We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Virus? Google search not going where it should
Comments
-
Download HostsXpert
http://www.softpedia.com/get/Security/Security-Related/Hoster.shtml
and then follow the below steps.
* Unzip HostsXpert.zip
* It will create a folder named HostsXpert in whatever folder you extract it to.
* Run HostsXpert.exe by double clicking on it.
* click the Make Writeable? button.
* click Restore Microsoft's Hosts File and then click OK.
* Click the X to exit the program
...............................................................
Download SPYBOT (Make sure you click 'DOWNLOAD LATEST VERSION' ~ make sure TEA TIMER is UNTICKED on installation)
http://www.filehippo.com/download_spybot_search_destroy/
UPDATE and IMMUNISE (Make sure it reads ZERO unprotected) and SCAN:idea:0 -
Hi,
Dont recall ever downloading anything from Limewire
Super Anti Spyware ran and log below:
Thanks
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 11/11/2009 at 07:06 AM
Application Version : 4.29.1004
Core Rules Database Version : 4259
Trace Rules Database Version: 2145
Scan type : Quick Scan
Total Scan Time : 00:17:09
Memory items scanned : 521
Memory threats detected : 0
Registry items scanned : 465
Registry threats detected : 0
File items scanned : 7020
File threats detected : 1
Adware.Tracking Cookie
C:\Documents and Settings\ALAN B\Cookies\alan_b@rambler[1].txt0 -
HiJack this Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:11:33, on 11/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WatchGuard\Mobile User VPN\IreIKE.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\System Control Manager\MGSysCtrl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\WatchGuard\Mobile User VPN\SafeCfg.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WatchGuard\Mobile User VPN\IPSecMon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxdicoms.exe
C:\Program Files\System Control Manager\MSIService.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Avira\AntiVir Desktop\update.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\ALAN B\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.medion.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\HomeCinema\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [lxdimon.exe] "C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe"
O4 - HKLM\..\Run: [lxdiamon] "C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Mobile User VPN.lnk = C:\Program Files\WatchGuard\Mobile User VPN\SafeCfg.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1211802848375
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: BGRaSvc - Unknown owner - C:\Program Files\BullGuard Software\BullGuard\support\bgrasvc.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program Files\WatchGuard\Mobile User VPN\IPSecMon.exe
O23 - Service: SafeNet IKE Service (IreIKE) - SafeNet - C:\Program Files\WatchGuard\Mobile User VPN\IreIKE.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
O23 - Service: lxdi_device - - C:\WINDOWS\system32\lxdicoms.exe
O23 - Service: Micro Star SCM - Unknown owner - C:\Program Files\System Control Manager\MSIService.exe0 -
Download HostsXpert
http://www.softpedia.com/get/Security/Security-Related/Hoster.shtml
and then follow the below steps.
* Unzip HostsXpert.zip
* It will create a folder named HostsXpert in whatever folder you extract it to.
* Run HostsXpert.exe by double clicking on it.
* click the Make Writeable? button.
* click Restore Microsoft's Hosts File and then click OK.
* Click the X to exit the program
...............................................................
Download SPYBOT (Make sure you click 'DOWNLOAD LATEST VERSION' ~ make sure TEA TIMER is UNTICKED on installation)
http://www.filehippo.com/download_spybot_search_destroy/
UPDATE and IMMUNISE (Make sure it reads ZERO unprotected) and SCAN
Hi,
I have done that and Spybot says no immediate threats were found.
What next?
Thanks0 -
Hi,
When I go onto google and use it as a search engine , it still has the probem.
But yahoo is fine
Dont understand0 -
Run LSP FIX
..................................................................
Download CCLEANER
http://www.ccleaner.com/download/builds/downloading-slim
Run the CLEANER scan (UNTICK 'cookies')
Then run the REGISTRY scan (Backup the registry when it asks)
reboot
Download GLARY UTILITIES
http://www.glaryutilities.com/download/gusetup_slim.exe
Run the ONE CLICK scan
Goto MODULES / SYSTEM TOOLS / WINDOWS STNDARD TOOLS / then run SYSTEM FILE CHECKER
...........................................................................
Open notepad and copy/paste the text in RED below
File::
c:\documents and settings\ALAN B\Application Data\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe
c:\documents and settings\ALAN B\Application Data\OpenCandy\pal_install_r83035.exe
c:\windows\Temp\Perflib_Perfdata_798.dat
Save this as "CFScript" (FULL file will be 'CFScript.txt')
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply
Combofix should never take more that 30 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.:idea:0 -
Run LSP FIX
..................................................................
Download CCLEANER
http://www.ccleaner.com/download/builds/downloading-slim
Run the CLEANER scan (UNTICK 'cookies')
Then run the REGISTRY scan (Backup the registry when it asks)
reboot
Download GLARY UTILITIES
http://www.glaryutilities.com/download/gusetup_slim.exe
Run the ONE CLICK scan
Goto MODULES / SYSTEM TOOLS / WINDOWS STNDARD TOOLS / then run SYSTEM FILE CHECKER
Hi,
After running Glary Utilities do I repair problems or just continue?
Thanks0 -
repair them please:idea:0
-
Hi,
All done - Highlighted a bit I don't understand who Js is?
What next?
Log below
ComboFix 09-11-14.03 - ALAN B 14/11/2009 11:26.3.2 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1013.537 [GMT 0:00]
Running from: c:\documents and settings\ALAN B\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\ALAN B\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FILE ::
"c:\documents and settings\ALAN B\Application Data\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe"
"c:\documents and settings\ALAN B\Application Data\OpenCandy\pal_install_r83035.exe"
"c:\windows\Temp\Perflib_Perfdata_798.dat"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\ALAN B\Application Data\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe
c:\documents and settings\ALAN B\Application Data\OpenCandy\pal_install_r83035.exe
.
((((((((((((((((((((((((( Files Created from 2009-10-14 to 2009-11-14 )))))))))))))))))))))))))))))))
.
2009-11-14 11:20 . 2008-04-14 05:42 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2009-11-14 11:20 . 2001-08-17 22:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-11-14 11:20 . 2008-04-14 05:42 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2009-11-14 11:20 . 2001-08-17 22:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2009-11-14 11:20 . 2001-08-17 22:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2009-11-14 11:20 . 2001-08-17 22:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2009-11-14 11:20 . 2001-08-17 12:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2009-11-14 11:20 . 2008-04-13 22:04 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2009-11-14 11:20 . 2008-04-13 22:04 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2009-11-14 11:20 . 2008-04-14 05:42 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2009-11-14 11:19 . 2008-04-13 22:05 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys
2009-11-14 11:19 . 2001-08-17 12:12 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
2009-11-14 11:19 . 2001-08-17 13:28 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys
2009-11-14 11:19 . 2001-08-17 22:36 53760 -c--a-w- c:\windows\system32\dllcache\wiamsmud.dll
2009-11-14 11:19 . 2001-08-17 13:28 701386 -c--a-w- c:\windows\system32\dllcache\wdhaalba.sys
2009-11-14 11:19 . 2008-04-13 22:04 23615 -c--a-w- c:\windows\system32\dllcache\wch7xxnt.sys
2009-11-14 11:19 . 2001-08-17 12:10 35871 -c--a-w- c:\windows\system32\dllcache\wbfirdma.sys
2009-11-14 11:19 . 2008-04-13 22:04 25471 -c--a-w- c:\windows\system32\dllcache\watv10nt.sys
2009-11-14 11:19 . 2008-04-13 22:04 22271 -c--a-w- c:\windows\system32\dllcache\watv06nt.sys
2009-11-14 11:19 . 2008-04-13 22:04 33599 -c--a-w- c:\windows\system32\dllcache\watv04nt.sys
2009-11-14 11:19 . 2008-04-13 22:04 19551 -c--a-w- c:\windows\system32\dllcache\watv02nt.sys
2009-11-14 11:19 . 2008-04-13 22:04 29311 -c--a-w- c:\windows\system32\dllcache\watv01nt.sys
2009-11-14 11:17 . 2008-04-14 00:10 5376 -c--a-w- c:\windows\system32\dllcache\viaide.sys
2009-11-14 11:16 . 2001-08-17 22:36 94720 -c--a-w- c:\windows\system32\dllcache\umaxud32.dll
2009-11-14 11:16 . 2001-08-17 22:36 28160 -c--a-w- c:\windows\system32\dllcache\umaxu40.dll
2009-11-14 11:16 . 2001-08-17 22:36 26624 -c--a-w- c:\windows\system32\dllcache\umaxu22.dll
2009-11-14 11:16 . 2001-08-17 22:36 69632 -c--a-w- c:\windows\system32\dllcache\umaxu12.dll
2009-11-14 11:16 . 2001-08-17 22:36 50688 -c--a-w- c:\windows\system32\dllcache\umaxscan.dll
2009-11-14 11:16 . 2001-08-17 13:58 22912 -c--a-w- c:\windows\system32\dllcache\umaxpcls.sys
2009-11-14 11:16 . 2001-08-17 22:36 50176 -c--a-w- c:\windows\system32\dllcache\umaxp60.dll
2009-11-14 11:16 . 2001-08-17 22:36 47616 -c--a-w- c:\windows\system32\dllcache\umaxcam.dll
2009-11-14 11:16 . 2001-08-17 22:36 211968 -c--a-w- c:\windows\system32\dllcache\um54scan.dll
2009-11-14 11:16 . 2001-08-17 22:36 216064 -c--a-w- c:\windows\system32\dllcache\um34scan.dll
2009-11-14 11:15 . 2001-08-17 13:52 36736 -c--a-w- c:\windows\system32\dllcache\ultra.sys
2009-11-14 11:15 . 2008-04-14 00:06 44672 -c--a-w- c:\windows\system32\dllcache\uagp35.sys
2009-11-14 11:15 . 2001-08-17 13:48 11520 -c--a-w- c:\windows\system32\dllcache\twotrack.sys
2009-11-14 11:15 . 2001-08-17 12:51 166784 -c--a-w- c:\windows\system32\dllcache\tridxpm.sys
2009-11-14 11:15 . 2001-08-17 22:36 525568 -c--a-w- c:\windows\system32\dllcache\tridxp.dll
2009-11-14 11:15 . 2001-08-17 12:51 159232 -c--a-w- c:\windows\system32\dllcache\tridkbm.sys
2009-11-14 11:15 . 2001-08-17 14:56 440576 -c--a-w- c:\windows\system32\dllcache\tridkb.dll
2009-11-14 11:15 . 2001-08-17 12:51 222336 -c--a-w- c:\windows\system32\dllcache\trid3dm.sys
2009-11-14 11:15 . 2001-08-17 14:56 315520 -c--a-w- c:\windows\system32\dllcache\trid3d.dll
2009-11-14 11:15 . 2001-08-17 12:12 34375 -c--a-w- c:\windows\system32\dllcache\tpro4.sys
2009-11-14 11:15 . 2001-08-17 22:35 42496 -c--a-w- c:\windows\system32\dllcache\tp4res.dll
2009-11-14 11:15 . 2008-04-14 05:42 82944 -c--a-w- c:\windows\system32\dllcache\tp4mon.exe
2009-11-14 11:14 . 2001-08-17 22:36 31744 -c--a-w- c:\windows\system32\dllcache\tp4.dll
2009-11-14 11:14 . 2001-08-17 13:51 4992 -c--a-w- c:\windows\system32\dllcache\toside.sys
2009-11-14 11:14 . 2001-08-17 14:02 230912 -c--a-w- c:\windows\system32\dllcache\tosdvd03.sys
2009-11-14 11:14 . 2001-08-17 14:01 241664 -c--a-w- c:\windows\system32\dllcache\tosdvd02.sys
2009-11-14 11:14 . 2001-08-17 12:10 28232 -c--a-w- c:\windows\system32\dllcache\tos4mo.sys
2009-11-14 11:14 . 2001-08-17 12:14 123995 -c--a-w- c:\windows\system32\dllcache\tjisdn.sys
2009-11-14 11:14 . 2001-08-17 12:51 138528 -c--a-w- c:\windows\system32\dllcache\tgiulnt5.sys
2009-11-14 11:14 . 2001-08-17 14:56 81408 -c--a-w- c:\windows\system32\dllcache\tgiul50.dll
2009-11-14 11:14 . 2008-04-14 00:10 149376 -c--a-w- c:\windows\system32\dllcache\tffsport.sys
2009-11-14 11:14 . 2001-08-17 12:13 17129 -c--a-w- c:\windows\system32\dllcache\tdkcd31.sys
2009-11-14 11:13 . 2001-08-17 12:13 37961 -c--a-w- c:\windows\system32\dllcache\tdk100b.sys
2009-11-14 11:13 . 2001-08-17 13:49 30464 -c--a-w- c:\windows\system32\dllcache\tbatm155.sys
2009-11-14 11:13 . 2001-08-17 13:52 7040 -c--a-w- c:\windows\system32\dllcache\tandqic.sys
2009-11-14 11:13 . 2001-08-17 12:50 36640 -c--a-w- c:\windows\system32\dllcache\t2r4mini.sys
2009-11-14 11:13 . 2001-08-17 14:56 172768 -c--a-w- c:\windows\system32\dllcache\t2r4disp.dll
2009-11-14 11:13 . 2001-08-17 14:07 32640 -c--a-w- c:\windows\system32\dllcache\symc8xx.sys
2009-11-14 11:13 . 2001-08-17 14:07 16256 -c--a-w- c:\windows\system32\dllcache\symc810.sys
2009-11-14 11:13 . 2001-08-17 14:07 30688 -c--a-w- c:\windows\system32\dllcache\sym_u3.sys
2009-11-14 11:13 . 2001-08-17 14:07 28384 -c--a-w- c:\windows\system32\dllcache\sym_hi.sys
2009-11-14 11:13 . 2001-08-17 22:36 94293 -c--a-w- c:\windows\system32\dllcache\sxports.dll
2009-11-14 11:13 . 2001-08-17 13:50 103936 -c--a-w- c:\windows\system32\dllcache\sx.sys
2009-11-14 11:12 . 2001-08-17 14:02 3968 -c--a-w- c:\windows\system32\dllcache\swusbflt.sys
2009-11-14 11:12 . 2001-08-17 22:36 10240 -c--a-w- c:\windows\system32\dllcache\swpidflt.dll
2009-11-14 11:12 . 2001-08-17 22:36 10240 -c--a-w- c:\windows\system32\dllcache\swpdflt2.dll
2009-11-14 11:12 . 2001-08-17 22:36 53760 -c--a-w- c:\windows\system32\dllcache\sw_wheel.dll
2009-11-14 11:12 . 2001-08-17 22:36 41472 -c--a-w- c:\windows\system32\dllcache\sw_effct.dll
2009-11-14 11:12 . 2001-08-17 22:36 155648 -c--a-w- c:\windows\system32\dllcache\stlnprop.dll
2009-11-14 11:12 . 2001-08-17 22:36 53248 -c--a-w- c:\windows\system32\dllcache\stlncoin.dll
2009-11-14 11:12 . 2001-08-17 12:18 285760 -c--a-w- c:\windows\system32\dllcache\stlnata.sys
2009-11-14 11:12 . 2001-08-17 13:51 16896 -c--a-w- c:\windows\system32\dllcache\stcusb.sys
2009-11-14 11:12 . 2001-08-17 12:11 48736 -c--a-w- c:\windows\system32\dllcache\srwlnd5.sys
2009-11-14 11:12 . 2001-08-17 22:36 99328 -c--a-w- c:\windows\system32\dllcache\srusd.dll
2009-11-14 11:11 . 2001-08-17 22:36 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll
2009-11-14 11:11 . 2001-08-17 13:51 61824 -c--a-w- c:\windows\system32\dllcache\speed.sys
2009-11-14 11:11 . 2001-08-17 22:36 106584 -c--a-w- c:\windows\system32\dllcache\spdports.dll
2009-11-14 11:11 . 2001-08-17 14:07 19072 -c--a-w- c:\windows\system32\dllcache\sparrow.sys
2009-11-14 11:11 . 2001-08-17 13:56 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2009-11-14 11:11 . 2001-08-17 12:51 37040 -c--a-w- c:\windows\system32\dllcache\sonypi.sys
2009-11-14 11:11 . 2001-08-17 22:36 114688 -c--a-w- c:\windows\system32\dllcache\sonypi.dll
2009-11-14 11:11 . 2001-08-17 12:51 20752 -c--a-w- c:\windows\system32\dllcache\sonync.sys
2009-11-14 11:11 . 2008-04-14 00:10 7552 -c--a-w- c:\windows\system32\dllcache\sonyait.sys
2009-11-14 11:11 . 2001-08-17 13:53 9600 -c--a-w- c:\windows\system32\dllcache\sonymc.sys
2009-11-14 11:11 . 2001-08-17 13:53 7040 -c--a-w- c:\windows\system32\dllcache\snyaitmc.sys
2009-11-14 11:09 . 2008-04-14 05:42 73796 -c--a-w- c:\windows\system32\dllcache\slserv.exe
2009-11-14 11:08 . 2001-08-17 12:50 101760 -c--a-w- c:\windows\system32\dllcache\sis300ip.sys
2009-11-14 11:08 . 2008-04-14 05:42 3901 -c--a-w- c:\windows\system32\dllcache\siint5.dll
2009-11-14 11:08 . 2001-07-21 14:29 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
2009-11-14 11:08 . 2001-07-21 14:29 18400 -c--a-w- c:\windows\system32\dllcache\sgsmld.sys
2009-11-14 11:08 . 2001-08-17 12:51 98080 -c--a-w- c:\windows\system32\dllcache\sgiulnt5.sys
2009-11-14 11:08 . 2001-08-17 22:36 386560 -c--a-w- c:\windows\system32\dllcache\sgiul50.dll
2009-11-14 11:08 . 2001-08-17 12:19 36480 -c--a-w- c:\windows\system32\dllcache\sfmanm.sys
2009-11-14 11:08 . 2001-08-17 13:53 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2009-11-14 11:08 . 2001-08-17 13:48 17664 -c--a-w- c:\windows\system32\dllcache\sermouse.sys
2009-11-14 11:08 . 2001-08-17 13:53 6912 -c--a-w- c:\windows\system32\dllcache\seaddsmc.sys
2009-11-14 11:08 . 2008-04-14 00:15 11520 -c--a-w- c:\windows\system32\dllcache\scsiscan.sys
2009-11-14 11:08 . 2001-08-17 13:52 11648 -c--a-w- c:\windows\system32\dllcache\scsiprnt.sys
2009-11-14 11:07 . 2001-08-17 13:51 17280 -c--a-w- c:\windows\system32\dllcache\scr111.sys
2009-11-14 11:07 . 2001-08-17 13:51 16640 -c--a-w- c:\windows\system32\dllcache\scmstcs.sys
2009-11-14 11:07 . 2001-08-17 13:51 23936 -c--a-w- c:\windows\system32\dllcache\sccmusbm.sys
2009-11-14 11:07 . 2001-08-17 13:51 23936 -c--a-w- c:\windows\system32\dllcache\sccmn50m.sys
2009-11-14 11:07 . 2008-04-14 00:10 43904 -c--a-w- c:\windows\system32\dllcache\sbp2port.sys
2009-11-14 11:07 . 2001-08-17 22:36 495616 -c--a-w- c:\windows\system32\dllcache\sblfx.dll
2009-11-14 11:07 . 2001-08-17 12:50 75392 -c--a-w- c:\windows\system32\dllcache\s3savmxm.sys
2009-11-14 11:07 . 2001-08-17 14:56 245632 -c--a-w- c:\windows\system32\dllcache\s3savmx.dll
2009-11-14 11:07 . 2001-08-17 12:50 77824 -c--a-w- c:\windows\system32\dllcache\s3sav4m.sys
2009-11-14 11:07 . 2001-08-17 14:56 198400 -c--a-w- c:\windows\system32\dllcache\s3sav4.dll
2009-11-14 11:07 . 2001-08-17 12:50 61504 -c--a-w- c:\windows\system32\dllcache\s3sav3dm.sys
2009-11-14 11:07 . 2001-08-17 14:56 179264 -c--a-w- c:\windows\system32\dllcache\s3sav3d.dll
2009-11-14 11:05 . 2001-08-17 12:19 3840 -c--a-w- c:\windows\system32\dllcache\rpfun.sys
2009-11-14 11:05 . 2008-04-14 00:10 79104 -c--a-w- c:\windows\system32\dllcache\rocket.sys
2009-11-14 11:05 . 2001-08-17 12:12 37563 -c--a-w- c:\windows\system32\dllcache\rlnet5.sys
2009-11-14 11:05 . 2008-04-14 00:16 59136 -c--a-w- c:\windows\system32\dllcache\rfcomm.sys
2009-11-14 11:05 . 2001-08-17 22:36 86097 -c--a-w- c:\windows\system32\dllcache\resl!!!2.dll
2009-11-14 11:05 . 2008-04-13 23:53 13776 -c--a-w- c:\windows\system32\dllcache\recagent.sys
2009-11-14 11:05 . 2001-08-17 13:51 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys
2009-11-14 11:05 . 2001-08-17 13:28 714762 -c--a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2009-11-14 11:05 . 2001-08-17 13:28 899146 -c--a-w- c:\windows\system32\dllcache\r2mdkxga.sys
2009-11-14 11:05 . 2001-08-17 22:36 41472 -c--a-w- c:\windows\system32\dllcache\qvusd.dll
2009-11-14 11:05 . 2001-08-17 13:53 3328 -c--a-w- c:\windows\system32\dllcache\qv2kux.sys
2009-11-14 11:03 . 2001-08-17 13:53 17792 -c--a-w- c:\windows\system32\dllcache\ppa.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-14 11:34 . 2009-09-06 08:30
d
w- c:\documents and settings\ALAN B\Application Data\OpenCandy
2009-11-14 00:52 . 2009-09-03 05:58
d
w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-11-12 00:28 . 2009-05-17 19:14
d
w- c:\program files\SUPERAntiSpyware
2009-11-11 06:51 . 2009-08-09 19:26
d
w- c:\documents and settings\ALAN B\Application Data\FileZilla
2009-11-11 06:47 . 2009-05-17 19:16 117760 ----a-w- c:\documents and settings\ALAN B\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-08 12:02 . 2009-09-06 08:30
d
w- c:\documents and settings\ALAN B\Application Data\FrostWire
2009-11-07 14:32 . 2008-05-26 11:38
d
w- c:\program files\Java
2009-11-05 23:29 . 2009-07-24 21:36
d
w- c:\program files\COMODO
2009-11-03 20:57 . 2009-04-21 22:33
d
w- c:\program files\ProgDVB
2009-11-03 07:28 . 2009-03-21 11:03 1 ----a-w- c:\documents and settings\ALAN B\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-10-11 04:17 . 2009-03-21 10:21 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-05 17:30 . 2009-03-21 12:43
d
w- c:\documents and settings\ALAN B\Application Data\uTorrent
2009-09-11 14:18 . 2008-04-14 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 18:52 . 2009-07-25 08:23 493425 ----a-w- c:\windows\system32\drivers\sfi.dat
2009-09-04 21:03 . 2008-04-14 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-03 18:02 . 2009-03-10 21:27 94976 ----a-w- c:\documents and settings\ALAN B\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-29 07:36 . 2008-04-14 12:00 832512
w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2008-04-14 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36 . 2008-04-14 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-08-27 23:12 . 2009-03-21 10:58 952 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-08-26 08:00 . 2008-04-14 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-23 14:47 . 2009-08-23 14:47 152576 ----a-w- c:\documents and settings\ALAN B\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-17 22:33 . 2009-08-17 22:33 1193832 ----a-w- c:\windows\system32\FM20.DLL0 -
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-11 39408]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-11 1028096]
"QuickFinder Scheduler"="c:\program files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [2007-01-02 83568]
"UCam_Menu"="c:\program files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-13 222504]
"LanguageShortcut"="c:\program files\HomeCinema\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2008-06-10 782336]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-06-10 220160]
"toolbar_eula_launcher"="c:\program files\GoogleEULA\EULALauncher.exe" [2007-02-09 16896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"lxdimon.exe"="c:\program files\Lexmark 3500-4500 Series\lxdimon.exe" [2007-07-16 434864]
"lxdiamon"="c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe" [2007-07-16 25264]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-05-07 16862208]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Mobile User VPN.lnk - c:\program files\WatchGuard\Mobile User VPN\SafeCfg.exe [2009-4-1 65588]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-06 08:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\NetMeeting\\Conf.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\ALAN B\\My Documents\\SATELLITE FOLDER\\dcc295\\DCC.exe"=
"c:\\WINDOWS\\system32\\lxdicoms.exe"=
"c:\\Program Files\\Lexmark 3500-4500 Series\\lxdimon.exe"=
"c:\\Program Files\\Lexmark 3500-4500 Series\\App4R.exe"=
"c:\\Program Files\\Lexmark 3500-4500 Series\\lxdiamon.exe"=
"c:\\WINDOWS\\system32\\lxdicfg.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdipswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxditime.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdijswx.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\WatchGuard\\Mobile User VPN\\IreIKE.exe"=
"c:\program files\WatchGuard\Mobile User VPN\ViewLog.exe"= c:\program files\WatchGuard\Mobile User VPN\ViewLog.exe:127.0.0.1/255.255.255.255:Enabled:ViewLog
"c:\program files\WatchGuard\Mobile User VPN\CmonApp.exe"= c:\program files\WatchGuard\Mobile User VPN\CmonApp.exe:127.0.0.1/255.255.255.255:Enabled:CMonApp
"c:\program files\WatchGuard\Mobile User VPN\vpn.exe"= c:\program files\WatchGuard\Mobile User VPN\vpn.exe:127.0.0.1/255.255.255.255:Enabled:VPN Connection Manager
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [05/11/2009 19:31 108289]
R2 Crypto;Crypto;c:\windows\system32\drivers\Crypto.sys [01/04/2009 19:22 521786]
R2 IPSECDRV;SafeNet IPSec Plugin;c:\windows\system32\drivers\IpSecDrv.sys [01/04/2009 19:22 119864]
R2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe -service --> c:\windows\system32\lxdicoms.exe -service [?]
R3 DniVap;SafeNet WAN Miniport (VA);c:\windows\system32\drivers\vap.sys [01/04/2009 19:18 36188]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [10/06/2008 10:36 156160]
R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [26/05/2008 11:10 572416]
S2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdiserv.exe [21/04/2009 22:05 99248]
S2 Micro Star SCM;Micro Star SCM;c:\program files\System Control Manager\MSIService.exe [10/06/2008 09:14 159744]
--- Other Services/Drivers In Memory ---
*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder
2009-11-14 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-11-14 10:21]
Supplementary Scan
.uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://www.medion.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Open with WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta
FF - ProfilePath - c:\documents and settings\ALAN B\Application Data\Mozilla\Firefox\Profiles\t8y4dtan.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo.co.uk
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-14 11:37
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
LOCKED REGISTRY KEYS
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
[HKEY_LOCAL_MACHINE\software\Microsoft\Driver Signing]
@Denied: (2) (Administrators)
@Allowed: (2) (Administrators)
"Policy"=hex:00,00,00,00
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
@=""
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"NoChange"="1"
"Installed"="1"
@=""
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
@=""
.
DLLs Loaded Under Running Processes
- - - - - - - > 'winlogon.exe'(1096)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
- - - - - - - > 'explorer.exe'(3856)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Other Running Processes
.
c:\program files\WatchGuard\Mobile User VPN\IreIKE.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WatchGuard\Mobile User VPN\IPSecMon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxdicoms.exe
c:\windows\system32\PSIService.exe
c:\program files\Cyberlink\Shared files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Google\Google Desktop Search\GoogleDesktopIndex.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-11-14 11:43 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-14 11:43
ComboFix2.txt 2009-11-10 07:49
ComboFix3.txt 2009-11-08 14:48
Pre-Run: 39,318,183,936 bytes free
Post-Run: 39,574,130,688 bytes free
- - End Of File - - 076D964788685272A4F1B5CA574849CD0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.3K Banking & Borrowing
- 253.6K Reduce Debt & Boost Income
- 454.3K Spending & Discounts
- 245.3K Work, Benefits & Business
- 601.1K Mortgages, Homes & Bills
- 177.6K Life & Family
- 259.2K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards