We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Malware problem
Options
stevemcol
Posts: 1,666 Forumite
in Techie Stuff
Hi
I had that common trojan the other week where a virus checker keeps popping up warning of nasties. AlienRik helped my clean it.
Anyway, it's cropped up again. I've done my best to get rid with Malwarebutes and Combofix. It seems to have shifted but I evertyime I startup now, it blue screens after approx 30 secs.
I'm in safe mode at the moment. Anyone offer any help?
I had that common trojan the other week where a virus checker keeps popping up warning of nasties. AlienRik helped my clean it.
Anyway, it's cropped up again. I've done my best to get rid with Malwarebutes and Combofix. It seems to have shifted but I evertyime I startup now, it blue screens after approx 30 secs.
I'm in safe mode at the moment. Anyone offer any help?
Apparently I'm 10 years old on MSE. Happy birthday to me...etc
0
Comments
-
have you updated Malwarebytes and combofix before scanning ??
can we see the latest log files from both before you run anything elseEx forum ambassador
Long term forum member0 -
combofix just runs; how do you update it first? i did update malwarebytes. i'll run it again and post the log.Apparently I'm 10 years old on MSE. Happy birthday to me...etc0
-
Scan seems OK but still getting BSD
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4453
Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18943
20/08/2010 23:10:54
mbam-log-2010-08-20 (23-10-54).txt
Scan type: Full scan (C:\|)
Objects scanned: 313680
Time elapsed: 1 hour(s), 2 minute(s), 46 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)Apparently I'm 10 years old on MSE. Happy birthday to me...etc0 -
seems to be back on an even keel now. thanks anyway.Apparently I'm 10 years old on MSE. Happy birthday to me...etc0
-
Started misbehaving again this morning so I ran ComboFix (again!).
ComboFix 10-08-20.01 - Steve 21/08/2010 13:04:35.7.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3001.1862 [GMT 1:00]
Running from: c:\users\Steve\Desktop\CombooFix.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.
Other Deletions
.
Infected copy of c:\windows\system32\DRIVERS\mwlPSDNServ.sys was found and disinfected
Restored copy from - Kitty had a snack
.
Files Created from 2010-07-21 to 2010-08-21
.
2010-08-21 12:15 . 2010-08-21 12:18
d
w- c:\users\Steve\AppData\Local\temp
2010-08-21 12:15 . 2010-08-21 12:15
d
w- c:\users\Public\AppData\Local\temp
2010-08-21 12:15 . 2010-08-21 12:15
d
w- c:\users\Default\AppData\Local\temp
2010-08-21 11:59 . 2008-12-04 17:34 16432 ----a-w- c:\windows\system32\drivers\mwlPSDNServ.sys
2010-08-21 11:52 . 2010-08-21 11:52
d
w- c:\program files\Common Files\Java
2010-08-21 11:51 . 2010-08-21 11:51 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-21 11:51 . 2010-08-21 11:51
d
w- c:\program files\Java
2010-08-20 23:56 . 2010-08-21 09:15
d
w- c:\users\Steve\AppData\Local\pbvmwirny
2010-08-19 19:25 . 2010-08-19 19:25
d
w- c:\users\Steve\AppData\Local\Microsoft_Research
2010-08-19 19:19 . 2010-08-19 19:19
d
w- c:\program files\Microsoft Research
2010-08-16 18:03 . 2010-08-16 18:32
d
w- c:\users\Steve\AppData\Roaming\Stellarium
2010-08-16 18:02 . 2010-08-16 18:02
d
w- c:\program files\Stellarium
2010-08-15 14:10 . 2010-08-15 14:10
d
w- c:\program files\Crawler
2010-08-15 14:07 . 2010-08-15 14:07
d
w- c:\users\Steve\AppData\Roaming\Canneverbe Limited
2010-08-15 14:07 . 2010-08-15 14:07
d
w- c:\programdata\Canneverbe Limited
2010-08-15 14:07 . 2009-11-12 13:48 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2010-08-15 14:07 . 2010-08-15 14:12
d
w- c:\users\Steve\AppData\Local\OpenCandy
2010-08-15 14:07 . 2010-08-15 14:07
d
w- c:\users\Steve\AppData\Roaming\OpenCandy
2010-08-15 14:07 . 2010-08-15 14:07
d
w- c:\program files\CDBurnerXP
2010-08-12 21:04 . 2010-08-20 20:37
d
w- c:\program files\AutocompletePro
2010-08-12 21:04 . 2010-08-12 21:04
d
w- c:\program files\Free YouTube Downloader
2010-08-11 15:50 . 2010-06-18 17:31 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-08-11 15:50 . 2010-06-08 17:35 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-11 15:50 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-11 15:50 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-08-11 15:50 . 2010-06-18 15:04 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-11 15:50 . 2010-06-18 15:04 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-11 15:50 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-08 10:36 . 2010-08-08 10:36
d
w- c:\users\Steve\AppData\Local\MetaGeek,_LLC
2010-08-01 18:39 . 2010-08-01 18:39
d
w- c:\program files\Windows Portable Devices
2010-08-01 18:36 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2010-08-01 18:35 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-08-01 18:35 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-08-01 18:35 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-08-01 17:57 . 2010-08-01 17:57
d
w- c:\windows\system32\ca-ES
2010-08-01 17:57 . 2010-08-01 17:57
d
w- c:\windows\system32\eu-ES
2010-08-01 17:57 . 2010-08-01 17:57
d
w- c:\windows\system32\vi-VN
2010-08-01 17:47 . 2010-08-01 17:47
d
w- c:\windows\system32\SPReview
2010-08-01 17:27 . 2009-04-10 22:28 928768 ----a-w- c:\windows\system32\scavenge.dll
2010-08-01 17:27 . 2009-04-10 22:27 57856 ----a-w- c:\windows\system32\compcln.exe
2010-08-01 17:20 . 2009-04-10 22:28 396288 ----a-w- c:\windows\system32\ipsmsnap.dll
2010-08-01 17:16 . 2010-08-01 17:16
d
w- c:\windows\system32\EventProviders
2010-08-01 16:07 . 2010-08-01 16:07
d
w- c:\program files\Network Stumbler
2010-08-01 15:21 . 2010-08-01 15:21
d
w- c:\program files\Sophos
2010-08-01 15:14 . 2010-08-01 15:14
d
w- c:\program files\Rootkit revealer
2010-07-30 21:05 . 2010-08-01 14:45
d
w- c:\program files\7-Zip
2010-07-30 20:25 . 2010-07-30 20:35
d
w- c:\users\Steve\AppData\Local\Audible
2010-07-30 20:03 . 2010-07-30 20:04
d
w- c:\program files\Audible
.
Find3M Report
.
2010-08-21 12:16 . 2010-02-07 08:08 12 ----a-w- c:\windows\bthservsdp.dat
2010-08-21 09:26 . 2010-07-12 18:41 680 ----a-w- c:\users\Steve\AppData\Local\d3d9caps.dat
2010-08-20 18:39 . 2009-11-01 17:40
d
w- c:\users\Steve\AppData\Roaming\LimeWire
2010-08-20 16:38 . 2010-07-19 06:54 120 ----a-w- c:\users\Steve\AppData\Local\Hcijogotob.dat
2010-08-20 16:38 . 2010-07-19 06:54 0 ----a-w- c:\users\Steve\AppData\Local\Jnayifinoh.bin
Apparently I'm 10 years old on MSE. Happy birthday to me...etc0 -
2010-08-16 15:32 . 2009-10-02 17:12
d
w- c:\programdata\Spybot - Search & Destroy
2010-08-15 14:07 . 2010-08-15 14:07 257257 ----a-w- c:\users\Steve\AppData\Roaming\OpenCandy\OpenCandy_B7246BFE551F4F45A3B30D111A3B4AF7\DLMGR3.exe
2010-08-11 17:42 . 2009-07-14 18:56
d
w- c:\program files\Microsoft Works
2010-08-11 17:40 . 2009-07-14 18:55
d
w- c:\programdata\Microsoft Help
2010-08-11 17:36 . 2006-11-02 11:18
d
w- c:\program files\Windows Mail
2010-08-05 17:33 . 2009-09-30 19:10 1 ----a-w- c:\users\Steve\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-08-01 18:39 . 2010-08-01 18:39 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-08-01 18:38 . 2010-08-01 18:38 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-08-01 17:57 . 2006-11-02 12:37
d
w- c:\program files\Windows Calendar
2010-08-01 17:57 . 2006-11-02 12:37
d
w- c:\program files\Windows Sidebar
2010-08-01 17:57 . 2006-11-02 12:37
d
w- c:\program files\Windows Journal
2010-08-01 17:57 . 2006-11-02 12:37
d
w- c:\program files\Windows Collaboration
2010-08-01 17:57 . 2006-11-02 12:37
d
w- c:\program files\Windows Photo Gallery
2010-08-01 17:57 . 2006-11-02 12:37
d
w- c:\program files\Windows Defender
2010-07-31 08:39 . 2009-10-10 20:07
d
w- c:\programdata\tunebite
2010-07-31 08:39 . 2009-09-30 18:18
d
w- c:\program files\KeePass Password Safe
2010-07-30 21:11 . 2009-10-10 20:05
d
w- c:\program files\Tunebite
2010-07-14 20:59 . 2010-07-14 20:59
d
w- c:\users\Steve\AppData\Roaming\Trusteer
2010-07-14 20:58 . 2010-07-14 20:58
d
w- c:\program files\Trusteer
2010-07-14 20:56 . 2010-07-14 20:56
d
w- c:\programdata\Trusteer
2010-07-14 10:56 . 2010-07-14 10:56 52224 ----a-w- c:\users\Steve\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-07-14 10:56 . 2009-10-02 17:16 117760 ----a-w- c:\users\Steve\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-14 09:16 . 2010-07-14 09:16
d
w- c:\program files\Free WMA to MP3 Converter
2010-07-14 09:12 . 2010-07-14 09:12
d
w- c:\users\Steve\AppData\Roaming\WinFF
2010-07-14 09:12 . 2010-07-14 09:12
d
w- c:\program files\WinFF
2010-07-14 08:03 . 2009-10-02 17:12
d
w- c:\program files\Spybot - Search & Destroy
2010-07-14 07:23 . 2009-10-01 20:34
d
w- c:\program files\Avast Software
2010-07-14 07:20 . 2010-07-14 07:20
d
w- c:\program files\Alwil Software
2010-07-14 07:20 . 2010-07-14 07:20
d
w- c:\programdata\Alwil Software
2010-07-13 21:50 . 2009-10-01 20:30
d
w- c:\program files\CCleaner
2010-07-13 18:48 . 2009-11-01 18:07
d
w- c:\program files\Ask.com
2010-07-12 20:24 . 2010-07-12 20:24 388096 ----a-r- c:\users\Steve\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-12 20:24 . 2010-07-12 20:24
d
w- c:\program files\Trend Micro
2010-07-12 19:59 . 2010-07-12 19:59
d
w- c:\users\Steve\AppData\Roaming\Malwarebytes
2010-07-12 19:59 . 2010-07-12 19:59
d
w- c:\program files\Malwarebytes' Anti-Malware
2010-07-12 19:59 . 2010-07-12 19:59
d
w- c:\programdata\Malwarebytes
2010-07-12 12:43 . 2010-07-12 12:43
dc-h--w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-07-06 23:33 . 2010-07-06 23:33 434176 ----a-w- c:\programdata\Trusteer\Rapport\store\exts\RapportMS\18481\RapportMS.dll
2010-06-28 20:57 . 2010-07-14 07:21 38848 ----a-w- c:\windows\avastSS.scr
2010-06-28 20:57 . 2009-10-01 20:34 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2009-10-01 20:35 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2009-10-01 20:35 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2009-10-01 20:35 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2009-10-01 20:34 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-06-28 20:32 . 2009-10-01 20:35 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-26 22:36 . 2009-07-14 18:56
d
w- c:\program files\Microsoft.NET
2010-06-26 06:05 . 2010-08-11 15:51 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-11 15:51 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-11 15:51 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-11 15:51 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-21 13:37 . 2010-08-11 15:51 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-06-11 16:16 . 2010-08-11 15:51 274944 ----a-w- c:\windows\system32\schannel.dll
2010-05-27 20:08 . 2010-08-11 15:51 81920 ----a-w- c:\windows\system32\iccvid.dll
2010-05-26 17:06 . 2010-06-09 21:25 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-09 21:25 289792 ----a-w- c:\windows\system32\atmfd.dll
.
Reg Loading Points.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-05-14 22:02 120104 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-11 6724128]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-06-23 703008]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-01-09 1418536]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-21 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-21 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-21 169496]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DataViz Inc Messenger.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\DataViz Inc Messenger.lnk
backup=c:\windows\pss\DataViz Inc Messenger.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=c:\windows\pss\HotSync Manager.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^Steve^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^Steve^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^Steve^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Orion.lnk]
path=c:\users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orion.lnk
backup=c:\windows\pss\Orion.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^Steve^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^palmOne Registration.lnk]
path=c:\users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\palmOne Registration.lnk
backup=c:\windows\pss\palmOne Registration.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcadeDeluxeAgent]
2009-05-05 11:12 156968
w- c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast5]
2010-06-28 20:57 2837864 ----a-w- c:\progra~1\ALWILS~1\Avast5\AvastUI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2009-05-05 11:12 206120
w- c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
2009-01-29 22:20 57344 ----a-w- c:\program files\SlySoft\CloneCD\CloneCDTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EgisTecLiveUpdate]
2009-05-13 18:39 199464 ----a-w- c:\program files\EgisTec Egis Software Update\EgisUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 11:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2008-12-08 14:50 54576 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-08-20 09:54 150016 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2009-06-16 11:33 1131016 ----a-w- c:\program files\Launch Manager\LManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-04-29 14:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-02-06 17:51 3885408 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mwlDaemon]
2009-05-14 22:03 345384 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie]
2009-05-04 13:43 173288
w- c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-03-21 18:06 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tunebite.exe]
2007-09-13 15:47 2846720 ----a-w- c:\program files\Tunebite\tunebite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):d5,2a,94,97,a3,31,cb,01
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1139142561-2729520356-3100012642-1000]
"EnableNotificationsRef"=dword:00000001
R0 sljb;sljb;c:\windows\System32\drivers\qjntebg.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-10-04 133104]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [x]
R3 KPXTOXQQNK;KPXTOXQQNK;c:\users\Steve\AppData\Local\Temp\KPXTOXQQNK.exe [x]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-17 50432]
R3 QCM;QCM;c:\users\Steve\AppData\Local\Temp\QCM.exe [x]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-09-15 7408]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 YGZWQ;YGZWQ;c:\users\Steve\AppData\Local\Temp\YGZWQ.exe [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-12-02 64288]
S1 aswSP;aswSP; [x]
S1 DPMemGridVista;Physical Memory I/O for GridVista;c:\program files\GridVista\DPMemGridVista.sys [2008-10-01 10504]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2008-12-04 19504]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2008-12-04 16432]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2008-12-04 59952]
S1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [2010-07-06 59240]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2010-07-06 166632]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-09-15 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-09-15 74480]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2009-04-14 75048]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-06-23 723488]
S2 MWLService;MyWinLocker Service;c:\program files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-05-14 305448]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-17 144640]
S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2010-07-06 840936]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C60x86.sys [2009-01-15 49664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
getPlusHelper REG_MULTI_SZ getPlusHelper
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9C450606-ED24-4958-92BA-B8940C99D441}]
2009-03-04 15:32 8192 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
2010-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-04 13:44]
2010-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-04 13:44]
2010-08-21 c:\windows\Tasks\User_Feed_Synchronization-{92BB3C91-7AAB-484E-BF16-F9BD42FB552D}.job
- c:\windows\system32\msfeedssync.exe [2010-08-11 04:24]
.
.
Supplementary Scan
.
uStart Page = hxxp://google.co.uk/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5332&r=2v350709c235l03c4zqm5t47m2x226
uInternet Settings,ProxyOverride = <local>
IE: Crawler Search - tbr:iemenu
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.8.3/GarminAxControl.CAB
.
ORPHANS REMOVED
SafeBoot-dmboot.sys
SafeBoot-dmio.sys
SafeBoot-dmload.sys
SafeBoot-dmadmin
SafeBoot-dmserver
SafeBoot-SRService
MSConfigStartUp-SpywareTerminator - c:\program files\Spyware Terminator\SpywareTerminatorShield.exe
MSConfigStartUp-SpywareTerminatorUpdate - c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-21 13:17
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
.
LOCKED REGISTRY KEYS
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
DLLs Loaded Under Running Processes
'Explorer.exe'(7232)
c:\program files\EgisTec\MyWinLocker 3\x86\psdprotect.dll
c:\program files\EgisTec\MyWinLocker 3\x86\sysenv.dll
c:\program files\Acer\Acer ePower Management\SysHook.dll
c:\program files\palmOne\PqiIcon.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\BtwNamespaceExt.dll
c:\windows\system32\BtwNeLib.dll
c:\windows\system32\btwapi.dll
c:\windows\system32\btosif.dll
c:\windows\system32\btwpimif.dll
.
Other Running Processes
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\EgisTec\MyWinLocker 3\x86\MWLService.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\igfxext.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Acer\Acer ePower Management\ePowerEvent.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
.
.
Completion time: 2010-08-21 13:26:15 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-21 12:26
ComboFix2.txt 2010-07-19 20:28
ComboFix3.txt 2010-07-14 18:43
ComboFix4.txt 2010-07-13 20:09
ComboFix5.txt 2010-08-20 18:52
Pre-Run: 69,372,403,712 bytes free
Post-Run: 69,383,106,560 bytes free
- - End Of File - - B5046A9E9FBF959DCF23DE4C8E718A00
Apparently I'm 10 years old on MSE. Happy birthday to me...etc0 -
You shouldnt ever run combofix on a whim. As weve no idea what its removed in the past then you could very well have removed something you shouldnt have
That said, youve run it that many times then I cant see another time making much difference. Remove the version you have now then download and run a fresh copy (you have to download again to get the latest version):idea:0 -
After youve posted the updated combofix ~
Download HIJACK THIS (Make sure you click 'DOWNLOAD LATEST VERSION')
http://www.filehippo.com/download_hijackthis/
Click MAIN MENU then DO A SYSTEM SCAN AND SAVE A LOGFILE(Takes seconds) then post the log so we can see whats running
(do NOT do anything else with Hijack but scan and post the FULL log)
If you get a message that you cant write to the hosts file then Press the SHIFT key, and whilst holding it RIGHT CLICK and select RUN AS (admin):idea:0 -
Rik, sorry, I try to learn as I go and am prone to experimenting and making things worse. I'll limit my 'playing' to an old laptop in future. EDIT, I've updated Java and Adobe Flash player in accordance with advice from Bleeping Computer. Anyway, standby for input:
ComboFix 10-08-21.06 - Steve 22/08/2010 17:44:48.8.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3001.1380 [GMT 1:00]
Running from: c:\users\Steve\Downloads\CombooFix.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Files Created from 2010-07-22 to 2010-08-22 )))))))))))))))))))))))))))))))
.
2010-08-22 17:14 . 2010-08-22 17:15
d
w- c:\users\Steve\AppData\Local\temp
2010-08-22 17:14 . 2010-08-22 17:14
d
w- c:\users\Public\AppData\Local\temp
2010-08-22 17:14 . 2010-08-22 17:14
d
w- c:\users\Default\AppData\Local\temp
2010-08-21 12:51 . 2010-08-21 12:51
d
w- c:\program files\Common Files\Java
2010-08-21 11:59 . 2008-12-04 17:34 16432 ----a-w- c:\windows\system32\drivers\mwlPSDNServ.sys
2010-08-21 11:51 . 2010-07-17 04:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-21 11:51 . 2010-08-21 12:50
d
w- c:\program files\Java
2010-08-20 23:56 . 2010-08-21 09:15
d
w- c:\users\Steve\AppData\Local\pbvmwirny
2010-08-19 19:25 . 2010-08-19 19:25
d
w- c:\users\Steve\AppData\Local\Microsoft_Research
2010-08-19 19:19 . 2010-08-19 19:19
d
w- c:\program files\Microsoft Research
2010-08-16 18:03 . 2010-08-16 18:32
d
w- c:\users\Steve\AppData\Roaming\Stellarium
2010-08-16 18:02 . 2010-08-16 18:02
d
w- c:\program files\Stellarium
2010-08-15 14:10 . 2010-08-15 14:10
d
w- c:\program files\Crawler
2010-08-15 14:07 . 2010-08-15 14:07
d
w- c:\users\Steve\AppData\Roaming\Canneverbe Limited
2010-08-15 14:07 . 2010-08-15 14:07
d
w- c:\programdata\Canneverbe Limited
2010-08-15 14:07 . 2009-11-12 13:48 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2010-08-15 14:07 . 2010-08-15 14:12
d
w- c:\users\Steve\AppData\Local\OpenCandy
2010-08-15 14:07 . 2010-08-15 14:07
d
w- c:\users\Steve\AppData\Roaming\OpenCandy
2010-08-15 14:07 . 2010-08-15 14:07 257257 ----a-w- c:\users\Steve\AppData\Roaming\OpenCandy\OpenCandy_B7246BFE551F4F45A3B30D111A3B4AF7\DLMGR3.exe
2010-08-15 14:07 . 2010-08-15 14:07
d
w- c:\program files\CDBurnerXP
2010-08-12 21:04 . 2010-08-20 20:37
d
w- c:\program files\AutocompletePro
2010-08-12 21:04 . 2010-08-12 21:04
d
w- c:\program files\Free YouTube Downloader
2010-08-11 15:50 . 2010-06-18 17:31 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-08-11 15:50 . 2010-06-08 17:35 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-11 15:50 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-11 15:50 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-08-11 15:50 . 2010-06-18 15:04 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-11 15:50 . 2010-06-18 15:04 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-11 15:50 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-08 10:36 . 2010-08-08 10:36
d
w- c:\users\Steve\AppData\Local\MetaGeek,_LLC
2010-08-01 18:39 . 2010-08-01 18:39
d
w- c:\program files\Windows Portable Devices
2010-08-01 18:36 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2010-08-01 18:35 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-08-01 18:35 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-08-01 18:35 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-08-01 17:57 . 2010-08-01 17:57
d
w- c:\windows\system32\ca-ES
2010-08-01 17:57 . 2010-08-01 17:57
d
w- c:\windows\system32\eu-ES
2010-08-01 17:57 . 2010-08-01 17:57
d
w- c:\windows\system32\vi-VN
2010-08-01 17:47 . 2010-08-01 17:47
d
w- c:\windows\system32\SPReview
2010-08-01 17:27 . 2009-04-10 22:28 928768 ----a-w- c:\windows\system32\scavenge.dll
2010-08-01 17:27 . 2009-04-10 22:27 57856 ----a-w- c:\windows\system32\compcln.exe
2010-08-01 17:20 . 2009-04-10 22:28 396288 ----a-w- c:\windows\system32\ipsmsnap.dll
2010-08-01 17:16 . 2010-08-01 17:16
d
w- c:\windows\system32\EventProviders
2010-08-01 16:07 . 2010-08-01 16:07
d
w- c:\program files\Network Stumbler
2010-08-01 15:21 . 2010-08-01 15:21
d
w- c:\program files\Sophos
2010-08-01 15:14 . 2010-08-01 15:14
d
w- c:\program files\Rootkit revealer
2010-07-30 21:05 . 2010-08-01 14:45
d
w- c:\program files\7-Zip
2010-07-30 20:25 . 2010-07-30 20:35
d
w- c:\users\Steve\AppData\Local\Audible
2010-07-30 20:03 . 2010-07-30 20:04
d
w- c:\program files\Audible
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-21 12:16 . 2010-02-07 08:08 12 ----a-w- c:\windows\bthservsdp.dat
2010-08-21 09:26 . 2010-07-12 18:41 680 ----a-w- c:\users\Steve\AppData\Local\d3d9caps.dat
2010-08-20 18:39 . 2009-11-01 17:40
d
w- c:\users\Steve\AppData\Roaming\LimeWire
2010-08-20 16:38 . 2010-07-19 06:54 120 ----a-w- c:\users\Steve\AppData\Local\Hcijogotob.dat
2010-08-20 16:38 . 2010-07-19 06:54 0 ----a-w- c:\users\Steve\AppData\Local\Jnayifinoh.bin
2010-08-16 15:32 . 2009-10-02 17:12
d
w- c:\programdata\Spybot - Search & Destroy
2010-08-11 17:42 . 2009-07-14 18:56
d
w- c:\program files\Microsoft Works
2010-08-11 17:40 . 2009-07-14 18:55
d
w- c:\programdata\Microsoft Help
2010-08-11 17:36 . 2006-11-02 11:18
d
w- c:\program files\Windows Mail
2010-08-05 17:33 . 2009-09-30 19:10 1 ----a-w- c:\users\Steve\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-08-01 18:39 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-08-01 18:39 . 2010-08-01 18:39 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-08-01 18:38 . 2010-08-01 18:38 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-08-01 17:57 . 2006-11-02 12:37
d
w- c:\program files\Windows Calendar
2010-08-01 17:57 . 2006-11-02 12:37
d
w- c:\program files\Windows Sidebar
2010-08-01 17:57 . 2006-11-02 12:37
d
w- c:\program files\Windows Journal
2010-08-01 17:57 . 2006-11-02 12:37
d
w- c:\program files\Windows Collaboration
2010-08-01 17:57 . 2006-11-02 12:37
d
w- c:\program files\Windows Photo Gallery
2010-08-01 17:57 . 2006-11-02 12:37
d
w- c:\program files\Windows Defender
2010-07-31 08:39 . 2009-10-10 20:07
d
w- c:\programdata\tunebite
2010-07-31 08:39 . 2009-09-30 18:18
d
w- c:\program files\KeePass Password Safe
2010-07-30 21:11 . 2009-10-10 20:05
d
w- c:\program files\Tunebite
2010-07-14 20:59 . 2010-07-14 20:59
d
w- c:\users\Steve\AppData\Roaming\Trusteer
2010-07-14 20:58 . 2010-07-14 20:58
d
w- c:\program files\Trusteer
2010-07-14 20:56 . 2010-07-14 20:56
d
w- c:\programdata\Trusteer
2010-07-14 10:56 . 2010-07-14 10:56 52224 ----a-w- c:\users\Steve\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-07-14 10:56 . 2009-10-02 17:16 117760 ----a-w- c:\users\Steve\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-14 09:16 . 2010-07-14 09:16
d
w- c:\program files\Free WMA to MP3 Converter
2010-07-14 09:12 . 2010-07-14 09:12
d
w- c:\users\Steve\AppData\Roaming\WinFF
2010-07-14 09:12 . 2010-07-14 09:12
d
w- c:\program files\WinFF
2010-07-14 08:03 . 2009-10-02 17:12
d
w- c:\program files\Spybot - Search & Destroy
2010-07-14 07:23 . 2009-10-01 20:34
d
w- c:\program files\Avast Software
2010-07-14 07:20 . 2010-07-14 07:20
d
w- c:\program files\Alwil Software
2010-07-14 07:20 . 2010-07-14 07:20
d
w- c:\programdata\Alwil Software
2010-07-13 21:50 . 2009-10-01 20:30
d
w- c:\program files\CCleaner
2010-07-13 18:48 . 2009-11-01 18:07
d
w- c:\program files\Ask.com
2010-07-12 20:24 . 2010-07-12 20:24 388096 ----a-r- c:\users\Steve\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-12 20:24 . 2010-07-12 20:24
d
w- c:\program files\Trend Micro
2010-07-12 19:59 . 2010-07-12 19:59
d
w- c:\users\Steve\AppData\Roaming\Malwarebytes
2010-07-12 19:59 . 2010-07-12 19:59
d
w- c:\program files\Malwarebytes' Anti-Malware
2010-07-12 19:59 . 2010-07-12 19:59
d
w- c:\programdata\Malwarebytes
2010-07-12 12:43 . 2010-07-12 12:43
dc-h--w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-07-06 23:33 . 2010-07-06 23:33 434176 ----a-w- c:\programdata\Trusteer\Rapport\store\exts\RapportMS\18481\RapportMS.dll
2010-06-28 20:57 . 2010-07-14 07:21 38848 ----a-w- c:\windows\avastSS.scr
2010-06-28 20:57 . 2009-10-01 20:34 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2009-10-01 20:35 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2009-10-01 20:35 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2009-10-01 20:35 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2009-10-01 20:34 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-06-28 20:32 . 2009-10-01 20:35 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-26 22:36 . 2009-07-14 18:56
d
w- c:\program files\Microsoft.NET
2010-06-26 06:05 . 2010-08-11 15:51 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-11 15:51 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-11 15:51 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-11 15:51 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-21 13:37 . 2010-08-11 15:51 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-06-11 16:16 . 2010-08-11 15:51 274944 ----a-w- c:\windows\system32\schannel.dll
2010-05-27 20:08 . 2010-08-11 15:51 81920 ----a-w- c:\windows\system32\iccvid.dll
2010-05-26 17:06 . 2010-06-09 21:25 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-09 21:25 289792 ----a-w- c:\windows\system32\atmfd.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-05-14 22:02 120104 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-11 6724128]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-06-23 703008]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-01-09 1418536]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-21 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-21 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-21 169496]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DataViz Inc Messenger.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\DataViz Inc Messenger.lnk
backup=c:\windows\pss\DataViz Inc Messenger.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=c:\windows\pss\HotSync Manager.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^Steve^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^Steve^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^Steve^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Orion.lnk]
path=c:\users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orion.lnk
backup=c:\windows\pss\Orion.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^Steve^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^palmOne Registration.lnk]
path=c:\users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\palmOne Registration.lnk
backup=c:\windows\pss\palmOne Registration.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcadeDeluxeAgent]
2009-05-05 11:12 156968
w- c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast5]
2010-06-28 20:57 2837864 ----a-w- c:\progra~1\ALWILS~1\Avast5\AvastUI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2009-05-05 11:12 206120
w- c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
2009-01-29 22:20 57344 ----a-w- c:\program files\SlySoft\CloneCD\CloneCDTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EgisTecLiveUpdate]
2009-05-13 18:39 199464 ----a-w- c:\program files\EgisTec Egis Software Update\EgisUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 11:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2008-12-08 14:50 54576 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-08-20 09:54 150016 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2009-06-16 11:33 1131016 ----a-w- c:\program files\Launch Manager\LManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-04-29 14:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-02-06 17:51 3885408 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mwlDaemon]
2009-05-14 22:03 345384 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie]
2009-05-04 13:43 173288
w- c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-03-21 18:06 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tunebite.exe]
2007-09-13 15:47 2846720 ----a-w- c:\program files\Tunebite\tunebite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):d5,2a,94,97,a3,31,cb,01
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1139142561-2729520356-3100012642-1000]
"EnableNotificationsRef"=dword:00000001Apparently I'm 10 years old on MSE. Happy birthday to me...etc0 -
R0 sljb;sljb;c:\windows\System32\drivers\qjntebg.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-10-04 133104]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [x]
R3 KPXTOXQQNK;KPXTOXQQNK;c:\users\Steve\AppData\Local\Temp\KPXTOXQQNK.exe [x]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-17 50432]
R3 QCM;QCM;c:\users\Steve\AppData\Local\Temp\QCM.exe [x]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-09-15 7408]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 YGZWQ;YGZWQ;c:\users\Steve\AppData\Local\Temp\YGZWQ.exe [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-12-02 64288]
S1 aswSP;aswSP; [x]
S1 DPMemGridVista;Physical Memory I/O for GridVista;c:\program files\GridVista\DPMemGridVista.sys [2008-10-01 10504]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2008-12-04 19504]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2008-12-04 16432]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2008-12-04 59952]
S1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [2010-07-06 59240]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2010-07-06 166632]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-09-15 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-09-15 74480]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2009-04-14 75048]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-06-23 723488]
S2 MWLService;MyWinLocker Service;c:\program files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-05-14 305448]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-17 144640]
S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2010-07-06 840936]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C60x86.sys [2009-01-15 49664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
getPlusHelper REG_MULTI_SZ getPlusHelper
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9C450606-ED24-4958-92BA-B8940C99D441}]
2009-03-04 15:32 8192 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
2010-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-04 13:44]
2010-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-04 13:44]
2010-08-22 c:\windows\Tasks\User_Feed_Synchronization-{92BB3C91-7AAB-484E-BF16-F9BD42FB552D}.job
- c:\windows\system32\msfeedssync.exe [2010-08-11 04:24]
.
.
Supplementary Scan
.
uStart Page = hxxp://google.co.uk/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5332&r=2v350709c235l03c4zqm5t47m2x226
uInternet Settings,ProxyOverride = <local>
IE: Crawler Search - tbr:iemenu
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.8.3/GarminAxControl.CAB
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-22 18:14
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
DLLs Loaded Under Running Processes
- - - - - - - > 'Explorer.exe'(30492)
c:\program files\EgisTec\MyWinLocker 3\x86\psdprotect.dll
c:\program files\EgisTec\MyWinLocker 3\x86\sysenv.dll
c:\program files\Acer\Acer ePower Management\SysHook.dll
c:\program files\palmOne\PqiIcon.dll
.
Completion time: 2010-08-22 18:19:06
ComboFix-quarantined-files.txt 2010-08-22 17:19
ComboFix2.txt 2010-08-21 12:26
ComboFix3.txt 2010-07-19 20:28
ComboFix4.txt 2010-07-14 18:43
ComboFix5.txt 2010-08-22 16:43
Pre-Run: 74,902,851,584 bytes free
Post-Run: 74,558,300,160 bytes free
- - End Of File - - 13C573B3FBBCC2293E570FC47DF8B8AAApparently I'm 10 years old on MSE. Happy birthday to me...etc0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351K Banking & Borrowing
- 253.1K Reduce Debt & Boost Income
- 453.6K Spending & Discounts
- 244K Work, Benefits & Business
- 598.9K Mortgages, Homes & Bills
- 176.9K Life & Family
- 257.3K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards