We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
The Forum now has a brand new text editor, adding a bunch of handy features to use when creating posts. Read more in our how-to guide
New Icon on desktop named "Security Antivirus"
Comments
-
+ 2008-07-29 18:18 . 2008-07-29 18:18 3376640 c:\windows\Installer\3697142.msp
+ 2008-07-29 16:45 . 2008-07-29 16:45 2543616 c:\windows\Installer\3657c36.msp
+ 2008-07-29 16:29 . 2008-07-29 16:29 2926080 c:\windows\Installer\3657c35.msp
+ 2008-07-29 16:41 . 2008-07-29 16:41 6487040 c:\windows\Installer\3657c34.msp
+ 2008-07-29 16:39 . 2008-07-29 16:39 3403264 c:\windows\Installer\3657c33.msp
+ 2008-07-29 16:43 . 2008-07-29 16:43 1013248 c:\windows\Installer\3657c31.msp
+ 2008-07-29 16:31 . 2008-07-29 16:31 6083072 c:\windows\Installer\3657c2e.msp
+ 2009-09-29 14:41 . 2009-09-29 14:41 1528320 c:\windows\Installer\2047e4d6.msi
+ 2010-01-25 09:32 . 2009-10-29 07:46 1168384 c:\windows\ie7updates\KB978207-IE7\urlmon.dll
+ 2010-01-25 09:32 . 2009-10-29 07:46 3598336 c:\windows\ie7updates\KB978207-IE7\mshtml.dll
+ 2010-01-25 09:32 . 2009-10-29 07:46 6067200 c:\windows\ie7updates\KB978207-IE7\ieframe.dll
+ 2009-11-05 08:41 . 2009-08-29 07:36 3598336 c:\windows\ie7updates\KB976749-IE7\mshtml.dll
+ 2009-12-15 08:36 . 2009-08-29 07:36 1168384 c:\windows\ie7updates\KB976325-IE7\urlmon.dll
+ 2009-12-15 08:36 . 2009-10-21 04:08 3598336 c:\windows\ie7updates\KB976325-IE7\mshtml.dll
+ 2009-12-15 08:36 . 2009-08-29 07:36 6067200 c:\windows\ie7updates\KB976325-IE7\ieframe.dll
+ 2009-10-15 09:49 . 2009-06-29 16:12 1159680 c:\windows\ie7updates\KB974455-IE7\urlmon.dll
+ 2009-10-15 09:49 . 2009-07-19 13:33 3597824 c:\windows\ie7updates\KB974455-IE7\mshtml.dll
+ 2009-10-15 09:49 . 2009-07-19 13:32 6067200 c:\windows\ie7updates\KB974455-IE7\ieframe.dll
+ 2009-02-12 07:01 . 2009-08-04 19:44 2189184 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2009-02-12 07:01 . 2009-08-04 14:20 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2009-02-12 07:01 . 2009-02-06 10:32 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2009-02-12 07:01 . 2009-08-04 14:20 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2009-02-12 07:01 . 2009-02-07 18:02 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2009-02-12 07:01 . 2009-08-04 15:13 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
- 2009-02-12 07:01 . 2009-02-06 11:06 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2009-10-15 11:37 . 2009-10-15 11:37 3313664 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\204d6e5b335134f23ca37638b9227ecf\WindowsBase.ni.dll
+ 2009-10-15 11:43 . 2009-10-15 11:43 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\0f2ed6a204eb13841e99b77025464afc\UIAutomationClientsideProviders.ni.dll
+ 2009-10-15 11:37 . 2009-10-15 11:37 7868416 c:\windows\assembly\NativeImages_v2.0.50727_32\System\3de5bd01124463d7862bd173af90bc83\System.ni.dll
+ 2009-10-15 11:43 . 2009-10-15 11:43 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5913d3f81e77194ec833991b1047a532\System.Xml.ni.dll
+ 2009-10-15 12:16 . 2009-10-15 12:16 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\fa48917b13629d8effa80dd4a2f2973d\System.WorkflowServices.ni.dll
+ 2009-10-15 12:16 . 2009-10-15 12:16 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\6fe66ee6f3c81996bc148f1ebe7ec030\System.Workflow.Runtime.ni.dll
+ 2009-10-15 12:16 . 2009-10-15 12:16 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\9d0b61f2f1ebdc300bd970f594c422ef\System.Workflow.ComponentModel.ni.dll
+ 2009-10-15 12:16 . 2009-10-15 12:16 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\65328898148a720d394f802f192fc2a0\System.Workflow.Activities.ni.dll
+ 2009-10-15 12:16 . 2009-10-15 12:16 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\ea07ac791bb5cb9f83679e3dd1a0c0cc\System.Web.Services.ni.dll
+ 2009-10-15 12:16 . 2009-10-15 12:16 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\29e2f8b1fb691ced973acf49fcee6ec1\System.Web.Mobile.ni.dll
+ 2009-10-15 12:16 . 2009-10-15 12:16 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\981dea02bc63c0c083e335adf9018788\System.Web.Extensions.ni.dll
+ 2009-10-15 11:43 . 2009-10-15 11:43 1917440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\99594bae1d022502925f5b9dfcdaae9a\System.Speech.ni.dll
+ 2009-10-15 12:15 . 2009-10-15 12:15 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\e182695d05ea57257568bc5f3208aca7\System.ServiceModel.Web.ni.dll
+ 2009-10-15 12:13 . 2009-10-15 12:13 2338304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\67ad55827f2542552b576170f0a7dc56\System.Runtime.Serialization.ni.dll
+ 2009-10-15 11:43 . 2009-10-15 11:43 1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\e5313735a40c0800f116e27fba4754db\System.Printing.ni.dll
+ 2009-10-15 12:13 . 2009-10-15 12:13 1056768 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c3b18fef5c6dc3bcdbe5df699fd21a55\System.IdentityModel.ni.dll
+ 2009-10-15 11:43 . 2009-10-15 11:43 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\abb2ac7e08bee026f857d8fa36f9fe6f\System.Drawing.ni.dll
+ 2009-10-15 12:15 . 2009-10-15 12:15 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\f47ebb9db460874b1bcbfc391dc970b1\System.DirectoryServices.ni.dll
+ 2009-10-15 12:15 . 2009-10-15 12:15 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\c94a427baa7683f4221b91f90c18461b\System.Deployment.ni.dll
+ 2009-10-15 11:42 . 2009-10-15 11:42 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\694c07365e0fd6bba0bc304d4d2404a7\System.Data.ni.dll
+ 2009-10-15 12:14 . 2009-10-15 12:14 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\272152f0cc139490729e215611a4b244\System.Data.SqlXml.ni.dll
+ 2009-10-15 12:15 . 2009-10-15 12:15 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\112a48e34620a0210eb850040da8a31b\System.Data.Services.ni.dll
+ 2009-10-15 11:42 . 2009-10-15 11:42 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\32788c58ff9f8324460604cf1fe7681b\System.Data.Linq.ni.dll
+ 2009-10-15 12:15 . 2009-10-15 12:15 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\9012cac7819660f61f1c69cf8e4f2ccf\System.Data.Entity.ni.dll
+ 2009-10-15 11:42 . 2009-10-15 11:42 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\c0a42d2ad8a4078040b334f6770ea11f\System.Core.ni.dll
+ 2009-10-15 11:42 . 2009-10-15 11:42 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\954685c29689d2a6126ceca1fd55e904\ReachFramework.ni.dll
+ 2009-10-15 11:42 . 2009-10-15 11:42 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\a3a6f52ce1d09a7bdccc8e7fc664792d\PresentationUI.ni.dll
+ 2009-10-15 11:37 . 2009-10-15 11:37 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\f906701365083c1473db31519147e263\PresentationBuildTasks.ni.dll
+ 2009-10-15 12:14 . 2009-10-15 12:14 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6eee9b772b6d12d3dbd82f118c2ab2e5\Microsoft.VisualBasic.ni.dll
+ 2009-10-15 12:14 . 2009-10-15 12:14 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\f19e9b439636d0744597fff1331cad04\Microsoft.Transactions.Bridge.ni.dll
+ 2009-10-15 12:15 . 2009-10-15 12:15 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\5b1af7b5be24c7ace065fe1c81c2b650\Microsoft.JScript.ni.dll
+ 2009-10-15 12:14 . 2009-10-15 12:14 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\9eec1cc7ac37e0c7f3205e8156149c5a\Microsoft.Build.Tasks.ni.dll
+ 2009-10-15 12:14 . 2009-10-15 12:14 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\28c0730288453d57d5dcd62903c4d31b\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2009-10-15 12:14 . 2009-10-15 12:14 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\5dd4f58999eed37c12aee7ea9f9863ac\Microsoft.Build.Engine.ni.dll
+ 2009-08-11 07:08 . 2009-08-11 07:08 1245184 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2009-10-15 10:03 . 2009-10-15 10:03 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2009-10-15 10:03 . 2009-10-15 10:03 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2009-08-11 07:08 . 2009-08-11 07:08 1630208 c:\windows\assembly\GAC_MSIL\System.Workflow.ComponentModel\3.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
+ 2009-08-11 07:08 . 2009-08-11 07:08 1138688 c:\windows\assembly\GAC_MSIL\System.Workflow.Activities\3.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
+ 2009-10-15 10:03 . 2009-10-15 10:03 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2009-08-11 07:14 . 2009-08-11 07:14 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2009-08-11 07:13 . 2009-08-11 07:13 5931008 c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2009-10-15 10:03 . 2009-10-15 10:03 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2009-08-11 07:09 . 2009-08-11 07:09 2879488 c:\windows\assembly\GAC_MSIL\System.Data.Entity\3.5.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2009-08-11 07:13 . 2009-08-11 07:13 5283840 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2009-10-30 08:56 . 2009-10-30 08:56 1604448 c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.Smo\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.Smo.dll
+ 2009-10-30 08:56 . 2009-10-30 08:56 1215328 c:\windows\assembly\GAC_MSIL\Microsoft.AnalysisServices\9.0.242.0__89845dcd8080cc91\Microsoft.AnalysisServices.DLL
+ 2009-10-15 10:03 . 2009-10-15 10:03 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-10-15 10:03 . 2009-10-15 10:03 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2009-08-11 07:08 . 2009-08-11 07:08 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2009-10-15 10:03 . 2009-10-15 10:03 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2009-11-27 11:27 . 2008-09-10 01:14 1307648 c:\windows\$NtUninstallKB973687$\msxml6.dll
+ 2009-11-27 11:27 . 2008-09-04 17:15 1106944 c:\windows\$NtUninstallKB973687$\msxml3.dll
+ 2009-08-17 08:35 . 2008-04-14 00:12 1314816 c:\windows\$NtUninstallKB973354$\msoe.dll
+ 2009-10-15 09:49 . 2009-02-06 11:08 2189056 c:\windows\$NtUninstallKB971486$\ntoskrnl.exe
+ 2009-10-15 09:49 . 2009-02-06 10:32 2023936 c:\windows\$NtUninstallKB971486$\ntkrpamp.exe
+ 2009-10-15 09:49 . 2009-02-07 18:02 2066048 c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe
+ 2009-10-15 09:49 . 2009-02-06 11:06 2145280 c:\windows\$NtUninstallKB971486$\ntkrnlmp.exe
+ 2009-11-16 10:03 . 2009-04-17 12:26 1847168 c:\windows\$NtUninstallKB969947$\win32k.sys
+ 2009-10-15 09:50 . 2008-04-14 00:12 1435648 c:\windows\$NtUninstallKB969059$\query.dll
+ 2009-09-10 14:27 . 2008-06-18 05:03 2458112 c:\windows\$NtUninstallKB968816_WM9$\wmvcore.dll0 -
+ 2009-08-17 08:35 . 2008-04-14 00:11 2061824 c:\windows\$NtUninstallKB956744$\mstscax.dll
+ 2009-10-21 03:59 . 2009-10-21 03:59 3602432 c:\windows\$hf_mig$\KB976749-IE7\SP3QFE\mshtml.dll
+ 2009-10-29 07:45 . 2009-10-29 07:45 1170944 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\urlmon.dll
+ 2009-10-29 07:45 . 2009-10-29 07:45 3602432 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\mshtml.dll
+ 2009-10-29 07:45 . 2009-10-29 07:45 6070784 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\ieframe.dll
+ 2009-12-14 15:51 . 2009-06-29 08:33 2452872 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\ieapfltr.dat
+ 2009-08-29 07:31 . 2009-08-29 07:31 1170944 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\urlmon.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 3600384 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\mshtml.dll
+ 2009-08-29 07:31 . 2009-08-29 07:31 6070784 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\ieframe.dll
+ 2009-10-14 09:33 . 2009-06-29 08:33 2452872 c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\ieapfltr.dat
+ 2009-11-26 11:42 . 2009-07-31 04:24 1447424 c:\windows\$hf_mig$\KB973687\SP3QFE\msxml6.dll
+ 2009-11-26 11:42 . 2009-07-31 04:24 1172480 c:\windows\$hf_mig$\KB973687\SP3QFE\msxml3.dll
+ 2009-07-10 17:54 . 2009-07-10 17:54 1315328 c:\windows\$hf_mig$\KB973354\SP3QFE\msoe.dll
+ 2009-10-14 09:31 . 2009-08-04 13:56 2189312 c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
+ 2009-10-14 09:31 . 2009-08-04 13:17 2023936 c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrpamp.exe
+ 2009-08-04 17:47 . 2009-08-04 17:47 2066176 c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
+ 2009-10-14 09:31 . 2009-08-04 13:54 2145280 c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlmp.exe
+ 2009-08-14 12:19 . 2009-08-14 12:19 1859712 c:\windows\$hf_mig$\KB969947\SP3QFE\win32k.sys
+ 2009-07-17 16:01 . 2009-07-17 16:01 1435648 c:\windows\$hf_mig$\KB969059\SP3QFE\query.dll
+ 2009-08-13 07:49 . 2009-06-09 15:21 2067968 c:\windows\$hf_mig$\KB956744\SP3QFE\lhmstscx.dll
+ 2004-08-04 12:00 . 2009-07-13 22:43 10841088 c:\windows\system32\wmp.dll
+ 2009-02-18 17:29 . 2010-01-05 00:17 29634504 c:\windows\system32\MRT.exe
+ 2004-08-04 12:00 . 2009-07-13 22:43 10841088 c:\windows\system32\dllcache\wmp.dll
+ 2008-12-13 09:21 . 2008-12-13 09:21 10473472 c:\windows\Installer\36abc8b.msp
+ 2009-08-14 19:32 . 2009-08-14 19:32 11110912 c:\windows\Installer\344f1.msp
+ 2010-02-02 17:47 . 2010-02-02 17:47 21084160 c:\windows\Installer\20716cea.msi
+ 2009-05-27 12:06 . 2009-05-27 12:06 10011648 c:\windows\Installer\19aaaeff.msp
+ 2009-08-11 07:13 . 2009-08-11 07:13 11073536 c:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP250.tmp\mscorlib.dll
+ 2009-10-15 11:43 . 2009-10-15 11:43 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d2ea8d76f015817db1607075812b555f\System.Windows.Forms.ni.dll
+ 2009-10-15 12:15 . 2009-10-15 12:15 11796992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\5cea03cfb008f2eac1439a9905467f37\System.Web.ni.dll
+ 2009-10-15 12:13 . 2009-10-15 12:13 17317888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\06d6eab93282d2b136a377bd50b7c5a9\System.ServiceModel.ni.dll
+ 2009-10-15 11:43 . 2009-10-15 11:43 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\8b82e08c008924d51833cb0884bcbfc5\System.Design.ni.dll
+ 2009-10-15 11:42 . 2009-10-15 11:42 14327808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\58c7ac6b6054038dc9346d7ec8e32b4c\PresentationFramework.ni.dll
+ 2009-10-15 11:41 . 2009-10-15 11:41 12216320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\94badbd64df59de7da249f71da38b1c2\PresentationCore.ni.dll
+ 2009-10-15 11:37 . 2009-10-15 11:37 11486720 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7124a40b9998f7b63c86bd1a2125ce26\mscorlib.ni.dll
+ 2009-08-17 08:35 . 2008-11-11 18:34 10838016 c:\windows\$NtUninstallKB973540_WM9$\wmp.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2007-06-19 101144]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2007-06-19 84760]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2007-06-19 125720]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"AGRSMMSG"="AGRSMMSG.exe" [2005-11-16 88209]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 688218]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-10-19 177456]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 507904]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2006-06-08 131072]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-04 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2004-6-2 565309]
Push Client.LNK - c:\program files\Interwise\Participant\pull.exe [2009-2-19 894192]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-09 13:03 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Service ADVISOR\\xvds\\xVDSMgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Service ADVISOR\\xvds\\xVDS.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\2067b78\\SA2067.exe"=
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [29/11/2005 16:56 36768]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [21/10/2005 11:19 36352]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [15/01/2009 16:17 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [15/01/2009 16:17 74480]
S2 gupdate1c98ecf471a7ce4;Google Update Service (gupdate1c98ecf471a7ce4);c:\program files\Google\Update\GoogleUpdate.exe [14/02/2009 18:08 133104]
S2 LightweightIDOL;LightweightIDOL;c:\program files\Service ADVISOR\SUIR\LightweightIDOL.exe [06/08/2009 15:28 4145152]
S2 XBaseMS-Service;XBaseMS-Service;c:\program files\ProQuestMS\PartsManagerPro\XBaseSrvr\tbmux32.exe [12/02/2009 08:48 401408]
S3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [26/01/2009 09:33 88192]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [15/01/2009 16:17 7408]
S4 AntiVirSchedulerService;Avira AntiVir Scheduler;"c:\program files\Avira\AntiVir Desktop\sched.exe" --> c:\program files\Avira\AntiVir Desktop\sched.exe [?]
.
Contents of the 'Scheduled Tasks' folder
2010-02-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-14 10:45]
2010-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-14 18:08]
2010-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-14 18:08]
2010-02-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-220523388-1844237615-839522115-1003Core.job
- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-11 21:33]
2010-02-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-220523388-1844237615-839522115-1003UA.job
- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-11 21:33]
.
.
Supplementary Scan
.
uInternet Connection Wizard,ShellNext = hxxp://www.fileresearchcenter.com/whatsrunningpre.html?!!!!!SUPERANTISPYWARE&trial=no&activated=no&appid={A232C587-DDE1-48E5-9A74-84A12559BE96}
Trusted Zone: deere.com
TCP: {32BE4059-4986-49B9-BEC5-D5378F96759C} = 212.23.3.100,212.23.6.100
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-10 13:15
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
DLLs Loaded Under Running Processes
- - - - - - - > 'winlogon.exe'(888)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2010-02-10 13:17:05
ComboFix-quarantined-files.txt 2010-02-10 13:16
ComboFix2.txt 2009-07-31 14:27
Pre-Run: 38,802,378,752 bytes free
Post-Run: 39,289,520,128 bytes free0 -
Thats it, all of it!!!0
-
Can someone please explain to me why this scan is so big? tia0
-
Well common sense dictates it might have something to do with the warnings about not using it along side two antiviruses. Just a guess though. Try this:
http://www.softpedia.com/get/Antivirus/Remove-Fake-Antivirus.shtml
followed by this:
http://www.appremover.com/opswat-appremover-thoroughly-remove-your-security-applications
Then try combofix.0 -
Open notepad and copy/paste the text in RED below
File::
c:\documents and settings\All Users\Application Data\2067b78\SA2067.exe
c:\windows\unins000.dat
c:\windows\unins000.exe
c:\windows\unins002.dat
c:\windows\unins002.exe
Save this as "CFScript" (FULL file will be 'CFScript.txt' EXACTLY as shown)
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply
Combofix should never take more that 30 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
(Dont bother posting the SNAPSHOT part if its hugh again):idea:0 -
Thanks for that the scan report is alot shorter this time, more normal I would say lol
It also uploaded some stuff to combofix to do with the malware it found which required further checking out;)
Here's the log
ComboFix 10-02-09.04 - Administrator 11/02/2010 9:56.3.1 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.821 [GMT 0:00]
Running from: c:\documents and settings\Administrator\My Documents\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\My Documents\CFScript.txt
AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Security Antivirus *On-access scanning enabled* (Updated) {00F3C869-C60F-41B9-84ED-1B456235972C}
FW: Security Antivirus *enabled* {401582A1-10C7-4CD7-B3B8-2CE3BA740DE8}
FILE ::
"c:\documents and settings\All Users\Application Data\2067b78\SA2067.exe"
"c:\windows\unins000.dat"
"c:\windows\unins000.exe"
"c:\windows\unins002.dat"
"c:\windows\unins002.exe"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\2067b78\SA2067.exe
c:\windows\unins000.dat
c:\windows\unins000.exe
c:\windows\unins002.dat
c:\windows\unins002.exe
.
((((((((((((((((((((((((( Files Created from 2010-01-11 to 2010-02-11 )))))))))))))))))))))))))))))))
.
2010-02-11 09:39 . 2010-02-11 09:39
d
w- c:\windows\LastGood
2010-02-10 13:29 . 2010-02-10 13:29
d
w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2010-02-10 10:45 . 2010-02-10 10:45
d
w- c:\documents and settings\Administrator\Application Data\Infineon
2010-02-10 10:45 . 2010-02-10 10:45 35200 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-10 10:05 . 2010-02-10 10:04 389120 ----a-w- c:\windows\system32\CF5924.exe
2010-02-10 09:35 . 2010-02-10 09:54 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-02-10 09:34 . 2010-02-10 09:34
d
w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-02-10 09:34 . 2010-02-10 09:34
d
w- c:\program files\Hitman Pro 3.5
2010-02-09 22:51 . 2010-02-09 22:51
d
w- c:\documents and settings\User\Local Settings\Application Data\Threat Expert
2010-02-09 22:35 . 2010-02-10 09:20
d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-09 17:15 . 2010-02-09 17:15
d
w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-02-09 13:44 . 2010-02-09 13:44
d-sh--w- c:\documents and settings\All Users\Application Data\SAEHWV
2010-02-09 13:43 . 2010-02-11 10:00
d-sh--w- c:\documents and settings\All Users\Application Data\2067b78
2010-02-05 11:17 . 2010-02-05 11:17
d
w- c:\temp\install
2010-02-05 11:17 . 2010-02-05 11:17
d
w- c:\temp\CAL
2010-02-02 17:50 . 2009-11-25 13:01 118784 ----a-w- c:\documents and settings\All Users\Application Data\Service ADVISOR\CAL\Connectivity Applications\Test.dll
2010-02-02 17:50 . 2009-11-25 12:52 409600 ----a-w- c:\documents and settings\All Users\Application Data\Service ADVISOR\CAL\Connectivity Applications\xVDS.dll
2010-02-02 17:50 . 2009-11-25 12:50 118784 ----a-w- c:\documents and settings\All Users\Application Data\Service ADVISOR\CAL\ProcedureFramework.dll
2010-02-02 17:50 . 2009-11-25 12:50 688128 ----a-w- c:\documents and settings\All Users\Application Data\Service ADVISOR\CAL\Connectivity Applications\Aea.dll
2010-02-02 17:50 . 2009-11-25 12:19 59904 ----a-w- c:\windows\system32\zlib1.dll
2010-02-02 17:47 . 2010-02-02 17:47
d
w- c:\program files\Common Files\Adobe AIR
2010-01-14 09:26 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-10 11:58 . 2009-02-14 18:01
d
w- c:\documents and settings\All Users\Application Data\Google Updater
2010-02-10 11:56 . 2009-12-11 21:35
d
w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-02-10 11:00 . 2009-12-11 21:35
d
w- c:\program files\Spybot - Search & Destroy
2010-02-09 13:57 . 2009-07-30 12:15
d
w- c:\program files\Avira
2010-02-09 10:24 . 2009-12-11 19:52
d
w- c:\program files\SUPERAntiSpyware
2010-02-05 11:17 . 2009-08-06 15:28
d
w- c:\program files\Service ADVISOR
2010-02-05 11:16 . 2009-02-12 10:00
d
w- c:\program files\ECULP
2010-02-03 08:36 . 2009-01-26 09:22
d--h--w- c:\program files\InstallShield Installation Information
2010-02-02 17:50 . 2009-12-11 19:15
d
w- c:\documents and settings\All Users\Application Data\Service ADVISOR
2010-02-02 17:46 . 2009-12-11 19:06
d
w- c:\program files\Common Files\Adobe
2010-01-11 13:26 . 2009-02-14 18:01
d
w- c:\program files\Google
2010-01-05 10:00 . 2004-08-04 12:00 832512
w- c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2004-08-04 12:00 17408
w- c:\windows\system32\corpol.dll
2009-12-31 16:50 . 2004-08-04 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-16 18:43 . 2009-01-23 10:06 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 15:48 . 2009-07-30 12:16 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-14 07:08 . 2004-08-04 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:27 . 2004-08-04 12:00 2189184
w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2004-08-03 22:59 2066048
w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2004-08-04 12:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:11 . 2004-08-04 12:00 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:11 . 2004-08-04 00:56 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:07 . 2004-08-04 12:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2001-08-17 22:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2004-08-04 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2004-08-04 12:00 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:07 . 2004-08-04 00:56 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-25 12:50 . 2010-02-02 17:51 434176 ----a-w- c:\documents and settings\All Users\Application Data\Service ADVISOR\CAL\Connectivity Applications\Remote.dll
2009-11-25 12:48 . 2010-02-02 17:51 176128 ----a-w- c:\documents and settings\All Users\Application Data\Service ADVISOR\CAL\Connectivity Applications\Recording.dll
2009-11-25 12:47 . 2010-02-02 17:51 73728 ----a-w- c:\documents and settings\All Users\Application Data\Service ADVISOR\CAL\Connectivity Applications\Support\Interop.CALCore.dll
2009-11-25 12:47 . 2010-02-02 17:51 61440 ----a-w- c:\documents and settings\All Users\Application Data\Service ADVISOR\CAL\Connectivity Applications\Support\CalChannelManager.dll
2009-11-21 15:51 . 2004-08-04 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
.
((((((((((((((((((((((((((((( SnapShot_2010-02-10_13.15.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-27 17:11 . 2009-11-27 17:11 17920 c:\windows\system32\dllcache\msyuv.dll
+ 2004-08-04 12:00 . 2009-11-27 16:07 28672 c:\windows\system32\dllcache\msvidc32.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 11264 c:\windows\system32\dllcache\msrle32.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 48128 c:\windows\system32\dllcache\iyuv_32.dll
+ 2009-12-14 07:08 . 2009-12-14 07:08 33280 c:\windows\system32\dllcache\csrsrv.dll
- 2009-06-10 14:13 . 2009-06-10 14:13 84992 c:\windows\system32\dllcache\avifil32.dll
+ 2009-06-10 14:13 . 2009-11-27 16:07 84992 c:\windows\system32\dllcache\avifil32.dll
+ 2009-11-27 17:11 . 2009-11-27 17:11 17920 c:\windows\Driver Cache\i386\msyuv.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 48128 c:\windows\Driver Cache\i386\iyuv_32.dll
+ 2001-08-17 22:36 . 2009-11-27 16:07 8704 c:\windows\system32\dllcache\tsbyuv.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 8704 c:\windows\Driver Cache\i386\tsbyuv.dll
- 2004-08-04 12:00 . 2008-04-14 00:12 474112 c:\windows\system32\shlwapi.dll
+ 2004-08-04 12:00 . 2009-12-08 09:23 474112 c:\windows\system32\shlwapi.dll
+ 2009-02-12 07:01 . 2009-12-31 16:50 353792 c:\windows\system32\dllcache\srv.sys
+ 2009-12-08 09:23 . 2009-12-08 09:23 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2009-12-16 18:43 . 2009-12-16 18:43 343040 c:\windows\system32\dllcache\mspaint.exe
+ 2009-02-12 07:00 . 2009-12-04 18:22 455424 c:\windows\system32\dllcache\mrxsmb.sys
+ 2009-02-12 07:00 . 2009-12-04 18:22 455424 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2008-05-07 05:12 . 2009-11-27 17:11 1291776 c:\windows\system32\dllcache\quartz.dll
- 2009-02-12 07:01 . 2009-08-04 19:44 2189184 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2009-02-12 07:01 . 2009-12-08 19:27 2189184 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2009-02-12 07:01 . 2009-12-08 18:43 2023936 c:\windows\system32\dllcache\ntkrpamp.exe
- 2009-02-12 07:01 . 2009-08-04 14:20 2023936 c:\windows\system32\dllcache\ntkrpamp.exe
- 2009-02-12 07:01 . 2009-08-04 14:20 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2009-02-12 07:01 . 2009-12-08 18:43 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2009-02-12 07:01 . 2009-08-04 15:13 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2009-02-12 07:01 . 2009-12-08 19:26 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe
- 2009-02-12 07:01 . 2009-08-04 19:44 2189184 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2009-02-12 07:01 . 2009-12-08 19:27 2189184 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2009-02-12 07:01 . 2009-12-08 18:43 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2009-02-12 07:01 . 2009-08-04 14:20 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2009-02-12 07:01 . 2009-08-04 14:20 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2009-02-12 07:01 . 2009-12-08 18:43 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2009-02-12 07:01 . 2009-12-08 19:26 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
- 2009-02-12 07:01 . 2009-08-04 15:13 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2009-02-18 17:29 . 2010-02-01 19:26 30364104 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2007-06-19 101144]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2007-06-19 84760]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2007-06-19 125720]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"AGRSMMSG"="AGRSMMSG.exe" [2005-11-16 88209]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 688218]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-10-19 177456]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 507904]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2006-06-08 131072]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-04 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2004-6-2 565309]
Push Client.LNK - c:\program files\Interwise\Participant\pull.exe [2009-2-19 894192]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-09 13:03 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Service ADVISOR\\xvds\\xVDSMgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Service ADVISOR\\xvds\\xVDS.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [29/11/2005 16:56 36768]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [21/10/2005 11:19 36352]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [15/01/2009 16:17 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [15/01/2009 16:17 74480]
S2 gupdate1c98ecf471a7ce4;Google Update Service (gupdate1c98ecf471a7ce4);c:\program files\Google\Update\GoogleUpdate.exe [14/02/2009 18:08 133104]
S2 LightweightIDOL;LightweightIDOL;c:\program files\Service ADVISOR\SUIR\LightweightIDOL.exe [06/08/2009 15:28 4145152]
S2 XBaseMS-Service;XBaseMS-Service;c:\program files\ProQuestMS\PartsManagerPro\XBaseSrvr\tbmux32.exe [12/02/2009 08:48 401408]
S3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [26/01/2009 09:33 88192]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [15/01/2009 16:17 7408]
S4 AntiVirSchedulerService;Avira AntiVir Scheduler;"c:\program files\Avira\AntiVir Desktop\sched.exe" --> c:\program files\Avira\AntiVir Desktop\sched.exe [?]
.
Contents of the 'Scheduled Tasks' folder
2010-02-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-14 10:45]
2010-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-14 18:08]
2010-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-14 18:08]
2010-02-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-220523388-1844237615-839522115-1003Core.job
- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-11 21:33]
2010-02-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-220523388-1844237615-839522115-1003UA.job
- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-11 21:33]
.
.
Supplementary Scan
.
uInternet Connection Wizard,ShellNext = hxxp://www.fileresearchcenter.com/whatsrunningpre.html?!!!!!SUPERANTISPYWARE&trial=no&activated=no&appid={A232C587-DDE1-48E5-9A74-84A12559BE96}
Trusted Zone: deere.com
TCP: {32BE4059-4986-49B9-BEC5-D5378F96759C} = 212.23.3.100,212.23.6.100
.
- - - - ORPHANS REMOVED - - - -
AddRemove-JDActiveX3_is1 - c:\windows\unins002.exe
AddRemove-JDLM_is1 - c:\windows\unins000.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-11 10:01
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
DLLs Loaded Under Running Processes
- - - - - - - > 'winlogon.exe'(888)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2010-02-11 10:03:03
ComboFix-quarantined-files.txt 2010-02-11 10:02
ComboFix2.txt 2010-02-10 13:17
ComboFix3.txt 2009-07-31 14:270 -
Well common sense dictates it might have something to do with the warnings about not using it along side two antiviruses. Just a guess though. Try this:
http://www.softpedia.com/get/Antivirus/Remove-Fake-Antivirus.shtml
followed by this:
http://www.appremover.com/opswat-appremover-thoroughly-remove-your-security-applications
Then try combofix.
Unfortunately neither worked.
The first one went through a scan, but didnt get rid of the problem. The second one showed the problem was there but wouldn't allow me to select it from the list as it was ghosted!
When I moved the cursor over it, the message said that the programme was unable to remove it!
I appreciate your time and help:D0 -
Whats this "Security Antivirus" all about? is it legit? Whos it by?
Open notepad and copy/paste the text in RED below
File::
c:\windows\system32\zlib1.dll
c:\windows\system32\CF5924.exe
Save this as "CFScript" (FULL file will be 'CFScript.txt' EXACTLY as shown)
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply
Combofix should never take more that 30 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.:idea:0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 354.4K Banking & Borrowing
- 254.4K Reduce Debt & Boost Income
- 455.4K Spending & Discounts
- 247.3K Work, Benefits & Business
- 604K Mortgages, Homes & Bills
- 178.4K Life & Family
- 261.5K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards