We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Combo-fix/ Hijack this conflict?
Comments
-
H. knarf44, 'G' drive is one of my partitions. The only external drive that is plugged in is the Canon printer Card reader which doesn't have a card installed.
Zentimo is a recent install that frees any external card without having to go thru the usual 'Unplug device' icon on the Toolbar. Iobit360 is a registry cleaner. Both are on drive 'G'.
here is the latest Malwarebytes log.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4550
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
12/11/2010 22:19:31
mbam-log-2010-11-12 (22-19-31).txt
Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|L:\|M:\|N:\|)
UPDATE malwarebytes and run another FULL scan
(latest datatbase is 5105)
Post the WHOLE of the combofix log
Dont worry about what it thinks is running:idea:0 -
Hi Rik.
Ok. In two parts here is the Combolog.
Malwarebytes will be posted later this Evening.
ComboFix 10-11-12.06 - Terry 13/11/2010 15:42:12.10.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1661 [GMT 0:00]
Running from: c:\documents and settings\Terry\Desktop\ComboFix.exe
AV: a-squared Anti-Malware *On-access scanning enabled* (Updated) {0F8591BB-342B-4493-91C3-4E948ED21255}
AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
FW: Online Armor Firewall *disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
.
((((((((((((((((((((((((( Files Created from 2010-10-13 to 2010-11-13 )))))))))))))))))))))))))))))))
.
2010-11-13 09:20 . 2010-11-13 09:20
d
w- c:\documents and settings\Terry\Application Data\eFax Messenger
2010-11-12 20:10 . 2010-11-12 20:10 388096 ----a-r- c:\documents and settings\Terry\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-11-10 14:04 . 2010-11-10 14:04
d
w- c:\documents and settings\Terry\Application Data\AltrixSoft
2010-11-10 13:39 . 2010-11-10 13:39
d
w- c:\documents and settings\Terry\Application Data\Avira
2010-11-10 13:39 . 2010-08-02 16:10 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-11-10 13:39 . 2010-11-10 13:39
d
w- c:\program files\Avira
2010-11-10 13:39 . 2010-11-10 13:39
d
w- c:\documents and settings\All Users\Application Data\Avira
2010-11-10 13:39 . 2010-08-02 16:10 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-10 13:39 . 2010-06-17 15:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-11-10 13:39 . 2010-06-17 15:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-11-10 12:03 . 2010-11-10 12:03
d
w- C:\found.000
2010-11-09 23:42 . 2010-11-09 23:42 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-11-09 23:37 . 2010-11-09 23:37 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-11-09 23:37 . 2010-11-09 23:37
d
w- c:\program files\Hitman Pro 3.5
2010-11-09 23:36 . 2010-11-09 23:42
d
w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-11-09 20:23 . 2009-06-30 10:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-11-09 20:23 . 2010-11-09 20:23
d
w- c:\program files\Panda Security
2010-11-09 18:40 . 2010-11-09 18:40
d
w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-11-09 14:43 . 2010-11-09 14:43
d
w- c:\documents and settings\Administrator\Local Settings\Application Data\Opera
2010-11-05 13:53 . 2010-11-05 13:53
d
w- c:\documents and settings\All Users\Application Data\IObit
2010-11-03 14:08 . 2010-11-03 14:08
d
w- c:\documents and settings\Terry\Application Data\Zentimo
2010-11-03 14:08 . 2010-11-03 14:08
d
w- c:\documents and settings\All Users\Application Data\ZentimoService
2010-11-03 10:51 . 2010-11-03 10:51
d
w- c:\documents and settings\Terry\Local Settings\Application Data\RipTiger
2010-11-02 23:07 . 2006-10-18 18:05 232448 ----a-w- c:\windows\system32\mp3fhg.acm
2010-11-02 23:07 . 2010-11-02 23:07
d
w- c:\program files\RipTiger
2010-11-02 23:06 . 2010-11-02 23:06
d
w- c:\program files\FLVCodec
2010-11-02 23:06 . 2010-11-02 23:06
d
w- c:\windows\system32\languages
2010-11-02 23:06 . 2008-05-24 10:55 741376 ----a-w- c:\windows\system32\audxlib.dll
2010-11-02 23:06 . 2008-05-24 10:55 143360 ----a-w- c:\windows\system32\ff_theora.dll
2010-11-02 23:06 . 2008-05-24 10:55 114688 ----a-w- c:\windows\system32\ff_realaac.dll
2010-11-02 23:06 . 2010-11-02 23:06 684560 ----a-w- c:\windows\system32\unins000.exe
2010-11-02 23:06 . 2010-11-02 23:06
d
w- c:\program files\WinPcap
2010-11-02 23:06 . 2010-10-29 17:27 364544 ----a-w- c:\windows\system32\GSService.exe
2010-11-02 22:24 . 2010-11-02 22:24
d
w- c:\documents and settings\All Users\Application Data\Unreal Streaming Technologies
2010-11-02 22:24 . 2010-11-02 22:24
d
w- c:\program files\Common Files\Unreal Streaming
2010-11-02 22:17 . 2010-11-02 22:17
d
w- c:\program files\UnrealMediaPlayer5Plugin
2010-11-02 22:12 . 2010-11-02 22:12
d
w- c:\documents and settings\Terry\Application Data\Unreal Streaming
2010-10-20 09:17 . 2010-10-20 09:18
d
w- c:\documents and settings\All Users\Application Data\Norton
2010-10-20 09:17 . 2010-10-20 09:17
d
w- c:\documents and settings\All Users\Application Data\Symantec
2010-10-16 15:10 . 2010-10-16 15:10
d
w- c:\documents and settings\All Users\Application Data\Easy Photo Sorter
2010-10-16 12:34 . 2010-10-16 12:34
d
w- C:\360Amigo
2010-10-16 10:29 . 2010-11-11 19:42
d---a-w- c:\documents and settings\All Users\Application Data\TEMP
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 11:23 . 2004-08-04 10:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-04 10:00 974848
w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-04 10:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-04 10:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2004-08-04 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2004-08-04 10:00 1469440
w- c:\windows\system32\inetcpl.cpl
2010-09-09 22:52 . 2010-10-05 21:51 6084944 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{046CDB86-F8FF-4D54-B3EF-9DEB24386A88}\mpengine.dll
2010-09-09 22:52 . 2010-09-05 18:00 6084944 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2010-09-07 15:12 . 2010-07-02 16:57 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 15:11 . 2008-08-04 22:01 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2008-08-04 22:01 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2008-08-04 22:01 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2008-08-04 22:01 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2008-08-04 22:01 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-09-07 14:47 . 2008-08-04 22:01 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-09-07 14:47 . 2008-08-04 22:01 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-07 14:46 . 2008-08-04 22:01 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-09-03 14:26 . 2010-09-03 14:26 3259392 ----a-w- c:\windows\fanflame.scr
2010-09-01 11:51 . 2004-08-04 10:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2004-08-04 10:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 14:22 . 2010-10-12 08:44 38856 ----a-w- c:\windows\system32\drivers\oahlp32.sys
2010-08-27 14:22 . 2010-10-12 08:44 25000 ----a-w- c:\windows\system32\drivers\OAmon.sys
2010-08-27 14:22 . 2010-10-12 08:44 29272 ----a-w- c:\windows\system32\drivers\OAnet.sys
2010-08-27 14:22 . 2010-10-12 08:44 201168 ----a-w- c:\windows\system32\drivers\OADriver.sys
2010-08-27 08:02 . 2004-08-04 10:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2004-08-04 10:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2004-08-04 10:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-04-15 09:39 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2004-08-04 10:00 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 22:51 . 2010-08-17 22:51 80090 ----a-w- c:\documents and settings\Terry\Application Data\SMBIOSSP.exe
2010-08-17 13:17 . 2004-08-04 10:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2004-08-04 10:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2006-05-03 09:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 216064 --sh--r- c:\windows\system32\nbDX.dll
.
((((((((((((((((((((((((((((( [EMAIL="SnapShot@2010-11-12_17.42.53"]SnapShot@2010-11-12_17.42.53[/EMAIL] )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-12 20:10 . 2010-11-12 20:10 1094656 c:\windows\Installer\7d2f3b.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zentimo xStorage Manager"="g:\zentimo\Zentimo.exe" [2010-10-28 1696080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-07-21 81920]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-20 282624]
"@OnlineArmor GUI"="g:\online armor\oaui.exe" [2010-08-27 2356848]
"IObit Security 360"="g:\iobit security 360\IS360tray.exe" [2010-06-11 1280344]
c:\documents and settings\Terry\Start Menu\Programs\Startup\
Alienware Dock.lnk - f:\program files\AlienGUIse\AlienwareDock\ObjectDock.exe [2008-9-17 2074360]
Moo0 Magnifier 1.09.lnk - c:\magnifier 1.09\Magnifier.exe [2010-9-22 1552384]
Rightmove Desktop.lnk - l:\rightmove\Rightmove Desktop\Rightmove Desktop.exe [2010-9-19 132608]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"DisallowRun"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
"1"= firefox.exe
"2"= opera.exe
"3"= chrome.exe
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{1214FBE7-4464-4A7E-9958-B5851A7A30A3}"= "d:\program files\RecentX\RecentX\RXShell.dll" [2008-06-12 77824]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "g:\superantispyware\SASSEH.DLL" [2008-05-13 77824]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "g:\online~1\oaevent.dll" [2010-08-27 353992]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\documents and settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2010-05-02 11:53 548352 ----a-w- g:\superantispyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sasnative32
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Calendar Magic.lnk]
backup=c:\windows\pss\Calendar Magic.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Terry^Start Menu^Programs^Startup^.lnk]
backup=c:\windows\pss\.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Terry^Start Menu^Programs^Startup^RecentX.lnk]
backup=c:\windows\pss\RecentX.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Terry^Start Menu^Programs^Startup^Secunia PSI.lnk]
backup=c:\windows\pss\Secunia PSI.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 03:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
2010-09-28 20:33 2407632 ----a-w- g:\advanced systemcare 3\AWC.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AquaSnap]
2010-09-21 20:18 741376 ----a-w- g:\aquasnap\AquaSnap.Daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioHQ]
2000-05-11 00:00 205312 ----a-w- c:\program files\Creative\SBLive\AudioHQ\ahqtb.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\B2C_AGENT]
2010-08-23 05:41 329656 ----a-w- c:\documents and settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-11-16 19:04 139264 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\captrue.exe]
2008-09-05 16:55 673280
w- j:\captrue\captrue.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-16 20:04 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2006-07-21 17:48 98304 ----a-w- c:\windows\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntegryDESK]
2005-03-22 12:45 618496 ----a-w- i:\integrydesk\IntegryDESK.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 15:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pb_scheduler_agent]
2007-04-19 10:37 44544 ----a-w- g:\premium booster\scheduler.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
2010-09-04 21:58 160328 ----a-w- d:\roboform\robotaskbaricon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 15:07 2260480 --sha-r- i:\spybot - search & destroy\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-06-23 21:06 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-08-27 11:11 2424560 ----a-w- g:\superantispyware\SUPERANTISPYWARE.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-08-22 11:21 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ThreatFire]
2008-11-17 13:04 263456 ----a-w- g:\threatfire\TFTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-04-15 22:45 151597 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-03 18:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ThreatFire"=2 (0x2)
"ioloSystemService"=2 (0x2)
"ioloFileInfoList"=2 (0x2)
"NBService"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"WLSetupSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"gusvc"=3 (0x3)
"Lavasoft Ad-Aware Service"=2 (0x2)
"cmdAgent"=2 (0x2)
"TeamViewer4"=2 (0x2)
"idsvc"=3 (0x3)
"NetBurnerService"=3 (0x3)
"IAANTMON"=2 (0x2)
"AntiVirSchedulerService"=2 (0x2)
"RapportMgmtService"=2 (0x2)
"OAcat"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"ACDaemon"=2 (0x2)
"a2free"=2 (0x2)
"a2AntiMalware"=3 (0x3)
"NanoServiceMain"=2 (0x2)
"WinDefend"=2 (0x2)"Unhappiness is not knowing what we want, and killing ourselves to get it."Post Count: 4,111 Thanked 3,111 Times in 1,111 Posts (Actual figures as they once were))Women and cats will do as they please, and men and dogs should relax and get used to the idea.0 -
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"ArcSoft Connection Service"=c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Spotify\\spotify.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [29/04/2009 21:56 40560]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [09/11/2010 20:23 28552]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [25/12/2008 11:41 51488]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [25/12/2008 11:41 39200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [04/08/2008 22:01 165584]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [05/08/2008 09:47 133064]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [05/08/2008 09:47 25160]
R1 NetBurn;Paragon NetBurning Driver;c:\windows\system32\drivers\NetBurn.sys [13/12/2008 13:48 84488]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [12/10/2010 08:44 201168]
R1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [12/10/2010 08:44 38856]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [12/10/2010 08:44 25000]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [12/10/2010 08:44 29272]
R1 SASDIFSV;SASDIFSV;g:\superantispyware\SASDIFSV.SYS [28/07/2009 09:53 12872]
R1 SASKUTIL;SASKUTIL;g:\superantispyware\SASKUTIL.SYS [28/07/2009 09:53 67656]
R1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\drivers\StarPortLite.sys [05/08/2008 08:42 95592]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/11/2010 13:39 135336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [04/08/2008 22:01 17744]
R2 dvdmmg;dvdmmg;c:\windows\system32\drivers\dvdmmg.sys [06/09/2007 10:15 5504]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [16/07/2010 00:45 35088]
R2 OAcat;Online Armor Helper Service;g:\online armor\oacat.exe [12/10/2010 08:44 380272]
R2 VDDriver;Virtual Disk Driver;d:\virtual disk\VDDriver.sys [22/05/2009 12:39 40952]
R2 ZentimoService;Zentimo Assistant;g:\zentimo\ZentimoService.exe [03/11/2010 14:08 240976]
R3 ArcCD;ArcCD Filter Driver Service;c:\windows\system32\drivers\ArcCD.sys [15/05/2010 17:24 36224]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [14/05/2009 11:05 16640]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [08/06/2010 18:01 0]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [08/06/2010 18:01 0]
S2 SCRCAMHRDRV;ScreenCamera HR;c:\windows\system32\drivers\SCRCAMHRDRV.sys [09/12/2009 09:48 234304]
S2 SvcOnlineArmor;Online Armor;g:\online armor\oasrv.exe [12/10/2010 08:44 3638240]
S3 BCASPROT;Advanced System Protector;c:\program files\Systweak\Advanced System Protector\sasprot32.sys [04/05/2009 16:42 6656]
S3 FlashUSB;FlashUSB;c:\windows\system32\drivers\FlashUsb.sys [22/08/2010 22:34 16896]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [24/03/2009 11:03 7808]
S3 SASENUM;SASENUM;g:\superantispyware\SASENUM.SYS [28/07/2009 09:53 12872]
S3 se_filter;System Explorer Filter Driver;c:\windows\system32\drivers\SE_Filter.sys [02/01/2009 11:18 9216]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [25/12/2008 11:41 33056]
S4 ArcUdfs;ArcUdfs FileSystem Driver Service;c:\windows\system32\drivers\ArcUdfs.sys [15/05/2010 17:24 134912]
S4 GSService;GSService;c:\windows\system32\GSService.exe [02/11/2010 23:06 364544]
S4 IS360service;IS360service;g:\iobit security 360\is360srv.exe [05/11/2010 13:53 312152]
S4 NetBurnerService;Net Burner iSCSI Service;g:\drive back-up\Net Burner Service\NetBurnerService.exe [13/12/2008 13:48 222984]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [05/08/2008 08:42 721904]
S4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 18:19 13592]
--- Other Services/Drivers In Memory ---
*Deregistered* - ArcRec
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
2010-11-13 c:\windows\Tasks\Clean System Memory.job
- c:\windows\system32\CleanMem.exe [2010-09-08 05:54]
2010-11-13 c:\windows\Tasks\GlaryInitialize.job
- g:\glary utilities\initialize.exe [2009-01-12 09:32]
2010-11-13 c:\windows\Tasks\User_Feed_Synchronization-{8ED07C76-0A78-4661-870E-CF91F4A2F154}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
Supplementary Scan
.
uStart Page = hxxp://by150w.bay150.mail.live.com/default.aspx?rru=home&livecom=1&wa=wsignin1.0
mStart Page = hxxp://www.bigseekpro.com/clipextractor/{A9E3981F-6A11-4EF1-A702-3819AB03CE4F}
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
IE: Customize Menu - [URL]file://d:\roboform\RoboFormComCustomizeIEMenu.html[/URL]
IE: Fill Forms - [URL]file://d:\roboform\RoboFormComFillForms.html[/URL]
IE: Identities Editor - [URL]file://d:\roboform\RoboFormComEditIdent.html[/URL]
IE: Locate Spot on Map by GPS - f:\iexif 2.3\IExifMap.htm
IE: Password Generator - [URL]file://d:\roboform\RoboFormComPasswordGenerator.html[/URL]
IE: RoboForm Toolbar - [URL]file://d:\roboform\RoboFormComShowToolbar.html[/URL]
IE: Save Forms - [URL]file://d:\roboform\RoboFormComSavePass.html[/URL]
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: View Exif/GPS/IPTC with IExif - f:\iexif 2.3\IExifCom.htm
IE: Zoom &in
IE: Zoom &out
Trusted Zone: google.com\maps
DPF: {0A43D7AC-D6C1-4622-B309-BF975F427C0E} - hxxps://internetbankingplus2.firstdirect.com/ibplus/frontdoorFD.cab
.
.
File Associations
.
JSEFile=NOTEPAD.EXE %1
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-13 15:47
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_USERS\S-1-5-21-746137067-606747145-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
[HKEY_USERS\S-1-5-21-746137067-606747145-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{63B97F04-9032-2D21-7BE0-EA7F7AE7EE4B}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"nanhidfkkcpkpahaeliapjmohhon"=hex:6a,61,65,67,68,69,66,68,66,65,6b,6d,6d,63,
68,6f,65,68,6b,70,00,0c
"madhoahnjofkbbmejiepajomch"=hex:6a,61,65,67,68,69,66,68,66,65,6b,6d,6d,63,68,
6f,65,68,6b,70,00,56
"abbaoepgoddjdfkamchgkahkhkddfmehpc"=hex:61,62,6b,68,62,64,67,68,65,6c,67,67,
64,67,6c,6a,64,62,6a,64,63,6d,70,67,70,6a,70,6e,61,6e,6a,63,62,66,00,77
"maoppejgogbliogaieoebfhdhf"=hex:64,62,64,68,6d,66,65,66,6b,65,6e,68,6a,68,6a,
63,64,63,66,69,61,62,70,63,61,68,6c,70,6a,61,6d,68,62,65,69,6a,69,64,6c,6b,\
[HKEY_USERS\S-1-5-21-746137067-606747145-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8AA92D77-C3A3-884A-7EA8-1CD3D0BBD18D}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-746137067-606747145-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F7DAF699-3319-E05F-CCAA-2BCB894FA322}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"naihibmkhoenfhpkbfemdhphimdc"=hex:6a,61,65,67,65,67,67,64,70,6b,6e,64,63,67,
67,63,62,69,66,6c,00,03
"macgobkcfnlbgaobohegbmmnlg"=hex:6a,61,65,67,65,67,67,64,70,6b,6e,64,63,67,67,
63,62,69,66,6c,00,56
[HKEY_LOCAL_MACHINE\software\Microsoft\EncryptionInterface*]
"l_encryption_d"="585A4A574A5F"
.
DLLs Loaded Under Running Processes
- - - - - - - > 'winlogon.exe'(528)
g:\superantispyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
- - - - - - - > 'explorer.exe'(1712)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-11-13 15:49:48
ComboFix-quarantined-files.txt 2010-11-13 15:49
ComboFix2.txt 2010-11-12 19:52
ComboFix3.txt 2010-11-12 17:44
ComboFix4.txt 2010-09-16 13:19
ComboFix5.txt 2010-11-13 15:40
Pre-Run: 25,474,945,024 bytes free
Post-Run: 25,463,631,872 bytes free
- - End Of File - - C0D3C6E18CF37C06B8D6370350CEDE85"Unhappiness is not knowing what we want, and killing ourselves to get it."Post Count: 4,111 Thanked 3,111 Times in 1,111 Posts (Actual figures as they once were))Women and cats will do as they please, and men and dogs should relax and get used to the idea.0 -
Did you run malwarebytes?:idea:0
-
Here is the latest full scan by Malwarebytes. (Sorry, GC's had a party here - Had to join in.:))
Hey Rik, your version is out of date!!
Database version: 5108 :A
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 5108
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
13/11/2010 17:16:48
mbam-log-2010-11-13 (17-16-48).txt
Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|L:\|M:\|N:\|)
Objects scanned: 404470
Time elapsed: 1 hour(s), 6 minute(s), 53 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)"Unhappiness is not knowing what we want, and killing ourselves to get it."Post Count: 4,111 Thanked 3,111 Times in 1,111 Posts (Actual figures as they once were))Women and cats will do as they please, and men and dogs should relax and get used to the idea.0 -
***TAKE NOTE. THIS SITE PUTS 'SPACES' IN TO THE LINKS. YOU NEED TO MANUALLY REMOVE THE SPACES IN THE REGISTRY PART***
ie - Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
becomes Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
Open notepad and copy/paste the text in RED below
KILLALL::
File::
c:\windows\system32\mp3fhg.acm
c:\windows\fanflame.scr
RegLock::
[HKEY_USERS\S-1-5-21-746137067-606747145-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
[HKEY_USERS\S-1-5-21-746137067-606747145-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{63B97F04-9032-2D21-7BE0-EA7F7AE7EE4B}*]
[HKEY_USERS\S-1-5-21-746137067-606747145-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8AA92D77-C3A3-884A-7EA8-1CD3D0BBD18D}*]
[HKEY_USERS\S-1-5-21-746137067-606747145-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F7DAF699-3319-E05F-CCAA-2BCB894FA322}*]
[HKEY_LOCAL_MACHINE\software\Microsoft\EncryptionIn terface*]
Registry::
[HKEY_USERS\S-1-5-21-746137067-606747145-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
[HKEY_USERS\S-1-5-21-746137067-606747145-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{63B97F04-9032-2D21-7BE0-EA7F7AE7EE4B}*]
[HKEY_USERS\S-1-5-21-746137067-606747145-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8AA92D77-C3A3-884A-7EA8-1CD3D0BBD18D}*]
[HKEY_USERS\S-1-5-21-746137067-606747145-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F7DAF699-3319-E05F-CCAA-2BCB894FA322}*]
[HKEY_LOCAL_MACHINE\software\Microsoft\EncryptionIn terface*]
Save this as "CFScript" (FULL file will be 'CFScript.txt' EXACTLY as shown)
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply
(If SNAPSHOT is stupidly large, leave that part out)
Combofix should never take more that 30 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.:idea:0 -
Hiyah, Rik.
Just to clarify, do you mean remove the spaces from the Reglock part AND the registry part (8 spaces) or just the registry part (4 spaces)?
Ie. After 'CLSID]' x2 and following all '}*]' x6 (reglock + registry)
or after 'CLSID]' x1 and following all '}*]' x3 in the registry alone?
Hope that's clear!
ALSO do I stop all running progs or just drop the file into Combo regardless?"Unhappiness is not knowing what we want, and killing ourselves to get it."Post Count: 4,111 Thanked 3,111 Times in 1,111 Posts (Actual figures as they once were))Women and cats will do as they please, and men and dogs should relax and get used to the idea.0 -
Clear as mud, but I meant registry and registry lock:idea:0
-
Ok. Here is the log following that (If I did it right.:))
ComboFix 10-11-12.06 - Terry 13/11/2010 22:42:39.11.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1681 [GMT 0:00]
Running from: c:\documents and settings\Terry\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Terry\Desktop\CFScript.txt
AV: a-squared Anti-Malware *On-access scanning enabled* (Updated) {0F8591BB-342B-4493-91C3-4E948ED21255}
AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
FW: Online Armor Firewall *enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
FILE ::
"c:\windows\fanflame.scr"
"c:\windows\system32\mp3fhg.acm"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\fanflame.scr
c:\windows\system32\mp3fhg.acm
.
((((((((((((((((((((((((( Files Created from 2010-10-13 to 2010-11-13 )))))))))))))))))))))))))))))))
.
2010-11-13 09:20 . 2010-11-13 09:20
d
w- c:\documents and settings\Terry\Application Data\eFax Messenger
2010-11-12 20:10 . 2010-11-12 20:10 388096 ----a-r- c:\documents and settings\Terry\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-11-10 14:04 . 2010-11-10 14:04
d
w- c:\documents and settings\Terry\Application Data\AltrixSoft
2010-11-10 13:39 . 2010-11-10 13:39
d
w- c:\documents and settings\Terry\Application Data\Avira
2010-11-10 13:39 . 2010-08-02 16:10 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-11-10 13:39 . 2010-11-10 13:39
d
w- c:\program files\Avira
2010-11-10 13:39 . 2010-11-10 13:39
d
w- c:\documents and settings\All Users\Application Data\Avira
2010-11-10 13:39 . 2010-08-02 16:10 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-10 13:39 . 2010-06-17 15:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-11-10 13:39 . 2010-06-17 15:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-11-10 12:03 . 2010-11-10 12:03
d
w- C:\found.000
2010-11-09 23:42 . 2010-11-09 23:42 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-11-09 23:37 . 2010-11-09 23:37 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-11-09 23:37 . 2010-11-09 23:37
d
w- c:\program files\Hitman Pro 3.5
2010-11-09 23:36 . 2010-11-09 23:42
d
w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-11-09 20:23 . 2009-06-30 10:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-11-09 20:23 . 2010-11-09 20:23
d
w- c:\program files\Panda Security
2010-11-09 18:40 . 2010-11-09 18:40
d
w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-11-09 14:43 . 2010-11-09 14:43
d
w- c:\documents and settings\Administrator\Local Settings\Application Data\Opera
2010-11-05 13:53 . 2010-11-05 13:53
d
w- c:\documents and settings\All Users\Application Data\IObit
2010-11-03 14:08 . 2010-11-03 14:08
d
w- c:\documents and settings\Terry\Application Data\Zentimo
2010-11-03 14:08 . 2010-11-03 14:08
d
w- c:\documents and settings\All Users\Application Data\ZentimoService
2010-11-03 10:51 . 2010-11-03 10:51
d
w- c:\documents and settings\Terry\Local Settings\Application Data\RipTiger
2010-11-02 23:07 . 2010-11-02 23:07
d
w- c:\program files\RipTiger
2010-11-02 23:06 . 2010-11-02 23:06
d
w- c:\program files\FLVCodec
2010-11-02 23:06 . 2010-11-02 23:06
d
w- c:\windows\system32\languages
2010-11-02 23:06 . 2008-05-24 10:55 741376 ----a-w- c:\windows\system32\audxlib.dll
2010-11-02 23:06 . 2008-05-24 10:55 143360 ----a-w- c:\windows\system32\ff_theora.dll
2010-11-02 23:06 . 2008-05-24 10:55 114688 ----a-w- c:\windows\system32\ff_realaac.dll
2010-11-02 23:06 . 2010-11-02 23:06 684560 ----a-w- c:\windows\system32\unins000.exe
2010-11-02 23:06 . 2010-11-02 23:06
d
w- c:\program files\WinPcap
2010-11-02 23:06 . 2010-10-29 17:27 364544 ----a-w- c:\windows\system32\GSService.exe
2010-11-02 22:24 . 2010-11-02 22:24
d
w- c:\documents and settings\All Users\Application Data\Unreal Streaming Technologies
2010-11-02 22:24 . 2010-11-02 22:24
d
w- c:\program files\Common Files\Unreal Streaming
2010-11-02 22:17 . 2010-11-02 22:17
d
w- c:\program files\UnrealMediaPlayer5Plugin
2010-11-02 22:12 . 2010-11-02 22:12
d
w- c:\documents and settings\Terry\Application Data\Unreal Streaming
2010-10-20 09:17 . 2010-10-20 09:18
d
w- c:\documents and settings\All Users\Application Data\Norton
2010-10-20 09:17 . 2010-10-20 09:17
d
w- c:\documents and settings\All Users\Application Data\Symantec
2010-10-16 15:10 . 2010-10-16 15:10
d
w- c:\documents and settings\All Users\Application Data\Easy Photo Sorter
2010-10-16 12:34 . 2010-10-16 12:34
d
w- C:\360Amigo
2010-10-16 10:29 . 2010-11-11 19:42
d---a-w- c:\documents and settings\All Users\Application Data\TEMP
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 11:23 . 2004-08-04 10:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-04 10:00 974848
w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-04 10:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-04 10:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2004-08-04 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2004-08-04 10:00 1469440
w- c:\windows\system32\inetcpl.cpl
2010-09-09 22:52 . 2010-10-05 21:51 6084944 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{046CDB86-F8FF-4D54-B3EF-9DEB24386A88}\mpengine.dll
2010-09-09 22:52 . 2010-09-05 18:00 6084944 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2010-09-07 15:12 . 2010-07-02 16:57 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 15:11 . 2008-08-04 22:01 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2008-08-04 22:01 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2008-08-04 22:01 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2008-08-04 22:01 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2008-08-04 22:01 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-09-07 14:47 . 2008-08-04 22:01 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-09-07 14:47 . 2008-08-04 22:01 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-07 14:46 . 2008-08-04 22:01 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-09-01 11:51 . 2004-08-04 10:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2004-08-04 10:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 14:22 . 2010-10-12 08:44 38856 ----a-w- c:\windows\system32\drivers\oahlp32.sys
2010-08-27 14:22 . 2010-10-12 08:44 25000 ----a-w- c:\windows\system32\drivers\OAmon.sys
2010-08-27 14:22 . 2010-10-12 08:44 29272 ----a-w- c:\windows\system32\drivers\OAnet.sys
2010-08-27 14:22 . 2010-10-12 08:44 201168 ----a-w- c:\windows\system32\drivers\OADriver.sys
2010-08-27 08:02 . 2004-08-04 10:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2004-08-04 10:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2004-08-04 10:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-04-15 09:39 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2004-08-04 10:00 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 22:51 . 2010-08-17 22:51 80090 ----a-w- c:\documents and settings\Terry\Application Data\SMBIOSSP.exe
2010-08-17 13:17 . 2004-08-04 10:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2004-08-04 10:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2006-05-03 09:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 216064 --sh--r- c:\windows\system32\nbDX.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zentimo xStorage Manager"="g:\zentimo\Zentimo.exe" [2010-10-28 1696080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-07-21 81920]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-20 282624]
"@OnlineArmor GUI"="g:\online armor\oaui.exe" [2010-08-27 2356848]
"IObit Security 360"="g:\iobit security 360\IS360tray.exe" [2010-06-11 1280344]
"ThreatFire"="g:\threatfire\TFTray.exe" [2008-11-17 263456]
c:\documents and settings\Terry\Start Menu\Programs\Startup\
Alienware Dock.lnk - f:\program files\AlienGUIse\AlienwareDock\ObjectDock.exe [2008-9-17 2074360]
Moo0 Magnifier 1.09.lnk - c:\magnifier 1.09\Magnifier.exe [2010-9-22 1552384]
Rightmove Desktop.lnk - l:\rightmove\Rightmove Desktop\Rightmove Desktop.exe [2010-9-19 132608]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"DisallowRun"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
"1"= firefox.exe
"2"= opera.exe
"3"= chrome.exe
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{1214FBE7-4464-4A7E-9958-B5851A7A30A3}"= "d:\program files\RecentX\RecentX\RXShell.dll" [2008-06-12 77824]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "g:\superantispyware\SASSEH.DLL" [2008-05-13 77824]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "g:\online~1\oaevent.dll" [2010-08-27 353992]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\documents and settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2010-05-02 11:53 548352 ----a-w- g:\superantispyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sasnative32
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Calendar Magic.lnk]
backup=c:\windows\pss\Calendar Magic.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Terry^Start Menu^Programs^Startup^.lnk]
backup=c:\windows\pss\.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Terry^Start Menu^Programs^Startup^RecentX.lnk]
backup=c:\windows\pss\RecentX.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Terry^Start Menu^Programs^Startup^Secunia PSI.lnk]
backup=c:\windows\pss\Secunia PSI.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 03:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
2010-09-28 20:33 2407632 ----a-w- g:\advanced systemcare 3\AWC.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AquaSnap]
2010-09-21 20:18 741376 ----a-w- g:\aquasnap\AquaSnap.Daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioHQ]
2000-05-11 00:00 205312 ----a-w- c:\program files\Creative\SBLive\AudioHQ\ahqtb.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\B2C_AGENT]
2010-08-23 05:41 329656 ----a-w- c:\documents and settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-11-16 19:04 139264 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\captrue.exe]
2008-09-05 16:55 673280
w- j:\captrue\captrue.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-16 20:04 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2006-07-21 17:48 98304 ----a-w- c:\windows\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntegryDESK]
2005-03-22 12:45 618496 ----a-w- i:\integrydesk\IntegryDESK.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 15:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pb_scheduler_agent]
2007-04-19 10:37 44544 ----a-w- g:\premium booster\scheduler.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
2010-09-04 21:58 160328 ----a-w- d:\roboform\robotaskbaricon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 15:07 2260480 --sha-r- i:\spybot - search & destroy\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-06-23 21:06 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-08-27 11:11 2424560 ----a-w- g:\superantispyware\SUPERANTISPYWARE.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-08-22 11:21 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ThreatFire]
2008-11-17 13:04 263456 ----a-w- g:\threatfire\TFTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-04-15 22:45 151597 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-03 18:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ThreatFire"=2 (0x2)
"ioloSystemService"=2 (0x2)
"ioloFileInfoList"=2 (0x2)
"NBService"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"WLSetupSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"gusvc"=3 (0x3)
"Lavasoft Ad-Aware Service"=2 (0x2)
"cmdAgent"=2 (0x2)
"TeamViewer4"=2 (0x2)
"idsvc"=3 (0x3)
"NetBurnerService"=3 (0x3)
"IAANTMON"=2 (0x2)
"AntiVirSchedulerService"=2 (0x2)
"RapportMgmtService"=2 (0x2)
"OAcat"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"ACDaemon"=2 (0x2)
"a2free"=2 (0x2)
"a2AntiMalware"=3 (0x3)
"NanoServiceMain"=2 (0x2)
"WinDefend"=2 (0x2)"Unhappiness is not knowing what we want, and killing ourselves to get it."Post Count: 4,111 Thanked 3,111 Times in 1,111 Posts (Actual figures as they once were))Women and cats will do as they please, and men and dogs should relax and get used to the idea.0 -
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"ArcSoft Connection Service"=c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Spotify\\spotify.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [29/04/2009 21:56 40560]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [09/11/2010 20:23 28552]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [25/12/2008 11:41 51488]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [25/12/2008 11:41 39200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [04/08/2008 22:01 165584]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [05/08/2008 09:47 133064]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [05/08/2008 09:47 25160]
R1 NetBurn;Paragon NetBurning Driver;c:\windows\system32\drivers\NetBurn.sys [13/12/2008 13:48 84488]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [12/10/2010 08:44 201168]
R1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [12/10/2010 08:44 38856]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [12/10/2010 08:44 25000]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [12/10/2010 08:44 29272]
R1 SASDIFSV;SASDIFSV;g:\superantispyware\SASDIFSV.SYS [28/07/2009 09:53 12872]
R1 SASKUTIL;SASKUTIL;g:\superantispyware\SASKUTIL.SYS [28/07/2009 09:53 67656]
R1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\drivers\StarPortLite.sys [05/08/2008 08:42 95592]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/11/2010 13:39 135336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [04/08/2008 22:01 17744]
R2 dvdmmg;dvdmmg;c:\windows\system32\drivers\dvdmmg.sys [06/09/2007 10:15 5504]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [16/07/2010 00:45 35088]
R2 OAcat;Online Armor Helper Service;g:\online armor\oacat.exe [12/10/2010 08:44 380272]
R2 SvcOnlineArmor;Online Armor;g:\online armor\oasrv.exe [12/10/2010 08:44 3638240]
R2 VDDriver;Virtual Disk Driver;d:\virtual disk\VDDriver.sys [22/05/2009 12:39 40952]
R2 ZentimoService;Zentimo Assistant;g:\zentimo\ZentimoService.exe [03/11/2010 14:08 240976]
R3 ArcCD;ArcCD Filter Driver Service;c:\windows\system32\drivers\ArcCD.sys [15/05/2010 17:24 36224]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [14/05/2009 11:05 16640]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [08/06/2010 18:01 0]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [08/06/2010 18:01 0]
S2 SCRCAMHRDRV;ScreenCamera HR;c:\windows\system32\drivers\SCRCAMHRDRV.sys [09/12/2009 09:48 234304]
S3 BCASPROT;Advanced System Protector;c:\program files\Systweak\Advanced System Protector\sasprot32.sys [04/05/2009 16:42 6656]
S3 FlashUSB;FlashUSB;c:\windows\system32\drivers\FlashUsb.sys [22/08/2010 22:34 16896]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [24/03/2009 11:03 7808]
S3 SASENUM;SASENUM;g:\superantispyware\SASENUM.SYS [28/07/2009 09:53 12872]
S3 se_filter;System Explorer Filter Driver;c:\windows\system32\drivers\SE_Filter.sys [02/01/2009 11:18 9216]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [25/12/2008 11:41 33056]
S4 ArcUdfs;ArcUdfs FileSystem Driver Service;c:\windows\system32\drivers\ArcUdfs.sys [15/05/2010 17:24 134912]
S4 GSService;GSService;c:\windows\system32\GSService.exe [02/11/2010 23:06 364544]
S4 IS360service;IS360service;g:\iobit security 360\is360srv.exe [05/11/2010 13:53 312152]
S4 NetBurnerService;Net Burner iSCSI Service;g:\drive back-up\Net Burner Service\NetBurnerService.exe [13/12/2008 13:48 222984]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [05/08/2008 08:42 721904]
S4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 18:19 13592]
--- Other Services/Drivers In Memory ---
*Deregistered* - ArcRec
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
2010-11-13 c:\windows\Tasks\Clean System Memory.job
- c:\windows\system32\CleanMem.exe [2010-09-08 05:54]
2010-11-13 c:\windows\Tasks\GlaryInitialize.job
- g:\glary utilities\initialize.exe [2009-01-12 09:32]
2010-11-13 c:\windows\Tasks\User_Feed_Synchronization-{8ED07C76-0A78-4661-870E-CF91F4A2F154}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
Supplementary Scan
.
uStart Page = hxxp://by150w.bay150.mail.live.com/default.aspx?wa=wsignin1.0
mStart Page = hxxp://www.bigseekpro.com/clipextractor/{A9E3981F-6A11-4EF1-A702-3819AB03CE4F}
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
IE: Customize Menu - [URL]file://d:\roboform\RoboFormComCustomizeIEMenu.html[/URL]
IE: Fill Forms - [URL]file://d:\roboform\RoboFormComFillForms.html[/URL]
IE: Identities Editor - [URL]file://d:\roboform\RoboFormComEditIdent.html[/URL]
IE: Locate Spot on Map by GPS - f:\iexif 2.3\IExifMap.htm
IE: Password Generator - [URL]file://d:\roboform\RoboFormComPasswordGenerator.html[/URL]
IE: RoboForm Toolbar - [URL]file://d:\roboform\RoboFormComShowToolbar.html[/URL]
IE: Save Forms - [URL]file://d:\roboform\RoboFormComSavePass.html[/URL]
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: View Exif/GPS/IPTC with IExif - f:\iexif 2.3\IExifCom.htm
IE: Zoom &in
IE: Zoom &out
Trusted Zone: google.com\maps
DPF: {0A43D7AC-D6C1-4622-B309-BF975F427C0E} - hxxps://internetbankingplus2.firstdirect.com/ibplus/frontdoorFD.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-13 22:53
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_USERS\S-1-5-21-746137067-606747145-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
[HKEY_USERS\S-1-5-21-746137067-606747145-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{63B97F04-9032-2D21-7BE0-EA7F7AE7EE4B}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"nanhidfkkcpkpahaeliapjmohhon"=hex:6a,61,65,67,68,69,66,68,66,65,6b,6d,6d,63,
68,6f,65,68,6b,70,00,0c
"madhoahnjofkbbmejiepajomch"=hex:6a,61,65,67,68,69,66,68,66,65,6b,6d,6d,63,68,
6f,65,68,6b,70,00,56
"abbaoepgoddjdfkamchgkahkhkddfmehpc"=hex:61,62,6b,68,62,64,67,68,65,6c,67,67,
64,67,6c,6a,64,62,6a,64,63,6d,70,67,70,6a,70,6e,61,6e,6a,63,62,66,00,77
"maoppejgogbliogaieoebfhdhf"=hex:64,62,64,68,6d,66,65,66,6b,65,6e,68,6a,68,6a,
63,64,63,66,69,61,62,70,63,61,68,6c,70,6a,61,6d,68,62,65,69,6a,69,64,6c,6b,\
[HKEY_USERS\S-1-5-21-746137067-606747145-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8AA92D77-C3A3-884A-7EA8-1CD3D0BBD18D}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-746137067-606747145-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F7DAF699-3319-E05F-CCAA-2BCB894FA322}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"naihibmkhoenfhpkbfemdhphimdc"=hex:6a,61,65,67,65,67,67,64,70,6b,6e,64,63,67,
67,63,62,69,66,6c,00,03
"macgobkcfnlbgaobohegbmmnlg"=hex:6a,61,65,67,65,67,67,64,70,6b,6e,64,63,67,67,
63,62,69,66,6c,00,56
[HKEY_LOCAL_MACHINE\software\Microsoft\EncryptionInterface*]
"l_encryption_d"="585A4A574A5F"
.
DLLs Loaded Under Running Processes
- - - - - - - > 'winlogon.exe'(528)
g:\superantispyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
- - - - - - - > 'explorer.exe'(3812)
c:\windows\system32\WININET.dll
f:\program files\AlienGUIse\AlienwareDock\DockShellHookOEM.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\wpdshext.dll
.
Other Running Processes
.
c:\windows\system32\devldr32.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
g:\online armor\OAhlp.exe
g:\iobit security 360\is360.exe
.
**************************************************************************
.
Completion time: 2010-11-13 22:58:16 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-13 22:58
ComboFix2.txt 2010-11-13 15:49
ComboFix3.txt 2010-11-12 19:52
ComboFix4.txt 2010-11-12 17:44
ComboFix5.txt 2010-11-13 22:41
Pre-Run: 25,449,734,144 bytes free
Post-Run: 25,448,398,848 bytes free
- - End Of File - - 8B680475D4767AB4CA6839922D71E30A"Unhappiness is not knowing what we want, and killing ourselves to get it."Post Count: 4,111 Thanked 3,111 Times in 1,111 Posts (Actual figures as they once were))Women and cats will do as they please, and men and dogs should relax and get used to the idea.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.2K Banking & Borrowing
- 253.6K Reduce Debt & Boost Income
- 454.3K Spending & Discounts
- 245.3K Work, Benefits & Business
- 601K Mortgages, Homes & Bills
- 177.5K Life & Family
- 259.1K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards