaster.html (all Protections should be enabled at all times)
  
• I'd recommend that you get and use MVP Mike Burgess' custom hosts file http://mvps.org/winhelp2002/hosts.htm
  See the FAQ page http://mvps.org/winhelp2002/hostsfaq.htm
  That would help to keep your browser away from known spyware/malware sites.
  
• Make regular backups of your system to removable media: DVD, USB external hard drive, etc.
  On some regular schedule, it is a good idea to do an online scan for viruses and malware. Here is a very short list of sites where this may be done:
  Kaspersky Webscan Online Virus Scanner
  ESET Online Scanner
  Panda ActiveScan
  Trend Micro Housecall
  F-Secure Online Scanner
  
• Read Tony Klein's article How Did I Get Infected In The First Place
  
• Never, ever download free games, free tools, smileys, or anything free unless you can be absolutely sure the source is safe !
  

We are finished here. Best regards.

[mattpaint]

Nice one mate.....really sorry about the mix up...i got thinking last week id taken my laptop to a local shop who said id have to wipe the hard drive..then came on here and couldnt believe how good the experts are on here. I didnt want anyone to think i was being unscrupulous and trying to make money out of your advice as imy main pc was having problems aswell so i made another log on.

Weird logic but made sense at the time. Anyway your help is much appreciated.

[Maurice Naggar]

YW. Stay safe!

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.