We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
The Forum now has a brand new text editor, adding a bunch of handy features to use when creating posts. Read more in our how-to guide
Virus problems
miss_edith
Posts: 198 Forumite
in Techie Stuff
Hi, can anyone help with this? AVG 9 gives a warning for either an unknown virus win32/dh.ba or win32/cryptor every few minutes and moves them to the virus vault. I've tried running Avast too and that has the same result. Neither actually gets rid of the virus. I've also scanned with Malwarebytes, Superantispyware, Adaware, the online Trend Housecall and Symantec scans and still nothing gets rid of it.
I also get random web sites start in new tabs when I'm online.
I've also got problems with SD cards, a USB stick and photo CDs not being recognised which I assume is caused by this virus. When I attach the SD or USB stick I get a message saying that they need to be formatted. I know they're fine as they work in my camera and photo frame. When I try to run a photo CD it recognises it as a blank CD.
Would appreciate any help with this as its driving me nutty at the moment. Thanks.
I also get random web sites start in new tabs when I'm online.
I've also got problems with SD cards, a USB stick and photo CDs not being recognised which I assume is caused by this virus. When I attach the SD or USB stick I get a message saying that they need to be formatted. I know they're fine as they work in my camera and photo frame. When I try to run a photo CD it recognises it as a blank CD.
Would appreciate any help with this as its driving me nutty at the moment. Thanks.
0
Comments
-
Have you tried spybot? i find it quite good at getting rid of anything which seems malicious
http://www.safer-networking.org/en/spybotsd/index.htmlNorn Iron Club Member 417:beer:0 -
Download MALWAREBYTES (Make sure you click 'DOWNLOAD LATEST VERSION')
http://www.filehippo.com/download_ma..._anti_malware/
Open malwarebytes and goto UPDATE and click 'check for updates'
After its updated goto SCANNER and click PERFORM FULL SCAN then click SCAN
Post the COMPLETE log here AFTER youve deleted everything it finds
reboot
Download HIJACK THIS (Make sure you click 'DOWNLOAD LATEST VERSION')
http://www.filehippo.com/download_hijackthis/
Click MAIN MENU then DO A SYSTEM SCAN AND SAVE A LOGFILE(Takes seconds) then post the log so we can see whats running
(do NOT do anything else with Hijack but scan and post the FULL log)
Someone with more knowledge of these matters will advise with whatever is found.4.8kWp 12x400W Longhi 9.6 kWh battery Giv-hy 5.0 Inverter, WSW facing Essex . Aint no sunshine ☀️ Octopus gas fixed dec 24 @ 5.74 tracker again+ Octopus Intelligent Flux leccy
CEC Email energyclub@moneysavingexpert.com0 -
Just run malwarebytes and about to reboot and run hijack this.
Malwarebytes' Anti-Malware 1.44
Database version: 3788
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702
25/02/2010 13:22:06
mbam-log-2010-02-25 (13-22-06).txt
Scan type: Full Scan (C:\|)
Objects scanned: 249115
Time elapsed: 2 hour(s), 18 minute(s), 50 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\none (Trojan.Dropper) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\mskovm32.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ms32clod.dll (Trojan.Clopdor) -> Quarantined and deleted successfully.0 -
Results from Hijack This
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 13:40:30, on 25/02/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\Logitech\iTouch\iTouch.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\WINDOWS\SoftwareDistribution\Download\fd0264849c01086f3c6b505dc02dbd44\update\update.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\PROGRA~1\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: SYSTRAN: &Clear Translation Cache - C:\Program Files\Systran\Standard\menuClearCache.html
O8 - Extra context menu item: SYSTRAN: &Options - C:\Program Files\Systran\Standard\menuConfigure.html
O8 - Extra context menu item: SYSTRAN: &Register - C:\Program Files\Systran\Standard\menuRegister.html
O8 - Extra context menu item: SYSTRAN: &Translate - C:\Program Files\Systran\Standard\menuTranslate.html
O8 - Extra context menu item: SYSTRAN: Check for &Updates - C:\Program Files\Systran\Standard\menuUpdate.html
O8 - Extra context menu item: SYSTRAN: Translate All &Frames - C:\Program Files\Systran\Standard\menuTranslateAll.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: @sysiecom.dll,-2100 - {703436F1-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Standard\MenuTranslate.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2102 - {703436F1-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Standard\MenuTranslate.html
O9 - Extra button: @sysiecom.dll,-2103 - {703436F2-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Standard\MenuTranslateAll.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2105 - {703436F2-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Standard\MenuTranslateAll.html
O9 - Extra button: @sysiecom.dll,-2115 - {703436F3-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Standard\MenuConfigure.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2117 - {703436F3-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Standard\MenuConfigure.html
O9 - Extra button: (no name) - {703436F4-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Standard\MenuClearCache.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2108 - {703436F4-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Standard\MenuClearCache.html
O9 - Extra button: (no name) - {703436F5-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Standard\MenuRegister.html
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2111 - {703436F5-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Standard\MenuRegister.html
O9 - Extra button: (no name) - {703436F6-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Standard\MenuUpdates.html (file missing)
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2114 - {703436F6-3E1F-11d3-8F6B-00105A2A1D59} - C:\Program Files\Systran\Standard\MenuUpdates.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.blueyonder.co.uk/dial
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/WebsiteAccess/ie/bridge-c11.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 10650 bytes
Thanks to anyone who can help.0 -
Hi miss-edith, I am sure one of the forums super experts will give you advice about these logs, I don't count myself as one of these
but I notice that there are a lot anti-malware bits and pieces running on your system, it may help them for the end of the cleanup to tell them which AV you want to keep 
4.8kWp 12x400W Longhi 9.6 kWh battery Giv-hy 5.0 Inverter, WSW facing Essex . Aint no sunshine ☀️ Octopus gas fixed dec 24 @ 5.74 tracker again+ Octopus Intelligent Flux leccy
CEC Email energyclub@moneysavingexpert.com0 -
I was sure one would have visited by now .... bump sorry guysdebitcardmayhem wrote: »Hi miss-edith, I am sure one of the forums super experts will give you advice about these logs, I don't count myself as one of these but I notice that there are a lot anti-malware bits and pieces running on your system, it may help them for the end of the cleanup to tell them which AV you want to keep 
4.8kWp 12x400W Longhi 9.6 kWh battery Giv-hy 5.0 Inverter, WSW facing Essex . Aint no sunshine ☀️ Octopus gas fixed dec 24 @ 5.74 tracker again+ Octopus Intelligent Flux leccy
CEC Email energyclub@moneysavingexpert.com0 -
debitcardmayhem wrote: »Hi miss-edith, I am sure one of the forums super experts will give you advice about these logs, I don't count myself as one of these but I notice that there are a lot anti-malware bits and pieces running on your system, it may help them for the end of the cleanup to tell them which AV you want to keep
I've been using AVG and Adaware, the others have all been installed recently to try to sort this problem. I don't mind what I keep as long as its all secure.
The warnings have become less frequent now but the other problems are still there. Can anyone advise me about the logs?
0 -
Youve made the very bad mistake of installng 2 anti virus programs, and adaware which is pretty much useless these days
Use the 32 bit AVG removal tool (Assuming your happy with AVAST)
http://www.avg.com/download-tools
Uninstall adaware
As you have trojans ~
Please run COMBOFIX
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Shut down your anti virus
Follow the simple instructions it gives
Post the COMPLETE log it creates here (Split into sections if need be)
If it comes up with a RENAMING error then RIGHT click the exe file and RENAME and call it QWERTY (Making the complete file name 'QWERTY.exe') Or SAVE as 'QWERTY' on download:idea:0 -
Thanks for your reply. Have run combofix.
ComboFix 10-02-24.01 - Ali 25/02/2010 20:56:21.3.1 - x86
Running from: c:\documents and settings\Ali\My Documents\Downloads\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2010-01-25 to 2010-02-25 )))))))))))))))))))))))))))))))
.
2010-02-25 13:39 . 2010-02-25 13:39 388096 ----a-r- c:\documents and settings\Ali\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-02-25 13:39 . 2010-02-25 13:39
d
w- c:\program files\TrendMicro
2010-02-24 22:05 . 2010-02-24 22:09
d
w- c:\program files\Windows Live Safety Center
2010-02-24 21:29 . 2010-02-24 21:29
d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-02-24 21:28 . 2010-02-24 21:28 1 ----a-w- c:\windows\system32\perfc7683.dat
2010-02-24 10:17 . 2010-02-24 10:16 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-02-24 10:05 . 2010-02-25 20:38
d
w- c:\program files\Lavasoft
2010-02-24 10:05 . 2010-02-25 20:37
d
w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-02-23 17:30 . 2009-06-30 09:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-02-23 17:28 . 2010-02-23 17:28
d
w- c:\program files\Panda Security
2010-02-23 09:46 . 2010-02-23 09:47
d
w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-02-22 21:02 . 2010-02-22 21:02 52224 ----a-w- c:\documents and settings\Ali\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-02-22 21:02 . 2010-02-22 21:02 117760 ----a-w- c:\documents and settings\Ali\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-22 21:01 . 2010-02-22 21:01
d
w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-02-22 21:00 . 2010-02-22 22:04
d
w- c:\program files\SUPERAntiSpyware
2010-02-22 21:00 . 2010-02-22 21:00
d
w- c:\documents and settings\Ali\Application Data\SUPERAntiSpyware.com
2010-02-22 20:59 . 2010-02-22 20:59
d
w- c:\program files\Common Files\Wise Installation Wizard
2010-02-22 14:34 . 2006-06-19 13:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-02-22 14:34 . 2006-05-25 15:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-02-22 14:34 . 2005-08-26 01:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-02-22 14:34 . 2003-02-02 20:06 153088 ----a-w- c:\windows\system32\unrar3.dll
2010-02-22 14:33 . 2010-02-22 14:37
d
w- c:\documents and settings\Ali\Application Data\Simply Super Software
2010-02-22 14:33 . 2010-02-22 14:33
d
w- c:\documents and settings\All Users\Application Data\Simply Super Software
2010-02-22 14:21 . 2010-02-11 18:38 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-02-22 14:21 . 2010-02-11 18:42 162512 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-02-22 14:21 . 2010-02-11 18:39 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-02-22 14:21 . 2010-02-11 18:42 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-02-22 14:21 . 2010-02-11 18:38 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-02-22 14:21 . 2010-02-11 18:38 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-02-22 14:21 . 2010-02-11 18:38 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-02-22 14:20 . 2010-02-11 18:53 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-02-22 14:20 . 2010-02-11 18:53 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-02-22 14:19 . 2010-02-22 14:19
d
w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-02-15 22:45 . 2010-02-15 22:45
d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-02-14 20:32 . 2010-02-14 20:32
d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-02-08 14:40 . 2010-02-08 14:40 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-02-01 09:18 . 2009-11-20 11:08 38784 ----a-w- c:\documents and settings\Ali\Application Data\Macromedia\Flash Player\https://www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-01 09:13 . 2010-02-01 09:18
d
w- c:\documents and settings\Default User\Local Settings\Application Data\Adobe
2010-02-01 09:10 . 2009-11-20 11:08 38784 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\https://www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-01 09:10 . 2010-02-01 09:10
d
w- c:\program files\Common Files\Adobe AIR
2010-02-01 09:06 . 2010-02-01 09:06 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-02-01 09:05 . 2010-02-01 19:05
d
w- c:\documents and settings\All Users\Application Data\NOS
2010-01-27 19:16 . 2010-02-24 21:46 0 ----a-w- c:\documents and settings\Ali\Local Settings\Application Data\prvlcl.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-25 20:50 . 2009-12-29 13:22
d
w- c:\documents and settings\All Users\Application Data\avg9
2010-02-24 21:46 . 2010-01-08 23:05 0 ----a-w- c:\documents and settings\Jan\Local Settings\Application Data\prvlcl.dat
2010-02-24 10:26 . 2010-02-24 17:52 3506688 ----a-w- c:\windows\Internet Logs\xDB8.tmp
2010-02-24 10:25 . 2010-02-24 17:52 3153408 ----a-w- c:\windows\Internet Logs\xDB9.tmp
2010-02-23 20:23 . 2006-11-22 19:48
d
w- c:\documents and settings\Ali\Application Data\Shareaza
2010-02-23 20:20 . 2004-07-05 19:52
d
w- c:\program files\Common Files\Adobe
2010-02-22 14:19 . 2004-10-31 22:00
d
w- c:\program files\Alwil Software
2010-02-21 16:45 . 2006-01-17 19:30
d
w- c:\documents and settings\Ali\Application Data\Azureus
2010-02-15 21:18 . 2009-04-17 09:54 1 ----a-w- c:\documents and settings\Ali\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-02-08 14:40 . 2009-12-30 12:46
d
w- c:\program files\Malwarebytes' Anti-Malware
2010-01-28 20:11 . 2010-01-28 20:16 295936 ----a-w- c:\windows\Internet Logs\xDB7.tmp
2010-01-28 19:05 . 2010-01-28 20:16 3135488 ----a-w- c:\windows\Internet Logs\xDB6.tmp
2010-01-26 17:05 . 2010-01-26 22:44 3135488 ----a-w- c:\windows\Internet Logs\xDB5.tmp
2010-01-26 10:12 . 2004-09-30 13:30
d
w- c:\documents and settings\Ali\Application Data\CoreFTP
2010-01-23 09:57 . 2006-06-20 21:49
d
w- c:\program files\Opera
2010-01-20 12:27 . 2010-01-20 12:27
d
w- c:\program files\Chami
2010-01-07 16:07 . 2009-12-30 12:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 16:07 . 2009-12-30 12:46 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-03 14:04 . 2004-09-30 13:30
d
w- c:\program files\CoreFTP
2010-01-03 13:20 . 2006-12-30 23:00
d
w- c:\program files\Desktop Sudoku
2010-01-03 13:16 . 2007-02-24 18:35 14 -c--a-w- c:\windows\popcinfo.dat
2010-01-03 13:14 . 2005-05-19 14:25
d
w- c:\program files\Motive
2010-01-03 13:14 . 2005-05-19 14:17
d
w- c:\program files\Common Files\Motive
2010-01-03 13:13 . 2005-09-26 22:34
d
w- c:\program files\Audio Converter
2010-01-03 13:01 . 2005-10-17 20:06
d
w- c:\documents and settings\Ali\Application Data\Lavasoft
2009-12-31 16:14 . 2003-03-31 12:00 352640 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-30 12:46 . 2009-12-30 12:46
d
w- c:\documents and settings\Ali\Application Data\Malwarebytes
2009-12-30 12:46 . 2009-12-30 12:46
d
w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-29 18:41 . 2009-12-29 19:15 110592 ----a-w- c:\windows\Internet Logs\xDB4.tmp
2009-12-29 18:30 . 2009-12-29 19:15 2993152 ----a-w- c:\windows\Internet Logs\xDB3.tmp
2009-12-29 13:22 . 2008-06-25 08:29
d
w- c:\program files\AVG
2009-12-21 19:14 . 2004-11-12 14:36 916480
w- c:\windows\system32\wininet.dll
2009-12-16 12:58 . 2004-07-05 19:39 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:35 . 2003-03-31 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 10:32 . 2009-12-08 14:53 217600 ----a-w- c:\windows\Internet Logs\xDB2.tmp
2009-12-08 09:48 . 2009-12-08 14:53 2892800 ----a-w- c:\windows\Internet Logs\xDB1.tmp
2009-12-04 14:41 . 2003-03-31 12:00 453760 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
((((((((((((((((((((((((((((( SnapShot@2010-02-24_20.12.08 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-01-29 08:58 . 2009-10-28 15:07 46080 c:\windows\system32\tzchange.exe
+ 2007-01-29 08:58 . 2010-01-23 08:11 46080 c:\windows\system32\tzchange.exe
+ 2004-07-05 19:45 . 2010-02-24 17:51 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2004-07-05 19:45 . 2010-02-24 18:07 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-02-24 20:46 . 2010-02-24 17:51 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2003-01-13 13:57 . 2009-12-09 05:53 726528 c:\windows\system32\jscript.dll
- 2003-01-13 13:57 . 2009-06-22 06:44 726528 c:\windows\system32\jscript.dll
+ 2006-05-18 05:24 . 2009-12-09 05:53 726528 c:\windows\system32\dllcache\jscript.dll
- 2006-05-18 05:24 . 2009-06-22 06:44 726528 c:\windows\system32\dllcache\jscript.dll
- 2009-12-21 08:47 . 2010-02-13 23:08 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2009-12-21 08:47 . 2010-02-24 17:51 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2010-02-25 14:03 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB976662-IE8\spuninst\updspapi.dll
+ 2010-02-25 14:03 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB976662-IE8\spuninst\spuninst.exe
+ 2010-02-25 14:03 . 2009-06-22 06:44 726528 c:\windows\ie8updates\KB976662-IE8\jscript.dll
+ 2010-02-05 20:52 . 2010-02-05 20:52 464272 c:\windows\Downloaded Program Files\wlscBase.dll
+ 2010-02-25 13:39 . 2010-02-25 13:39 1093632 c:\windows\Installer\b9680.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"zBrowser Launcher"="c:\progra~1\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
"FinePrint Dispatcher v5"="c:\windows\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" [2003-06-03 376832]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-02-11 2756488]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-03 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "c:\program files\Qualcomm\Eudora\EuShlExt.dll" [2003-03-31 86016]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKLM\~\startupfolder\C:^Documents and Settings^Ali^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\Ali\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Ali^Start Menu^Programs^Startup^Quick StartUp.lnk]
path=c:\documents and settings\Ali\Start Menu\Programs\Startup\Quick StartUp.lnk
backup=c:\windows\pss\Quick StartUp.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Ali^Start Menu^Programs^Startup^Shortcut to start.lnk]
path=c:\documents and settings\Ali\Start Menu\Programs\Startup\Shortcut to start.lnk
backup=c:\windows\pss\Shortcut to start.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Ali^Start Menu^Programs^Startup^Start.lnk]
path=c:\documents and settings\Ali\Start Menu\Programs\Startup\Start.lnk
backup=c:\windows\pss\Start.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Album Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Album Fast Start.lnk
backup=c:\windows\pss\Album Fast Start.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ExifLauncher2.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ExifLauncher2.lnk
backup=c:\windows\pss\ExifLauncher2.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Photo Express Calendar Checker SE.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Photo Express Calendar Checker SE.lnk
backup=c:\windows\pss\Photo Express Calendar Checker SE.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Photo Loader supervisory.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Photo Loader supervisory.lnk
backup=c:\windows\pss\Photo Loader supervisory.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 15:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Atwtusb]
2002-04-18 14:10 57344 ----a-w- c:\windows\system32\Funckey.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CapFax]
2001-12-10 16:34 20739
w- c:\program files\Classic PhoneTools\capFax.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2004-08-03 23:56 15360
w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FinePrint Dispatcher v5]
2003-06-03 13:06 376832 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\fpdisp5a.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
2009-07-15 10:36 251264 ----a-w- c:\program files\IncrediMail\bin\IncMail.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PE2CKFNT SE]
1998-07-03 11:51 25088
w- c:\program files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 15:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-02-22 22:04 2012912 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2006-04-25 17:44 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver 4\\Dreamweaver.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"16809:TCP"= 16809:TCP:spport
"9107:TCP"= 9107:TCP:spport
"21293:TCP"= 21293:TCP:spport
"7532:TCP"= 7532:TCP:spport
"7536:TCP"= 7536:TCP:spport
"29502:TCP"= 29502:TCP:spport
"22383:TCP"= 22383:TCP:spport
"5491:TCP"= 5491:TCP:spport
"10274:TCP"= 10274:TCP:spport
"15971:TCP"= 15971:TCP:spport
"15723:TCP"= 15723:TCP:spport
"6627:TCP"= 6627:TCP:spport
"29720:TCP"= 29720:TCP:spport
"9247:TCP"= 9247:TCP:spport
"11830:TCP"= 11830:TCP:spport
"27588:TCP"= 27588:TCP:spport
"14196:TCP"= 14196:TCP:spport
"16202:TCP"= 16202:TCP:spport
"17428:TCP"= 17428:TCP:spport
"5620:TCP"= 5620:TCP:spport
"21976:TCP"= 21976:TCP:spport
R1 lkbdhlpr;Logitech Keyboard Class Helper Driver;c:\windows\system32\Drivers\lkbdhlpr.sys [x]
R3 NUVision;Pinnacle DVC 80 Video;c:\windows\system32\DRIVERS\nuvvid2.sys [2001-12-03 155264]
R3 S6U12BScanner;MUSTEK 1200 UB Still Image Device Service;c:\windows\system32\drivers\usbscan.sys [2004-08-03 15104]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-02-22 12872]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-06-30 28552]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-22 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2010-02-22 66632]
S2 aswFsBlk;aswFsBlk; [x]
S3 Amps2prt;PS/2 Port Mouse Filter Driver;c:\windows\system32\Drivers\Amps2prt.sys [2000-11-03 10122]
.
Contents of the 'Scheduled Tasks' folder
.
.
Supplementary Scan
.
uStart Page = hxxp://www.google.co.uk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = local
IE: &Add animation to IncrediMail Style Box
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: SYSTRAN: &Clear Translation Cache - c:\program files\Systran\Standard\menuClearCache.html
IE: SYSTRAN: &Options - c:\program files\Systran\Standard\menuConfigure.html
IE: SYSTRAN: &Register - c:\program files\Systran\Standard\menuRegister.html
IE: SYSTRAN: &Translate - c:\program files\Systran\Standard\menuTranslate.html
IE: SYSTRAN: Check for &Updates - c:\program files\Systran\Standard\menuUpdate.html
IE: SYSTRAN: Translate All &Frames - c:\program files\Systran\Standard\menuTranslateAll.html
IE: {{703436F1-3E1F-11d3-8F6B-00105A2A1D59} - c:\program files\Systran\Standard\MenuTranslate.html
IE: {{703436F2-3E1F-11d3-8F6B-00105A2A1D59} - c:\program files\Systran\Standard\MenuTranslateAll.html
IE: {{703436F3-3E1F-11d3-8F6B-00105A2A1D59} - c:\program files\Systran\Standard\MenuConfigure.html
IE: {{703436F4-3E1F-11d3-8F6B-00105A2A1D59} - c:\program files\Systran\Standard\MenuClearCache.html
IE: {{703436F5-3E1F-11d3-8F6B-00105A2A1D59} - c:\program files\Systran\Standard\MenuRegister.html
IE: {{703436F6-3E1F-11d3-8F6B-00105A2A1D59} - c:\program files\Systran\Standard\MenuUpdates.html
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\CoreFTP\pftpns.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - hxxp://static.windupdates.com/cab/WebsiteAccess/ie/bridge-c11.cab
FF - ProfilePath - c:\documents and settings\Ali\Application Data\Mozilla\Firefox\Profiles\fx9af8zz.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://uk.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_uk&p=
FF - plugin: c:\program files\Opera7\Program\Plugins\np32dsw.dll
FF - plugin: c:\program files\Opera7\Program\Plugins\npdrmv2.dll
FF - plugin: c:\program files\Opera7\Program\Plugins\npdsplay.dll
FF - plugin: c:\program files\Opera7\Program\Plugins\NPJava11.dll
FF - plugin: c:\program files\Opera7\Program\Plugins\NPJava12.dll
FF - plugin: c:\program files\Opera7\Program\Plugins\NPJava13.dll
FF - plugin: c:\program files\Opera7\Program\Plugins\NPJava14.dll
FF - plugin: c:\program files\Opera7\Program\Plugins\NPJava32.dll
FF - plugin: c:\program files\Opera7\Program\Plugins\NPJPI142_04.dll
FF - plugin: c:\program files\Opera7\Program\Plugins\NPOJI610.dll
FF - plugin: c:\program files\Opera7\Program\Plugins\nppl3260.dll
FF - plugin: c:\program files\Opera7\Program\Plugins\nprjplug.dll
FF - plugin: c:\program files\Opera7\Program\Plugins\nprpjplug.dll
FF - plugin: c:\program files\Opera7\Program\Plugins\npwmsdrm.dll
.
- - - - ORPHANS REMOVED - - - -
Notify-avgrsstarter - avgrsstx.dll
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-25 21:08
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x868B4170]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf74ebfc3
\Driver\ACPI -> ACPI.sys @ 0xf743ecb8
\Driver\atapi -> atapi.sys @ 0xf73f67b4
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0084
ParseProcedure -> ntoskrnl.exe @ 0x8056f07e
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0084
ParseProcedure -> ntoskrnl.exe @ 0x8056f07e
user & kernel MBR OK
**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cf,28,d4,d3,de,12,02,47,89,5e,c7,\
.
DLLs Loaded Under Running Processes
- - - - - - - > 'winlogon.exe'(816)
c:\windows\system32\WININET.dll
c:\program files\SUPERAntiSpyware\SASWINLO.dll
- - - - - - - > 'lsass.exe'(876)
c:\windows\system32\WININET.dll0 -
- - - - - - - > 'explorer.exe'(2204)
c:\windows\system32\WININET.dll
c:\progra~1\Logitech\iTouch\iTchHk.dll
c:\windows\system32\ieframe.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-02-25 21:13:05
ComboFix-quarantined-files.txt 2010-02-25 21:12
ComboFix2.txt 2010-02-24 21:39
ComboFix3.txt 2010-02-24 20:38
Pre-Run: 39,529,058,304 bytes free
Post-Run: 39,864,926,208 bytes free
Current=1 Default=1 Failed=4 LastKnownGood=5 Sets=1,3,4,5
- - End Of File - - 111D83137C2E18B7B5DFA95CCCA726A70
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 354K Banking & Borrowing
- 254.3K Reduce Debt & Boost Income
- 455.3K Spending & Discounts
- 247K Work, Benefits & Business
- 603.7K Mortgages, Homes & Bills
- 178.3K Life & Family
- 261.2K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.7K Read-Only Boards