highjack this please

crystal9 · 15 March 2010 at 9:43PM

oops sorry ok here it is
Malwarebytes' Anti-Malware 1.44
Database version: 3760
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
15/03/2010 16:29:19
mbam-log-2010-03-15 (16-29-19).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 235409
Time elapsed: 1 hour(s), 31 minute(s), 0 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servises (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{04dfb628-514b-4e68-9076-dc1024f58a96} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{04dfb628-514b-4e68-9076-dc1024f58a96} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{04dfb628-514b-4e68-9076-dc1024f58a96} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\win32extension.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Browntoa · 15 March 2010 at 10:10PM

ok , like I thought , you need to run this

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

takes about 20 minutes to run , then produces a log file that we will need to see. Give your self time to run it. Wait for AlienRik to read the combofix log . Combofix combines several tools in one easy to use package and is continually updated by the author hence the need to download it from that site ( the author does not like other sites hosting out of date or infected copies)

It should fully remove all traces (and stop it re-installing itself like before) , worse case rik will advise you on using a small script file to remove the rest

enigma52 · 15 March 2010 at 10:22PM

Browntoa wrote: »

ok , like I thought , you need to run this

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

takes about 20 minutes to run , then produces a log file that we will need to see. Give your self time to run it. Wait for AlienRik to read the combofix log . Combofix combines several tools in one easy to use package and is continually updated by the author hence the need to download it from that site ( the author does not like other sites hosting out of date or infected copies)

It should fully remove all traces (and stop it re-installing itself like before) , worse case rik will advise you on using a small script file to remove the rest

strange telling someone to use a programme then not knowing what to do with the result, hmmmmmmmmmmmmmmm Is rik your employee?
anyway have fun, I'm off to play poker.

crystal9 · 15 March 2010 at 10:23PM

Browntoa wrote: »

ok , like I thought , you need to run this

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

takes about 20 minutes to run , then produces a log file that we will need to see. Give your self time to run it. Wait for AlienRik to read the combofix log . Combofix combines several tools in one easy to use package and is continually updated by the author hence the need to download it from that site ( the author does not like other sites hosting out of date or infected copies)

It should fully remove all traces (and stop it re-installing itself like before) , worse case rik will advise you on using a small script file to remove the rest

thanks for this alienrik helped me last time, should i send private message to him or just post log and wait?

spud17 · 15 March 2010 at 10:44PM

Also Malwarebytes needs updating, it's at least 3867.

crystal9 · 15 March 2010 at 10:53PM

spud17 wrote: »

Also Malwarebytes needs updating, it's at least 3867.

i thought i had done it earlier until just now :eek: so have now installed new version

Browntoa · 15 March 2010 at 10:55PM

crystal9 wrote: »

thanks for this alienrik helped me last time, should i send private message to him or just post log and wait?

post the log and wait

crystal9 · 15 March 2010 at 11:39PM

here's the combofix log....thanks rik

ComboFix 10-03-15.04 - tina deacon 15/03/2010 22:18:48.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.488.165 [GMT 0:00]
Running from: c:\documents and settings\tina deacon\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: PC Tools Firewall Plus *enabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
.
((((((((((((((((((((((((( Files Created from 2010-02-15 to 2010-03-15 )))))))))))))))))))))))))))))))
.
2010-03-15 20:50 . 2010-03-15 20:50

d

w- c:\program files\Codemasters
2010-03-14 12:30 . 2010-03-14 12:30

d

w- c:\program files\Common Files\PersonSecurityUninstall
2010-03-14 12:29 . 2010-03-14 13:25

d

w- c:\program files\PersonSecurity
2010-03-14 09:29 . 2010-03-14 09:29

d

w- c:\documents and settings\tina deacon\Local Settings\Application Data\Temp
2010-03-14 09:29 . 2010-03-14 09:29

d

w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-03-12 12:08 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-02-25 23:00 . 2010-02-12 10:03 293376

w- c:\windows\system32\browserchoice.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-15 20:59 . 2009-05-03 13:23

d

w- c:\program files\Malwarebytes' Anti-Malware
2010-03-15 20:59 . 2009-08-10 19:40 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-03-15 20:51 . 2007-05-01 10:06

d--h--w- c:\program files\InstallShield Installation Information
2010-03-15 20:33 . 2007-05-14 12:40

d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-03-15 20:33 . 2009-09-07 15:21 720 ----a-w- c:\documents and settings\All Users\Application Data\ArcSoft\kodak-printcreations-22-080812-oem\acforall.dll
2010-03-15 15:40 . 2008-07-04 10:42

d

w- c:\program files\Coupon Printer
2010-03-15 15:02 . 2010-01-19 20:59

d

w- c:\program files\NCH Software
2010-03-14 12:55 . 2009-02-14 09:26

d

w- c:\program files\Creative
2010-03-14 09:24 . 2007-05-01 10:02

d

w- c:\program files\Google
2010-03-10 12:33 . 2010-03-10 12:31 20887024 ----a-w- c:\documents and settings\tina deacon\Application Data\Real\Update\setup3.10\rp\RealPlayerSPGold.exe
2010-03-10 12:31 . 2010-03-10 12:31 8405312 ----a-w- c:\documents and settings\tina deacon\Application Data\Real\Update\setup3.10\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
2010-03-10 12:30 . 2010-03-10 12:30 149000 ----a-w- c:\documents and settings\tina deacon\Application Data\Real\Update\setup3.10\chr_helper\LaunchHelper.exe
2010-03-10 12:30 . 2010-03-10 12:30 10309448 ----a-w- c:\documents and settings\tina deacon\Application Data\Real\Update\setup3.10\chr\ChromeInstaller.exe
2010-03-10 12:29 . 2010-03-10 12:29 79368 ----a-w- c:\documents and settings\tina deacon\Application Data\Real\Update\setup3.10\RUP\vista.exe
2010-03-10 12:29 . 2010-03-10 12:29 64000 ----a-w- c:\documents and settings\tina deacon\Application Data\Real\Update\setup3.10\RUP\inst_config\gcapi_dll.dll
2010-03-10 12:29 . 2010-03-10 12:29 52288 ----a-w- c:\documents and settings\tina deacon\Application Data\Real\Update\setup3.10\RUP\inst_config\gtapi.dll
2010-03-10 12:29 . 2010-03-10 12:29 50688 ----a-w- c:\documents and settings\tina deacon\Application Data\Real\Update\setup3.10\RUP\inst_config\fftbapi.dll
2010-03-10 12:29 . 2010-03-10 12:29 49152 ----a-w- c:\documents and settings\tina deacon\Application Data\Real\Update\setup3.10\RUP\inst_config\CarboniteCompatibility.dll
2010-03-10 12:29 . 2010-03-10 12:29 118784 ----a-w- c:\documents and settings\tina deacon\Application Data\Real\Update\setup3.10\RUP\inst_config\compat.dll
2010-03-09 11:24 . 2010-02-04 09:19 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-03-09 11:24 . 2010-02-04 09:19 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-03-09 11:12 . 2010-02-04 09:19 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-03-09 11:12 . 2010-02-04 09:19 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-03-09 11:09 . 2010-02-04 09:19 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-03-09 11:08 . 2010-02-04 09:19 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-03-09 11:08 . 2010-02-04 09:19 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-03-09 11:08 . 2010-02-04 09:19 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-03-09 11:08 . 2010-02-04 09:19 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-03-07 11:49 . 2010-03-07 11:49 439816 ----a-w- c:\documents and settings\tina deacon\Application Data\Real\Update\setup3.10\setup.exe
2010-02-24 09:16 . 2009-10-03 08:58 181632

w- c:\windows\system32\MpSigStub.exe
2010-02-22 21:59 . 2008-11-06 22:33

d

w- c:\program files\SUPERAntiSpyware
2010-02-05 14:27 . 2010-02-05 14:27

d

w- c:\program files\Defraggler
2010-02-04 09:19 . 2010-02-04 09:19

d

w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-02-04 09:19 . 2008-11-25 22:30

d

w- c:\program files\Alwil Software
2010-02-04 09:03 . 2008-11-26 12:15

d

w- c:\program files\Spybot - Search & Destroy
2010-02-03 14:11 . 2010-02-03 14:11

d

w- c:\documents and settings\tina deacon\Application Data\GlarySoft
2010-02-03 10:03 . 2008-11-26 12:15

d

w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-02-02 15:53 . 2008-11-08 10:53 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-02-01 19:02 . 2010-02-01 19:02

d

w- c:\documents and settings\tina deacon\Application Data\ieSpell
2010-01-31 10:18 . 2010-01-31 10:18

d

w- c:\program files\Avanquest update
2010-01-30 22:05 . 2010-01-21 13:23

d

w- c:\documents and settings\tina deacon\Application Data\Orbit
2010-01-28 10:31 . 2010-01-28 10:31 348160 ----a-w- c:\documents and settings\tina deacon\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-627ee399-n\msvcr71.dll
2010-01-28 10:31 . 2010-01-28 10:31 503808 ----a-w- c:\documents and settings\tina deacon\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-627ee399-n\msvcp71.dll
2010-01-28 10:31 . 2010-01-28 10:31 499712 ----a-w- c:\documents and settings\tina deacon\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-627ee399-n\jmc.dll
2010-01-28 10:31 . 2010-01-28 10:31 61440 ----a-w- c:\documents and settings\tina deacon\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-407b58ff-n\decora-sse.dll
2010-01-28 10:31 . 2010-01-28 10:31 12800 ----a-w- c:\documents and settings\tina deacon\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-407b58ff-n\decora-d3d.dll
2010-01-27 09:27 . 2005-04-25 23:48

d

w- c:\program files\Common Files\Java
2010-01-27 09:26 . 2005-04-25 23:48

d

w- c:\program files\Java
2010-01-24 12:45 . 2010-01-23 22:48

d

w- c:\program files\Microsoft Silverlight
2010-01-23 22:50 . 2007-05-01 14:52 57096 ----a-w- c:\documents and settings\tina deacon\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-23 22:47 . 2008-04-14 19:59

d

w- c:\program files\Windows Live
2010-01-23 22:44 . 2010-01-23 22:44

d

w- c:\program files\Microsoft SQL Server Compact Edition
2010-01-23 22:38 . 2010-01-23 22:38

d

w- c:\program files\Microsoft
2010-01-23 22:38 . 2010-01-23 22:38

d

w- c:\program files\Windows Live SkyDrive
2010-01-23 22:27 . 2010-01-23 22:27

d

w- c:\program files\Common Files\Windows Live
2010-01-21 13:23 . 2010-01-21 13:23

d

w- c:\documents and settings\tina deacon\Application Data\GrabPro
2010-01-19 21:00 . 2010-01-19 21:00

d

w- c:\documents and settings\All Users\Application Data\NCH Software
2010-01-18 21:01 . 2008-06-04 10:19

d

w- c:\program files\Common Files\Adobe
2010-01-17 21:33 . 2010-01-17 21:32

d

w- c:\program files\Common Files\Real
2010-01-17 21:33 . 2010-01-17 21:33

d

w- c:\program files\Common Files\xing shared
2010-01-17 21:32 . 2010-01-17 21:32

d

w- c:\program files\Real
2010-01-07 16:07 . 2009-05-03 13:23 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 16:07 . 2009-05-03 13:23 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-31 16:50 . 2007-05-01 16:34 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-22 15:05 . 2009-12-22 15:05 52224 ----a-w- c:\documents and settings\tina deacon\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2009-12-22 15:05 . 2009-05-05 08:44 117760 ----a-w- c:\documents and settings\tina deacon\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-21 19:14 . 2007-05-01 16:34 916480

w- c:\windows\system32\wininet.dll
2009-12-17 17:14 . 2008-11-03 22:40 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-16 18:43 . 2007-05-01 16:33 343040 ----a-w- c:\windows\system32\mspaint.exe
2010-03-03 20:46 . 2010-03-03 20:46 151392 ----a-w- c:\program files\mozilla firefox\components\FFConnectorLauncher.dll
2010-03-03 20:46 . 2010-03-03 20:46 297312 ----a-w- c:\program files\mozilla firefox\components\FFSource.dll
2006-06-15 20:33 . 2009-02-14 09:33 233472 ----a-w- c:\program files\mozilla firefox\plugins\CrazyTalk4Native.dll
2006-05-25 18:43 . 2009-02-14 09:33 204895 ----a-w- c:\program files\mozilla firefox\plugins\ctdomemhelper.dll
2005-09-29 14:41 . 2009-02-14 09:33 77824 ----a-w- c:\program files\mozilla firefox\plugins\ctframeplayerobject.dll
2006-06-19 13:10 . 2009-02-14 09:33 426081 ----a-w- c:\program files\mozilla firefox\plugins\ctplayerobject.dll
2005-02-02 12:19 . 2009-02-14 09:32 458752 ----a-w- c:\program files\mozilla firefox\plugins\imagickrt.dll
2006-04-10 18:35 . 2009-02-14 09:33 139264 ----a-w- c:\program files\mozilla firefox\plugins\rlcontentclass.dll
2005-11-09 11:10 . 2009-02-14 09:32 204800 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicPacker.dll
2005-11-09 11:42 . 2009-02-14 09:32 106496 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicUnpacker.dll
2006-01-04 11:22 . 2009-02-14 09:32 212992 ----a-w- c:\program files\mozilla firefox\plugins\RLVoicePacker.dll
2006-01-04 11:21 . 2009-02-14 09:32 167936 ----a-w- c:\program files\mozilla firefox\plugins\RLVoiceUnpacker.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-03-07 160328]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-05 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2009-02-24 2652056]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 53248]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-25 114688]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-22 14854144]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-03-09 2769336]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Install Pending Files.LNK]
backup=c:\windows\pss\Install Pending Files.LNKCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 15:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 01:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2009-10-10 12:32 203264 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
2005-05-03 13:02 543232 ----a-w- c:\windows\zHotkey.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Live! Cam Manager]
2007-06-07 14:01 155648

w- c:\program files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360

w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-01-31 23:13 385024 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
2005-03-15 17:04 966656 ----a-w- c:\windows\creator\remind_xp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 19:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM]
2004-11-15 14:04 135168 ----a-w- c:\program files\Digital Media Reader\shwiconEM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-01-17 21:32 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [04/02/2010 09:19 162640]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [29/01/2009 20:19 159600]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [28/04/2009 10:33 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [28/04/2009 10:33 66632]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [04/02/2010 09:19 19024]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [29/01/2009 20:19 73840]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [29/01/2009 20:18 95640]
S2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [04/04/2009 13:03 266240]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [14/03/2010 09:24 135664]
S3 iadusb;MT882;c:\windows\system32\DRIVERS\glauiad.sys --> c:\windows\system32\DRIVERS\glauiad.sys [?]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [10/08/2009 00:14 86696]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [10/08/2009 00:15 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [10/08/2009 00:15 114472]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [10/08/2009 00:17 108328]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [10/08/2009 12:37 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [10/08/2009 00:15 104616]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [10/08/2009 12:35 109736]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [28/04/2009 10:33 12872]
.
Contents of the 'Scheduled Tasks' folder
2010-03-15 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-05 18:31]
2010-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-14 09:24]
2010-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-14 09:24]
2010-03-15 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
.

Supplementary Scan

.
uStart Page = hxxp://forums.moneysavingexpert.com/forumdisplay.html?f=37
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: Customize Menu - [URL]file://c:\program[/URL] files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - [URL]file://c:\program[/URL] files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Lookup on Merriam Webster - [URL]file://c:\program[/URL] files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - [URL]file://c:\program[/URL] files\ieSpell\wikipedia.HTM
IE: RoboForm Toolbar - [URL]file://c:\program[/URL] files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - [URL]file://c:\program[/URL] files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
FF - ProfilePath - c:\documents and settings\tina deacon\Application Data\Mozilla\Firefox\Profiles\i1mfh43p.default\
FF - prefs.js: browser.startup.homepage - www.sky.com
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1698.5652\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npRLCT4Player.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-Sony Ericsson PC Suite - c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-15 22:27
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.

DLLs Loaded Under Running Processes

- - - - - - - > 'explorer.exe'(14992)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-03-15 22:34:59
ComboFix-quarantined-files.txt 2010-03-15 22:34
ComboFix2.txt 2010-02-01 18:31
ComboFix3.txt 2009-05-04 14:18
Pre-Run: 178,340,847,616 bytes free
Post-Run: 178,407,919,616 bytes free
- - End Of File - - 2A4AD5060134D46603EE0AC4E59DC5AA

aliEnRIK · 16 March 2010 at 3:59AM

enigma52 wrote: »

strange telling someone to use a programme then not knowing what to do with the result, hmmmmmmmmmmmmmmm Is rik your employee?
anyway have fun, I'm off to play poker.

Hope you dont lose any money............

aliEnRIK · 16 March 2010 at 4:07AM

Have you deleted a malwarebytes log? The one that found everything is quite a bit out of date ~
Malwarebytes' Anti-Malware 1.44
Database version: 3760
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
15/03/2010 16:29:19
mbam-log-2010-03-15 (16-29-19).txt

were currently on 3872 ~ have you definitely run an up to date scan?

anyways..............
Open malwarebytes
Goto MORE TOOLS
then RUN TOOL

find and kill both these files using the malwarebytes tool ~
c:\documents and settings\tina deacon\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad3 91-407b58ff-n\decora-d3d.dll
c:\documents and settings\tina deacon\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad3 91-407b58ff-n\decora-sse.dll

highjack this please

Comments

Confirm your email address to Create Threads and Reply

🚀 Getting Started

Categories

Is this how you want to be seen?

Get our FREE Weekly email full of deals & guides - and it’s spam-free