We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Please help . New infection
rizla01
Posts: 7,260 Forumite
in Techie Stuff
Damn thing wont let me run any programs.
I have a window called System Tool keep apearing
It is a very persistant virus that will not go away. Looked in Hijack this and could find no trace. ran Spybot which rebooted and ran again (After clearing some infections but this thing still persists.
I can run progs in safe mode but this time i have also been able to get online.
Everytime I try to run a program it tells me that prog is infected.
I am almost helpless.
Anyone?
I have a window called System Tool keep apearing
It is a very persistant virus that will not go away. Looked in Hijack this and could find no trace. ran Spybot which rebooted and ran again (After clearing some infections but this thing still persists.
I can run progs in safe mode but this time i have also been able to get online.
Everytime I try to run a program it tells me that prog is infected.
I am almost helpless.
Anyone?
"Unhappiness is not knowing what we want, and killing ourselves to get it."
Post Count: 4,111 Thanked 3,111 Times in 1,111 Posts (Actual figures as they once were))
Women and cats will do as they please, and men and dogs should relax and get used to the idea.
0
Comments
-
Follow this guide
http://www.bleepingcomputer.com/virus-removal/remove-system-tool
Post the malwarebytes log/s here:idea:0 -
Thanks Rik, Reliable as ever.
I am running Malwarebytes presently. I will post the logfile as requested but I doubt if I will here from you before 2morrow.
Is there anything that I aught to do following the scan (Will leave PC as is I.e. I won't reboot, till I hear from you)"Unhappiness is not knowing what we want, and killing ourselves to get it."Post Count: 4,111 Thanked 3,111 Times in 1,111 Posts (Actual figures as they once were))Women and cats will do as they please, and men and dogs should relax and get used to the idea.0 -
OK Here is the Malware Log.
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5922
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702
01/03/2011 23:47:21
mbam-log-2011-03-01 (23-47-21).txt
Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|L:\|M:\|N:\|)
Objects scanned: 448564
Time elapsed: 45 minute(s), 57 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\bPfAnNm06300 (Trojan.FakeAlert) -> Value: bPfAnNm06300 -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\documents and settings\all users\application data\bpfannm06300\bpfannm06300.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\system volume information\_restore{0a3cb4e6-b35e-4f11-baed-48e4398bd999}\RP149\A0024241.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.
d:\Music\buffy st marie\albumart_{7273fc22-fc8d-4822-ae69-321d996aab3f}_large.jpg (Extension.Mismatch) -> Quarantined and deleted successfully."Unhappiness is not knowing what we want, and killing ourselves to get it."Post Count: 4,111 Thanked 3,111 Times in 1,111 Posts (Actual figures as they once were))Women and cats will do as they please, and men and dogs should relax and get used to the idea.0 -
Here is the Hijack log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:49:32, on 01/03/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
G:\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Terry\Desktop\utilities\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://by150w.bay150.mail.live.com/default.aspx?wa=wsignin1.0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/clipextractor/{A9E3981F-6A11-4EF1-A702-3819AB03CE4F}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} -
\Roboform\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} -\Roboform\roboform.dll
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [@OnlineArmor GUI] "G:\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ProcessLassoManagementConsole] "G:\Process Lasso\processlasso.exe"
O4 - HKLM\..\Run: [ProcessGovernor] "G:\Process Lasso\processgovernor.exe"
O4 - HKLM\..\Run: [IObit Security 360] "G:\IObit Security 360\IS360tray.exe" /autostart
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "G:\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] G:\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] "C:\WINDOWS\is-TT27G.exe" /REG /REGSVRMODE
O4 - HKCU\..\Run: [Zentimo xStorage Manager] G:\Zentimo\Zentimo.exe /startup
O4 - S-1-5-18 Startup: Alienware Dock.lnk = F:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Moo0 Magnifier 1.09.lnk = C:\Magnifier 1.09\Magnifier.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Alienware Dock.lnk = F:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe (User 'Default user')
O4 - .DEFAULT Startup: Moo0 Magnifier 1.09.lnk = C:\Magnifier 1.09\Magnifier.exe (User 'Default user')
O4 - Startup: Alienware Dock.lnk = F:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
O4 - Startup: Moo0 Magnifier 1.09.lnk = C:\Magnifier 1.09\Magnifier.exe
O8 - Extra context menu item: Customize Menu - [URL]file://D:\Roboform\RoboFormComCustomizeIEMenu.html[/URL]
O8 - Extra context menu item: Fill Forms - [URL]file://D:\Roboform\RoboFormComFillForms.html[/URL]
O8 - Extra context menu item: Identities Editor - [URL]file://D:\Roboform\RoboFormComEditIdent.html[/URL]
O8 - Extra context menu item: Locate Spot on Map by GPS - F:\IExif 2.3\IExifMap.htm
O8 - Extra context menu item: Password Generator - [URL]file://D:\Roboform\RoboFormComPasswordGenerator.html[/URL]
O8 - Extra context menu item: RoboForm Toolbar - [URL]file://D:\Roboform\RoboFormComShowToolbar.html[/URL]
O8 - Extra context menu item: Save Forms - [URL]file://D:\Roboform\RoboFormComSavePass.html[/URL]
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - F:\IExif 2.3\IExifCom.htm
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - [URL]file://D:\Roboform\RoboFormComFillForms.html[/URL]
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - [URL]file://D:\Roboform\RoboFormComFillForms.html[/URL]
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - [URL]file://D:\Roboform\RoboFormComSavePass.html[/URL]
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - [URL]file://D:\Roboform\RoboFormComSavePass.html[/URL]
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - [URL]file://D:\Roboform\RoboFormComShowToolbar.html[/URL]
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - [URL]file://D:\Roboform\RoboFormComShowToolbar.html[/URL]
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1218797834562
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
O20 - Winlogon Notify: !SASWinLogon - G:\SASWINLO.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Online Armor Helper Service (OAcat) - Emsi Software GmbH - G:\Online Armor\OAcat.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Emsi Software GmbH - G:\Online Armor\oasrv.exe
O23 - Service: Zentimo Assistant (ZentimoService) - Unknown owner - G:\Zentimo\ZentimoService.exe
--
End of file - 6570 bytes
I have NOT rebooted as Malwarebytes recommended before running the Hijackthis prog.
Should I re-boot now?"Unhappiness is not knowing what we want, and killing ourselves to get it."Post Count: 4,111 Thanked 3,111 Times in 1,111 Posts (Actual figures as they once were))Women and cats will do as they please, and men and dogs should relax and get used to the idea.0 -
yes, then re-run hjt......Gettin' There, Wherever There is......
I have a dodgy "i" key, so ignore spelling errors due to "i" issues, ...I blame Apple
0 -
Here is the latest
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:06:22, on 02/03/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
G:\Zentimo\ZentimoService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
G:\Online Armor\OAcat.exe
G:\Online Armor\oasrv.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\igfxpers.exe
G:\Online Armor\oaui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
G:\Process Lasso\processlasso.exe
G:\Online Armor\OAhlp.exe
G:\Process Lasso\processgovernor.exe
G:\IObit Security 360\IS360tray.exe
G:\Zentimo\Zentimo.exe
F:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
C:\Magnifier 1.09\Magnifier.exe
C:\program files\internet explorer\iexplore.exe
C:\program files\internet explorer\iexplore.exe
C:\Documents and Settings\Terry\Desktop\utilities\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://by150w.bay150.mail.live.com/default.aspx?wa=wsignin1.0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/clipextractor/{A9E3981F-6A11-4EF1-A702-3819AB03CE4F}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} -\Roboform\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} -\Roboform\roboform.dll
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [@OnlineArmor GUI] "G:\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ProcessLassoManagementConsole] "G:\Process Lasso\processlasso.exe"
O4 - HKLM\..\Run: [ProcessGovernor] "G:\Process Lasso\processgovernor.exe"
O4 - HKLM\..\Run: [IObit Security 360] "G:\IObit Security 360\IS360tray.exe" /autostart
O4 - HKCU\..\Run: [Zentimo xStorage Manager] G:\Zentimo\Zentimo.exe /startup
O4 - S-1-5-18 Startup: Alienware Dock.lnk = F:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Moo0 Magnifier 1.09.lnk = C:\Magnifier 1.09\Magnifier.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Alienware Dock.lnk = F:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe (User 'Default user')
O4 - .DEFAULT Startup: Moo0 Magnifier 1.09.lnk = C:\Magnifier 1.09\Magnifier.exe (User 'Default user')
O4 - Startup: Alienware Dock.lnk = F:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
O4 - Startup: Moo0 Magnifier 1.09.lnk = C:\Magnifier 1.09\Magnifier.exe
O8 - Extra context menu item: Customize Menu - [URL]file://D:\Roboform\RoboFormComCustomizeIEMenu.html[/URL]
O8 - Extra context menu item: Fill Forms - [URL]file://D:\Roboform\RoboFormComFillForms.html[/URL]
O8 - Extra context menu item: Identities Editor - [URL]file://D:\Roboform\RoboFormComEditIdent.html[/URL]
O8 - Extra context menu item: Locate Spot on Map by GPS - F:\IExif 2.3\IExifMap.htm
O8 - Extra context menu item: Password Generator - [URL]file://D:\Roboform\RoboFormComPasswordGenerator.html[/URL]
O8 - Extra context menu item: RoboForm Toolbar - [URL]file://D:\Roboform\RoboFormComShowToolbar.html[/URL]
O8 - Extra context menu item: Save Forms - [URL]file://D:\Roboform\RoboFormComSavePass.html[/URL]
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - F:\IExif 2.3\IExifCom.htm
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - [URL]file://D:\Roboform\RoboFormComFillForms.html[/URL]
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - [URL]file://D:\Roboform\RoboFormComFillForms.html[/URL]
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - [URL]file://D:\Roboform\RoboFormComSavePass.html[/URL]
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - [URL]file://D:\Roboform\RoboFormComSavePass.html[/URL]
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - [URL]file://D:\Roboform\RoboFormComShowToolbar.html[/URL]
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - [URL]file://D:\Roboform\RoboFormComShowToolbar.html[/URL]
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1218797834562
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
O20 - Winlogon Notify: !SASWinLogon - G:\SASWINLO.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Online Armor Helper Service (OAcat) - Emsi Software GmbH - G:\Online Armor\OAcat.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Emsi Software GmbH - G:\Online Armor\oasrv.exe
O23 - Service: Zentimo Assistant (ZentimoService) - Unknown owner - G:\Zentimo\ZentimoService.exe
--
End of file - 6833 bytes"Unhappiness is not knowing what we want, and killing ourselves to get it."Post Count: 4,111 Thanked 3,111 Times in 1,111 Posts (Actual figures as they once were))Women and cats will do as they please, and men and dogs should relax and get used to the idea.0 -
Please run COMBOFIX
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Shut down your anti virus
Follow the simple instructions it gives
Post the COMPLETE log it creates here (Split into sections if need be) ~ if there are loads of 'SNAPSHOT' pages then leave them out
If it comes up with a RENAMING error then RIGHT click the exe file and RENAME and call it QWERTY (Making the complete file name 'QWERTY.exe') Or SAVE as 'QWERTY' on download
(If no log comes up or you lose it, COMBOFIX.TXT can be found in C drive):idea:0 -
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2038.1641 [GMT 0:00]
Running from: c:\documents and settings\Terry\Desktop\ComboFix.exe
AV: a-squared Anti-Malware *Enabled/Updated* {0F8591BB-342B-4493-91C3-4E948ED21255}
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *Disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
FW: Online Armor Firewall *Enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Terry\Application Data\EurekaLog
c:\documents and settings\Terry\Local Settings\Application Data\{15514744-7FC5-4C32-B5BC-9AE3CE01876B}
c:\documents and settings\Terry\Local Settings\Application Data\{15514744-7FC5-4C32-B5BC-9AE3CE01876B}\chrome.manifest
c:\documents and settings\Terry\Local Settings\Application Data\{15514744-7FC5-4C32-B5BC-9AE3CE01876B}\chrome\content\_cfg.js
c:\documents and settings\Terry\Local Settings\Application Data\{15514744-7FC5-4C32-B5BC-9AE3CE01876B}\chrome\content\overlay.xul
c:\documents and settings\Terry\Local Settings\Application Data\{15514744-7FC5-4C32-B5BC-9AE3CE01876B}\install.rdf
C:\RECYCLER(2)
c:\recycler(2)\S-1-5-21-746137067-606747145-725345543-1004(2)\INFO2
G:\Uninstall.exe
.
((((((((((((((((((((((((( Files Created from 2011-02-02 to 2011-03-02 )))))))))))))))))))))))))))))))
.
2011-03-01 23:08 . 2011-03-01 23:08 709456 ----a-w- c:\windows\isRS-000.tmp
2011-03-01 22:34 . 2010-09-06 09:26 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-03-01 17:46 . 2011-03-01 23:47
d
w- c:\documents and settings\All Users\Application Data\bPfAnNm06300
2011-02-27 18:14 . 2011-03-01 09:11 0 ----a-w- c:\windows\Jrumijigo.bin
2011-02-25 10:24 . 2011-02-25 10:24 292240 ---ha-r- c:\windows\system32\cpnprtuk.cid
2011-02-25 10:24 . 2011-02-25 10:24 398760 ---ha-r- c:\windows\system32\cpnprt2.cid
2011-02-25 10:24 . 2011-02-25 10:24
d
w- c:\windows\Cache
2011-02-25 10:24 . 2011-02-25 10:24 31 ---ha-w- c:\windows\UKCpInfo.sys
2011-02-18 22:18 . 2011-02-18 22:18
d
w- c:\documents and settings\All Users\Application Data\Aiseesoft Total Media Converter
2011-02-10 16:15 . 2011-02-10 16:15
d
w- c:\windows\system32\skins
2011-02-10 16:08 . 2011-02-10 16:08
d
w- c:\documents and settings\Terry\Application Data\Tordex
2011-02-10 16:08 . 2011-02-10 16:14
d
w- c:\program files\TrueLaunchBar
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2004-08-04 10:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-21 12:30 . 2011-01-21 12:30 311296 ----a-w- c:\windows\system32\EMRegSys.dll
2011-01-17 20:03 . 2011-01-17 20:42 12952 ----a-w- c:\windows\system32\drivers\PSVolAcc.sys
2011-01-17 20:02 . 2011-01-17 20:42 16024 ----a-w- c:\windows\system32\drivers\pssnap.sys
2011-01-17 20:02 . 2011-01-17 20:42 45208 ----a-w- c:\windows\system32\drivers\psmounter.sys
2011-01-07 14:09 . 2004-08-04 10:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2011-01-01 11:35 . 2010-11-02 23:06 695901 ----a-w- c:\windows\system32\unins000.exe
2010-12-31 13:10 . 2004-08-04 10:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-23 13:21 . 2010-11-10 13:39 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-12-22 12:34 . 2004-08-04 10:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59 . 2004-08-04 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59 . 2004-08-04 10:00 1469440
w- c:\windows\system32\inetcpl.cpl
2010-12-20 18:09 . 2008-12-30 12:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 18:08 . 2008-12-30 12:24 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-20 17:26 . 2004-08-04 10:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2004-08-04 10:00 385024 ----a-w- c:\windows\system32\html.iec
2010-12-12 11:39 . 2010-12-12 11:39 76696 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-12-09 15:15 . 2004-08-04 10:00 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30 . 2004-08-04 10:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:42 . 2005-03-30 01:21 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07 . 2005-03-30 01:01 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2006-05-03 09:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 216064 --sh--r- c:\windows\system32\nbDX.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zentimo xStorage Manager"="g:\zentimo\Zentimo.exe" [2010-10-28 1696080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-07-21 81920]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-20 282624]
"@OnlineArmor GUI"="g:\online armor\oaui.exe" [2010-08-27 2356848]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]
"ProcessLassoManagementConsole"="g:\process lasso\processlasso.exe" [2011-01-12 542224]
"ProcessGovernor"="g:\process lasso\processgovernor.exe" [2011-01-12 293904]
"IObit Security 360"="g:\iobit security 360\IS360tray.exe" [2010-06-11 1280344]
c:\documents and settings\Terry\Start Menu\Programs\Startup\
Alienware Dock.lnk - f:\program files\AlienGUIse\AlienwareDock\ObjectDock.exe [2008-9-17 2074360]
Moo0 Magnifier 1.09.lnk - c:\magnifier 1.09\Magnifier.exe [2010-9-22 1552384]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"DisallowRun"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
"1"= firefox.exe
"2"= opera.exe
"3"= chrome.exe
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{1214FBE7-4464-4A7E-9958-B5851A7A30A3}"= "d:\program files\RecentX\RecentX\RXShell.dll" [2008-06-12 77824]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "G:\SASSEH.DLL" [2008-05-13 77824]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "g:\online~1\oaevent.dll" [2010-08-27 353992]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\documents and settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- G:\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sasnative32
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service""Unhappiness is not knowing what we want, and killing ourselves to get it."Post Count: 4,111 Thanked 3,111 Times in 1,111 Posts (Actual figures as they once were))Women and cats will do as they please, and men and dogs should relax and get used to the idea.0 -
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^.lnk]
backup=c:\windows\pss\.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Calendar Magic.lnk]
backup=c:\windows\pss\Calendar Magic.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Terry^Start Menu^Programs^Startup^.lnk]
backup=c:\windows\pss\.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Terry^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Terry^Start Menu^Programs^Startup^RecentX.lnk]
backup=c:\windows\pss\RecentX.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Terry^Start Menu^Programs^Startup^Rightmove Desktop.lnk]
backup=c:\windows\pss\Rightmove Desktop.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Terry^Start Menu^Programs^Startup^Secunia PSI.lnk]
backup=c:\windows\pss\Secunia PSI.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 03:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-07-29 01:25 497648 ----a-w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
2010-12-16 16:19 2402512 ----a-w- g:\advanced systemcare 3\AWC.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AquaSnap]
2010-09-21 20:18 741376 ----a-w- g:\aquasnap\AquaSnap.Daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioHQ]
2000-05-11 00:00 205312 ----a-w- c:\program files\Creative\SBLive\AudioHQ\ahqtb.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\B2C_AGENT]
2010-08-23 05:41 329656 ----a-w- c:\documents and settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-11-16 19:04 139264 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\captrue.exe]
2008-09-05 16:55 673280
w- j:\captrue\captrue.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-16 20:04 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2006-07-21 17:48 98304 ----a-w- c:\windows\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntegryDESK]
2005-03-22 12:45 618496 ----a-w- i:\integrydesk\IntegryDESK.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IObit Security 360]
2010-06-11 18:14 1280344 ----a-w- g:\iobit security 360\is360tray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lcafeju]
2008-04-14 00:12 355840 ----a-w- c:\windows\oriregad.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 15:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pb_scheduler_agent]
2007-04-19 10:37 44544 ----a-w- g:\premium booster\scheduler.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
2010-09-04 21:58 160328 ----a-w- d:\roboform\robotaskbaricon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 15:07 2260480 --sha-r- i:\spybot - search & destroy\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-06-23 21:06 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-02-14 16:55 10421552 ----a-w- g:\superantispyware\SUPERANTISPYWARE.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-08-22 11:21 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ThreatFire]
2008-11-17 13:04 263456 ----a-w- g:\threatfire\TFTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-04-15 22:45 151597 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-03 18:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ThreatFire"=2 (0x2)
"ioloSystemService"=2 (0x2)
"ioloFileInfoList"=2 (0x2)
"NBService"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"WLSetupSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"gusvc"=3 (0x3)
"Lavasoft Ad-Aware Service"=2 (0x2)
"cmdAgent"=2 (0x2)
"TeamViewer4"=2 (0x2)
"idsvc"=3 (0x3)
"NetBurnerService"=3 (0x3)
"IAANTMON"=2 (0x2)
"RapportMgmtService"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"ACDaemon"=2 (0x2)
"a2free"=2 (0x2)
"a2AntiMalware"=3 (0x3)
"NanoServiceMain"=2 (0x2)
"WinDefend"=2 (0x2)
"ReflectService"=2 (0x2)
"AdobeActiveFileMonitor9.0"=2 (0x2)
"Adobe LM Service"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"ArcSoft Connection Service"=c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Spotify\\spotify.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"="Unhappiness is not knowing what we want, and killing ourselves to get it."Post Count: 4,111 Thanked 3,111 Times in 1,111 Posts (Actual figures as they once were))Women and cats will do as they please, and men and dogs should relax and get used to the idea.0 -
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [29/04/2009 21:56 40560]
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [17/01/2011 20:42 16024]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [25/12/2008 11:41 51488]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [25/12/2008 11:41 39200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [04/08/2008 22:01 165584]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [05/08/2008 09:47 133064]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [05/08/2008 09:47 25160]
R1 NetBurn;Paragon NetBurning Driver;c:\windows\system32\drivers\NetBurn.sys [13/12/2008 13:48 84488]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [12/10/2010 08:44 201168]
R1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [12/10/2010 08:44 38856]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [12/10/2010 08:44 25000]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [12/10/2010 08:44 29272]
R1 SASDIFSV;SASDIFSV;G:\sasdifsv.sys [17/02/2010 18:25 12872]
R1 SASKUTIL;SASKUTIL;G:\SASKUTIL.SYS [10/05/2010 18:41 67656]
R1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\drivers\StarPortLite.sys [05/08/2008 08:42 95592]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/11/2010 13:39 135336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [04/08/2008 22:01 17744]
R2 dvdmmg;dvdmmg;c:\windows\system32\drivers\dvdmmg.sys [06/09/2007 10:15 5504]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [16/07/2010 00:45 35088]
R2 OAcat;Online Armor Helper Service;g:\online armor\oacat.exe [12/10/2010 08:44 380272]
R2 SvcOnlineArmor;Online Armor;g:\online armor\oasrv.exe [12/10/2010 08:44 3638240]
R2 VDDriver;Virtual Disk Driver;d:\virtual disk\VDDriver.sys [22/05/2009 12:39 40952]
R2 ZentimoService;Zentimo Assistant;g:\zentimo\ZentimoService.exe [03/11/2010 14:08 240976]
R3 ArcCD;ArcCD Filter Driver Service;c:\windows\system32\drivers\ArcCD.sys [15/05/2010 17:24 36224]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [14/05/2009 11:05 16640]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [08/06/2010 18:01 0]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [08/06/2010 18:01 0]
S2 SCRCAMHRDRV;ScreenCamera HR;c:\windows\system32\drivers\SCRCAMHRDRV.sys [09/12/2009 09:48 234304]
S3 BCASPROT;Advanced System Protector;c:\program files\Systweak\Advanced System Protector\sasprot32.sys [04/05/2009 16:42 6656]
S3 FlashUSB;FlashUSB;c:\windows\system32\drivers\FlashUsb.sys [22/08/2010 22:34 16896]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [24/03/2009 11:03 7808]
S3 SASENUM;SASENUM;g:\superantispyware\SASENUM.SYS [28/07/2009 09:53 12872]
S3 se_filter;System Explorer Filter Driver;c:\windows\system32\drivers\SE_Filter.sys [02/01/2009 11:18 9216]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [25/12/2008 11:41 33056]
S4 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;f:\adobe xx\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [06/09/2010 02:19 169408]
S4 ArcUdfs;ArcUdfs FileSystem Driver Service;c:\windows\system32\drivers\ArcUdfs.sys [15/05/2010 17:24 134912]
S4 IS360service;IS360service;g:\iobit security 360\is360srv.exe [05/11/2010 13:53 312152]
S4 NetBurnerService;Net Burner iSCSI Service;g:\drive back-up\Net Burner Service\NetBurnerService.exe [13/12/2008 13:48 222984]
S4 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [17/01/2011 20:42 220824]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [05/08/2008 08:42 721904]
S4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 18:19 13592]
--- Other Services/Drivers In Memory ---
*Deregistered* - ArcRec
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
2011-03-02 c:\windows\Tasks\Clean System Memory.job
- c:\windows\system32\CleanMem.exe [2010-09-08 05:54]
2011-03-02 c:\windows\Tasks\GlaryInitialize.job
- g:\glary utilities\initialize.exe [2009-01-12 09:32]
2011-03-02 c:\windows\Tasks\User_Feed_Synchronization-{8ED07C76-0A78-4661-870E-CF91F4A2F154}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
Supplementary Scan
.
uStart Page = hxxp://by150w.bay150.mail.live.com/default.aspx?wa=wsignin1.0
mStart Page = hxxp://www.bigseekpro.com/clipextractor/{A9E3981F-6A11-4EF1-A702-3819AB03CE4F}
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
IE: Customize Menu - [URL]file://d:\roboform\RoboFormComCustomizeIEMenu.html[/URL]
IE: Fill Forms - [URL]file://d:\roboform\RoboFormComFillForms.html[/URL]
IE: Identities Editor - [URL]file://d:\roboform\RoboFormComEditIdent.html[/URL]
IE: Locate Spot on Map by GPS - f:\iexif 2.3\IExifMap.htm
IE: Password Generator - [URL]file://d:\roboform\RoboFormComPasswordGenerator.html[/URL]
IE: RoboForm Toolbar - [URL]file://d:\roboform\RoboFormComShowToolbar.html[/URL]
IE: Save Forms - [URL]file://d:\roboform\RoboFormComSavePass.html[/URL]
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: View Exif/GPS/IPTC with IExif - f:\iexif 2.3\IExifCom.htm
IE: Zoom &in
IE: Zoom &out
Trusted Zone: google.com\maps
.
.
File Associations
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-bPfAnNm06300 - c:\documents and settings\All Users\Application Data\bPfAnNm06300\bPfAnNm06300.exe
MSConfigStartUp-Fjexu - c:\windows\msnmpro.dll
AddRemove-{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA} - g:\\Uninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-02 02:19
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0"Unhappiness is not knowing what we want, and killing ourselves to get it."Post Count: 4,111 Thanked 3,111 Times in 1,111 Posts (Actual figures as they once were))Women and cats will do as they please, and men and dogs should relax and get used to the idea.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.3K Banking & Borrowing
- 253.6K Reduce Debt & Boost Income
- 454.3K Spending & Discounts
- 245.3K Work, Benefits & Business
- 601.1K Mortgages, Homes & Bills
- 177.5K Life & Family
- 259.2K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards