We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
Laptop - is it infected?
Steve_xx
Posts: 6,979 Forumite
in Techie Stuff
Laptop problem - running a bit tardy, pages a bit slow to load. When I click on IE I too often get:
http://api.mybrowserbar.com/cgi/errors.cgi?q=http%3A%2F%2Fwww%2Egoogle%2Eco%2Euk%2F&type=dns&ISN=4405CE72E8594D0FBFA80DCA8E4315C5&ccv=128&cnid=634471&cco=US&ct=8
or
http://urlseek20.vmn.net/search.php?q=http%3A%2F%2Fwww.mail.yahoo.com%2F&tbn=vendio&type=dns&lg=en
I tried to do a System restore both in normal mode and Safe Mode, but it wont let me. This laptop has not allowed restores for some time even though I returned it to its shipped state a couple of weeks back.
I downloaded Malwarebytes, ran it and it found 5 infections all of which I let it delete. Here is a copy of the log it produced:
Malwarebytes' Anti-Malware 1.38
Database version: 2358
Windows 5.1.2600 Service Pack 3
01/07/2009 12:57:40
mbam-log-2009-07-01 (12-57-40).txt
Scan type: Full Scan (C:\|)
Objects scanned: 141390
Time elapsed: 38 minute(s), 21 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\TypeLib\{df058c45-cd18-453e-8745-5a77f60722ab} (Adware.Gdown) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b5a33c35-7298-4d15-8753-a2e851e2eab3} (Adware.Gdown) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f0d2b812-752d-4af1-a2fb-968c4d8446db} (Adware.Gdown) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e856b973-45fd-4559-8f82-eab539144667} (Adware.Gdown) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\WINDOWS\system32\GTDownDE_87.ocx (Adware.Gdown) -> Quarantined and deleted successfully.
http://api.mybrowserbar.com/cgi/errors.cgi?q=http%3A%2F%2Fwww%2Egoogle%2Eco%2Euk%2F&type=dns&ISN=4405CE72E8594D0FBFA80DCA8E4315C5&ccv=128&cnid=634471&cco=US&ct=8
or
http://urlseek20.vmn.net/search.php?q=http%3A%2F%2Fwww.mail.yahoo.com%2F&tbn=vendio&type=dns&lg=en
I tried to do a System restore both in normal mode and Safe Mode, but it wont let me. This laptop has not allowed restores for some time even though I returned it to its shipped state a couple of weeks back.
I downloaded Malwarebytes, ran it and it found 5 infections all of which I let it delete. Here is a copy of the log it produced:
Malwarebytes' Anti-Malware 1.38
Database version: 2358
Windows 5.1.2600 Service Pack 3
01/07/2009 12:57:40
mbam-log-2009-07-01 (12-57-40).txt
Scan type: Full Scan (C:\|)
Objects scanned: 141390
Time elapsed: 38 minute(s), 21 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\TypeLib\{df058c45-cd18-453e-8745-5a77f60722ab} (Adware.Gdown) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b5a33c35-7298-4d15-8753-a2e851e2eab3} (Adware.Gdown) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f0d2b812-752d-4af1-a2fb-968c4d8446db} (Adware.Gdown) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e856b973-45fd-4559-8f82-eab539144667} (Adware.Gdown) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\WINDOWS\system32\GTDownDE_87.ocx (Adware.Gdown) -> Quarantined and deleted successfully.
0
Comments
-
Please run COMBOFIX
Follow the simple instructions it gives
Post the COMPLETE log it creates here (Split into sections if need be)
If it comes up with a RENAMING error then RIGHT click the exe file and RENAME and call it QWERTY (Making the complete file name 'QWERTY.exe') Or SAVE as 'QWERTY' on download:idea:0 -
OK here goes, by the way, since running COMBOFIX the desktop background has been changed to a sky and grass from the basic Dell screen that was there before!
ComboFix 09-06-29.07 - Steven 01/07/2009 14:28.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1595 [GMT 1:00]
Running from: c:\documents and settings\Steven\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
((((((((((((((((((((((((( Files Created from 2009-06-01 to 2009-07-01 )))))))))))))))))))))))))))))))
.
2009-07-01 12:29 . 2006-05-10 15:20
d
w- c:\documents and settings\Administrator\Application Data\Corel
2009-07-01 12:29 . 2006-05-10 15:12
d
w- c:\documents and settings\Administrator\Local Settings\Application Data\BVRP Software
2009-07-01 12:29 . 2009-07-01 12:32
d
w- c:\documents and settings\Administrator
2009-07-01 11:18 . 2009-07-01 11:18
d
w- c:\documents and settings\Steven\Application Data\Malwarebytes
2009-07-01 11:18 . 2009-06-17 10:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-01 11:18 . 2009-07-01 12:32
d
w- c:\program files\Malwarebytes' Anti-Malware
2009-07-01 11:18 . 2009-07-01 11:18
d
w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-01 11:18 . 2009-06-17 10:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-01 11:04 . 2009-06-14 10:56 1085208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.exe
2009-06-29 19:07 . 2009-06-29 19:07
d
w- c:\program files\Microsoft Silverlight
2009-06-21 23:08 . 2009-06-21 23:08
d
w- c:\documents and settings\Steven\Application Data\Search Settings
2009-06-21 23:07 . 2009-06-21 23:08
d
w- c:\documents and settings\Steven\Application Data\Dealio
2009-06-21 23:06 . 2009-06-21 23:06
d
w- c:\program files\Search Settings
2009-06-21 23:06 . 2009-06-21 23:06
d
w- c:\program files\Dealio Toolbar
2009-06-21 23:05 . 2009-06-29 23:18
d
w- c:\program files\Piolet
2009-06-21 22:36 . 2009-06-21 22:51
d
w- c:\documents and settings\Steven\Shared
2009-06-21 22:36 . 2009-06-21 22:52
d
w- c:\documents and settings\Steven\Incomplete
2009-06-21 22:35 . 2009-06-21 22:52
d
w- c:\documents and settings\Steven\Application Data\mp3rocket
2009-06-21 22:13 . 2009-06-21 22:30
d
w- c:\documents and settings\Steven\Application Data\LimeWire
2009-06-20 08:15 . 2009-06-20 08:15 2052888 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-06-20 08:15 . 2009-06-14 10:56 3298072 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe
2009-06-20 08:15 . 2009-06-14 10:56 908568 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgemc.exe
2009-06-20 08:15 . 2009-06-14 10:56 829208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcfgx.dll
2009-06-20 08:15 . 2009-06-14 10:56 1261344 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgwd.dll
2009-06-20 08:15 . 2009-06-14 10:56 27784 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgmfx86.sys
2009-06-20 08:14 . 2009-06-20 08:14 1454360 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
2009-06-19 12:53 . 2009-06-19 12:53
d
w- c:\windows\Sun
2009-06-18 13:51 . 2009-06-18 14:08 152576 ----a-w- c:\documents and settings\Steven\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-17 21:05 . 2009-06-19 14:07 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-06-17 21:05 . 2009-06-17 21:05 8 --sh--r- c:\windows\system32\83F48B8D64.sys
2009-06-16 21:18 . 2009-05-21 10:33 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-16 21:17 . 2009-06-16 21:17 152576 ----a-w- c:\documents and settings\Steven\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-15 10:49 . 2009-06-15 10:49 1915520 ----a-w- c:\documents and settings\Steven\Application Data\Macromedia\Flash Player\https://www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2009-06-15 09:15 . 2009-06-15 09:15
d
r- c:\documents and settings\Steven\Application Data\Brother
2009-06-14 21:42 . 2009-06-14 21:42
d
w- c:\documents and settings\Steven\Application Data\Sonic
2009-06-14 21:42 . 2009-06-14 21:42
d
w- c:\documents and settings\Steven\Application Data\Leadertech
2009-06-14 20:54 . 2009-06-14 20:54
d
w- c:\windows\system32\scripting
2009-06-14 20:54 . 2009-06-14 20:54
d
w- c:\windows\l2schemas
2009-06-14 20:54 . 2009-06-14 20:54
d
w- c:\windows\system32\en
2009-06-14 20:54 . 2009-06-14 20:54
d
w- c:\windows\system32\bits
2009-06-14 20:51 . 2009-06-14 20:51
d
w- c:\windows\ServicePackFiles
2009-06-14 20:45 . 2009-06-14 20:45
d
w- c:\windows\EHome
2009-06-14 20:28 . 2004-08-03 21:29 73216
w- c:\windows\system32\drivers\atintuxx.sys
2009-06-14 20:19 . 2009-03-06 14:22 284160
w- c:\windows\system32\dllcache\pdh.dll
2009-06-14 20:19 . 2009-02-09 12:10 401408
w- c:\windows\system32\dllcache\rpcss.dll
2009-06-14 20:19 . 2009-02-06 10:39 35328
w- c:\windows\system32\dllcache\sc.exe
2009-06-14 20:19 . 2009-02-09 12:10 473600
w- c:\windows\system32\dllcache\fastprox.dll
2009-06-14 20:19 . 2009-02-06 11:11 110592
w- c:\windows\system32\dllcache\services.exe
2009-06-14 20:19 . 2009-02-06 10:10 227840
w- c:\windows\system32\dllcache\wmiprvse.exe
2009-06-14 20:19 . 2009-02-09 12:10 729088
w- c:\windows\system32\dllcache\lsasrv.dll
2009-06-14 20:19 . 2009-02-09 12:10 453120
w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-06-14 20:18 . 2009-02-09 12:10 714752
w- c:\windows\system32\dllcache\ntdll.dll
2009-06-14 20:18 . 2009-02-09 12:10 617472
w- c:\windows\system32\dllcache\advapi32.dll
2009-06-14 20:18 . 2009-02-06 11:06 2145280
w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-06-14 20:18 . 2009-02-06 11:08 2189056
w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-06-14 20:18 . 2009-02-06 10:32 2023936
w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-06-14 20:16 . 2008-10-24 11:21 455296
w- c:\windows\system32\dllcache\mrxsmb.sys
2009-06-14 20:16 . 2008-12-11 10:57 333952
w- c:\windows\system32\dllcache\srv.sys
2009-06-14 20:16 . 2008-05-01 14:33 331776
w- c:\windows\system32\dllcache\msadce.dll
2009-06-14 20:16 . 2008-04-11 19:04 691712
w- c:\windows\system32\dllcache\inetcomm.dll
2009-06-14 20:15 . 2008-10-15 16:34 337408
w- c:\windows\system32\dllcache\netapi32.dll
2009-06-14 20:15 . 2008-09-04 17:15 1106944
w- c:\windows\system32\dllcache\msxml3.dll
2009-06-14 20:15 . 2008-05-03 11:55 2560
w- c:\windows\system32\xpsp4res.dll
2009-06-14 20:15 . 2008-04-21 12:08 215552
w- c:\windows\system32\dllcache\wordpad.exe
2009-06-14 19:24 . 2009-06-14 19:24
d
w- c:\documents and settings\Steven\Local Settings\Application Data\Identities
2009-06-14 19:21 . 2009-06-14 19:21
d
w- c:\program files\MSXML 4.0
2009-06-14 19:20 . 2008-06-13 11:05 272128
w- c:\windows\system32\dllcache\bthport.sys
2009-06-14 19:20 . 2008-06-13 11:05 272128
w- c:\windows\system32\drivers\bthport.sys
2009-06-14 19:19 . 2008-05-08 14:02 203136
w- c:\windows\system32\dllcache\rmcast.sys
2009-06-14 19:19 . 2008-10-03 10:02 247326
w- c:\windows\system32\dllcache\strmdll.dll
2009-06-14 19:17 . 2007-08-10 19:46 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2009-06-14 19:14 . 2008-10-16 13:09 43544 ----a-w- c:\windows\system32\wups2.dll
2009-06-14 12:39 . 2009-06-29 17:00
d
w- c:\documents and settings\Steven\Application Data\AdobeUM
2009-06-14 12:39 . 2009-06-14 12:39
d
w- c:\documents and settings\Steven\Local Settings\Application Data\Adobe
2009-06-14 12:39 . 2009-06-14 12:39
d
w- c:\program files\Common Files\Adobe
2009-06-14 11:42 . 2009-07-01 12:34 117760 ----a-w- c:\documents and settings\Steven\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-14 11:41 . 2009-06-14 11:41
d
w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-06-14 11:41 . 2009-06-24 08:30
d
w- c:\program files\SUPERAntiSpyware
2009-06-14 11:41 . 2009-06-14 11:41
d
w- c:\documents and settings\Steven\Application Data\SUPERAntiSpyware.com
2009-06-14 11:40 . 2009-06-14 11:40
d
w- c:\program files\Common Files\Wise Installation Wizard
2009-06-14 11:37 . 2009-06-15 14:57 52200 ----a-w- c:\documents and settings\Steven\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-14 11:27 . 2001-08-17 12:53 6784 ----a-w- c:\windows\system32\drivers\serscan.sys
2009-06-14 11:27 . 2001-08-17 12:53 6784 ----a-w- c:\windows\system32\dllcache\serscan.sys
2009-06-14 11:27 . 2009-06-14 11:27 50 ----a-w- c:\windows\system32\bridf05a.dat
2009-06-14 11:27 . 2005-06-23 12:29 52224
w- c:\windows\system32\brinsstr.dll
2009-06-14 11:27 . 2005-06-02 00:09 86016
w- c:\windows\system32\BrWebIns.dll
2009-06-14 11:27 . 2005-06-02 00:08 69632
w- c:\windows\system32\BRWEBUP.EXE
2009-06-14 11:27 . 2005-04-14 16:01 34816
w- c:\windows\system32\BrWiaNCp.dll
2009-06-14 11:27 . 2004-12-03 00:26 188416
w- c:\windows\system32\PDRVINST.DLL
2009-06-14 11:26 . 2009-06-14 11:27
d
w- c:\program files\Brother
2009-06-14 11:26 . 2005-09-16 17:21 54784
w- c:\windows\system32\BrNetSti.dll
2009-06-14 11:26 . 2005-04-14 16:00 31744
w- c:\windows\system32\Brnsplg.dll
2009-06-14 11:26 . 2005-03-02 10:35 121856 ----a-w- c:\windows\system32\BrWia05a.dll
2009-06-14 11:26 . 2009-06-14 11:26
d
w- C:\Brother
2009-06-14 11:26 . 2005-04-08 14:48 163840
w- c:\windows\system32\NSSearch.dll
2009-06-14 11:26 . 2004-12-10 15:35 147456
w- c:\windows\brunin03.dll
2009-06-14 11:26 . 2002-11-26 12:43 106496
w- c:\windows\system32\BrMuSNMP.dll
2009-06-14 11:26 . 2009-06-14 11:30 57 ----a-w- c:\documents and settings\All Users\Application Data\Brother\BrLog\BrCollectDir\BR_cat.bat
2009-06-14 11:26 . 2009-06-14 11:26
d
w- c:\documents and settings\All Users\Application Data\Brother
2009-06-14 11:25 . 2003-12-24 00:00 131072 ----a-w- c:\windows\system32\bsplmf01.exe
2009-06-14 11:25 . 2002-04-12 00:00 57344 ----a-w- c:\windows\system32\brsvc01a.exe
2009-06-14 11:25 . 2001-12-13 00:01 45056 ----a-w- c:\windows\system32\brss01a.exe
2009-06-14 11:25 . 2001-02-05 02:16 258048 ----a-w- c:\windows\system32\bsplmf01.dll
2009-06-14 11:12 . 2003-06-18 16:31 17920 ----a-w- c:\windows\system32\mdimon.dll
2009-06-14 11:11 . 2009-06-14 11:11
d
w- c:\program files\Microsoft ActiveSync
2009-06-14 11:11 . 2009-06-14 11:11
d
w- c:\windows\SHELLNEW
2009-06-14 11:11 . 2009-06-14 11:11
d
w- c:\program files\Microsoft.NET
2009-06-14 11:08 . 2009-06-14 11:08
d--h--r- C:\MSOCache
2009-06-14 10:56 . 2009-06-14 10:56 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-14 10:56 . 2009-06-14 10:56 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-06-14 10:56 . 2009-06-14 10:56 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-14 10:56 . 2009-06-20 08:15 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-14 10:56 . 2009-07-01 10:17
d
w- c:\windows\system32\drivers\Avg
2009-06-14 10:56 . 2009-06-14 10:56
d
w- c:\program files\AVG
2009-06-14 10:56 . 2009-06-14 10:56
d
w- c:\documents and settings\All Users\Application Data\avg8
2009-06-14 10:44 . 2009-06-14 10:44
d-s---w- c:\documents and settings\Steven\UserData
2009-06-14 10:40 . 2009-06-14 10:40
d
w- c:\documents and settings\LocalService\Application Data\McAfee.com Personal Firewall
2009-06-14 10:25 . 2009-06-14 10:25
d
w- c:\documents and settings\Steven\Application Data\McAfee.com Personal Firewall
2009-06-14 10:21 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2009-06-14 10:21 . 2001-08-17 12:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-06-14 10:21 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-01 12:32 . 2009-07-01 12:32
d
w- c:\documents and settings\Administrator\Application Data\You've Got Pictures Screensaver
2009-07-01 12:32 . 2009-07-01 12:32
d
w- c:\documents and settings\Administrator\Application Data\AOL
2009-07-01 12:32 . 2009-07-01 12:29
d--h--w- c:\documents and settings\Administrator\Application Data\Gtek
2009-06-18 14:09 . 2006-05-10 15:08
d
w- c:\program files\Java
2009-06-14 20:57 . 2004-08-10 12:03 77859 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-14 11:27 . 2006-05-10 15:12
d
w- c:\program files\Common Files\InstallShield
2009-06-14 11:26 . 2006-05-10 15:12
d--h--w- c:\program files\InstallShield Installation Information
2009-06-14 10:36 . 2006-05-10 15:12
d
w- c:\program files\Dell
2009-06-14 10:35 . 2006-05-10 15:13
d
w- c:\program files\Modem Helper
2009-06-14 10:35 . 2006-05-10 15:20
d
w- c:\program files\Common Files\AOL
2009-06-14 10:35 . 2006-05-10 15:20
d
w- c:\documents and settings\All Users\Application Data\AOL
2009-06-14 10:33 . 2009-06-14 10:24
d
w- c:\documents and settings\Steven\Application Data\AOL
2009-06-14 10:25 . 2006-05-10 15:23
d
w- c:\documents and settings\All Users\Application Data\McAfee.com Personal Firewall
2009-05-07 15:32 . 2004-08-10 11:51 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:46 . 2004-08-10 11:51 666624 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:46 . 2004-08-10 11:51 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-04-17 12:26 . 2004-08-10 11:51 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-10 11:51 585216 ----a-w- c:\windows\system32\rpcrt4.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}]
2009-04-09 19:09 688128 ----a-w- c:\program files\Dealio Toolbar\DealioToolbarIE.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-06-24 1830128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShowLOMControl"="1 (0x1)" [X]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 761947]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-14 1948440]
"SearchSettings"="c:\program files\Search Settings\SearchSettings.exe" [2009-04-09 970240]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-05-10 98304]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-09-09 393216]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-14 10:56 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Status Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk
backup=c:\windows\pss\Status Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Piolet\\Piolet.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/14/2009 11:56 AM 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/14/2009 11:56 AM 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/26/2009 10:05 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/26/2009 10:05 AM 72944]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [6/14/2009 11:56 AM 906520]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/14/2009 11:56 AM 298776]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/26/2009 10:05 AM 7408]
.
Contents of the 'Scheduled Tasks' folder
2009-06-18 c:\windows\Tasks\jucheck.job
- c:\program files\Java\j2re1.4.2_03\bin\jucheck.exe [2003-11-19 16:48]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.mail.yahoo.com/
mStart Page = hxxp://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
uInternet Connection Wizard,ShellNext = hxxp://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-01 14:31
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
DLLs Loaded Under Running Processes
- - - - - - - > 'winlogon.exe'(768)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2009-07-01 14:33
ComboFix-quarantined-files.txt 2009-07-01 13:33
Pre-Run: 42,802,384,896 bytes free
Post-Run: 42,973,908,992 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
248 --- E O F --- 2009-06-14 21:440 -
Your still infected
Download HIJACK THIS (Make sure you click 'DOWNLOAD LATEST VERSION')
http://www.filehippo.com/download_hijackthis/
Click DO A SCAN AND SAVE A LOGFILE (Takes seconds) then post the log so we can see whats running
(do NOT do anything else with Hijack but scan and post the FULL log):idea:0 -
Ok thanks, downloaded it and here's the log it produced. By the way, earlier I switched off the wireless router as we were both having similar problems as mentioned in the first post. Switched it back on again and since then all seems to be fine. However, maybe you would take a look at the log to be sure that all seems right?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:13:30, on 01/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ShowLOMControl]
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1245006807703
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 6583 bytes0 -
uninstall/remove ~
DEALIO TOOLBAR
SEARCH SETTINGS
FIX this using hijack ~
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file):idea:0 -
All done, thanks for that.0
-
Hi, my laptop seems a bit erratic again. Here is a Hijackthis file that I'e just run. Can someone take a look and let me know if there's anything wrong please? Thanks
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:55:39, on 31/12/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
c:\program files\avira\antivir desktop\avcenter.exe
C:\Program Files\Avira\AntiVir Desktop\avscan.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/mail?&.src=ym&.intl=uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
O1 - Hosts: 62.189.6.78 _sip._tls.sip1.callserve.com
O1 - Hosts: 62.189.6.78 _sip._ssl.sip1.callserve.com
O1 - Hosts: 62.189.6.79 _sip._tls.sip2.callserve.com
O1 - Hosts: 62.189.6.79 _sip._ssl.sip2.callserve.com
O1 - Hosts: 62.189.6.85 _sip._tls.sip5.phoneserve.com
O1 - Hosts: 62.189.6.85 _sip._ssl.sip5.phoneserve.com
O1 - Hosts: 62.189.6.84 _sip._tls.abcd.winnerip.com
O1 - Hosts: 62.189.6.84 _sip._ssl.abcd.winnerip.com
O1 - Hosts: 62.189.6.81 _sip._tls.efgh.winnerip.com
O1 - Hosts: 62.189.6.81 _sip._ssl.efgh.winnerip.com
O1 - Hosts: 62.189.6.83 _sip._tls.ijkl.winnerip.com
O1 - Hosts: 62.189.6.83 _sip._ssl.ijkl.winnerip.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Sammsoft Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ShowLOMControl]
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.tescophoto.com/wpp/tesco/app/ImageUploader5.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1245006807703
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 9416 bytes0 -
Is it just me or does everyone see a date of -
01-07-2009, 9:31 PM
for post #7?:idea:0 -
Yes, you're right but that was then. I just revived the post as I'd bookmarked it!
I think I may have a problem and just wanted someone to view the log I created today. Would you have a look for me please? Many thanks.0 -
I hope you send AR a Christmas card0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 349.8K Banking & Borrowing
- 252.6K Reduce Debt & Boost Income
- 453K Spending & Discounts
- 242.8K Work, Benefits & Business
- 619.6K Mortgages, Homes & Bills
- 176.4K Life & Family
- 255.7K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 15.1K Coronavirus Support Boards