Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Win32/Patched.gb - Random redirecting in all browsers

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Win32/Patched.gb - Random redirecting in all browsers

Unread postby MickeyKnox » January 21st, 2011, 11:30 am

Hey - here comes the log from the antivir-scan:




Avira AntiVir Personal
Report file date: den 21 januari 2011 15:23

Scanning for 2411098 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : LILLSKIT

Version information:
BUILD.DAT : 10.0.0.609 31824 Bytes 2010-12-13 09:43:00
AVSCAN.EXE : 10.0.3.5 435368 Bytes 2010-12-13 07:39:56
AVSCAN.DLL : 10.0.3.0 46440 Bytes 2010-04-01 11:57:04
LUKE.DLL : 10.0.3.2 104296 Bytes 2010-12-13 07:40:06
LUKERES.DLL : 10.0.0.1 12648 Bytes 2010-02-10 22:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 2009-11-06 08:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 2010-12-14 22:53:32
VBASE002.VDF : 7.11.0.1 2048 Bytes 2010-12-14 22:53:32
VBASE003.VDF : 7.11.0.2 2048 Bytes 2010-12-14 22:53:32
VBASE004.VDF : 7.11.0.3 2048 Bytes 2010-12-14 22:53:32
VBASE005.VDF : 7.11.0.4 2048 Bytes 2010-12-14 22:53:32
VBASE006.VDF : 7.11.0.5 2048 Bytes 2010-12-14 22:53:32
VBASE007.VDF : 7.11.0.6 2048 Bytes 2010-12-14 22:53:32
VBASE008.VDF : 7.11.0.7 2048 Bytes 2010-12-14 22:53:32
VBASE009.VDF : 7.11.0.8 2048 Bytes 2010-12-14 22:53:33
VBASE010.VDF : 7.11.0.9 2048 Bytes 2010-12-14 22:53:33
VBASE011.VDF : 7.11.0.10 2048 Bytes 2010-12-14 22:53:33
VBASE012.VDF : 7.11.0.11 2048 Bytes 2010-12-14 22:53:33
VBASE013.VDF : 7.11.0.52 128000 Bytes 2010-12-16 22:53:34
VBASE014.VDF : 7.11.0.91 226816 Bytes 2010-12-20 22:53:35
VBASE015.VDF : 7.11.0.122 136192 Bytes 2010-12-21 22:53:35
VBASE016.VDF : 7.11.0.156 122880 Bytes 2010-12-24 22:53:36
VBASE017.VDF : 7.11.0.185 146944 Bytes 2010-12-27 22:53:37
VBASE018.VDF : 7.11.0.228 132608 Bytes 2010-12-30 22:53:37
VBASE019.VDF : 7.11.1.5 148480 Bytes 2011-01-03 22:53:38
VBASE020.VDF : 7.11.1.37 156672 Bytes 2011-01-07 22:53:39
VBASE021.VDF : 7.11.1.65 140800 Bytes 2011-01-10 22:53:40
VBASE022.VDF : 7.11.1.87 225280 Bytes 2011-01-11 22:53:41
VBASE023.VDF : 7.11.1.124 125440 Bytes 2011-01-14 22:53:41
VBASE024.VDF : 7.11.1.155 132096 Bytes 2011-01-17 22:53:42
VBASE025.VDF : 7.11.1.189 451072 Bytes 2011-01-20 22:53:44
VBASE026.VDF : 7.11.1.190 2048 Bytes 2011-01-20 22:53:44
VBASE027.VDF : 7.11.1.191 2048 Bytes 2011-01-20 22:53:44
VBASE028.VDF : 7.11.1.192 2048 Bytes 2011-01-20 22:53:44
VBASE029.VDF : 7.11.1.193 2048 Bytes 2011-01-20 22:53:45
VBASE030.VDF : 7.11.1.194 2048 Bytes 2011-01-20 22:53:45
VBASE031.VDF : 7.11.1.201 19968 Bytes 2011-01-20 22:53:45
Engineversion : 8.2.4.150
AEVDF.DLL : 8.1.2.1 106868 Bytes 2010-12-13 07:39:51
AESCRIPT.DLL : 8.1.3.52 1282426 Bytes 2011-01-20 22:53:58
AESCN.DLL : 8.1.7.2 127349 Bytes 2010-12-13 07:39:50
AESBX.DLL : 8.1.3.2 254324 Bytes 2010-12-13 07:39:50
AERDL.DLL : 8.1.9.2 635252 Bytes 2010-12-13 07:39:50
AEPACK.DLL : 8.2.4.8 512374 Bytes 2011-01-20 22:53:56
AEOFFICE.DLL : 8.1.1.15 205178 Bytes 2011-01-20 22:53:54
AEHEUR.DLL : 8.1.2.68 3178870 Bytes 2011-01-20 22:53:54
AEHELP.DLL : 8.1.16.0 246136 Bytes 2010-12-13 07:39:42
AEGEN.DLL : 8.1.5.2 397683 Bytes 2011-01-20 22:53:47
AEEMU.DLL : 8.1.3.0 393589 Bytes 2010-12-13 07:39:42
AECORE.DLL : 8.1.19.2 196983 Bytes 2011-01-20 22:53:46
AEBB.DLL : 8.1.1.0 53618 Bytes 2010-12-13 07:39:41
AVWINLL.DLL : 10.0.0.0 19304 Bytes 2010-12-13 07:39:56
AVPREF.DLL : 10.0.0.0 44904 Bytes 2010-12-13 07:39:54
AVREP.DLL : 10.0.0.8 62209 Bytes 2010-06-17 13:27:13
AVREG.DLL : 10.0.3.2 53096 Bytes 2010-12-13 07:39:54
AVSCPLR.DLL : 10.0.3.2 84328 Bytes 2010-12-13 07:39:56
AVARKT.DLL : 10.0.22.6 231784 Bytes 2010-12-13 07:39:52
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 2010-12-13 07:39:53
SQLITE3.DLL : 3.6.19.0 355688 Bytes 2010-06-17 13:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 2010-12-13 07:39:56
NETNT.DLL : 10.0.0.0 11624 Bytes 2010-06-17 13:27:21
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 2010-01-28 12:10:20
RCTEXT.DLL : 10.0.58.0 97128 Bytes 2010-12-13 07:40:20

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: den 21 januari 2011 15:23

Starting search for hidden objects.
c:\program\personal\bin\personal.exe
c:\program\personal\bin\personal.exe
[NOTE] The process is not visible.

The scan of running processes will be started
Scan process 'rsmsink.exe' - '28' Module(s) have been scanned
Scan process 'msdtc.exe' - '40' Module(s) have been scanned
Scan process 'dllhost.exe' - '59' Module(s) have been scanned
Scan process 'dllhost.exe' - '45' Module(s) have been scanned
Scan process 'vssvc.exe' - '48' Module(s) have been scanned
Scan process 'avscan.exe' - '66' Module(s) have been scanned
Scan process 'avcenter.exe' - '62' Module(s) have been scanned
Scan process 'chrome.exe' - '37' Module(s) have been scanned
Scan process 'chrome.exe' - '61' Module(s) have been scanned
Scan process 'tosBtProc.exe' - '26' Module(s) have been scanned
Scan process 'tosOBEX.exe' - '41' Module(s) have been scanned
Scan process 'TosAVRC.exe' - '31' Module(s) have been scanned
Scan process 'TosBtHsp.exe' - '32' Module(s) have been scanned
Scan process 'TosHdpProc.exe' - '29' Module(s) have been scanned
Scan process 'TosBtHid.exe' - '18' Module(s) have been scanned
Scan process 'TosA2dp.exe' - '31' Module(s) have been scanned
Scan process 'svchost.exe' - '34' Module(s) have been scanned
Scan process 'TosBtMng.exe' - '50' Module(s) have been scanned
Scan process 'Personal.exe' - '35' Module(s) have been scanned
Scan process 'ctfmon.exe' - '25' Module(s) have been scanned
Scan process 'avgnt.exe' - '49' Module(s) have been scanned
Scan process 'Explorer.EXE' - '96' Module(s) have been scanned
Scan process 'alg.exe' - '33' Module(s) have been scanned
Scan process 'avshadow.exe' - '26' Module(s) have been scanned
Scan process 'TosBtSrv.exe' - '23' Module(s) have been scanned
Scan process 'TestHandler.exe' - '33' Module(s) have been scanned
Scan process 'svchost.exe' - '42' Module(s) have been scanned
Scan process 'FsUsbExService.Exe' - '21' Module(s) have been scanned
Scan process 'avguard.exe' - '54' Module(s) have been scanned
Scan process 'svchost.exe' - '34' Module(s) have been scanned
Scan process 'sched.exe' - '45' Module(s) have been scanned
Scan process 'spoolsv.exe' - '64' Module(s) have been scanned
Scan process 'svchost.exe' - '40' Module(s) have been scanned
Scan process 'svchost.exe' - '32' Module(s) have been scanned
Scan process 'svchost.exe' - '165' Module(s) have been scanned
Scan process 'svchost.exe' - '39' Module(s) have been scanned
Scan process 'svchost.exe' - '51' Module(s) have been scanned
Scan process 'lsass.exe' - '58' Module(s) have been scanned
Scan process 'services.exe' - '27' Module(s) have been scanned
Scan process 'winlogon.exe' - '66' Module(s) have been scanned
Scan process 'csrss.exe' - '12' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
C:\WINDOWS\system32\NT.DLL
[DETECTION] Is the TR/Hijacker.Gen Trojan

The registry was scanned ( '373' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\Documents and Settings\Magnus o Annelie\Application Data\Sun\Java\Deployment\cache\6.0\0\6a208e80-4cc441ed
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/Agent.HN Java virus
--> bpac/a.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.HN Java virus
C:\Documents and Settings\Magnus o Annelie\Application Data\Sun\Java\Deployment\cache\6.0\28\1f2a9e1c-4ecb5be2
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/Agent.HW Java virus
--> g6k1.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.HW Java virus
--> y6u7.class
[DETECTION] Contains recognition pattern of the EXP/CVE-2010-0094.AQ exploit
--> g5z6.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.HV Java virus
--> h6l4.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.HY Java virus
C:\Documents and Settings\Magnus o Annelie\Application Data\Sun\Java\Deployment\cache\6.0\41\5cdaf2a9-69b32189
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/OpenConnect.CF Java virus
--> bpac/a.class
[DETECTION] Contains recognition pattern of the JAVA/OpenConnect.CF Java virus
C:\Documents and Settings\Magnus o Annelie\Application Data\Sun\Java\Deployment\cache\6.0\53\7fa50935-5b13c3f1
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/LoadClass.A Java virus
--> vload.class
[DETECTION] Contains recognition pattern of the JAVA/LoadClass.A Java virus
--> vmain.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.DU Java virus
C:\Documents and Settings\Magnus o Annelie\Application Data\Sun\Java\Deployment\cache\6.0\54\652b7ab6-46bcc534
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/Agent.abj Java virus
--> g_h__an5.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.abj Java virus
--> PNYGT7O.class
[DETECTION] Contains recognition pattern of the JAVA/Remote.B Java virus
--> T___n_UB_Nc.class
[DETECTION] Contains recognition pattern of the JAVA/Rowindal.A Java virus
C:\Documents and Settings\Magnus o Annelie\Application Data\Sun\Java\Deployment\cache\6.0\56\21bbb478-4c7c30b8
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the EXP/Java.2009-3867 exploit
--> vmain.class
[DETECTION] Contains recognition pattern of the EXP/Java.2009-3867 exploit
C:\Documents and Settings\Magnus o Annelie\Application Data\Sun\Java\Deployment\cache\6.0\58\7dcf887a-35740ad2
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/OpenConnect.CF Java virus
--> bpac/a.class
[DETECTION] Contains recognition pattern of the JAVA/OpenConnect.CF Java virus
C:\Documents and Settings\Magnus o Annelie\Lokala inställningar\Temp\Av-test.txt
[DETECTION] Contains code of the Eicar-Test-Signature virus
C:\Documents and Settings\Magnus o Annelie\Skrivbord\Blandat skräp\Super.Meat.Boy.v1.0u2-THETA.rar
[0] Archive type: RAR
[DETECTION] Is the TR/Dropper.Gen Trojan
--> Super Meat Boy.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\Documents and Settings\Magnus o Annelie\Skrivbord\Super.Meat.Boy.v1.0u2-THETA\Super Meat Boy.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\System Volume Information\_restore{3B3E9BB8-9C38-4941-B3CB-7726AAAD7DAE}\RP1\A0000001.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\System Volume Information\_restore{3B3E9BB8-9C38-4941-B3CB-7726AAAD7DAE}\RP1\A0000012.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
--> Object
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\System Volume Information\_restore{3B3E9BB8-9C38-4941-B3CB-7726AAAD7DAE}\RP1\A0000032.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\System Volume Information\_restore{3B3E9BB8-9C38-4941-B3CB-7726AAAD7DAE}\RP1\A0000033.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\System Volume Information\_restore{3B3E9BB8-9C38-4941-B3CB-7726AAAD7DAE}\RP1\A0000144.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{3B3E9BB8-9C38-4941-B3CB-7726AAAD7DAE}\RP1\A0000145.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{3B3E9BB8-9C38-4941-B3CB-7726AAAD7DAE}\RP4\A0000184.exe
[DETECTION] Is the TR/Patched.Gen Trojan
C:\System Volume Information\_restore{3B3E9BB8-9C38-4941-B3CB-7726AAAD7DAE}\RP4\A0000185.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\System Volume Information\_restore{3B3E9BB8-9C38-4941-B3CB-7726AAAD7DAE}\RP4\A0000186.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
--> Object
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\System Volume Information\_restore{3B3E9BB8-9C38-4941-B3CB-7726AAAD7DAE}\RP4\A0000187.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\System Volume Information\_restore{3B3E9BB8-9C38-4941-B3CB-7726AAAD7DAE}\RP7\A0001474.exe
[DETECTION] Is the TR/Patched.Gen Trojan
C:\System Volume Information\_restore{3B3E9BB8-9C38-4941-B3CB-7726AAAD7DAE}\RP7\A0001476.exe
[DETECTION] Is the TR/Patched.Gen Trojan
C:\WINDOWS\SoftwareDistribution\Download\2b99763e06357f96f663f7b25ddb9f5f\BIT9.tmp
[0] Archive type: CAB (Microsoft)
--> _sfx_0007._p
[WARNING] The file could not be written!
C:\WINDOWS\system32\nt.dll
[DETECTION] Is the TR/Hijacker.Gen Trojan
C:\WINDOWS\system32\dllcache\winlogon.exe
[DETECTION] Is the TR/Patched.Gen Trojan

Beginning disinfection:
C:\WINDOWS\system32\dllcache\winlogon.exe
[DETECTION] Is the TR/Patched.Gen Trojan
[WARNING] The file was ignored!
C:\System Volume Information\_restore{3B3E9BB8-9C38-4941-B3CB-7726AAAD7DAE}\RP7\A0001476.exe
[DETECTION] Is the TR/Patched.Gen Trojan
[WARNING] The file was ignored!
C:\System Volume Information\_restore{3B3E9BB8-9C38-4941-B3CB-7726AAAD7DAE}\RP7\A0001474.exe
[DETECTION] Is the TR/Patched.Gen Trojan
[WARNING] The file was ignored!
C:\System Volume Information\_restore{3B3E9BB8-9C38-4941-B3CB-7726AAAD7DAE}\RP4\A0000187.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[WARNING] The file was ignored!
C:\System Volume Information\_restore{3B3E9BB8-9C38-4941-B3CB-7726AAAD7DAE}\RP4\A0000186.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[WARNING] The file was ignored!
C:\System Volume Information\_restore{3B3E9BB8-9C38-4941-B3CB-7726AAAD7DAE}\RP4\A0000185.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[WARNING] The file was ignored!
C:\System Volume Information\_restore{3B3E9BB8-9C38-4941-B3CB-7726AAAD7DAE}\RP4\A0000184.exe
[DETECTION] Is the TR/Patched.Gen Trojan
[WARNING] The file was ignored!
C:\System Volume Information\_restore{3B3E9BB8-9C38-4941-B3CB-7726AAAD7DAE}\RP1\A0000145.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[WARNING] The file was ignored!
C:\System Volume Information\_restore{3B3E9BB8-9C38-4941-B3CB-7726AAAD7DAE}\RP1\A0000144.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[WARNING] The file was ignored!
C:\System Volume Information\_restore{3B3E9BB8-9C38-4941-B3CB-7726AAAD7DAE}\RP1\A0000033.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[WARNING] The file was ignored!
C:\System Volume Information\_restore{3B3E9BB8-9C38-4941-B3CB-7726AAAD7DAE}\RP1\A0000032.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[WARNING] The file was ignored!
C:\System Volume Information\_restore{3B3E9BB8-9C38-4941-B3CB-7726AAAD7DAE}\RP1\A0000012.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[WARNING] The file was ignored!
C:\System Volume Information\_restore{3B3E9BB8-9C38-4941-B3CB-7726AAAD7DAE}\RP1\A0000001.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[WARNING] The file was ignored!
C:\Documents and Settings\Magnus o Annelie\Skrivbord\Super.Meat.Boy.v1.0u2-THETA\Super Meat Boy.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[WARNING] The file was ignored!
C:\Documents and Settings\Magnus o Annelie\Skrivbord\Blandat skräp\Super.Meat.Boy.v1.0u2-THETA.rar
[DETECTION] Is the TR/Dropper.Gen Trojan
[WARNING] The file was ignored!
C:\Documents and Settings\Magnus o Annelie\Lokala inställningar\Temp\Av-test.txt
[DETECTION] Contains code of the Eicar-Test-Signature virus
[WARNING] The file was ignored!
C:\Documents and Settings\Magnus o Annelie\Application Data\Sun\Java\Deployment\cache\6.0\58\7dcf887a-35740ad2
[DETECTION] Contains recognition pattern of the JAVA/OpenConnect.CF Java virus
[WARNING] The file was ignored!
C:\Documents and Settings\Magnus o Annelie\Application Data\Sun\Java\Deployment\cache\6.0\56\21bbb478-4c7c30b8
[DETECTION] Contains recognition pattern of the EXP/Java.2009-3867 exploit
[WARNING] The file was ignored!
C:\Documents and Settings\Magnus o Annelie\Application Data\Sun\Java\Deployment\cache\6.0\54\652b7ab6-46bcc534
[DETECTION] Contains recognition pattern of the JAVA/Rowindal.A Java virus
[WARNING] The file was ignored!
C:\Documents and Settings\Magnus o Annelie\Application Data\Sun\Java\Deployment\cache\6.0\53\7fa50935-5b13c3f1
[DETECTION] Contains recognition pattern of the JAVA/Agent.DU Java virus
[WARNING] The file was ignored!
C:\Documents and Settings\Magnus o Annelie\Application Data\Sun\Java\Deployment\cache\6.0\41\5cdaf2a9-69b32189
[DETECTION] Contains recognition pattern of the JAVA/OpenConnect.CF Java virus
[WARNING] The file was ignored!
C:\Documents and Settings\Magnus o Annelie\Application Data\Sun\Java\Deployment\cache\6.0\28\1f2a9e1c-4ecb5be2
[DETECTION] Contains recognition pattern of the JAVA/Agent.HY Java virus
[WARNING] The file was ignored!
C:\Documents and Settings\Magnus o Annelie\Application Data\Sun\Java\Deployment\cache\6.0\0\6a208e80-4cc441ed
[DETECTION] Contains recognition pattern of the JAVA/Agent.HN Java virus
[WARNING] The file was ignored!
C:\WINDOWS\system32\NT.DLL
[DETECTION] Is the TR/Hijacker.Gen Trojan
[WARNING] The file was ignored!


End of the scan: den 21 januari 2011 16:29
Used time: 52:37 Minute(s)

The scan has been done completely.

5568 Scanned directories
211735 Files were scanned
31 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
211704 Files not concerned
5673 Archives were scanned
25 Warnings
0 Notes
236317 Objects were scanned with rootkit scan
1 Hidden objects were found
MickeyKnox
Active Member
 
Posts: 14
Joined: January 20th, 2011, 1:13 pm
Advertisement
Register to Remove

Re: Win32/Patched.gb - Random redirecting in all browsers

Unread postby deltalima » January 21st, 2011, 2:53 pm

Hi MickeyKnox,

Now run another scan with Antivir and remove any infections found then save a copy of the log.

reboot the computer and then post the log in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Win32/Patched.gb - Random redirecting in all browsers

Unread postby MickeyKnox » January 21st, 2011, 4:09 pm

My stupid ass accidentallt deleted the log-file after reboot - but I found a copy of it in the antivir-directory :D

Following:



Avira AntiVir Personal
Report file date: den 21 januari 2011 20:09

Scanning for 2411098 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : LILLSKIT

Version information:
BUILD.DAT : 10.0.0.609 31824 Bytes 2010-12-13 09:43:00
AVSCAN.EXE : 10.0.3.5 435368 Bytes 2010-12-13 07:39:56
AVSCAN.DLL : 10.0.3.0 46440 Bytes 2010-04-01 11:57:04
LUKE.DLL : 10.0.3.2 104296 Bytes 2010-12-13 07:40:06
LUKERES.DLL : 10.0.0.1 12648 Bytes 2010-02-10 22:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 2009-11-06 08:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 2010-12-14 22:53:32
VBASE002.VDF : 7.11.0.1 2048 Bytes 2010-12-14 22:53:32
VBASE003.VDF : 7.11.0.2 2048 Bytes 2010-12-14 22:53:32
VBASE004.VDF : 7.11.0.3 2048 Bytes 2010-12-14 22:53:32
VBASE005.VDF : 7.11.0.4 2048 Bytes 2010-12-14 22:53:32
VBASE006.VDF : 7.11.0.5 2048 Bytes 2010-12-14 22:53:32
VBASE007.VDF : 7.11.0.6 2048 Bytes 2010-12-14 22:53:32
VBASE008.VDF : 7.11.0.7 2048 Bytes 2010-12-14 22:53:32
VBASE009.VDF : 7.11.0.8 2048 Bytes 2010-12-14 22:53:33
VBASE010.VDF : 7.11.0.9 2048 Bytes 2010-12-14 22:53:33
VBASE011.VDF : 7.11.0.10 2048 Bytes 2010-12-14 22:53:33
VBASE012.VDF : 7.11.0.11 2048 Bytes 2010-12-14 22:53:33
VBASE013.VDF : 7.11.0.52 128000 Bytes 2010-12-16 22:53:34
VBASE014.VDF : 7.11.0.91 226816 Bytes 2010-12-20 22:53:35
VBASE015.VDF : 7.11.0.122 136192 Bytes 2010-12-21 22:53:35
VBASE016.VDF : 7.11.0.156 122880 Bytes 2010-12-24 22:53:36
VBASE017.VDF : 7.11.0.185 146944 Bytes 2010-12-27 22:53:37
VBASE018.VDF : 7.11.0.228 132608 Bytes 2010-12-30 22:53:37
VBASE019.VDF : 7.11.1.5 148480 Bytes 2011-01-03 22:53:38
VBASE020.VDF : 7.11.1.37 156672 Bytes 2011-01-07 22:53:39
VBASE021.VDF : 7.11.1.65 140800 Bytes 2011-01-10 22:53:40
VBASE022.VDF : 7.11.1.87 225280 Bytes 2011-01-11 22:53:41
VBASE023.VDF : 7.11.1.124 125440 Bytes 2011-01-14 22:53:41
VBASE024.VDF : 7.11.1.155 132096 Bytes 2011-01-17 22:53:42
VBASE025.VDF : 7.11.1.189 451072 Bytes 2011-01-20 22:53:44
VBASE026.VDF : 7.11.1.190 2048 Bytes 2011-01-20 22:53:44
VBASE027.VDF : 7.11.1.191 2048 Bytes 2011-01-20 22:53:44
VBASE028.VDF : 7.11.1.192 2048 Bytes 2011-01-20 22:53:44
VBASE029.VDF : 7.11.1.193 2048 Bytes 2011-01-20 22:53:45
VBASE030.VDF : 7.11.1.194 2048 Bytes 2011-01-20 22:53:45
VBASE031.VDF : 7.11.1.201 19968 Bytes 2011-01-20 22:53:45
Engineversion : 8.2.4.150
AEVDF.DLL : 8.1.2.1 106868 Bytes 2010-12-13 07:39:51
AESCRIPT.DLL : 8.1.3.52 1282426 Bytes 2011-01-20 22:53:58
AESCN.DLL : 8.1.7.2 127349 Bytes 2010-12-13 07:39:50
AESBX.DLL : 8.1.3.2 254324 Bytes 2010-12-13 07:39:50
AERDL.DLL : 8.1.9.2 635252 Bytes 2010-12-13 07:39:50
AEPACK.DLL : 8.2.4.8 512374 Bytes 2011-01-20 22:53:56
AEOFFICE.DLL : 8.1.1.15 205178 Bytes 2011-01-20 22:53:54
AEHEUR.DLL : 8.1.2.68 3178870 Bytes 2011-01-20 22:53:54
AEHELP.DLL : 8.1.16.0 246136 Bytes 2010-12-13 07:39:42
AEGEN.DLL : 8.1.5.2 397683 Bytes 2011-01-20 22:53:47
AEEMU.DLL : 8.1.3.0 393589 Bytes 2010-12-13 07:39:42
AECORE.DLL : 8.1.19.2 196983 Bytes 2011-01-20 22:53:46
AEBB.DLL : 8.1.1.0 53618 Bytes 2010-12-13 07:39:41
AVWINLL.DLL : 10.0.0.0 19304 Bytes 2010-12-13 07:39:56
AVPREF.DLL : 10.0.0.0 44904 Bytes 2010-12-13 07:39:54
AVREP.DLL : 10.0.0.8 62209 Bytes 2010-06-17 13:27:13
AVREG.DLL : 10.0.3.2 53096 Bytes 2010-12-13 07:39:54
AVSCPLR.DLL : 10.0.3.2 84328 Bytes 2010-12-13 07:39:56
AVARKT.DLL : 10.0.22.6 231784 Bytes 2010-12-13 07:39:52
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 2010-12-13 07:39:53
SQLITE3.DLL : 3.6.19.0 355688 Bytes 2010-06-17 13:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 2010-12-13 07:39:56
NETNT.DLL : 10.0.0.0 11624 Bytes 2010-06-17 13:27:21
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 2010-01-28 12:10:20
RCTEXT.DLL : 10.0.58.0 97128 Bytes 2010-12-13 07:40:20

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: den 21 januari 2011 20:09

Starting search for hidden objects.
c:\program\personal\bin\personal.exe
c:\program\personal\bin\personal.exe
[NOTE] The process is not visible.

The scan of running processes will be started
Scan process 'rsmsink.exe' - '28' Module(s) have been scanned
Scan process 'dllhost.exe' - '45' Module(s) have been scanned
Scan process 'vssvc.exe' - '48' Module(s) have been scanned
Scan process 'avscan.exe' - '66' Module(s) have been scanned
Scan process 'avcenter.exe' - '62' Module(s) have been scanned
Scan process 'msdtc.exe' - '40' Module(s) have been scanned
Scan process 'dllhost.exe' - '59' Module(s) have been scanned
Scan process 'tosBtProc.exe' - '26' Module(s) have been scanned
Scan process 'tosOBEX.exe' - '41' Module(s) have been scanned
Scan process 'TosAVRC.exe' - '31' Module(s) have been scanned
Scan process 'TosBtHsp.exe' - '32' Module(s) have been scanned
Scan process 'TosHdpProc.exe' - '29' Module(s) have been scanned
Scan process 'TosBtHid.exe' - '18' Module(s) have been scanned
Scan process 'TosA2dp.exe' - '31' Module(s) have been scanned
Scan process 'svchost.exe' - '34' Module(s) have been scanned
Scan process 'TosBtMng.exe' - '50' Module(s) have been scanned
Scan process 'Personal.exe' - '35' Module(s) have been scanned
Scan process 'ctfmon.exe' - '25' Module(s) have been scanned
Scan process 'avgnt.exe' - '49' Module(s) have been scanned
Scan process 'Explorer.EXE' - '96' Module(s) have been scanned
Scan process 'alg.exe' - '33' Module(s) have been scanned
Scan process 'avshadow.exe' - '26' Module(s) have been scanned
Scan process 'TosBtSrv.exe' - '23' Module(s) have been scanned
Scan process 'TestHandler.exe' - '33' Module(s) have been scanned
Scan process 'svchost.exe' - '42' Module(s) have been scanned
Scan process 'FsUsbExService.Exe' - '21' Module(s) have been scanned
Scan process 'avguard.exe' - '54' Module(s) have been scanned
Scan process 'svchost.exe' - '34' Module(s) have been scanned
Scan process 'sched.exe' - '45' Module(s) have been scanned
Scan process 'spoolsv.exe' - '64' Module(s) have been scanned
Scan process 'svchost.exe' - '40' Module(s) have been scanned
Scan process 'svchost.exe' - '32' Module(s) have been scanned
Scan process 'svchost.exe' - '170' Module(s) have been scanned
Scan process 'svchost.exe' - '39' Module(s) have been scanned
Scan process 'svchost.exe' - '51' Module(s) have been scanned
Scan process 'lsass.exe' - '58' Module(s) have been scanned
Scan process 'services.exe' - '27' Module(s) have been scanned
Scan process 'winlogon.exe' - '66' Module(s) have been scanned
Scan process 'csrss.exe' - '12' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
C:\WINDOWS\system32\NT.DLL
[DETECTION] Is the TR/Hijacker.Gen Trojan

The registry was scanned ( '373' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\Documents and Settings\Magnus o Annelie\Application Data\Sun\Java\Deployment\cache\6.0\0\6a208e80-4cc441ed
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/Agent.HN Java virus
--> bpac/a.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.HN Java virus
C:\Documents and Settings\Magnus o Annelie\Application Data\Sun\Java\Deployment\cache\6.0\28\1f2a9e1c-4ecb5be2
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/Agent.HW Java virus
--> g6k1.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.HW Java virus
--> y6u7.class
[DETECTION] Contains recognition pattern of the EXP/CVE-2010-0094.AQ exploit
--> g5z6.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.HV Java virus
--> h6l4.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.HY Java virus
C:\Documents and Settings\Magnus o Annelie\Application Data\Sun\Java\Deployment\cache\6.0\41\5cdaf2a9-69b32189
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/OpenConnect.CF Java virus
--> bpac/a.class
[DETECTION] Contains recognition pattern of the JAVA/OpenConnect.CF Java virus
C:\Documents and Settings\Magnus o Annelie\Application Data\Sun\Java\Deployment\cache\6.0\53\7fa50935-5b13c3f1
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/LoadClass.A Java virus
--> vload.class
[DETECTION] Contains recognition pattern of the JAVA/LoadClass.A Java virus
--> vmain.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.DU Java virus
C:\Documents and Settings\Magnus o Annelie\Application Data\Sun\Java\Deployment\cache\6.0\54\652b7ab6-46bcc534
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/Agent.abj Java virus
--> g_h__an5.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.abj Java virus
--> PNYGT7O.class
[DETECTION] Contains recognition pattern of the JAVA/Remote.B Java virus
--> T___n_UB_Nc.class
[DETECTION] Contains recognition pattern of the JAVA/Rowindal.A Java virus
C:\Documents and Settings\Magnus o Annelie\Application Data\Sun\Java\Deployment\cache\6.0\56\21bbb478-4c7c30b8
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the EXP/Java.2009-3867 exploit
--> vmain.class
[DETECTION] Contains recognition pattern of the EXP/Java.2009-3867 exploit
C:\Documents and Settings\Magnus o Annelie\Application Data\Sun\Java\Deployment\cache\6.0\58\7dcf887a-35740ad2
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/OpenConnect.CF Java virus
--> bpac/a.class
[DETECTION] Contains recognition pattern of the JAVA/OpenConnect.CF Java virus
C:\Documents and Settings\Magnus o Annelie\Lokala inställningar\Temp\Av-test.txt
[DETECTION] Contains code of the Eicar-Test-Signature virus
C:\Documents and Settings\Magnus o Annelie\Skrivbord\Blandat skräp\Super.Meat.Boy.v1.0u2-THETA.rar
[0] Archive type: RAR
[DETECTION] Is the TR/Dropper.Gen Trojan
--> Super Meat Boy.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\Documents and Settings\Magnus o Annelie\Skrivbord\Super.Meat.Boy.v1.0u2-THETA\Super Meat Boy.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\System Volume Information\_restore{3B3E9BB8-9C38-4941-B3CB-7726AAAD7DAE}\RP1\A0000001.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\System Volume Information\_restore{3B3E9BB8-9C38-4941-B3CB-7726AAAD7DAE}\RP1\A0000012.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
--> Object
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\System Volume Information\_restore{3B3E9BB8-9C38-4941-B3CB-7726AAAD7DAE}\RP1\A0000032.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\System Volume Information\_restore{3B3E9BB8-9C38-4941-B3CB-7726AAAD7DAE}\RP1\A0000033.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\System Volume Information\_restore{3B3E9BB8-9C38-4941-B3CB-7726AAAD7DAE}\RP1\A0000144.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{3B3E9BB8-9C38-4941-B3CB-7726AAAD7DAE}\RP1\A0000145.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{3B3E9BB8-9C38-4941-B3CB-7726AAAD7DAE}\RP4\A0000184.exe
[DETECTION] Is the TR/Patched.Gen Trojan
C:\System Volume Information\_restore{3B3E9BB8-9C38-4941-B3CB-7726AAAD7DAE}\RP4\A0000185.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\System Volume Information\_restore{3B3E9BB8-9C38-4941-B3CB-7726AAAD7DAE}\RP4\A0000186.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
--> Object
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\System Volume Information\_restore{3B3E9BB8-9C38-4941-B3CB-7726AAAD7DAE}\RP4\A0000187.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\System Volume Information\_restore{3B3E9BB8-9C38-4941-B3CB-7726AAAD7DAE}\RP7\A0001474.exe
[DETECTION] Is the TR/Patched.Gen Trojan
C:\System Volume Information\_restore{3B3E9BB8-9C38-4941-B3CB-7726AAAD7DAE}\RP7\A0001476.exe
[DETECTION] Is the TR/Patched.Gen Trojan
C:\WINDOWS\SoftwareDistribution\Download\2b99763e06357f96f663f7b25ddb9f5f\BIT9.tmp
[0] Archive type: CAB (Microsoft)
--> _sfx_0007._p
[WARNING] The file could not be written!
C:\WINDOWS\system32\nt.dll
[DETECTION] Is the TR/Hijacker.Gen Trojan
C:\WINDOWS\system32\dllcache\winlogon.exe
[DETECTION] Is the TR/Patched.Gen Trojan

Beginning disinfection:
C:\WINDOWS\system32\dllcache\winlogon.exe
[DETECTION] Is the TR/Patched.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '47214257.qua'.
C:\System Volume Information\_restore{3B3E9BB8-9C38-4941-B3CB-7726AAAD7DAE}\RP7\A0001476.exe
[DETECTION] Is the TR/Patched.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '5f786db7.qua'.
C:\System Volume Information\_restore{3B3E9BB8-9C38-4941-B3CB-7726AAAD7DAE}\RP7\A0001474.exe
[DETECTION] Is the TR/Patched.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '0d27375f.qua'.
C:\System Volume Information\_restore{3B3E9BB8-9C38-4941-B3CB-7726AAAD7DAE}\RP4\A0000187.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '6b10789d.qua'.
C:\System Volume Information\_restore{3B3E9BB8-9C38-4941-B3CB-7726AAAD7DAE}\RP4\A0000186.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '2e9455a3.qua'.
C:\System Volume Information\_restore{3B3E9BB8-9C38-4941-B3CB-7726AAAD7DAE}\RP4\A0000185.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '518f67cd.qua'.
C:\System Volume Information\_restore{3B3E9BB8-9C38-4941-B3CB-7726AAAD7DAE}\RP4\A0000184.exe
[DETECTION] Is the TR/Patched.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '1d374b87.qua'.
C:\System Volume Information\_restore{3B3E9BB8-9C38-4941-B3CB-7726AAAD7DAE}\RP1\A0000145.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '612f0bd7.qua'.
C:\System Volume Information\_restore{3B3E9BB8-9C38-4941-B3CB-7726AAAD7DAE}\RP1\A0000144.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '4c75249a.qua'.
C:\System Volume Information\_restore{3B3E9BB8-9C38-4941-B3CB-7726AAAD7DAE}\RP1\A0000033.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '551d1f00.qua'.
C:\System Volume Information\_restore{3B3E9BB8-9C38-4941-B3CB-7726AAAD7DAE}\RP1\A0000032.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '39413330.qua'.
C:\System Volume Information\_restore{3B3E9BB8-9C38-4941-B3CB-7726AAAD7DAE}\RP1\A0000012.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '48f80aa5.qua'.
C:\System Volume Information\_restore{3B3E9BB8-9C38-4941-B3CB-7726AAAD7DAE}\RP1\A0000001.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '46e23a62.qua'.
C:\Documents and Settings\Magnus o Annelie\Skrivbord\Super.Meat.Boy.v1.0u2-THETA\Super Meat Boy.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '030b4365.qua'.
C:\Documents and Settings\Magnus o Annelie\Skrivbord\Blandat skräp\Super.Meat.Boy.v1.0u2-THETA.rar
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '0a0047e6.qua'.
C:\Documents and Settings\Magnus o Annelie\Lokala inställningar\Temp\Av-test.txt
[DETECTION] Contains code of the Eicar-Test-Signature virus
[NOTE] The file was moved to the quarantine directory under the name '528e5e9e.qua'.
C:\Documents and Settings\Magnus o Annelie\Application Data\Sun\Java\Deployment\cache\6.0\58\7dcf887a-35740ad2
[DETECTION] Contains recognition pattern of the JAVA/OpenConnect.CF Java virus
[NOTE] The file was moved to the quarantine directory under the name '7e802744.qua'.
C:\Documents and Settings\Magnus o Annelie\Application Data\Sun\Java\Deployment\cache\6.0\56\21bbb478-4c7c30b8
[DETECTION] Contains recognition pattern of the EXP/Java.2009-3867 exploit
[NOTE] The file was moved to the quarantine directory under the name '407947d3.qua'.
C:\Documents and Settings\Magnus o Annelie\Application Data\Sun\Java\Deployment\cache\6.0\54\652b7ab6-46bcc534
[DETECTION] Contains recognition pattern of the JAVA/Rowindal.A Java virus
[NOTE] The file was moved to the quarantine directory under the name '23876cbc.qua'.
C:\Documents and Settings\Magnus o Annelie\Application Data\Sun\Java\Deployment\cache\6.0\53\7fa50935-5b13c3f1
[DETECTION] Contains recognition pattern of the JAVA/Agent.DU Java virus
[NOTE] The file was moved to the quarantine directory under the name '05be2cf6.qua'.
C:\Documents and Settings\Magnus o Annelie\Application Data\Sun\Java\Deployment\cache\6.0\41\5cdaf2a9-69b32189
[DETECTION] Contains recognition pattern of the JAVA/OpenConnect.CF Java virus
[NOTE] The file was moved to the quarantine directory under the name '372d5756.qua'.
C:\Documents and Settings\Magnus o Annelie\Application Data\Sun\Java\Deployment\cache\6.0\28\1f2a9e1c-4ecb5be2
[DETECTION] Contains recognition pattern of the JAVA/Agent.HY Java virus
[NOTE] The file was moved to the quarantine directory under the name '3d9e7c2d.qua'.
C:\Documents and Settings\Magnus o Annelie\Application Data\Sun\Java\Deployment\cache\6.0\0\6a208e80-4cc441ed
[DETECTION] Contains recognition pattern of the JAVA/Agent.HN Java virus
[NOTE] The file was moved to the quarantine directory under the name '02cd1853.qua'.
The registration entry <HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools> was removed successfully.
C:\WINDOWS\system32\NT.DLL
[DETECTION] Is the TR/Hijacker.Gen Trojan
[NOTE] The registration entry <HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\AccessProviders\ProviderOrder> was removed successfully.
[NOTE] The file was moved to the quarantine directory under the name '7ced1478.qua'.


End of the scan: den 21 januari 2011 21:03
Used time: 53:51 Minute(s)

The scan has been done completely.

5569 Scanned directories
211931 Files were scanned
31 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
24 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
211900 Files not concerned
5705 Archives were scanned
1 Warnings
24 Notes
236547 Objects were scanned with rootkit scan
1 Hidden objects were found
MickeyKnox
Active Member
 
Posts: 14
Joined: January 20th, 2011, 1:13 pm

Re: Win32/Patched.gb - Random redirecting in all browsers

Unread postby deltalima » January 21st, 2011, 4:26 pm

Hi MickeyKnox,

Please tell me what you know about the file

c:\program\personal\bin\personal.exe

Download and run OTL
Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Please download GMER Rootkit Scanner from here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE
Important! Please do not select the "Show all" checkbox during the scan..

Please post the GMER log along with OTL.txt and Extras.txt from the OTL scan into your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Win32/Patched.gb - Random redirecting in all browsers

Unread postby MickeyKnox » January 21st, 2011, 4:48 pm

Hi - personal.exe is used by my bank for a electronic-ID-service.
When I tried to run GMER Rootkit Scanner I got a ugly bluescreen and once again the BAD_POOL_HEADER message.

Here is the info from OTL-scan though.

OTL logfile created on: 2011-01-21 21:35:58 - Run 1
OTL by OldTimer - Version 3.2.20.3 Folder = C:\Documents and Settings\Magnus o Annelie\Skrivbord
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

1 014,00 Mb Total Physical Memory | 608,00 Mb Available Physical Memory | 60,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program
Drive C: | 149,04 Gb Total Space | 45,03 Gb Free Space | 30,21% Space Free | Partition Type: NTFS

Computer Name: LILLSKIT | User Name: Magnus o Annelie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Magnus o Annelie\Skrivbord\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Magnus o Annelie\Lokala inställningar\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program\Personal\bin\Personal.exe (Technology Nexus AB)
PRC - C:\WINDOWS\system32\FsUsbExService.Exe (Teruten)
PRC - C:\Program\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
PRC - C:\Program\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe (TOSHIBA CORPORATION.)
PRC - C:\Program\Toshiba\Bluetooth Toshiba Stack\TosHdpProc.exe (TOSHIBA CORPORATION.)
PRC - C:\Program\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe (TOSHIBA CORPORATION.)
PRC - C:\Program\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - C:\Program\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)
PRC - C:\Program\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.)
PRC - C:\Program\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe (TOSHIBA CORPORATION.)
PRC - C:\Program\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Technology Solutions)
PRC - C:\Program\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Magnus o Annelie\Skrivbord\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (PEVSystemStart) -- File not found
SRV - (HidServ) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (AntiVirSchedulerService) -- C:\Program\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Adobe LM Service) -- C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (FsUsbExService) -- C:\WINDOWS\system32\FsUsbExService.Exe (Teruten)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (TestHandler) -- C:\Program\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Technology Solutions)


========== Driver Services (SafeList) ==========

DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Program\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys ()
DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.)
DRV - (tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (TosRfSnd) -- C:\WINDOWS\system32\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics Incorporated)
DRV - (RSUSBSTOR) -- C:\WINDOWS\system32\drivers\RTSUCR.sys (Realtek Semiconductor Corp.)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (iaStor) -- C:\WINDOWS\System32\drivers\iaStor.cat ()
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (FUJ02E3) -- C:\WINDOWS\system32\drivers\fuj02e3.sys (FUJITSU LIMITED)
DRV - (FUJ02B1) -- C:\WINDOWS\system32\drivers\fuj02b1.sys (FUJITSU LIMITED)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1547161642-2000478354-527237240-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/
IE - HKU\S-1-5-21-1547161642-2000478354-527237240-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: fbchathistory@firechm.com:1.1.5
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program\Mozilla Firefox\components [2010-10-08 10:14:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program\Mozilla Firefox\plugins [2010-12-01 08:12:53 | 000,000,000 | ---D | M]

[2010-10-08 10:14:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Magnus o Annelie\Application Data\Mozilla\Extensions
[2010-10-14 09:05:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Magnus o Annelie\Application Data\Mozilla\Firefox\Profiles\vmn3b1xt.default\extensions
[2010-10-08 10:16:02 | 000,000,000 | ---D | M] (Facebook Chat History Manager) -- C:\Documents and Settings\Magnus o Annelie\Application Data\Mozilla\Firefox\Profiles\vmn3b1xt.default\extensions\fbchathistory@firechm.com
[2010-12-01 08:12:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program\Mozilla Firefox\extensions
[2010-12-01 08:12:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\MAGNUS O ANNELIE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\VMN3B1XT.DEFAULT\EXTENSIONS\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}
[2010-09-16 22:45:40 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010-09-15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program\Mozilla Firefox\plugins\npdeployJava1.dll
[2010-09-14 22:32:13 | 000,001,470 | ---- | M] () -- C:\Program\Mozilla Firefox\searchplugins\allaannonser-sv-SE.xml
[2010-09-14 22:32:13 | 000,002,670 | ---- | M] () -- C:\Program\Mozilla Firefox\searchplugins\prisjakt-sv-SE.xml
[2010-09-14 22:32:13 | 000,000,948 | ---- | M] () -- C:\Program\Mozilla Firefox\searchplugins\tyda-sv-SE.xml
[2010-09-14 22:32:13 | 000,001,174 | ---- | M] () -- C:\Program\Mozilla Firefox\searchplugins\wikipedia-sv-SE.xml
[2010-09-14 22:32:13 | 000,000,951 | ---- | M] () -- C:\Program\Mozilla Firefox\searchplugins\yahoo-sv-SE.xml

O1 HOSTS File: ([2008-04-15 13:00:00 | 000,000,710 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Windows Live inloggningshjälpen) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - Startup: C:\Documents and Settings\All Users\Start-meny\Program\Autostart\BankID säkerhetsprogram.lnk = C:\Program\Personal\bin\Personal.exe (Technology Nexus AB)
O4 - Startup: C:\Documents and Settings\All Users\Start-meny\Program\Autostart\Bluetooth Manager.lnk = C:\Program\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O4 - Startup: C:\Documents and Settings\Magnus o Annelie\Start-meny\Program\Autostart\Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1547161642-2000478354-527237240-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1547161642-2000478354-527237240-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program\PokerStars\PokerStarsUpdate.exe (PokerStars)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (Min aktuella startsida) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Magnus o Annelie\Lokala inställningar\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Magnus o Annelie\Lokala inställningar\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010-09-16 17:40:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{a66dc8f2-c1bf-11df-b87e-806d6172696f}\Shell\AutoRun\command - "" = U:\MAMMA_O_BONUS\MAMMA_O_BONUSATi.exe
O33 - MountPoints2\{a66dc8f2-c1bf-11df-b87e-806d6172696f}\Shell\open\command - "" = U:\MAMMA_O_BONUS\MAMMA_O_BONUSATi.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011-01-21 21:34:22 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Magnus o Annelie\Skrivbord\OTL.exe
[2011-01-21 14:54:17 | 001,153,912 | ---- | C] (Emsi Software GmbH) -- C:\Documents and Settings\Magnus o Annelie\Skrivbord\BlitzBlank.exe
[2011-01-21 14:23:57 | 000,000,000 | ---D | C] -- C:\MRU
[2011-01-21 14:17:32 | 000,000,000 | ---D | C] -- C:\sp3
[2011-01-21 00:06:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011-01-20 23:58:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011-01-20 23:57:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Magnus o Annelie\Application Data\Avira
[2011-01-20 23:51:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start-meny\Program\Avira
[2011-01-20 23:50:56 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011-01-20 23:50:54 | 000,135,096 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011-01-20 23:50:54 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011-01-20 23:50:54 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2011-01-20 23:50:54 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2011-01-20 23:50:53 | 000,000,000 | ---D | C] -- C:\Program\Avira
[2011-01-20 23:50:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2011-01-20 22:21:30 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011-01-20 22:17:48 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011-01-20 18:19:07 | 000,000,000 | ---D | C] -- C:\Program\Trend Micro
[2011-01-20 18:19:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Magnus o Annelie\Start-meny\Program\HiJackThis
[2011-01-20 18:08:16 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011-01-20 17:35:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Magnus o Annelie\Application Data\AVG10
[2011-01-20 17:26:06 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011-01-20 17:24:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011-01-20 17:18:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011-01-20 17:07:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011-01-19 23:56:18 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011-01-19 23:56:18 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011-01-19 23:56:18 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011-01-19 23:56:18 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011-01-19 23:54:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011-01-19 23:54:35 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011-01-19 23:15:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Magnus o Annelie\Start-meny\Program\Google Chrome
[2011-01-19 22:36:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start-meny\Program\Rootkit Unhooker LE
[2011-01-19 22:05:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Magnus o Annelie\Application Data\Malwarebytes
[2011-01-19 22:04:07 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011-01-19 22:04:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start-meny\Program\Malwarebytes' Anti-Malware
[2011-01-19 22:04:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011-01-19 22:04:02 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011-01-19 22:04:02 | 000,000,000 | ---D | C] -- C:\Program\Malwarebytes' Anti-Malware
[2011-01-19 20:55:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011-01-19 20:03:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Magnus o Annelie\Lokala inställningar\Application Data\Sunbelt Software
[2011-01-19 20:02:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2011-01-19 20:01:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011-01-09 22:09:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Magnus o Annelie\Skrivbord\Spel till Annelie
[2010-12-26 21:26:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start-meny\Program\Black Isle
[2010-12-26 21:21:22 | 000,000,000 | ---D | C] -- C:\Program\Black Isle
[2010-12-26 21:20:03 | 000,058,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\redbook.sys
[2010-12-26 21:17:19 | 000,691,696 | ---- | C] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys
[2010-12-26 21:17:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start-meny\Program\DAEMON Tools Lite
[2010-12-26 21:17:11 | 000,000,000 | ---D | C] -- C:\Program\DAEMON Tools Lite
[2010-12-26 21:16:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Magnus o Annelie\Application Data\DAEMON Tools Lite
[2010-12-26 21:16:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010-12-25 18:48:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Magnus o Annelie\Skrivbord\Stephen Lynch
[2010-12-25 18:44:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Magnus o Annelie\Skrivbord\Stephen Lynch-3 albums
[2010-12-24 23:43:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Magnus o Annelie\Skrivbord\Baldur's Gate II - SoA + ToB expansion
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011-01-21 21:34:38 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Magnus o Annelie\Skrivbord\kkt5814m.exe
[2011-01-21 21:34:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Magnus o Annelie\Skrivbord\OTL.exe
[2011-01-21 21:05:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011-01-21 20:42:00 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-2000478354-527237240-1004UA.job
[2011-01-21 15:03:31 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
[2011-01-21 14:54:16 | 001,153,912 | ---- | M] (Emsi Software GmbH) -- C:\Documents and Settings\Magnus o Annelie\Skrivbord\BlitzBlank.exe
[2011-01-21 12:04:16 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\Magnus o Annelie\Skrivbord\SystemLook.exe
[2011-01-20 23:51:09 | 000,001,651 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\Avira AntiVir Control Center.lnk
[2011-01-20 23:42:00 | 000,001,034 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-2000478354-527237240-1004Core.job
[2011-01-20 22:21:35 | 000,000,461 | RHS- | M] () -- C:\boot.ini
[2011-01-20 21:54:34 | 059,325,912 | ---- | M] () -- C:\Documents and Settings\Magnus o Annelie\Skrivbord\avira_antivir_personal_en.exe
[2011-01-20 18:19:10 | 000,002,431 | ---- | M] () -- C:\Documents and Settings\Magnus o Annelie\Skrivbord\HiJackThis.lnk
[2011-01-20 18:10:33 | 004,158,604 | R--- | M] () -- C:\Documents and Settings\Magnus o Annelie\Skrivbord\ComboFix.exe
[2011-01-19 23:15:43 | 000,002,419 | ---- | M] () -- C:\Documents and Settings\Magnus o Annelie\Skrivbord\Google Chrome.lnk
[2011-01-19 23:15:43 | 000,002,397 | ---- | M] () -- C:\Documents and Settings\Magnus o Annelie\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011-01-19 23:13:12 | 000,001,564 | ---- | M] () -- C:\Documents and Settings\Magnus o Annelie\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011-01-19 23:13:12 | 000,001,546 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\Mozilla Firefox.lnk
[2011-01-19 22:31:02 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\Magnus o Annelie\defogger_reenable
[2011-01-19 22:04:07 | 000,000,740 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\Malwarebytes' Anti-Malware.lnk
[2011-01-19 21:59:44 | 000,000,454 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011-01-19 21:58:07 | 000,000,345 | ---- | M] () -- C:\Boot.bak
[2011-01-19 15:37:10 | 000,085,504 | ---- | M] () -- C:\Documents and Settings\Magnus o Annelie\Lokala inställningar\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-01-17 21:56:02 | 003,971,318 | ---- | M] () -- C:\Documents and Settings\Magnus o Annelie\Skrivbord\gammal_bild.jpg
[2011-01-13 15:11:55 | 000,019,116 | ---- | M] () -- C:\WINDOWS\MSTMON_S.INI
[2011-01-13 14:28:13 | 000,008,870 | ---- | M] () -- C:\Documents and Settings\Magnus o Annelie\Skrivbord\Bookmarks.bak
[2011-01-13 14:28:13 | 000,008,870 | ---- | M] () -- C:\Documents and Settings\Magnus o Annelie\Skrivbord\Bookmarks
[2010-12-26 21:18:36 | 000,100,640 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-12-26 21:17:19 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys
[2010-12-25 10:42:12 | 000,000,673 | ---- | M] () -- C:\Documents and Settings\All Users\Start-meny\Program\Autostart\Bluetooth Manager.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011-01-21 21:34:39 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\Magnus o Annelie\Skrivbord\kkt5814m.exe
[2011-01-21 12:04:18 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\Magnus o Annelie\Skrivbord\SystemLook.exe
[2011-01-20 23:51:09 | 000,001,651 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivbord\Avira AntiVir Control Center.lnk
[2011-01-20 22:21:35 | 000,000,345 | ---- | C] () -- C:\Boot.bak
[2011-01-20 22:21:33 | 000,260,784 | RHS- | C] () -- C:\cmldr
[2011-01-20 21:52:05 | 059,325,912 | ---- | C] () -- C:\Documents and Settings\Magnus o Annelie\Skrivbord\avira_antivir_personal_en.exe
[2011-01-20 18:19:07 | 000,002,431 | ---- | C] () -- C:\Documents and Settings\Magnus o Annelie\Skrivbord\HiJackThis.lnk
[2011-01-20 18:10:19 | 004,158,604 | R--- | C] () -- C:\Documents and Settings\Magnus o Annelie\Skrivbord\ComboFix.exe
[2011-01-19 23:56:18 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011-01-19 23:56:18 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011-01-19 23:56:18 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011-01-19 23:56:18 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011-01-19 23:56:18 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011-01-19 23:15:43 | 000,002,419 | ---- | C] () -- C:\Documents and Settings\Magnus o Annelie\Skrivbord\Google Chrome.lnk
[2011-01-19 23:15:43 | 000,002,397 | ---- | C] () -- C:\Documents and Settings\Magnus o Annelie\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011-01-19 23:13:12 | 000,001,564 | ---- | C] () -- C:\Documents and Settings\Magnus o Annelie\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011-01-19 23:13:12 | 000,001,546 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivbord\Mozilla Firefox.lnk
[2011-01-19 22:55:45 | 000,008,870 | ---- | C] () -- C:\Documents and Settings\Magnus o Annelie\Skrivbord\Bookmarks.bak
[2011-01-19 22:55:05 | 000,008,870 | ---- | C] () -- C:\Documents and Settings\Magnus o Annelie\Skrivbord\Bookmarks
[2011-01-19 22:30:49 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\Magnus o Annelie\defogger_reenable
[2011-01-19 22:04:07 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivbord\Malwarebytes' Anti-Malware.lnk
[2011-01-19 20:08:50 | 000,000,454 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011-01-17 21:55:58 | 003,971,318 | ---- | C] () -- C:\Documents and Settings\Magnus o Annelie\Skrivbord\gammal_bild.jpg
[2010-12-17 23:45:12 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010-12-17 23:45:12 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010-11-25 15:54:16 | 000,019,253 | ---- | C] () -- C:\WINDOWS\MSUMLT_S.ini
[2010-11-25 15:53:31 | 000,019,116 | ---- | C] () -- C:\WINDOWS\MSTMON_S.INI
[2010-09-17 21:28:25 | 000,085,504 | ---- | C] () -- C:\Documents and Settings\Magnus o Annelie\Lokala inställningar\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-09-17 21:12:26 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010-09-17 21:12:26 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2010-09-17 21:12:19 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Magnus o Annelie\Application Data\$_hpcst$.hpc
[2010-09-16 20:19:40 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2010-09-16 19:31:25 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010-09-16 12:07:39 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\Property.dll
[2009-03-03 19:18:04 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2008-04-25 12:23:38 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\EvOnlDiag.dll
[2007-10-25 16:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys

< End of report >





OTL Extras logfile created on: 2011-01-21 21:35:58 - Run 1
OTL by OldTimer - Version 3.2.20.3 Folder = C:\Documents and Settings\Magnus o Annelie\Skrivbord
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

1 014,00 Mb Total Physical Memory | 608,00 Mb Available Physical Memory | 60,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program
Drive C: | 149,04 Gb Total Space | 45,03 Gb Free Space | 30,21% Space Free | Partition Type: NTFS

Computer Name: LILLSKIT | User Name: Magnus o Annelie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-1547161642-2000478354-527237240-1004\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Program\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server -- (PeeringPortal)
"C:\Program\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Program\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server -- (PeeringPortal)
"C:\Program\Spotify\spotify.exe" = C:\Program\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
"C:\Program\mIRC\mirc.exe" = C:\Program\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)
"C:\Program\Sports Interactive\Football Manager 2010\fm.exe" = C:\Program\Sports Interactive\Football Manager 2010\fm.exe:*:Disabled:Football Manager 2010
"C:\Documents and Settings\Magnus o Annelie\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" = C:\Documents and Settings\Magnus o Annelie\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe:*:Enabled:Main program for Octoshape client -- (Octoshape ApS)
"C:\Documents and Settings\Magnus o Annelie\Skrivbord\mIRC\mirc.exe" = C:\Documents and Settings\Magnus o Annelie\Skrivbord\mIRC\mirc.exe:*:Enabled:mIRC
"C:\Program\Steam\Steam.exe" = C:\Program\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program\Magic\Manalink.exe" = C:\Program\Magic\Manalink.exe:*:Enabled:manalink
"C:\Program\AVG\AVG10\avgmfapx.exe" = C:\Program\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0E93710D-31E5-477C-8A4B-5032B484BE74}" = Windows Live inloggningsassistenten
"{12724D97-D3B2-4884-8A60-E7C4E86F5A7D}" = Fujitsu Hotkey Utility
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 22
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{423B39E8-0A8E-4522-BB0A-FCCF86479977}_is1" = VVVVVV (Window v1.0)
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = USB2.0 Card Reader Software
"{9D71329D-95A5-4297-8F79-DCDBD156420A}" = Windows Live Essentials
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{B8C3B479-1716-11D5-968A-0050BA84F5F7}" = Baldur's Gate(TM) II - Throne of Bhaal (TM)
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{E1E502E2-C006-49DB-9C0C-F2196E51826F}_is1" = Rootkit Unhooker LE 3.8 SR 2
"{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EF59DB7F-7426-426E-B862-7031F83ED304}" = SystemDiagnostics
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F13225E2-6533-4923-A657-083A151E667E}" = Windows Live Messenger
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Bejeweled 31.0" = Bejeweled 3
"CDisplay_is1" = CDisplay 1.8
"Foxit Reader" = Foxit Reader
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"KONICA MINOLTA magicolor 2400W" = KONICA MINOLTA magicolor 2400W
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"mIRC" = mIRC
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Personal" = BankID säkerhetsprogram 4.10.4
"PokerStars" = PokerStars
"Spotify" = Spotify
"Svenska Spels Poker" = Svenska Spels Poker
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"VLC media player" = VLC media player 1.1.4
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid_is1" = Xvid 1.2.2 final uninstall

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1547161642-2000478354-527237240-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Octoshape Streaming Services" = Octoshape Streaming Services

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2010-12-08 07:25:32 | Computer Name = LILLSKIT | Source = Application Error | ID = 1000
Description = Felaktigt program facemaker.exe, version 0.0.0.0, felaktig modul facemaker.exe,
version 0.0.0.0, felaktig adress 0x0000927d.

Error - 2010-12-08 07:25:33 | Computer Name = LILLSKIT | Source = Application Error | ID = 1000
Description = Felaktigt program facemaker.exe, version 0.0.0.0, felaktig modul facemaker.exe,
version 0.0.0.0, felaktig adress 0x0000927d.

Error - 2010-12-08 07:25:34 | Computer Name = LILLSKIT | Source = Application Error | ID = 1000
Description = Felaktigt program facemaker.exe, version 0.0.0.0, felaktig modul facemaker.exe,
version 0.0.0.0, felaktig adress 0x0000927d.

Error - 2010-12-08 17:46:49 | Computer Name = LILLSKIT | Source = Application Error | ID = 1000
Description = Felaktigt program supermeatboy.exe, version 0.0.0.0, felaktig modul
unknown, version 0.0.0.0, felaktig adress 0x0002002b.

Error - 2010-12-18 15:07:07 | Computer Name = LILLSKIT | Source = Application Hang | ID = 1002
Description = Stoppat program chrome.exe, version 0.0.0.0, stoppad modul hungapp,
version 0.0.0.0, stoppad adress 0x00000000.

Error - 2010-12-25 05:41:53 | Computer Name = LILLSKIT | Source = MsiInstaller | ID = 11304
Description = Product: WebFldrs XP -- Error 1304. Error writing to file: C:\Program\Delade
filer\Microsoft Shared\Web Server Extensions\40\bin\FP4AWEC.DLL. Verify that you
have access to that directory.

Error - 2010-12-26 16:36:54 | Computer Name = LILLSKIT | Source = Application Hang | ID = 1002
Description = Stoppat program bgdxtest.exe, version 0.0.0.0, stoppad modul hungapp,
version 0.0.0.0, stoppad adress 0x00000000.

Error - 2010-12-26 16:36:59 | Computer Name = LILLSKIT | Source = Application Hang | ID = 1002
Description = Stoppat program BGConfig.exe, version 2.5.0.25, stoppad modul hungapp,
version 0.0.0.0, stoppad adress 0x00000000.

Error - 2011-01-19 15:03:15 | Computer Name = LILLSKIT | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 2011-01-20 20:36:58 | Computer Name = LILLSKIT | Source = Application Error | ID = 1000
Description = Felaktigt program chrome.exe, version 0.0.0.0, felaktig modul unknown,
version 0.0.0.0, felaktig adress 0x0015191b.

[ System Events ]
Error - 2010-11-26 11:58:42 | Computer Name = LILLSKIT | Source = ACPIEC | ID = 327681
Description = \Device\ACPIEC: Den inbäddade styrenheten svarade inte inom den angivna
tidsgränsen. Detta kan bero på ett fel i maskinvaran, i den inbyggda programvaran,
eller en dåligt designad BIOS som har osäker åtkomst till den inbäddade styrenheten.
Drivrutinen för den inbäddade styrenheten kommer att försöka genomföra den misslyckade
transaktionen om möjligt.

Error - 2010-11-27 07:07:49 | Computer Name = LILLSKIT | Source = ACPIEC | ID = 327681
Description = \Device\ACPIEC: Den inbäddade styrenheten svarade inte inom den angivna
tidsgränsen. Detta kan bero på ett fel i maskinvaran, i den inbyggda programvaran,
eller en dåligt designad BIOS som har osäker åtkomst till den inbäddade styrenheten.
Drivrutinen för den inbäddade styrenheten kommer att försöka genomföra den misslyckade
transaktionen om möjligt.

Error - 2010-11-29 03:54:21 | Computer Name = LILLSKIT | Source = ACPIEC | ID = 327681
Description = \Device\ACPIEC: Den inbäddade styrenheten svarade inte inom den angivna
tidsgränsen. Detta kan bero på ett fel i maskinvaran, i den inbyggda programvaran,
eller en dåligt designad BIOS som har osäker åtkomst till den inbäddade styrenheten.
Drivrutinen för den inbäddade styrenheten kommer att försöka genomföra den misslyckade
transaktionen om möjligt.

Error - 2010-12-01 03:31:04 | Computer Name = LILLSKIT | Source = BROWSER | ID = 8032
Description = Tjänsten Browser har misslyckats för många gånger med att hämta backup-listan
på transporten \Device\NetBT_Tcpip_{D36DD1E1-1FA7-4D63-B521-E82730D1E780}. Backup-browsern
stoppas.

Error - 2010-12-01 05:08:19 | Computer Name = LILLSKIT | Source = Service Control Manager | ID = 7034
Description = Tjänsten Java Quick Starter avslutades oväntat. Detta har skett 1
gånger.

Error - 2010-12-03 06:58:37 | Computer Name = LILLSKIT | Source = Dhcp | ID = 1002
Description = IP-adresslånet 10.0.0.3 för det nätverkskort som har nätverksadressen
0017C4A30922 har nekats av DHCP-servern 10.0.0.1 (DHCP-servern skickade ett DHCPNACK-meddelande).

Error - 2010-12-05 04:51:23 | Computer Name = LILLSKIT | Source = BROWSER | ID = 8032
Description = Tjänsten Browser har misslyckats för många gånger med att hämta backup-listan
på transporten \Device\NetBT_Tcpip_{D36DD1E1-1FA7-4D63-B521-E82730D1E780}. Backup-browsern
stoppas.

Error - 2010-12-06 11:11:24 | Computer Name = LILLSKIT | Source = ACPIEC | ID = 327681
Description = \Device\ACPIEC: Den inbäddade styrenheten svarade inte inom den angivna
tidsgränsen. Detta kan bero på ett fel i maskinvaran, i den inbyggda programvaran,
eller en dåligt designad BIOS som har osäker åtkomst till den inbäddade styrenheten.
Drivrutinen för den inbäddade styrenheten kommer att försöka genomföra den misslyckade
transaktionen om möjligt.

Error - 2010-12-12 12:20:41 | Computer Name = LILLSKIT | Source = Dhcp | ID = 1000
Description = Lånet av IP-adressen 10.0.0.6 för kortet med nätverksadressen 0017C4A30922
har förlorats.

Error - 2010-12-13 16:54:02 | Computer Name = LILLSKIT | Source = MRxSmb | ID = 8003
Description = Master browser har mottagit ett meddelande från datorn BUGDATOR som
tror att den är master browser för domänen på transporten NetBT_Tcpip_{D36DD1E1-1FA7-4D63-.
Master browser stannar eller ett val tvingas att göras.


< End of report >
MickeyKnox
Active Member
 
Posts: 14
Joined: January 20th, 2011, 1:13 pm

Re: Win32/Patched.gb - Random redirecting in all browsers

Unread postby deltalima » January 21st, 2011, 4:55 pm

Hi MickeyKnox,

When I tried to run GMER Rootkit Scanner I got a ugly bluescreen


Please run this alternative scan.

reboot the computer.

Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
  • Copy the entire contents of the report and paste it in a reply here.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Win32/Patched.gb - Random redirecting in all browsers

Unread postby MickeyKnox » January 21st, 2011, 5:37 pm

Here comes the report:


RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xF6C61000 C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 5857280 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xA9F2E000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 5251072 bytes (Realtek Semiconductor Corp., Realtek(r) High Definition Audio Function Driver)
0xBF1E7000 C:\WINDOWS\System32\igxpdx32.DLL 2699264 bytes (Intel Corporation, DirectDraw(R) Driver for Intel(R) Graphics Technology)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2150400 bytes (Microsoft Corporation, NT:s kernel och system)
0x804D7000 PnpManager 2150400 bytes
0x804D7000 RAW 2150400 bytes
0x804D7000 WMIxWDM 2150400 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Win32-drivrutin för flera användare)
0xBF04F000 C:\WINDOWS\System32\igxpdv32.DLL 1671168 bytes (Intel Corporation, Component GHAL Driver)
0xF6A82000 C:\WINDOWS\system32\DRIVERS\athw.sys 1585152 bytes (Atheros Communications, Inc., Driver for Atheros Wireless Network Adapter)
0xF736D000 iaStor.sys 888832 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0xF7297000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xF69B1000 C:\WINDOWS\System32\Drivers\wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0xA9C5B000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF68E0000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xA9D8E000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA95FF000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xA8CE9000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF6A2D000 C:\WINDOWS\system32\DRIVERS\SynTP.sys 200704 bytes (Synaptics Incorporated, Synaptics Touchpad Driver)
0xF748E000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI-drivrutin för NT)
0xA976F000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF726A000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xBF024000 C:\WINDOWS\System32\igxpgd32.dll 176128 bytes (Intel Corporation, Intel Graphics 2D Driver)
0xA9CF3000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xA9C30000 C:\WINDOWS\System32\Drivers\RTSUCR.sys 176128 bytes (Realtek Semiconductor Corp., Realtek USB Mass Storage Driver for 2K/XP/Vista)
0xF6C25000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xA9D66000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xA9BC4000 C:\WINDOWS\system32\DRIVERS\tosrfbd.sys 163840 bytes (TOSHIBA CORPORATION, Bluetooth RF Bus Driver)
0xA9C0A000 C:\WINDOWS\system32\DRIVERS\avipbb.sys 155648 bytes (Avira GmbH, Avira Driver for Security Enhancement)
0xA9D40000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xA9F0A000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF6A5E000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF693E000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xA9D1E000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806E4000 ACPI_HAL 134400 bytes
0x806E4000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF734D000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF6C05000 C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys 131072 bytes (Realtek Semiconductor Corporation , Realtek 10/100/1000 NDIS 5.1 Driver )
0xF745E000 ftdisk.sys 126976 bytes (Microsoft Corporation, Drivrutin för FT Disk)
0xA9BEC000 C:\WINDOWS\System32\Drivers\usbvideo.sys 122880 bytes (Microsoft Corporation, USB Video Class Driver)
0xF7250000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF7446000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xA9B21000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF7324000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF699A000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA99CC000 C:\WINDOWS\system32\DRIVERS\avgntflt.sys 86016 bytes (Avira GmbH, Avira Minifilter Driver)
0xA927A000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF6C4D000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xA9DE7000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xA9B39000 C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys 77824 bytes (TOSHIBA Corporation., Bluetooth HID Driver from TOSHIBA)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xBF012000 C:\WINDOWS\System32\igxprd32.dll 73728 bytes (Intel Corporation, Intel Graphics 2D Rotation Driver)
0xF733B000 sr.sys 73728 bytes (Microsoft Corporation, Filterdrivrutin för Systemåterställning)
0xF747D000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI-uppräknare)
0xF6961000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF77BD000 C:\WINDOWS\System32\Drivers\tosrfcom.sys 65536 bytes (TOSHIBA Corporation, Bluetooth RFCOMM Driver)
0xF763D000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xA93A7000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF762D000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF75FD000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF778D000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, Drivrutin för i8042 Port)
0xF77CD000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF75DD000 VolSnap.sys 53248 bytes (Microsoft Corporation, Drivrutin för ögonblicksbilder av volymer)
0xF779D000 C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xF77ED000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF769D000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, Drivrutin för FIPS-krypto)
0xF75CD000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF77DD000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF781D000 C:\WINDOWS\system32\DRIVERS\tosporte.sys 45056 bytes (TOSHIBA Corporation, TOSHIBA Bluetooth Port Emulation Driver)
0xF76CD000 C:\WINDOWS\system32\DRIVERS\tosrfusb.sys 45056 bytes (TOSHIBA CORPORATION, Bluetooth USB Miniport Driver)
0xF777D000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 40960 bytes (Microsoft Corporation, Drivrutin för processor)
0xF75BD000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bussdrivrutin)
0xF782D000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF780D000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF75ED000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xA96B7000 C:\WINDOWS\system32\FsUsbExDisk.SYS 36864 bytes
0xF76BD000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF77FD000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF766D000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xA8A51000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF76AD000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF7945000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF7955000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xF78E5000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF795D000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF78ED000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 28672 bytes (Microsoft Corporation, Tangentbordsklassdrivrutin)
0xF783D000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF78F5000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Musklassdrivrutin)
0xF794D000 C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)
0xF78DD000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF7935000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF793D000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF7845000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF790D000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF7915000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xF7905000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF796D000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF79D5000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xF7A8D000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xF7AA1000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA99F5000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF79D9000 ACPIEC.sys 12288 bytes (Microsoft Corporation, ACPI-drivrutin för inbäddad styrenhet)
0xF79CD000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF79D1000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xA9BA8000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF697A000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xF6976000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, Filterdrivrutin för HID-mus)
0xF7A95000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF7A79000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF7AEB000 C:\Program\Avira\AntiVir Desktop\avgio.sys 8192 bytes (Avira GmbH, Avira AntiVir Support for Minifilter)
0xF7AE3000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7AF1000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF7AE1000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7AD7000 C:\WINDOWS\system32\DRIVERS\FUJ02B1.sys 8192 bytes (FUJITSU LIMITED, WDM driver for FUJ02B1 PnP device)
0xF7AD5000 C:\WINDOWS\system32\DRIVERS\FUJ02E3.sys 8192 bytes (FUJITSU LIMITED, WDM driver for FUJ02E3 PnP device)
0xF7ABD000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7AE5000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7AE7000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7ADB000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7AD9000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7ABF000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7BB3000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7CD4000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7BE6000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7B86000 C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)
0xF7B85000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE-bussdrivrutin)
==============================================
>Stealth
==============================================
==============================================
>Files
==============================================
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\05dd29b8.qua
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\4f155cc7.qua
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\57827360.qua
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\LOGFILES\AVSCAN-20110121-221613-95D896FD.LOG
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\REPORTS\cbe72de9.avl
==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x0002D668, Type: Inline - RelativeJump 0x80504668-->80504627 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002D680, Type: Inline - RelativeJump 0x80504680-->8050463F [ntkrnlpa.exe]
ntkrnlpa.exe+0x0006ECBE, Type: Inline - RelativeJump 0x80545CBE-->80545CC5 [ntkrnlpa.exe]
[1028]chrome.exe-->kernel32.dll-->CreateNamedPipeW, Type: IAT modification 0x004661D4-->00000000 [unknown_code_page]
[1028]chrome.exe-->ntdll.dll-->NtOpenProcessToken, Type: Inline - RelativeCall 0x7C90D614-->00000000 [unknown_code_page]
[1028]chrome.exe-->ntdll.dll-->NtOpenThreadTokenEx, Type: Inline - RelativeCall 0x7C90D684-->00000000 [unknown_code_page]
[1028]chrome.exe-->ntdll.dll-->NtQueryFullAttributesFile, Type: Inline - RelativeCall 0x7C90D7B4-->00000000 [unknown_code_page]
[1252]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DC1218-->00000000 [shimeng.dll]
[1252]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[1252]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[1252]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[1252]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E36133C-->00000000 [shimeng.dll]
[1252]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x40C114B0-->00000000 [shimeng.dll]
[1252]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AA109C-->00000000 [shimeng.dll]
[4064]chrome.exe-->kernel32.dll-->CreateNamedPipeW, Type: IAT modification 0x004661D4-->00000000 [unknown_code_page]
[4064]chrome.exe-->ntdll.dll-->NtOpenProcessToken, Type: Inline - RelativeCall 0x7C90D614-->00000000 [unknown_code_page]
[4064]chrome.exe-->ntdll.dll-->NtOpenThreadTokenEx, Type: Inline - RelativeCall 0x7C90D684-->00000000 [unknown_code_page]
[4064]chrome.exe-->ntdll.dll-->NtQueryFullAttributesFile, Type: Inline - RelativeCall 0x7C90D7B4-->00000000 [unknown_code_page]
MickeyKnox
Active Member
 
Posts: 14
Joined: January 20th, 2011, 1:13 pm

Re: Win32/Patched.gb - Random redirecting in all browsers

Unread postby deltalima » January 21st, 2011, 5:50 pm

Hi MickeyKnox,

Please run a quick scan with Malwarebytes then post the log in your next reply.

ESET online scannner

  • Please go Here then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Win32/Patched.gb - Random redirecting in all browsers

Unread postby MickeyKnox » January 21st, 2011, 8:16 pm

Hey - that Eset-scanner sure took it's time :)
I'll paste that result first and then the MWB-scan.

ESET
C:\Documents and Settings\Magnus o Annelie\Lokala inställningar\Temporary Internet Files\Content.IE5\7G2QZ0JL\js[1].php JS/Kryptik.L.Gen trojan


MalwareBytes

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Databasversion: 5556

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2011-01-22 01:15:48
mbam-log-2011-01-22 (01-15-48).txt

Skanningstyp: Snabbskanning
Antal skannade objekt: 151247
Förfluten tid: 2 minut(er), 41 sekund(er)

Infekterade minnesprocesser: 0
Infekterade minnesmoduler: 0
Infekterade registernycklar: 0
Infekterade registervärden: 0
Infekterade registerdataposter: 0
Infekterade mappar: 0
Infekterade filer: 0

Infekterade minnesprocesser:
(Inga illasinnade poster hittades)

Infekterade minnesmoduler:
(Inga illasinnade poster hittades)

Infekterade registernycklar:
(Inga illasinnade poster hittades)

Infekterade registervärden:
(Inga illasinnade poster hittades)

Infekterade registerdataposter:
(Inga illasinnade poster hittades)

Infekterade mappar:
(Inga illasinnade poster hittades)

Infekterade filer:
(Inga illasinnade poster hittades)
MickeyKnox
Active Member
 
Posts: 14
Joined: January 20th, 2011, 1:13 pm

Re: Win32/Patched.gb - Random redirecting in all browsers

Unread postby deltalima » January 22nd, 2011, 6:12 am

Hi MickeyKnox,

DeFogger

To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK

Uninstall ComboFix

  • Click START then RUN
  • Now type Combofix /Uninstall in the runbox and click OK


Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :commands
    [EMPTYTEMP]
    [EMPTYFLASH]
    [REBOOT]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Win32/Patched.gb - Random redirecting in all browsers

Unread postby MickeyKnox » January 22nd, 2011, 7:02 am

Good morning maestro - here's the report!


All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: Administratör
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Magnus o Annelie
->Temp folder emptied: 4381956 bytes
->Temporary Internet Files folder emptied: 30281036 bytes
->Java cache emptied: 1106915 bytes
->FireFox cache emptied: 15893849 bytes
->Google Chrome cache emptied: 93912008 bytes
->Flash cache emptied: 182826 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Snorungarna!!
->Temp folder emptied: 653394 bytes
->Temporary Internet Files folder emptied: 63211848 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 978 bytes

%systemdrive% .tmp files removed: 373706161 bytes
%systemroot% .tmp files removed: 2350502 bytes
%systemroot%\System32 .tmp files removed: 1162770 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2254437 bytes
RecycleBin emptied: 1785726 bytes

Total Files Cleaned = 564,00 mb


[EMPTYFLASH]

User: Administratör

User: All Users

User: Default User

User: LocalService

User: Magnus o Annelie
->Flash cache emptied: 0 bytes

User: NetworkService

User: Snorungarna!!
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.20.3 log created on 01222011_115818

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
MickeyKnox
Active Member
 
Posts: 14
Joined: January 20th, 2011, 1:13 pm

Re: Win32/Patched.gb - Random redirecting in all browsers

Unread postby deltalima » January 22nd, 2011, 10:47 am

Hi MickeyKnox,

Now that you are clean, please follow these steps in order to keep your computer clean and secure.

Remove GMER

Delete the GMER icon from your desktop.

Clean up with OTL

  • Double-click OTL.exe to start the program. This will remove all the tools we used to clean your pc.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.

Create a new, clean System Restore point which you can use in case of future system problems:
  • Press Start >> All Programs >> Accessories >>System Tools >> System Restore
  • Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close
  • Now remove old, infected System Restore points:
  • Next click Start >> Run and type cleanmgr in the box and press OK
  • Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
  • Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt
  • Press OK and Yes to confirm

Update your AntiVirus Software and keep your other programs up-to-date
Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Security Updates for Windows, Internet Explorer & Microsoft Office
Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.


Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware


Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety


Also, please read this great article by Tony Klein So How Did I Get Infected In First Place

Happy surfing and stay clean!
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Win32/Patched.gb - Random redirecting in all browsers

Unread postby MickeyKnox » January 22nd, 2011, 11:54 am

Wow - thank you a lot for the great help and easy instructions.
I'm glad there still are honest and helpful people "out there"
Have a great weekend!
Best regards
Magnus
MickeyKnox
Active Member
 
Posts: 14
Joined: January 20th, 2011, 1:13 pm

Re: Win32/Patched.gb - Random redirecting in all browsers

Unread postby deltalima » January 22nd, 2011, 12:05 pm

You're welcome!

Glad we could help.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Win32/Patched.gb - Random redirecting in all browsers

Unread postby Gary R » January 22nd, 2011, 12:15 pm

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 41 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware