We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
How do I get rid of Total Security Program
Options
Comments
-
Limewire does work
Just depends if you know how to spot crap
0 -
ComboFix 09-09-29.04 - Patricia 01/10/2009 17:44.2.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.764.213 [GMT -7:00]
Running from: c:\users\Patricia\Desktop\QWERTY.exe
Command switches used :: c:\users\Patricia\Desktop\CFScript.txt
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FILE ::
"c:\users\Jonathon\AppData\Local\d3d9caps.dat"
"c:\users\Jonathon\AppData\Roaming\wklnhst.dat"
"c:\users\Thomas\AppData\Roaming\wklnhst.dat"
"c:\windows\hpoins19.dat"
"c:\windows\hpomdl19.dat"
"c:\windows\system32\rpcnetp.dll"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Jonathon\AppData\Local\d3d9caps.dat
c:\users\Jonathon\AppData\Roaming\wklnhst.dat
c:\users\Thomas\AppData\Roaming\wklnhst.dat
c:\windows\COUPON~1.OCX
c:\windows\CouponPrinter.ocx
c:\windows\hpoins19.dat
c:\windows\hpomdl19.dat
c:\windows\system32\BSTIeprintctl1.dll
c:\windows\system32\rpcnetp.dll
.
((((((((((((((((((((((((( Files Created from 2009-09-02 to 2009-10-02 )))))))))))))))))))))))))))))))
.
2009-10-02 01:04 . 2009-10-02 01:04
d
w- c:\users\Patricia\AppData\Local\temp
2009-10-02 01:04 . 2009-10-02 01:04
d
w- c:\users\Thomas\AppData\Local\temp
2009-10-02 01:04 . 2009-10-02 01:04
d
w- c:\users\Public\AppData\Local\temp
2009-10-02 01:04 . 2009-10-02 01:04
d
w- c:\users\Jonathon\AppData\Local\temp
2009-10-02 01:04 . 2009-10-02 01:04
d
w- c:\users\Default\AppData\Local\temp
2009-10-01 22:14 . 2009-10-01 22:14
d
w- c:\programdata\RoboForm
2009-10-01 22:13 . 2009-10-01 22:13
d
w- c:\program files\Siber Systems
2009-10-01 04:40 . 2009-10-01 04:40
d
w- c:\users\Patricia\AppData\Roaming\WinPatrol
2009-10-01 04:40 . 2009-10-01 04:40
d
w- c:\program files\BillP Studios
2009-10-01 03:40 . 2009-10-01 04:17
d
w- C:\QWERTY
2009-09-30 18:51 . 2009-10-02 00:30
d
w- c:\users\Patricia\Tracing
2009-09-30 18:48 . 2009-09-30 18:48
d
w- c:\program files\Microsoft
2009-09-30 18:47 . 2009-09-30 18:47
d
w- c:\program files\Windows Live SkyDrive
2009-09-30 18:46 . 2009-09-30 18:50
d
w- c:\program files\Windows Live
2009-09-30 18:43 . 2009-09-30 18:43
d
w- c:\program files\Common Files\Windows Live
2009-09-30 18:39 . 2009-07-28 23:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-09-30 18:39 . 2009-03-30 17:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-09-30 18:39 . 2009-09-30 18:39
d
w- c:\programdata\Avira
2009-09-30 18:39 . 2009-09-30 18:39
d
w- c:\program files\Avira
2009-09-30 18:30 . 2009-09-30 18:30
d
w- c:\users\Patricia\AppData\Roaming\Trusteer
2009-09-30 18:30 . 2009-09-30 18:30
d
w- c:\programdata\Trusteer
2009-09-30 18:30 . 2009-09-30 18:30
d
w- c:\program files\Trusteer
2009-09-30 17:07 . 2009-09-30 17:07
d
w- c:\program files\Trend Micro
2009-09-30 06:25 . 2009-09-30 06:25
d
w- c:\programdata\SUPERAntiSpyware.com
2009-09-30 06:23 . 2009-09-30 06:23
d
w- c:\program files\SUPERAntiSpyware
2009-09-30 06:23 . 2009-09-30 06:23
d
w- c:\users\Patricia\AppData\Roaming\SUPERAntiSpyware.com
2009-09-30 06:22 . 2009-09-30 06:22
d
w- c:\program files\Common Files\Wise Installation Wizard
2009-09-30 04:30 . 2009-09-30 04:30
d
w- c:\users\Patricia\AppData\Roaming\Malwarebytes
2009-09-30 04:30 . 2009-09-10 21:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-30 04:30 . 2009-09-30 04:30
d
w- c:\programdata\Malwarebytes
2009-09-30 04:30 . 2009-09-10 21:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-30 04:30 . 2009-09-30 04:59
d
w- c:\program files\Malwarebytes' Anti-Malware
2009-09-30 03:51 . 2009-09-30 03:51
d
w- c:\programdata\LightScribe
2009-09-27 20:47 . 2009-09-27 20:52
d
w- c:\windows\system32\ca-ES
2009-09-27 20:47 . 2009-09-27 20:51
d
w- c:\windows\system32\eu-ES
2009-09-27 20:47 . 2009-09-27 20:51
d
w- c:\windows\system32\vi-VN
2009-09-27 19:54 . 2009-09-30 04:08
d
w- C:\$AVG8.VAULT$
2009-09-27 19:37 . 2009-09-27 19:37
d
w- c:\program files\AVG
2009-09-27 19:32 . 2009-09-27 19:32
d
w- c:\windows\system32\EventProviders
2009-09-26 22:06 . 2009-06-15 14:52 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2009-09-26 22:06 . 2009-06-15 14:52 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-09-26 22:06 . 2009-06-15 14:54 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-09-26 22:06 . 2009-06-15 14:53 270848 ----a-w- c:\windows\system32\schannel.dll
2009-09-26 22:06 . 2009-06-15 14:53 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-26 22:06 . 2009-06-15 23:15 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-09-26 22:06 . 2009-06-15 14:53 72704 ----a-w- c:\windows\system32\secur32.dll
2009-09-26 22:06 . 2009-06-15 12:48 9728 ----a-w- c:\windows\system32\lsass.exe
2009-09-26 22:03 . 2009-10-02 00:28 56680 ----a-w- c:\windows\system32\rpcnet.dll
2009-09-26 22:03 . 2009-09-26 22:02 56680 ----a-w- c:\windows\system32\rpcnet.exe
2009-09-26 21:59 . 2009-10-02 00:28 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2009-09-25 23:17 . 2009-09-30 05:25
d
w- c:\program files\TS
2009-09-24 20:40 . 2009-02-18 18:38 619864 ----a-w- c:\windows\system32\icardagt.exe
2009-09-24 20:39 . 2009-04-11 06:28 290816 ----a-w- c:\windows\system32\msjtes40.dll
2009-09-24 20:38 . 2009-04-11 06:28 443392 ----a-w- c:\windows\system32\win32spl.dll
2009-09-24 20:37 . 2009-04-11 06:28 2205184 ----a-w- c:\windows\system32\SyncCenter.dll
2009-09-24 20:36 . 2009-04-11 06:28 128000 ----a-w- c:\windows\system32\vdsutil.dll
2009-09-24 20:35 . 2009-04-11 06:28 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2009-09-24 20:35 . 2009-04-11 06:28 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2009-09-24 20:35 . 2009-04-11 06:28 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2009-09-24 20:35 . 2009-04-11 06:28 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2009-09-24 20:35 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2009-09-24 20:35 . 2009-04-11 06:28 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2009-09-24 20:35 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2009-09-24 20:35 . 2009-04-11 06:28 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2009-09-24 20:35 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll
2009-09-24 20:35 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2009-09-24 20:35 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
2009-09-21 20:14 . 2009-09-21 20:14 680 ----a-w- c:\users\Patricia\AppData\Local\d3d9caps.dat
2009-09-11 04:27 . 2009-08-14 16:27 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-09-11 04:27 . 2009-08-14 13:48 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-09-11 04:27 . 2009-08-14 13:48 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-09-11 04:27 . 2009-08-14 13:49 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-09-11 04:27 . 2009-08-14 13:49 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-09-11 04:27 . 2009-08-14 13:49 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-09-11 04:27 . 2009-08-14 13:49 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-09-11 04:27 . 2009-08-14 13:49 10240 ----a-w- c:\windows\system32\finger.exe
2009-09-11 04:27 . 2009-08-14 15:53 17920 ----a-w- c:\windows\system32\netevent.dll
2009-09-11 04:27 . 2009-08-14 13:49 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-09-11 04:27 . 2009-08-14 13:49 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-09-11 04:05 . 2009-07-11 19:01 513536 ----a-w- c:\windows\system32\wlansvc.dll
2009-09-11 04:05 . 2009-07-11 19:01 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-09-11 04:05 . 2009-07-11 17:03 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-09-11 04:05 . 2009-04-11 06:28 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2009-09-11 04:05 . 2009-07-11 19:01 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-09-11 04:05 . 2009-07-11 19:01 65024 ----a-w- c:\windows\system32\wlanapi.dll
2009-09-11 04:05 . 2009-06-10 11:41 2868224 ----a-w- c:\windows\system32\mf.dll
2009-09-11 04:05 . 2009-04-11 06:28 98816 ----a-w- c:\windows\system32\mfps.dll
2009-09-11 04:05 . 2009-04-11 06:27 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2009-09-11 04:05 . 2009-04-11 06:27 24576 ----a-w- c:\windows\system32\mfpmp.exe
2009-09-11 04:05 . 2009-04-11 04:54 2048 ----a-w- c:\windows\system32\mferror.dll
2009-09-09 04:14 . 2006-09-05 02:16 1970176 ----a-w- c:\windows\system32\d3dx9.dll
2009-09-09 04:14 . 2006-09-05 02:16 679936 ----a-w- c:\windows\system32\D3DX81ab.dll
2009-09-09 04:14 . 2009-09-09 05:17
d
w- c:\program files\Cheat Engine
2009-09-06 06:35 . 2009-10-01 05:22
d
w- c:\users\Patricia\AppData\Roaming\Datel
2009-09-06 04:23 . 2009-09-06 04:24
d
w- c:\users\Patricia\AppData\Local\Roblox
2009-09-03 20:07 . 2009-09-03 20:07
d
w- c:\users\Patricia\AppData\Local\web'n'walk Manager
2009-09-03 05:50 . 2009-08-29 00:14 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-09-03 05:50 . 2009-08-29 00:27 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-09-02 04:50 . 2009-09-02 04:50
d
w- c:\programdata\HPSSUPPLY
2009-09-02 04:44 . 2009-09-02 04:44
d
w- c:\program files\Common Files\Hewlett-Packard
2009-09-02 04:43 . 2009-09-02 04:49
d
w- c:\program files\Common Files\HP
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-02 00:28 . 2008-07-23 12:49
d
w- c:\programdata\hpqLog
2009-09-30 18:50 . 2009-05-27 16:39
d
w- c:\program files\MSN Messenger
2009-09-30 18:18 . 2008-07-23 12:29
d
w- c:\program files\Hewlett-Packard
2009-09-30 18:16 . 2008-07-23 13:03
d--h--w- c:\program files\InstallShield Installation Information
2009-09-27 20:53 . 2006-11-02 12:35
d
w- c:\program files\Windows Calendar
2009-09-27 20:53 . 2006-11-02 11:18
d
w- c:\program files\Windows Mail
2009-09-27 20:52 . 2006-11-02 12:35
d
w- c:\program files\Windows Sidebar
2009-09-27 20:52 . 2006-11-02 12:35
d
w- c:\program files\Windows Collaboration
2009-09-27 20:52 . 2006-11-02 12:35
d
w- c:\program files\Windows Photo Gallery
2009-09-27 20:52 . 2006-11-02 12:35
d
w- c:\program files\Windows Defender
2009-09-27 19:27 . 2008-07-23 13:56
d
w- c:\program files\Java
2009-09-25 20:20 . 2009-07-06 19:13
d
w- c:\users\Jonathon\AppData\Roaming\LimeWire
2009-09-02 04:50 . 2008-07-23 13:49
d
w- c:\program files\HP
2009-09-02 04:46 . 2009-06-23 19:28
d
w- c:\programdata\HP
2009-08-30 23:37 . 2009-06-29 00:43
d
w- c:\users\Patricia\AppData\Roaming\LimeWire
2009-07-26 23:44 . 2009-07-26 23:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-25 12:23 . 2009-07-20 17:28 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-21 21:52 . 2009-09-26 22:10 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-09-26 22:10 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-09-26 22:10 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-09-26 22:10 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 13:54 . 2009-08-13 12:57 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-15 12:40 . 2009-08-13 12:57 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-15 12:39 . 2009-08-13 12:57 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-15 12:39 . 2009-08-13 12:57 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-15 12:39 . 2009-08-13 12:57 7680 ----a-w- c:\windows\system32\spwmp.dll
2008-07-23 13:00 . 2008-07-23 13:00 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((( SnapShot@2009-10-01_04.11.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2009-10-02 00:31 59372 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:02 . 2009-10-02 00:31 94860 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-05-27 16:35 . 2009-10-02 00:31 10400 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2527986763-4270725596-1231749392-1004_UserData.bin
+ 2008-04-17 16:30 . 2009-10-02 00:39 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-04-17 16:30 . 2009-10-01 03:23 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-04-17 16:30 . 2009-10-02 00:39 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-04-17 16:30 . 2009-10-01 03:23 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-17 16:30 . 2009-10-02 00:39 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-04-17 16:30 . 2009-10-01 03:23 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-10-01 03:23 . 2009-10-01 03:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-10-02 00:28 . 2009-10-02 00:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-10-02 00:28 . 2009-10-02 00:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-10-01 03:23 . 2009-10-01 03:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-05-27 23:42 . 2009-10-01 20:55 270386 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.0 -
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-09-15 1998576]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-10-01 160592]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-15 293168]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2008-06-02 238984]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2008-05-21 24848]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1045800]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-05-14 177456]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-04 1314816]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-07-27 341312]
c:\users\Jonathon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-9-18 147456]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2008-7-23 197904]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
web'n'walk Manager.lnk - c:\program files\T-Mobile\web'n'walk Manager\web'n'walk Manager.exe [2008-11-11 1463296]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll c:\windows\System32\APSHook.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ASWLNPkg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=""
"FirewallOverride"=""
"UpdatesDisableNotify"=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):25,5a,ca,d1,b5,3f,ca,01
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{44511208-0329-4EC5-B367-5574C3138068}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{B6349490-E83E-497B-A84F-3C33EA99CE2A}"= UDP:c:\program files\Virgin Broadband Wireless\Wireless Manager.exe:Wireless Manager
"{42DE3281-6492-41CB-8BCB-274BA9220051}"= TCP:c:\program files\Virgin Broadband Wireless\Wireless Manager.exe:Wireless Manager
"{28654201-600D-4AEE-9ED5-E30CFCFF6AB7}"= UDP:c:\program files\Virgin Broadband Wireless\Wireless Manager.exe:Wireless Manager
"{525CA88F-9FE9-4FF2-8511-C19EEEB7B6F5}"= TCP:c:\program files\Virgin Broadband Wireless\Wireless Manager.exe:Wireless Manager
"{D1B5E41C-FCCE-42F8-B859-4152D1E1B8BC}"= UDP:c:\program files\Virgin Broadband Wireless\Wireless Manager.exe:Wireless Manager
"{C8614703-4421-4C12-9C74-1F1B62382BD1}"= TCP:c:\program files\Virgin Broadband Wireless\Wireless Manager.exe:Wireless Manager
"{11B419B8-952E-481D-8047-6B77BC04919F}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{CE98CA4A-A307-4F5A-85F9-D880DEA8DEB1}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{EA24A569-0F50-4711-A520-39309AB3716A}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{5FBCA2A5-F805-479E-BC2F-E01D8FC16D21}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{BC4B76D6-C2D4-439C-B2F6-C484720462F1}c:\\users\\jonathon\\appdata\\local\\roblox\\versions\\version-2f6ea3011fda4149\\robloxapp.exe"= UDP:c:\users\jonathon\appdata\local\roblox\versions\version-2f6ea3011fda4149\robloxapp.exe:robloxapp.exe
"UDP Query User{FE471CF8-6274-4860-8D3A-95E25BAF319E}c:\\users\\jonathon\\appdata\\local\\roblox\\versions\\version-2f6ea3011fda4149\\robloxapp.exe"= TCP:c:\users\jonathon\appdata\local\roblox\versions\version-2f6ea3011fda4149\robloxapp.exe:robloxapp.exe
R0 SbAlg;SbAlg;c:\windows\System32\drivers\SbAlg.sys [30/05/2008 09:37 51376]
R0 SbFsLock;SbFsLock;c:\windows\System32\drivers\SbFsLock.sys [30/05/2008 09:37 12928]
R1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [27/09/2009 12:53 58856]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [27/09/2009 12:53 333928]
R1 RsvLock;RsvLock;c:\windows\System32\drivers\rsvlock.sys [30/05/2008 09:37 12496]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [15/09/2009 11:42 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [15/09/2009 11:42 74480]
R2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [15/05/2007 16:08 182576]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [30/09/2009 11:39 108289]
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [20/01/2008 19:33 21504]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [20/01/2008 19:33 21504]
R2 GtDetectSc;GtDetectSc;c:\program files\T-Mobile\web'n'walk Manager\GtDetectSc.exe [30/04/2008 16:52 200704]
R2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [02/06/2008 10:32 18944]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [30/05/2008 09:36 256512]
R2 hpsrv;HP Service;c:\windows\System32\hpservice.exe [07/04/2008 11:13 24936]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [23/07/2008 06:03 576024]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [27/09/2009 12:53 967912]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [23/07/2008 06:57 193840]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [15/09/2009 11:42 7408]
S2 0229371245782934mcinstcleanup;McAfee Application Installer Cleanup (0229371245782934);c:\users\Patricia\AppData\Local\Temp\022937~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\users\Patricia\AppData\Local\Temp\022937~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [20/01/2008 19:32 179712]
S3 GTUHSBUS;GT UHS BUS;c:\windows\System32\drivers\gtuhsbus.sys [07/11/2008 11:57 62592]
S3 GTUHSNDISIPXP;GT UHS IP NDIS;c:\windows\System32\drivers\gtuhs51.sys [07/11/2008 11:58 105984]
S3 GTUHSOMS;GT UHS OMS;c:\windows\System32\drivers\gtuhsoms.sys [07/11/2008 12:01 20352]
S3 GTUHSSER;GT UHS SER;c:\windows\System32\drivers\gtuhsser.sys [07/11/2008 12:03 8064]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
Cognizance REG_MULTI_SZ ASBroker ASChannel
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
2009-10-02 c:\windows\Tasks\User_Feed_Synchronization-{C282AC2B-E59A-47D6-A0C2-FC4546553256}.job
- c:\windows\system32\msfeedssync.exe [2009-09-26 20:13]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=all&pf=cmnb
IE: &Search
IE: Customize Menu - [URL="file:///c:/program"]file://c:\program[/URL] files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Fill Forms - [URL="file:///c:/program"]file://c:\program[/URL] files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - [URL="file:///c:/program"]file://c:\program[/URL] files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - [URL="file:///c:/program"]file://c:\program[/URL] files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
LSP: c:\windows\system32\wpclsp.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-01 18:04
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
LOCKED REGISTRY KEYS
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
DLLs Loaded Under Running Processes
- - - - - - - > 'winlogon.exe'(592)
c:\windows\System32\APSHook.dll
- - - - - - - > 'lsass.exe'(624)
c:\windows\System32\APSHook.dll
c:\program files\Hewlett-Packard\IAM\bin\ASWLNPkg.dll
c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll
.
Completion time: 2009-10-02 18:09
ComboFix-quarantined-files.txt 2009-10-02 01:09
ComboFix2.txt 2009-10-01 04:17
Pre-Run: 113,025,642,496 bytes free
Post-Run: 112,998,600,704 bytes free
358 --- E O F --- 2009-09-28 23:480 -
Download DR WEB
http://www.freedrweb.com/download+cureit/
Let it run then set to scan the WHOLE computer:idea:0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 350.8K Banking & Borrowing
- 253.1K Reduce Debt & Boost Income
- 453.5K Spending & Discounts
- 243.8K Work, Benefits & Business
- 598.7K Mortgages, Homes & Bills
- 176.8K Life & Family
- 257.1K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards