Yet ANOTHER problem.

rizla01 · 12 September 2010 at 1:17PM

Hi.

For the last two or three days I have been unable to download any software from the 'Giveawayoftheday' Site.

Puter downloads the set-up file then goes to the GAOTD site to verify and hangs.

Even hitting the torn of your computer doesn't do it.

The only way to get out of this 'Lock up' is with the mains switch.

Everything else sems OK.

Ran Dr Cure-it last night - Nothing. Ran Malwarebytes thgis Am and I had 9 infections. Cleaned the registry and seems a lot better but STILL hangs on that particular site.

tried the download on the lappy and no probs.

Any suggestions?

In case it helps here is the Hijack file.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:16:10, on 12/09/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Tall Emu\Online Armor\OAcat.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\Program Files\Tall Emu\Online Armor\OAhlp.exe
F:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
F:\Process Lasso\ProcessLasso.exe
F:\Process Lasso\processgovernor.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Terry\Desktop\utilities\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://by150w.bay150.mail.live.com/default.aspx?n=1721578409&wa=wsignin1.0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} -

\Roboform\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} -

\Roboform\roboform.dll
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [Process Lasso] C:\Documents and Settings\All Users\Start Menu\Programs\Process Lasso\Process Lasso.lnk
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ProcessLassoManagementConsole] F:\Process Lasso\processlasso.exe
O4 - HKLM\..\Run: [ProcessGovernor] F:\Process Lasso\processgovernor.exe
O4 - HKCU\..\Run: [360Amigo] "G:\360Amigo\360Amigo.exe" -autorun
O4 - S-1-5-18 Startup: Alienware Dock.lnk = F:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Alienware Dock.lnk = F:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe (User 'Default user')
O4 - Startup: Alienware Dock.lnk = F:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
O4 - Global Startup: .lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Customize Menu - [URL]file://D:\Roboform\RoboFormComCustomizeIEMenu.html[/URL]
O8 - Extra context menu item: Fill Forms - [URL]file://D:\Roboform\RoboFormComFillForms.html[/URL]
O8 - Extra context menu item: Identities Editor - [URL]file://D:\Roboform\RoboFormComEditIdent.html[/URL]
O8 - Extra context menu item: Password Generator - [URL]file://D:\Roboform\RoboFormComPasswordGenerator.html[/URL]
O8 - Extra context menu item: RoboForm Toolbar - [URL]file://D:\Roboform\RoboFormComShowToolbar.html[/URL]
O8 - Extra context menu item: Save Forms - [URL]file://D:\Roboform\RoboFormComSavePass.html[/URL]
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - [URL]file://D:\Roboform\RoboFormComFillForms.html[/URL]
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - [URL]file://D:\Roboform\RoboFormComFillForms.html[/URL]
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - [URL]file://D:\Roboform\RoboFormComSavePass.html[/URL]
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - [URL]file://D:\Roboform\RoboFormComSavePass.html[/URL]
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - [URL]file://D:\Roboform\RoboFormComShowToolbar.html[/URL]
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - [URL]file://D:\Roboform\RoboFormComShowToolbar.html[/URL]
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - I:\SPYBOT~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - I:\SPYBOT~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A43D7AC-D6C1-4622-B309-BF975F427C0E} (first direct internet banking plus digital safe) - https://internetbankingplus2.firstdirect.com/ibplus/frontdoorFD.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1218797834562
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O20 - Winlogon Notify: !SASWinLogon - G:\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\OAcat.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
--
End of file - 8453 bytes

The_Grandmaster · 12 September 2010 at 1:19PM

May you post the malwarebytes log?

On another note, you seem to be running a few extra virus scanners: panda, trend micro?

rizla01 · 12 September 2010 at 2:06PM

I have run Spybot since this log.
It found 7 entries.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4595
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
12/09/2010 10:26:46
mbam-log-2010-09-12 (10-26-46).txt
Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|L:\|M:\|N:\|X:\|)
Objects scanned: 392901
Time elapsed: 1 hour(s), 25 minute(s), 34 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 9
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:

\Music\Soul\AlbumArt_{CB3391A2-3724-460F-9136-1A6FB0A1C69C}_Small.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

\Music\Black Sabbath\Black Sabbath - 1971 - Paranoid (320kbps) KindMetalRG\AlbumArt_{E0349966-F796-46D2-9578-9AA098DD30EA}_Small.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

\Music\Bob Newhart\Somethng Like This\'Something Like This...' The Bob Newhart Anthology.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

\Music\Oldies 60s\AlbumArtSmall.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

\Music\Oldies 60s\AlbumArt_{C93A58CD-BC0C-49AF-B525-CFB9F5010CBB}_Large.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

\Music\Album Art\AlbumArt_{E0349966-F796-46D2-9578-9AA098DD30EA}_Small.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

\Music\Jeanne Michelle Jarre\Album Art\AlbumArt_{260253B8-8CD8-4D85-9076-4BABA20A522C}_Large.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

\Music\Jeanne Michelle Jarre\Album Art\AlbumArt_{41D52B0E-EDD2-4916-9338-218ACE9A81C2}_Small.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

\Music\Jeanne Michelle Jarre\Album Art\AlbumArt_{D39FCB5E-DE9B-4E56-AEBF-B702B42799AF}_Small.jpg (Extension.Mismatch) -> Quarantined and deleted successfully.

Should I delete Panda & Trend?

gaming_guy · 12 September 2010 at 2:15PM

....................

The_Grandmaster · 12 September 2010 at 2:22PM

Do you mind posting the spybot logs too? I assume most of the malware is gone but there may be some left. P.S. actually not certain malwarebytes found malware or not...

If you're running avast, there would be conflicts between the antivirus programmes so it is definitely worth uninstalling.

rizla01 · 12 September 2010 at 2:28PM

gaming_guy wrote: »

There must of been a problem with giveaway of the day as there was a similar thread to this a few days ago and i think it turned out to be an ISP issue

...........tried the download on the lappy and no probs.

..............

rizla01 · 12 September 2010 at 2:43PM

OK.

removed a couple of items but cannot seem to get rid of the Google Updater (023) - Cant imagine that helps.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:32:21, on 12/09/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Tall Emu\Online Armor\OAcat.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\Program Files\Tall Emu\Online Armor\OAhlp.exe
F:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
F:\Process Lasso\ProcessLasso.exe
F:\Process Lasso\processgovernor.exe
C:\Documents and Settings\Terry\Desktop\utilities\HijackThis.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://by150w.bay150.mail.live.com/default.aspx?n=1721578409&wa=wsignin1.0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} -

\Roboform\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} -

\Roboform\roboform.dll
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [Process Lasso] C:\Documents and Settings\All Users\Start Menu\Programs\Process Lasso\Process Lasso.lnk
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ProcessLassoManagementConsole] F:\Process Lasso\processlasso.exe
O4 - HKLM\..\Run: [ProcessGovernor] F:\Process Lasso\processgovernor.exe
O4 - HKCU\..\Run: [360Amigo] "G:\360Amigo\360Amigo.exe" -autorun
O4 - S-1-5-18 Startup: Alienware Dock.lnk = F:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Alienware Dock.lnk = F:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe (User 'Default user')
O4 - Startup: Alienware Dock.lnk = F:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
O4 - Global Startup: .lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Customize Menu - [URL]file://D:\Roboform\RoboFormComCustomizeIEMenu.html[/URL]
O8 - Extra context menu item: Fill Forms - [URL]file://D:\Roboform\RoboFormComFillForms.html[/URL]
O8 - Extra context menu item: Identities Editor - [URL]file://D:\Roboform\RoboFormComEditIdent.html[/URL]
O8 - Extra context menu item: Password Generator - [URL]file://D:\Roboform\RoboFormComPasswordGenerator.html[/URL]
O8 - Extra context menu item: RoboForm Toolbar - [URL]file://D:\Roboform\RoboFormComShowToolbar.html[/URL]
O8 - Extra context menu item: Save Forms - [URL]file://D:\Roboform\RoboFormComSavePass.html[/URL]
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - [URL]file://D:\Roboform\RoboFormComFillForms.html[/URL]
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - [URL]file://D:\Roboform\RoboFormComFillForms.html[/URL]
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - [URL]file://D:\Roboform\RoboFormComSavePass.html[/URL]
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - [URL]file://D:\Roboform\RoboFormComSavePass.html[/URL]
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - [URL]file://D:\Roboform\RoboFormComShowToolbar.html[/URL]
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - [URL]file://D:\Roboform\RoboFormComShowToolbar.html[/URL]
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - I:\SPYBOT~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - I:\SPYBOT~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0A43D7AC-D6C1-4622-B309-BF975F427C0E} (first direct internet banking plus digital safe) - https://internetbankingplus2.firstdirect.com/ibplus/frontdoorFD.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1218797834562
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O20 - Winlogon Notify: !SASWinLogon - G:\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\OAcat.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
--
End of file - 7741 bytes

rizla01 · 12 September 2010 at 2:45PM

I also ran Combofix (In Safe mode) last night if this helps.

ComboFix 09-07-28.01 - Terry 11/09/2010 21:45.4.2 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1581 [GMT 1:00]
Running from: g:\downloads\ComboFix.exe
AV: a-squared Anti-Malware *On-access scanning enabled* (Updated) {0F8591BB-342B-4493-91C3-4E948ED21255}
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
FW: Online Armor Firewall *disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
.
- REDUCED FUNCTIONALITY MODE -
((((((((((((((((((((((((( Files Created from 2010-08-11 to 2010-09-11 )))))))))))))))))))))))))))))))
.
2010-09-08 17:23 . 2010-09-08 17:23

d

w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-09-08 17:18 . 2010-09-08 17:18

d

w- c:\documents and settings\Terry\Local Settings\Application Data\Temp
2010-09-08 16:08 . 2010-07-11 05:54 57344 ----a-w- c:\windows\system32\CleanMem.exe
2010-09-08 16:08 . 2008-09-19 16:37 121856 ----a-w- c:\windows\system32\schtasks.exe
2010-09-08 16:08 . 2010-09-08 16:08

d

w- c:\windows\CleanMem
2010-09-08 11:36 . 2010-09-08 11:36

d

w- c:\program files\FamilySearch
2010-09-06 16:49 . 2010-09-06 16:49

d

w- c:\documents and settings\Terry\Local Settings\Application Data\Amazon
2010-09-06 16:49 . 2010-09-06 16:49

d

w- c:\program files\Amazon
2010-09-05 18:00 . 2010-05-21 13:14 221568

w- c:\windows\system32\MpSigStub.exe
2010-09-05 17:59 . 2010-09-05 17:59

d

w- c:\program files\Windows Defender
2010-09-02 12:19 . 2010-07-27 17:42 1774720 ----a-w- c:\windows\system32\BootMan.exe
2010-09-02 12:19 . 2010-07-15 07:44 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
2010-09-02 12:19 . 2010-07-15 07:44 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
2010-09-02 12:19 . 2010-07-15 07:44 13192 ----a-w- c:\windows\system32\epmntdrv.sys
2010-09-02 12:19 . 2010-07-15 07:44 14848 ----a-w- c:\windows\system32\EuEpmGdi.dll
2010-09-01 18:51 . 2010-09-01 18:51

d

w- c:\documents and settings\All Users\Application Data\UAB
2010-09-01 18:51 . 2010-09-01 19:14

d

w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters Inc
2010-09-01 18:51 . 2010-09-01 18:51

d

w- c:\documents and settings\Terry\Local Settings\Application Data\PC_Drivers_Headquarters
2010-09-01 18:49 . 2010-09-01 18:49

d

w- c:\documents and settings\Terry\Application Data\GetRightToGo
2010-09-01 17:48 . 2010-09-01 17:49

d

w- c:\program files\jv16 PowerTools
2010-09-01 09:22 . 2010-09-01 21:10

d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-08-30 11:52 . 2010-08-30 11:52

d

w- c:\documents and settings\Terry\Application Data\VSRevoGroup
2010-08-29 11:15 . 2010-08-29 11:15

d

w- c:\windows\system32\wbem\Repository
2010-08-28 13:09 . 2010-08-28 13:09

d

w- c:\program files\Coupon Printer
2010-08-28 13:01 . 2010-08-28 13:01

d

w- c:\program files\ACD Systems
2010-08-28 13:00 . 2010-08-28 13:00

d

w- c:\program files\Hide Wizard
2010-08-28 11:17 . 2004-08-04 10:00 753236 -c--a-w- c:\windows\system32\dllcache\rvseres.dll
2010-08-28 11:16 . 2010-06-18 13:36 3558912 -c--a-w- c:\windows\system32\dllcache\moviemk.exe
2010-08-28 11:16 . 2008-04-14 00:12 7680 -c--a-w- c:\windows\system32\dllcache\wmm2ext.dll
2010-08-28 11:16 . 2008-04-14 00:12 5632 -c--a-w- c:\windows\system32\dllcache\wmm2res2.dll
2010-08-28 11:16 . 2008-04-14 00:12 502272 -c--a-w- c:\windows\system32\dllcache\wmm2fxa.dll
2010-08-28 11:16 . 2008-04-14 00:12 4256768 -c--a-w- c:\windows\system32\dllcache\wmm2res.dll
2010-08-28 11:16 . 2008-04-14 00:12 4096 -c--a-w- c:\windows\system32\dllcache\wmm2eres.dll
2010-08-28 11:16 . 2008-04-14 00:12 402432 -c--a-w- c:\windows\system32\dllcache\wmm2filt.dll
2010-08-28 11:16 . 2008-04-14 00:12 325632 -c--a-w- c:\windows\system32\dllcache\wmm2fxb.dll
2010-08-28 11:16 . 2008-04-14 00:12 167936 -c--a-w- c:\windows\system32\dllcache\wmm2ae.dll
2010-08-28 11:07 . 2008-04-14 00:12 102400 -c--a-w- c:\windows\system32\dllcache\msjro.dll
2010-08-28 11:05 . 2010-08-28 11:05

d

w- c:\program files\Stardock
2010-08-28 11:05 . 2010-08-28 11:05

d

w- c:\program files\PC Tools Firewall Plus
2010-08-28 11:04 . 2010-08-28 11:04

d

w- c:\program files\Everything
2010-08-28 11:04 . 2010-08-28 11:04

d

w- c:\program files\AlienGUIse
2010-08-27 14:02 . 2010-08-27 14:02

d

w- c:\documents and settings\Terry\Local Settings\Application Data\www.dvbportal.de
2010-08-26 13:21 . 2010-08-26 13:21

d

w- c:\program files\Ashampoo
2010-08-23 15:38 . 2010-08-23 15:38 65536 ----a-w- c:\windows\IFinst27.exe
2010-08-23 13:10 . 2010-08-23 13:10 2944904 ----a-w- c:\documents and settings\Terry\Application Data\Mozilla\Firefox\Profiles\hcc9h5r6.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe
2010-08-23 10:17 . 2010-08-30 09:44

d

w- C:\ks360
2010-08-23 08:20 . 2010-08-20 07:03 100280 ----a-w- c:\documents and settings\All Users\Application Data\LGMOBILEAX\B2C_Client\LGMLauncher.exe
2010-08-22 22:34 . 2010-08-22 22:34

d

w- c:\program files\DIFX
2010-08-22 22:34 . 2010-08-22 22:34

d

w- c:\program files\infineon
2010-08-22 22:34 . 2009-05-12 14:53 16896 ----a-w- c:\windows\system32\drivers\FlashUsb.sys
2010-08-22 22:22 . 2010-08-22 22:22

d

w- c:\program files\LG Electronics
2010-08-22 17:36 . 2010-08-23 05:41 329656 ----a-w- c:\documents and settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
2010-08-22 17:36 . 2010-08-23 04:21 1071032 ----a-w- c:\documents and settings\All Users\Application Data\LGMOBILEAX\B2C_Client\LGUserCSTool.exe
2010-08-22 17:36 . 2010-08-20 07:03 100280 ----a-w- c:\documents and settings\All Users\Application Data\LGMOBILEAX\LGMLauncher.exe
2010-08-22 17:36 . 2010-08-20 06:14 524288 ----a-w- c:\documents and settings\All Users\Application Data\LGMOBILEAX\B2C_Client\LGMUpgradeDL.dll
2010-08-22 17:36 . 2010-08-19 08:49 106496 ----a-w- c:\documents and settings\All Users\Application Data\LGMOBILEAX\B2C_Client\LGMobileDL.dll
2010-08-22 17:36 . 2010-05-20 05:49 206784 ----a-w- c:\documents and settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CAppUninstall.exe
2010-08-22 17:36 . 2010-03-16 07:31 24576 ----a-w- c:\documents and settings\All Users\Application Data\LGMOBILEAX\B2C_Client\LGMobileDLRapi.dll
2010-08-22 17:36 . 2006-05-04 07:33 53248 ----a-w- c:\windows\system32\CommonDL.dll
2010-08-22 17:35 . 2010-08-23 02:39

d

w- c:\documents and settings\All Users\Application Data\LGMOBILEAX
2010-08-21 08:25 . 2010-08-21 08:25 75776 ----a-w- c:\windows\cadkasdeinst01e.exe
2010-08-17 22:51 . 2010-08-17 22:51 80090 ----a-w- c:\documents and settings\Terry\Application Data\SMBIOSSP.exe
2010-08-17 22:18 . 2010-08-29 12:07

d

w- c:\documents and settings\Terry\Local Settings\Application Data\Deployment
2010-08-15 17:48 . 2010-08-15 17:48 655360 ----a-w- c:\documents and settings\Terry\Application Data\Spotify\Gracenote\gnsdk_sdkmanager.dll
2010-08-15 17:48 . 2010-08-15 17:48 282624 ----a-w- c:\documents and settings\Terry\Application Data\Spotify\Gracenote\gnsdk_musicid_file.dll
2010-08-15 17:48 . 2010-08-15 17:48 208896 ----a-w- c:\documents and settings\Terry\Application Data\Spotify\Gracenote\gnsdk_dsp.dll
2010-08-15 17:48 . 2010-08-29 20:02

d

w- c:\documents and settings\Terry\Local Settings\Application Data\Spotify
2010-08-15 17:48 . 2010-08-29 20:00

d

w- c:\documents and settings\Terry\Application Data\Spotify
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-11 13:04 . 2010-04-20 08:37

d

w- c:\documents and settings\Terry\Application Data\Start Menu 7
2010-09-11 12:59 . 2009-09-20 08:30

d

w- c:\program files\Microsoft Silverlight
2010-09-08 22:01 . 2009-10-28 09:09

d

w- c:\documents and settings\Terry\Application Data\GoodSync
2010-09-08 17:17 . 2008-08-05 12:09

d

w- c:\program files\Google
2010-09-03 22:36 . 2010-06-23 20:44 228 ----a-w- c:\windows\system32\edacded0.dat
2010-09-01 19:14 . 2009-02-04 16:24

d

w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2010-09-01 09:32 . 2008-08-05 16:09

d

w- c:\documents and settings\Terry\Application Data\Media Player Classic
2010-08-30 09:55 . 2010-06-16 21:05

d

w- c:\documents and settings\All Users\Application Data\OnlineArmor
2010-08-30 09:46 . 2009-03-20 09:15

d

w- c:\documents and settings\Terry\Application Data\NetStat Agent
2010-08-30 09:44 . 2010-04-15 21:42

d

w- c:\program files\Palm
2010-08-30 09:44 . 2009-10-27 10:44

d

w- c:\program files\Canon
2010-08-30 09:44 . 2009-02-06 12:48

d

w- c:\program files\Microsoft Works
2010-08-30 09:44 . 2008-08-05 09:47

d

w- c:\documents and settings\All Users\Application Data\comodo
2010-08-29 15:32 . 2008-12-20 10:09

d

w- c:\documents and settings\Terry\Application Data\Amazon
2010-08-28 13:04 . 2009-10-28 09:09

d

w- c:\program files\Siber Systems
2010-08-28 11:05 . 2008-08-04 15:15

d--h--w- c:\program files\InstallShield Installation Information
2010-08-28 10:58 . 2010-08-29 11:14 144246 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Personal_32_1033.dat
2010-08-28 09:45 . 2008-08-05 15:59

d

w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-08-28 09:45 . 2008-12-14 20:17

d

w- c:\documents and settings\Terry\Application Data\Azureus
2010-08-27 14:51 . 2008-10-01 10:07

d

w- c:\program files\MPlayer for Windows
2010-08-27 09:19 . 2008-12-14 20:15

d

w- c:\program files\Vuze
2010-08-26 13:24 . 2010-06-08 08:41

d

w- c:\documents and settings\Terry\Application Data\Ashampoo
2010-08-23 19:01 . 2010-08-02 16:49

d

w- c:\program files\Ask.com
2010-08-05 10:07 . 2009-05-29 14:34

d

w- c:\program files\StarBurn
2010-08-04 09:27 . 2008-08-04 15:09 88608 ----a-w- c:\documents and settings\Terry\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-31 16:39 . 2008-08-04 17:04

d

w- c:\documents and settings\Terry\Application Data\Canon
2010-07-22 19:41 . 2010-07-24 17:18 153600 ----a-w- c:\windows\system32\AI_ContextMenu.dll
2010-07-11 23:21 . 2010-07-06 23:05 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-11 22:52 . 2010-07-11 22:52 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-07-11 22:52 . 2010-07-11 22:52 57715 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-07-11 22:40 . 2010-07-11 22:40 84054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-07-11 22:40 . 2010-07-11 22:40 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-07-11 22:16 . 2010-07-06 20:37 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-07-11 22:16 . 2010-07-06 20:37 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-07-06 20:37 . 2010-07-06 20:37 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-07-06 20:37 . 2010-07-06 20:37 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-07-06 20:26 . 2010-07-06 20:26 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
2010-07-06 20:26 . 2010-07-06 20:26 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-07-06 20:05 . 2010-07-06 20:05 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-07-06 20:05 . 2010-07-06 20:05 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-07-06 20:05 . 2010-07-06 20:05 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
2010-07-06 19:03 . 2010-07-06 19:03 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-07-06 19:03 . 2010-07-06 19:03 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-07-06 19:03 . 2010-07-06 19:03 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-07-06 19:03 . 2010-07-06 19:03 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-07-06 19:03 . 2010-07-06 19:03 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-07-06 19:03 . 2010-07-06 19:03 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-07-06 19:03 . 2010-07-06 19:03 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-06-30 12:31 . 2004-08-04 10:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-28 20:57 . 2010-07-02 16:57 38848 ----a-w- c:\windows\avastSS.scr
2010-06-28 20:57 . 2008-08-04 22:01 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2008-08-04 22:01 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2008-08-04 22:01 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2008-08-04 22:01 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2008-08-04 22:01 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-28 20:32 . 2008-08-04 22:01 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-28 20:32 . 2008-08-04 22:01 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-28 20:32 . 2008-08-04 22:01 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-24 12:22 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 20:11 . 2010-06-23 20:11 20 --sha-w- c:\windows\Sys6519.Data DB.dat
2010-06-23 20:11 . 2010-06-23 20:11 20 --sha-w- c:\documents and settings\Terry\Application Data\System2583.Data.DB.dat
2010-06-23 13:44 . 2004-08-04 10:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 21:00 . 2010-06-21 21:00 63488 ----a-w- c:\documents and settings\Terry\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-06-21 21:00 . 2010-01-10 00:03 117760 ----a-w- c:\documents and settings\Terry\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-06-21 15:27 . 2004-08-04 10:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-08-04 10:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2008-08-04 15:02 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2004-08-04 10:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2006-05-03 09:06 . 2008-11-20 09:47 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2008-11-20 09:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2008-11-20 09:47 216064 --sh--r- c:\windows\system32\nbDX.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 14:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

rizla01 · 12 September 2010 at 2:45PM

"Persistence"="c:\windows\system32\igfxpers.exe" [2006-07-21 81920]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-06-28 2837864]
"@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2010-04-20 6678008]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"ProcessGovernor"="f:\process lasso\processgovernor.exe" [2010-08-30 241680]
"ProcessLasso"="f:\process lasso\ProcessLasso.exe" [2010-08-30 414224]
"Process Lasso"="c:\documents and settings\All Users\Start Menu\Programs\Process Lasso\Process Lasso.lnk" [2010-09-01 691]
"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-04-14 169984]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-20 282624]
c:\documents and settings\Terry\Start Menu\Programs\Startup\
Alienware Dock.lnk - f:\program files\AlienGUIse\AlienwareDock\ObjectDock.exe [2008-9-17 2074360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"DisallowRun"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
"1"= firefox.exe
"2"= opera.exe
"3"= chrome.exe
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{1214FBE7-4464-4A7E-9958-B5851A7A30A3}"= "d:\program files\RecentX\RecentX\RXShell.dll" [2008-06-12 77824]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "g:\superantispyware\SASSEH.DLL" [2008-05-13 77824]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2010-04-20 925688]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\documents and settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2010-05-02 11:53 548352 ----a-w- g:\superantispyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sasnative32
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Calendar Magic.lnk]
backup=c:\windows\pss\Calendar Magic.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Terry^Start Menu^Programs^Startup^.lnk]
path=c:\documents and settings\Terry\Start Menu\Programs\Startup\.lnk
backup=c:\windows\pss\.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Terry^Start Menu^Programs^Startup^RecentX.lnk]
backup=c:\windows\pss\RecentX.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Terry^Start Menu^Programs^Startup^Secunia PSI.lnk]
backup=c:\windows\pss\Secunia PSI.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ThreatFire"=2 (0x2)
"ioloSystemService"=2 (0x2)
"ioloFileInfoList"=2 (0x2)
"NBService"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"WLSetupSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"gusvc"=3 (0x3)
"Lavasoft Ad-Aware Service"=2 (0x2)
"cmdAgent"=2 (0x2)
"TeamViewer4"=2 (0x2)
"idsvc"=3 (0x3)
"NetBurnerService"=3 (0x3)
"IAANTMON"=2 (0x2)
"AntiVirSchedulerService"=2 (0x2)
"SvcOnlineArmor"=2 (0x2)
"RapportMgmtService"=2 (0x2)
"OAcat"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"ACDaemon"=2 (0x2)
"a2free"=2 (0x2)
"a2AntiMalware"=3 (0x3)
"NanoServiceMain"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"ArcSoft Connection Service"=c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Spotify\\spotify.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [29/04/2009 22:56 40560]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [25/12/2008 12:41 51488]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [25/12/2008 12:41 39200]
R1 NetBurn;Paragon NetBurning Driver;c:\windows\system32\drivers\NetBurn.sys [13/12/2008 14:48 84488]
R1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\drivers\StarPortLite.sys [05/08/2008 09:42 95592]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [14/06/2010 17:48 28552]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [04/08/2008 23:01 165456]
S1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [05/08/2008 10:47 133064]
S1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [05/08/2008 10:47 25160]
S1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [16/06/2010 22:04 228216]
S1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [16/06/2010 22:04 24440]
S1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [16/06/2010 22:04 29560]
S1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [08/06/2010 19:01 0]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [08/06/2010 19:01 0]
S1 SASDIFSV;SASDIFSV;g:\superantispyware\SASDIFSV.SYS [28/07/2009 10:53 12872]
S1 SASKUTIL;SASKUTIL;g:\superantispyware\SASKUTIL.SYS [28/07/2009 10:53 67656]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [04/08/2008 23:01 17744]
S2 dvdmmg;dvdmmg;c:\windows\system32\drivers\dvdmmg.sys [06/09/2007 11:15 5504]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [08/09/2010 18:18 136176]
S2 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [16/06/2010 22:04 1284600]
S2 SCRCAMHRDRV;ScreenCamera HR;c:\windows\system32\drivers\SCRCAMHRDRV.sys [09/12/2009 10:48 234304]
S2 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [16/06/2010 22:04 3364856]
S2 VDDriver;Virtual Disk Driver;d:\virtual disk\VDDriver.sys [22/05/2009 13:39 40952]
S3 ArcCD;ArcCD Filter Driver Service;c:\windows\system32\drivers\ArcCD.sys [15/05/2010 18:24 36224]
S3 BCASPROT;Advanced System Protector;c:\program files\Systweak\Advanced System Protector\sasprot32.sys [04/05/2009 17:42 6656]
S3 cpuz132;cpuz132;\??\c:\docume~1\Terry\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\Terry\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys [?]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [02/09/2010 13:19 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [02/09/2010 13:19 8456]
S3 FlashUSB;FlashUSB;c:\windows\system32\drivers\FlashUsb.sys [22/08/2010 23:34 16896]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [24/03/2009 12:03 7808]
S3 SASENUM;SASENUM;g:\superantispyware\SASENUM.SYS [28/07/2009 10:53 12872]
S3 se_filter;System Explorer Filter Driver;c:\windows\system32\drivers\SE_Filter.sys [02/01/2009 12:18 9216]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [25/12/2008 12:41 33056]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [14/05/2009 12:05 16640]
S4 ArcUdfs;ArcUdfs FileSystem Driver Service;c:\windows\system32\drivers\ArcUdfs.sys [15/05/2010 18:24 134912]
S4 NetBurnerService;Net Burner iSCSI Service;g:\drive back-up\Net Burner Service\NetBurnerService.exe [13/12/2008 14:48 222984]
S4 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [15/03/2010 14:47 779496]
S4 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [27/05/2009 13:38 185640]
S4 ThreatFire;ThreatFire;g:\threatfire\TFService.exe service --> g:\threatfire\TFService.exe service [?]
--- Other Services/Drivers In Memory ---
*Deregistered* - ArcRec
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2010-09-11 c:\windows\Tasks\Clean System Memory.job
- c:\windows\system32\CleanMem.exe [2010-09-08 05:54]
2010-09-11 c:\windows\Tasks\GlaryInitialize.job
- g:\glary utilities\initialize.exe [2009-01-12 10:21]
2010-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-08 17:17]
2010-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-08 17:17]
2010-09-11 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
2010-09-11 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-08-28 14:23]
2010-09-11 c:\windows\Tasks\User_Feed_Synchronization-{8ED07C76-0A78-4661-870E-CF91F4A2F154}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
2009-03-27 c:\windows\Tasks\Wise Registry Cleaner 4.job
- g:\wise registry cleaner\WiseRegistryCleaner.exe [2009-03-27 21:27]
.
.

Supplementary Scan

.
uStart Page = hxxp://by150w.bay150.mail.live.com/default.aspx?n=1721578409&wa=wsignin1.0
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
IE: Customize Menu - [URL="file:///d:/roboform/RoboFormComCustomizeIEMenu.html"]file://d:\roboform\RoboFormComCustomizeIEMenu.html[/URL]
IE: Fill Forms - [URL="file:///d:/roboform/RoboFormComFillForms.html"]file://d:\roboform\RoboFormComFillForms.html[/URL]
IE: Identities Editor - [URL="file:///d:/roboform/RoboFormComEditIdent.html"]file://d:\roboform\RoboFormComEditIdent.html[/URL]
IE: Password Generator - [URL="file:///d:/roboform/RoboFormComPasswordGenerator.html"]file://d:\roboform\RoboFormComPasswordGenerator.html[/URL]
IE: RoboForm Toolbar - [URL="file:///d:/roboform/RoboFormComShowToolbar.html"]file://d:\roboform\RoboFormComShowToolbar.html[/URL]
IE: Save Forms - [URL="file:///d:/roboform/RoboFormComSavePass.html"]file://d:\roboform\RoboFormComSavePass.html[/URL]
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: Zoom &in
IE: Zoom &out
Trusted Zone: google.com\maps
DPF: {0A43D7AC-D6C1-4622-B309-BF975F427C0E} - hxxps://internetbankingplus2.firstdirect.com/ibplus/frontdoorFD.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.
.

File Associations

.
JSEFile=NOTEPAD.EXE %1
.
**************************************************************************
driver loading error catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-11 21:46
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.

LOCKED REGISTRY KEYS

[HKEY_USERS\S-1-5-21-746137067-606747145-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
[HKEY_USERS\S-1-5-21-746137067-606747145-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{63B97F04-9032-2D21-7BE0-EA7F7AE7EE4B}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"nanhidfkkcpkpahaeliapjmohhon"=hex:6a,61,65,67,68,69,66,68,66,65,6b,6d,6d,63,
68,6f,65,68,6b,70,00,0c
"madhoahnjofkbbmejiepajomch"=hex:6a,61,65,67,68,69,66,68,66,65,6b,6d,6d,63,68,
6f,65,68,6b,70,00,56
"abbaoepgoddjdfkamchgkahkhkddfmehpc"=hex:61,62,6b,68,62,64,67,68,65,6c,67,67,
64,67,6c,6a,64,62,6a,64,63,6d,70,67,70,6a,70,6e,61,6e,6a,63,62,66,00,77
"maoppejgogbliogaieoebfhdhf"=hex:64,62,64,68,6d,66,65,66,6b,65,6e,68,6a,68,6a,
63,64,63,66,69,61,62,70,63,61,68,6c,70,6a,61,6d,68,62,65,69,6a,69,64,6c,6b,\
[HKEY_USERS\S-1-5-21-746137067-606747145-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8AA92D77-C3A3-884A-7EA8-1CD3D0BBD18D}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\Microsoft\EncryptionInterface*]
"l_encryption_d"="585A4A574A5F"
.

DLLs Loaded Under Running Processes

- - - - - - - > 'winlogon.exe'(296)
g:\superantispyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
- - - - - - - > 'explorer.exe'(468)
c:\windows\system32\WININET.dll
.
Completion time: 2010-09-11 21:49
ComboFix-quarantined-files.txt 2010-09-11 20:49
ComboFix2.txt 2010-06-21 18:05
ComboFix3.txt 2009-07-29 09:48
Pre-Run: 26,040,680,448 bytes free
Post-Run: 26,197,831,680 bytes free
406 --- E O F --- 2010-09-11 13:03

I didn't save the Spybot log (unless it is aouto saved somewhere on my computer)

The_Grandmaster · 12 September 2010 at 5:15PM

You will need alienRIK to look at the combofix log.
(For future reference, it's not advisable to run combofix without support)

rizla01 · 12 September 2010 at 8:03PM

A little knowledge is a dangerous thing, I guess.

There is something seriously wrong with my set-up, I feel.

Resorted to a sys restore in order to get it limping a bit quicker but now waiting for AlienRik to identify the problem.

Below I have pasted a fresh Hijack log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:03:53, on 12/09/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Tall Emu\Online Armor\OAcat.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
F:\Process Lasso\processgovernor.exe
F:\Process Lasso\ProcessLasso.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Tall Emu\Online Armor\OAhlp.exe
F:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Terry\Desktop\utilities\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://by150w.bay150.mail.live.com/default.aspx?n=1721578409&wa=wsignin1.0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O2 - BHO: RoboForm - Disabled:{724d43a9-0d85-11d4-9908-00400523e39a} - (no file)
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} -

\Roboform\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} -

\Roboform\roboform.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ProcessGovernor] F:\Process Lasso\processgovernor.exe
O4 - HKLM\..\Run: [ProcessLasso] F:\Process Lasso\ProcessLasso.exe
O4 - HKLM\..\Run: [Process Lasso] C:\Documents and Settings\All Users\Start Menu\Programs\Process Lasso\Process Lasso.lnk
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - S-1-5-18 Startup: Alienware Dock.lnk = F:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Alienware Dock.lnk = F:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe (User 'Default user')
O4 - Startup: Alienware Dock.lnk = F:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
O4 - Global Startup: .lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Customize Menu - [URL]file://D:\Roboform\RoboFormComCustomizeIEMenu.html[/URL]
O8 - Extra context menu item: Fill Forms - [URL]file://D:\Roboform\RoboFormComFillForms.html[/URL]
O8 - Extra context menu item: Identities Editor - [URL]file://D:\Roboform\RoboFormComEditIdent.html[/URL]
O8 - Extra context menu item: Password Generator - [URL]file://D:\Roboform\RoboFormComPasswordGenerator.html[/URL]
O8 - Extra context menu item: RoboForm Toolbar - [URL]file://D:\Roboform\RoboFormComShowToolbar.html[/URL]
O8 - Extra context menu item: Save Forms - [URL]file://D:\Roboform\RoboFormComSavePass.html[/URL]
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - [URL]file://D:\Roboform\RoboFormComFillForms.html[/URL]
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - [URL]file://D:\Roboform\RoboFormComFillForms.html[/URL]
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - [URL]file://D:\Roboform\RoboFormComSavePass.html[/URL]
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - [URL]file://D:\Roboform\RoboFormComSavePass.html[/URL]
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - [URL]file://D:\Roboform\RoboFormComShowToolbar.html[/URL]
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - [URL]file://D:\Roboform\RoboFormComShowToolbar.html[/URL]
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - I:\SPYBOT~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - I:\SPYBOT~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A43D7AC-D6C1-4622-B309-BF975F427C0E} (first direct internet banking plus digital safe) - https://internetbankingplus2.firstdirect.com/ibplus/frontdoorFD.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1218797834562
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O20 - Winlogon Notify: !SASWinLogon - G:\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\OAcat.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
--
End of file - 8878 bytes

Yet ANOTHER problem.

Comments

Confirm your email address to Create Threads and Reply

🚀 Getting Started

Categories

Is this how you want to be seen?

Get our FREE Weekly email full of deals & guides - and it’s spam-free