We’d like to remind Forumites to please avoid political debate on the Forum.

This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.

📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

Vista Internet Security 2011

123578

Comments

  • tesuhoha
    tesuhoha Posts: 17,971 Forumite
    Part of the Furniture 10,000 Posts Combo Breaker Mortgage-free Glee!
    kapersky found no threats
    The forest would be very silent if no birds sang except for the birds that sang the best






  • RussJK
    RussJK Posts: 2,359 Forumite
    As I said don't be concerned about the iExplore.exe and eXplorer.exe as they are safe. They are the tools meant to disable the vista internet security 2011, but looking at the rkill log you posted - it doesn't seem that they did really.
  • tesuhoha
    tesuhoha Posts: 17,971 Forumite
    Part of the Furniture 10,000 Posts Combo Breaker Mortgage-free Glee!
    am now on hijack hunter
    The forest would be very silent if no birds sang except for the birds that sang the best






  • tesuhoha
    tesuhoha Posts: 17,971 Forumite
    Part of the Furniture 10,000 Posts Combo Breaker Mortgage-free Glee!
    Hijack Hunter 1.8.4.1
    http://www.novirusthanks.org
    Log created on 05/04/2011 at 22:31:37
    [+] Generic system info
    Operating System: Windows Vista (TM) Home Basic Service Pack 2 32-bit
    Build Version: 6002.vistasp2_gdr.101014-0432
    Internet Explorer: 8.0.6001.19019
    System Folder: C:\Windows\system32
    [+] Running processes
    [System Process] (0 bytes) (Unknown) () (HSAR) (d41d8cd98f00b204e9800998ecf8427e)
    System (0 bytes) (Unknown) () (HSAR) (d41d8cd98f00b204e9800998ecf8427e)
    C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (767208 bytes) (Trusteer Ltd.) (03/10/2010 23:43:16) (--A-) (8115a86e328dd314e94636f4d66c2770)
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe (241746 bytes) (IDT, Inc.) (04/04/2009 03:52:02) (--A-) (cb2449150a5ea17caa0b94363d9440cc)
    C:\Program Files\Dell\DellDock\DockLogin.exe (155648 bytes) (Stardock Corporation) (24/09/2008 04:09:52) (--A-) (db29915209770d8b59654345ec2d943a)
    C:\Program Files\Virgin Media\Security\Fws.exe (371920 bytes) (Virgin Media) (04/01/2010 13:16:30) (--A-) (72612cc96156957adfdfe35aaa456a36)
    C:\Windows\System32\WLTRYSVC.EXE (26112 bytes) (Unknown) (04/04/2009 01:15:33) (--A-) (8f9ae85fb8fd7dac24ba540c53e8cfa9)
    C:\Windows\System32\bcmwltry.exe (2809856 bytes) (Dell Inc.) (04/04/2009 01:15:33) (--A-) (f601cce598c078b8f83d21cd56c42401)
    C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe (5832712 bytes) (AVG Technologies CZ, s.r.o.) (13/12/2010 13:21:27) (--A-) (c4890ace6384522e9b678f403ab5a145)
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe (81920 bytes) (Andrea Electronics Corporation) (04/04/2009 03:52:02) (--A-) (087b04ca45e2f059a55709b0b8f95ea9)
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (354840 bytes) (Intel Corporation) (04/04/2009 01:20:07) (--A-) (7b96206e4bdd2fe582f0dbc46f5f410e)
    C:\Program Files\Virgin Media\Security\RpsSecurityAwareR.exe (165408 bytes) (Virgin Media) (04/01/2010 13:17:30) (--A-) (ac4ab3057bb489b25ea2ee2d718f2072)
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (249136 bytes) (Microsoft Corporation) (22/09/2010 13:03:38) (--A-) (16a252022535b680046f6e34e136d378)
    C:\Program Files\Virgin Media\HUB\ServicepointService.exe (668912 bytes) (Radialpoint Inc.) (13/12/2010 13:12:32) (--A-) (b2a68ff28ce1c3f762397a6403798605)
    C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (92008 bytes) (TomTom) (24/08/2010 10:38:18) (--A-) (747e60b773e95f6c93d5621b550d6865)
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (1710464 bytes) (Microsoft Corp.) (21/09/2010 15:03:14) (--A-) (0a70f4022ec2e14c159efc4f69aa2477)
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (193408 bytes) (Microsoft Corp.) (21/09/2010 15:03:14) (--A-) (9c879e1c3b27085fb46efeccd7120d51)
    C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (1266920 bytes) (Trusteer Ltd.) (03/10/2010 23:43:16) (--A-) (3ddf79568d3b7ea84d71718a16df0954)
    C:\Program Files\Virgin Media\Security\rps.exe (377576 bytes) (Virgin Media) (04/01/2010 13:17:30) (--A-) (cc6b96a9c7417a9338e35bf6ec30b7b2)
    C:\Program Files\Dell\DellDock\DellDock.exe (1295656 bytes) (Stardock Corporation) (24/09/2008 04:09:52) (--A-) (58d9c70b01dbf2deaea787a1d7c869bb)
    C:\Program Files\DellTPad\Apoint.exe (200704 bytes) (Alps Electric Co., Ltd.) (04/04/2009 03:52:06) (--A-) (97dceb849b1537e9090135a0982e322d)
    C:\Windows\System32\hkcmd.exe (178712 bytes) (Intel Corporation) (04/04/2009 03:52:25) (--A-) (2413ec683c216b8a96e1bbc9cd1e01a2)
    C:\Windows\System32\igfxpers.exe (154136 bytes) (Intel Corporation) (04/04/2009 03:52:25) (--A-) (953e9e1a9a2d0e862bb75fbfdedb58f4)
    C:\Windows\System32\WLTRAY.EXE (3810304 bytes) (Dell Inc.) (04/04/2009 01:15:33) (--A-) (4b36c7d9710c60ea7725685753bbfa5c)
    C:\Program Files\Dell\QuickSet\quickset.exe (1735760 bytes) (Dell Inc.) (09/01/2009 18:06:32) (--A-) (f21e12716f97300532e6cd9eb7cec280)
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (178712 bytes) (Intel Corporation) (04/04/2009 01:20:07) (--A-) (2521d0c1b65acb7752ca365f538949e4)
    C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (128296 bytes) (CyberLink Corp.) (04/04/2009 01:32:09) (--A-) (186c9d39541cc0dffcc454f79aa0b0bf)
    C:\Program Files\IDT\WDM\sttray.exe (483420 bytes) (IDT, Inc.) (03/04/2009 19:57:39) (--A-) (b6e8ef7e1ed1ea0fc37b9710b3196dce)
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (932288 bytes) (Adobe Systems Incorporated) (20/09/2010 23:07:44) (--AR) (bad6bea0de1f69c82bdb74378ce0c20a)
    C:\Program Files\Real\RealPlayer\Update\realsched.exe (274608 bytes) (RealNetworks, Inc.) (12/12/2010 21:18:15) (--A-) (869513ca8428f231c7cac62a6f9b974a)
    C:\Program Files\Virgin Media\HUB\VirginMediaHUB.exe (4277488 bytes) (Virgin Media) (13/12/2010 13:12:32) (--A-) (ea2bbf219532fe2cc7ab6bcb0eadf82c)
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (39408 bytes) (Google Inc.) (29/12/2009 22:56:27) (--A-) (5d61be7db55b026a5d61a3eed09d0ead)
    C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (247144 bytes) (TomTom) (24/08/2010 10:38:16) (--A-) (fbaa7a56d573be55a65ad5b8c17eca03)
    C:\Program Files\Virgin Media\HUB\VirginMediaHUBComHandler.exe (468208 bytes) (Radialpoint Inc.) (13/12/2010 13:12:33) (--A-) (cddba3d584333b314b8790af2c583785)
    C:\Windows\system32\igfxsrvc.exe (256536 bytes) (Intel Corporation) (04/04/2009 03:52:25) (--A-) (ad39bb2aa03b0747ac58696c82ec729b)
    C:\Program Files\DellTPad\ApMsgFwd.exe (46376 bytes) (Alps Electric Co., Ltd.) (04/04/2009 03:52:06) (--A-) (b3353d24f65e3520199e68ffc50bc667)
    C:\Program Files\DellTPad\HidFind.exe (40960 bytes) (Alps Electric Co., Ltd.) (04/04/2009 03:52:06) (--A-) (b3f1e7ed7aecb1d4b8d24a3734b2c641)
    C:\Program Files\DellTPad\Apntex.exe (49152 bytes) (Alps Electric Co., Ltd.) (04/04/2009 03:52:06) (--A-) (359937efd1763df9f8b8d166bd4cc022)
    C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe (233936 bytes) (Adobe Systems, Inc.) (13/12/2010 09:25:18) (--A-) (711fd53e441255983c0ab014e2f107f4)
    C:\Program Files\NoVirusThanks\Hijack Hunter\HijackHunter.exe (628736 bytes) (NoVirusThanks Company Srl) (05/04/2011 22:24:08) (--A-) (b6ffa83b91d78a0369fe0e15e4dba69c)
    [+] Loaded Modules
    C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (1686016 bytes) (Microsoft Corporation) (13/10/2010 21:44:58) (--A-) (be3c082837866c4c291adaf163c10ea6)
    C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (1748992 bytes) (Microsoft Corporation) (10/09/2009 18:09:06) (--A-) (416185d6077099e8d298dc6117d49d98)
    C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_88f3a38569c2c436\COMCTL32.dll (531968 bytes) (Microsoft Corporation) (13/10/2010 21:44:56) (--A-) (35acd5ea63d75e97dd0e9a1629e582b2)
    C:\Windows\system32\stapi32.dll (429056 bytes) (IDT, Inc.) (04/04/2009 03:52:02) (--A-) (cc2374623c0ff7e9838f24d31781e03e)
    C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80.DLL (1105920 bytes) (Microsoft Corporation) (13/05/2010 18:21:42) (--A-) (4928ab3a304ddf05c354de3807a4a66b)
    C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\MSVCR80.dll (632656 bytes) (Microsoft Corporation) (13/05/2010 18:21:28) (--A-) (1169436ee42f860c7db37a4692b38f0e)
    C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\MSVCP80.dll (554832 bytes) (Microsoft Corporation) (13/05/2010 18:21:28) (--A-) (8c53ccd787c381cd535d8dcca12584d8)
    C:\Windows\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_03ca5532205cb096\MFC80ENU.DLL (57344 bytes) (Microsoft Corporation) (13/05/2010 18:21:08) (--A-) (d8584c7fb9a1ba8480f9000c1ca1b415)
    C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\MSVCR90.dll (653120 bytes) (Microsoft Corporation) (16/11/2010 22:31:50) (--A-) (7538050656fe5d63cb4b80349dd1cfe3)
    C:\Windows\WinSxS\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_dcc7eae99ad0d9cf\mfc90u.dll (3783672 bytes) (Microsoft Corporation) (04/04/2009 01:16:37) (--A-) (a76104d8d9aba3670fd3cea603d70ada)
    C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcm90.dll (225280 bytes) (Microsoft Corporation) (16/11/2010 22:31:50) (--A-) (67bdb40fbe6cecc320507161b58d134a)
    C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\MSVCP90.dll (569664 bytes) (Microsoft Corporation) (16/11/2010 22:31:50) (--A-) (b2eee3dee31f50e082e9c720a6d7757d)
    C:\Windows\WinSxS\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1\MFC90ENU.DLL (56832 bytes) (Microsoft Corporation) (04/04/2009 01:16:39) (--A-) (2229324ce0374811ca64a19ee62f130b)
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll (413008 bytes) (Microsoft Corporation) (18/03/2010 13:16:28) (--A-) (83ba5e873164a3711b44052f58c8fe9f)
    C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\98bbdd8c400493ad228b8283665cc9da\mscorlib.ni.dll (11490816 bytes) (Microsoft Corporation) (13/08/2010 16:17:29) (--A-) (dd48695d9b86dc5970c3f54c84dbbd4f)
    C:\Windows\System32\bcmwlrmt.dll (54784 bytes) (Unknown) (04/04/2009 01:15:34) (--A-) (6dcb6ad4a747b586907a4dc6f318d22e)
    C:\Windows\System32\wltrynt.dll (51712 bytes) (Broadcom Corporation) (04/04/2009 01:15:34) (--A-) (1f450ff29e340b33d3e89a260aa8674d)
    C:\Windows\WinSxS\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_51ca66a2bbe76806\ATL90.DLL (159032 bytes) (Microsoft Corporation) (30/10/2009 18:27:51) (--A-) (78b62e4c13378f737603136975a07e1a)
    C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ed6ae2749d12c4729ee43ff339de4bb8\System.ni.dll (7949824 bytes) (Microsoft Corporation) (13/08/2010 16:18:06) (--A-) (bbe4a86378ebf12e1e605ffb6113eb3c)
    C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\9b8e883fd5fa51f026577156a0ee9d57\System.Runtime.Remoting.ni.dll (771584 bytes) (Microsoft Corporation) (06/10/2010 20:06:08) (--A-) (d4c52d7963b89e783b9321aa69170666)
    C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\7187abb11454f0dece04ed04dea43929\System.Management.ni.dll (998400 bytes) (Microsoft Corporation) (13/08/2010 16:35:38) (--A-) (67f54b8d07520baffe0120986289c0fd)
    C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\62dfd8797881fd7a0d0de3f448a18c01\System.Web.ni.dll (11804672 bytes) (Microsoft Corporation) (06/10/2010 20:06:04) (--A-) (d7f70b10fdc420761e6c40afd901c19d)
    C:\Windows\System32\hpzlllhn.dll (37376 bytes) (Hewlett-Packard Company) (21/01/2008 03:32:30) (--A-) (16ee199006a653ee8937632459cb66be)
    C:\Windows\System32\msonpmon.dll (32656 bytes) (Microsoft Corporation) (04/04/2009 01:53:23) (--A-) (8a55c033f2d2c9318aa8f85f80117ba8)
    C:\Windows\system32\spool\PRTPROCS\W32X86\hpzpplhn.dll (89600 bytes) (Hewlett-Packard Corporation) (17/11/2009 21:52:52) (--A-) (801decf3a583c270e5c398fcd082e3dd)
    C:\Windows\system32\spool\PRTPROCS\W32X86\msonpppr.dll (33104 bytes) (Microsoft Corporation) (04/04/2009 01:53:23) (--A-) (f348280907b38fdbdb3cef55d456e149)
    C:\Windows\WinSxS\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1\ATL80.DLL (97280 bytes) (Microsoft Corporation) (30/10/2009 18:22:04) (--A-) (3e9a33113d663d8bd5ed38858e669652)
    C:\Windows\system32\ykx32coinst.dll (630784 bytes) (Marvell) (04/04/2009 03:52:08) (--A-) (1bda69f2d704860ef4b0d1f92ee79840)
    C:\Windows\system32\igdumdx32.dll (548864 bytes) (Intel Corporation) (04/04/2009 03:52:25) (--A-) (e0e12c95628535554a37d871087bf9f7)
    C:\Windows\system32\igdumd32.dll (3411968 bytes) (Intel Corporation) (04/04/2009 03:52:25) (--A-) (552a78952c519dc69a454ad9acd80bf0)
    C:\Windows\system32\igfxTMM.dll (258048 bytes) (Intel Corporation) (04/04/2009 03:52:25) (--A-) (25f77e37a802f79d158cb0ed34bfcfbb)
    C:\Windows\system32\igfxdev.dll (221184 bytes) (Intel Corporation) (04/04/2009 03:52:25) (--A-) (c801cf6927016b1db19648d15f1e0e11)
    C:\Windows\assembly\NativeImages_v2.0.50727_32\MyDock.Util\3c263ab4d99d96a3dc904d69c8b541f9\MyDock.Util.ni.dll (274432 bytes) (Stardock) (13/08/2010 16:35:35) (--A-) (d5f719a0576fcf3498b5c5ea4529a08b)
    C:\Windows\assembly\NativeImages_v2.0.50727_32\DellDock\61cc3cd36116942b0c726b2a600894f3\DellDock.ni.exe (2500608 bytes) (Stardock Corporation) (13/08/2010 16:35:37) (--A-) (68f774b64f0b33420e7559c96dda27ee)
    C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\bbcb8a25ae2f0c1840abb2659c99b403\VistaBridgeLibrary.ni.dll (284160 bytes) (Unknown) (13/08/2010 16:35:42) (--A-) (5459316c2455d933597eb888b6a3b34d)
    C:\Windows\assembly\NativeImages_v2.0.50727_32\MenuSkinning\a727ed8d799481cb709f361d91f99002\MenuSkinning.ni.dll (15880192 bytes) (DevComponents.com) (13/08/2010 16:36:03) (--A-) (4c479bf749ac80c389990a09259a7365)
    C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\887fa2d6b76e7302b0c664effad4f91f\System.Drawing.ni.dll (1587200 bytes) (Microsoft Corporation) (13/08/2010 16:25:02) (--A-) (f0d09991897a3a1b2b4565febf5cbebc)
    C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d9ab6e29eba6cb0d8459fcbb2c40c1a7\System.Windows.Forms.ni.dll (12430848 bytes) (Microsoft Corporation) (13/08/2010 16:25:44) (--A-) (88e3cfb966e38314ab0e4509dc489a96)
    C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\88593f5f0fc6de5d5f4a85aa2b1466f3\System.Xml.ni.dll (5450752 bytes) (Microsoft Corporation) (13/08/2010 16:27:09) (--A-) (c8bc9bd70dc267cd0807c07e7132c6f9)
    C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\ca467e23bbfcffac8809b9e21dcbd9a6\System.Configuration.ni.dll (971264 bytes) (Microsoft Corporation) (13/08/2010 16:35:07) (--A-) (419f8642289120efc2e6686d9c32f9b3)
    C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\2565dad071661e3881888abd594e9e9d\Accessibility.ni.dll (25600 bytes) (Microsoft Corporation) (13/08/2010 16:34:51) (--A-) (7e2091f4200ae6f4cb3e50867c04d83b)
    C:\Windows\system32\Vxdif.dll (100546 bytes) (Alps Electric Co., Ltd.) (04/04/2009 03:52:06) (--A-) (ee7e442cc7a7990f3d264a5a5694dda9)
    C:\Windows\System32\hccutils.DLL (106496 bytes) (Intel Corporation) (04/04/2009 03:52:25) (--A-) (e83a15f8442b5b221d2fadcba04fd686)
    C:\Windows\system32\igfxsrvc.dll (52224 bytes) (Intel Corporation) (04/04/2009 03:52:25) (--A-) (4f2fefd9c0e48bb5165205d6c1a192dd)
    C:\Windows\system32\igfxrENU.lrc (249856 bytes) (Intel Corporation) (04/04/2009 03:52:25) (--A-) (4755e893cb2aeb629c50fbe8d2559e8f)
    C:\Windows\system32\Macromed\Flash\Flash10l.ocx (6071760 bytes) (Adobe Systems, Inc.) (13/12/2010 09:25:18) (--AR) (9c54f2cc2301599d698399d7e49c7321)
    C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.dll (311248 bytes) (Adobe Systems, Inc.) (13/12/2010 09:25:18) (--A-) (ee91d9228d93a2d652f1caa83c830f3d)
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll (6730056 bytes) (Microsoft Corporation) (18/03/2010 13:16:28) (--A-) (cc30b8e9489f35940de00f407f61a592)
    C:\Windows\system32\MSVCR100_CLR0400.dll (771424 bytes) (Microsoft Corporation) (18/03/2010 13:16:28) (--A-) (e5f7c30edf0892667933be879f067d67)
    [+] Registry startups
    Value: Windows Defender
    Data: %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Value: Apoint
    Data: C:\Program Files\DellTPad\Apoint.exe
    Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Value: IgfxTray
    Data: C:\Windows\system32\igfxtray.exe
    Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Value: HotKeysCmds
    Data: C:\Windows\system32\hkcmd.exe
    Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Value: Persistence
    Data: C:\Windows\system32\igfxpers.exe
    Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Value: Broadcom Wireless Manager UI
    Data: C:\Windows\system32\WLTRAY.exe
    Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Value: QuickSet
    Data: C:\Program Files\Dell\QuickSet\QuickSet.exe
    Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Value: IAAnotif
    Data: C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Value: PDVDDXSrv
    Data: "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Value: dellsupportcenter
    Data: "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
    Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Value: SysTrayApp
    Data: %ProgramFiles%\IDT\WDM\sttray.exe
    Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Value: Adobe Reader Speed Launcher
    Data: "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Value: Adobe ARM
    Data: "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Value: TkBellExe
    Data: "C:\Program Files\Real\RealPlayer\Update\realsched.exe" -osboot
    Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Value: VirginMediaHUB.exe
    Data: "C:\Program Files\Virgin Media\HUB\VirginMediaHUB.exe" /AUTORUN
    Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Value: Sidebar
    Data: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    Key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Value: swg
    Data: "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    Key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Value: TomTomHOME.exe
    Data: "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
    Key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Value: WMPNSCFG
    Data: C:\Program Files\Windows Media Player\WMPNSCFG.exe
    Key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Value: Malwarebytes' Anti-Malware
    Data: C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
    Value: StubPath
    Data: C:\Windows\system32\unregmp2.exe /ShowWMP
    Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
    Value: {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
    Data: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
    Value: {3049C3E9-B461-4BC5-8870-4C09146192CA}
    Data: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}
    Value: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B}
    Data: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}
    Value: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
    Data: C:\Program Files\Java\jre6\bin\ssv.dll
    Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
    Value: {9030D464-4C02-4ABF-8ECC-5164760863C6}
    Data: C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}
    Value: {9FDDE16B-836F-4806-AB1F-1455CBEFF289}
    Data: C:\Program Files\Windows Live\Companion\companioncore.dll
    Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}
    Value: {AA58ED58-01DD-4d91-8333-CF10577473F7}
    Data: C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
    Value: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
    Data: C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
    Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
    Value: {DBC80044-A445-435b-BC74-9C25C1C588A9}
    Data: C:\Program Files\Java\jre6\bin\jp2ssv.dll
    Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}

    [+] Other Startups Methods
    Value:
    Data: %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L
    Key: HKEY_CLASSES_ROOT\Folder\shell\explore\command\
    Value: DLLName
    Data: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
    Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist
    Value: DLLName
    Data: igfxdev.dll
    Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui

    [+] Startup folders
    C:\Users\terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\De
    The forest would be very silent if no birds sang except for the birds that sang the best






  • tesuhoha
    tesuhoha Posts: 17,971 Forumite
    Part of the Furniture 10,000 Posts Combo Breaker Mortgage-free Glee!
    edited 5 April 2011 at 11:05PM
    Well I posted the first part of it as it was too long to post all of it. Now my husband has taken the computer as he has been waiting all evening to use it. I will try to post that log again tomorrow.

    However, nothing has shown up. Do you still think there is something on that computer?.
    The forest would be very silent if no birds sang except for the birds that sang the best






  • Bogtrotter
    Bogtrotter Posts: 1,031 Forumite
    I had a machine last week with a fake antivirus with similar symptoms (can't remember the name though).

    It was quite devious though... was able to terminate the malware process but as soon as I tried to run any program it started the malware process again which prevented removal of the malware.


    If you want to check if its the same thing I came across.

    Run regedit if it lets you.

    Navigate to the key
    HKEY_CLASSES_ROOT\exefile\shell\open\command

    There should be only 1 default key in this entry with the value "%1" %*

    Anything other than the value above in the default key post back what the value is. It could be that this key has been changed which restarts the malware process whenever any exe is started.
  • tesuhoha
    tesuhoha Posts: 17,971 Forumite
    Part of the Furniture 10,000 Posts Combo Breaker Mortgage-free Glee!
    Bogtrotter wrote: »
    I had a machine last week with a fake antivirus with similar symptoms (can't remember the name though).

    It was quite devious though... was able to terminate the malware process but as soon as I tried to run any program it started the malware process again which prevented removal of the malware.


    If you want to check if its the same thing I came across.

    Run regedit if it lets you.

    Navigate to the key
    HKEY_CLASSES_ROOT\exefile\shell\open\command

    There should be only 1 default key in this entry with the value "%1" %*

    Anything other than the value above in the default key post back what the value is. It could be that this key has been changed which restarts the malware process whenever any exe is started.

    Thank you I may try this tomorrow. Im on my daughter's computer. The other one is being used by my husband.
    The forest would be very silent if no birds sang except for the birds that sang the best






  • RussJK
    RussJK Posts: 2,359 Forumite
    tesuhoha wrote: »
    Well I posted the first part of it as it was too long to post all of it. Now my husband has taken the computer as he has been waiting all evening to use it. I will try to post that log again tomorrow.

    However, nothing has shown up. Do you still think there is something on that computer?.

    Nothing jumps out at me from that bit except:
    C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll

    Citrix GoToAssist is a remote management tool. I've seen this on another PC recently, so I wonder if Virgin Internet Security have it installed by default?

    It'll be interesting to see the rest of the log due to the "recently created files" list.

    You did the right thing by doing system restore as per your original post.
  • tesuhoha
    tesuhoha Posts: 17,971 Forumite
    Part of the Furniture 10,000 Posts Combo Breaker Mortgage-free Glee!
    RussJK wrote: »
    Nothing jumps out at me from that bit except:
    C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll

    Citrix GoToAssist is a remote management tool. I've seen this on another PC recently, so I wonder if Virgin Internet Security have it installed by default?

    It'll be interesting to see the rest of the log due to the "recently created files" list.

    You did the right thing by doing system restore as per your original post.

    It seemed to be my only option as the computer was completely paralysed.
    The forest would be very silent if no birds sang except for the birds that sang the best






  • tesuhoha
    tesuhoha Posts: 17,971 Forumite
    Part of the Furniture 10,000 Posts Combo Breaker Mortgage-free Glee!
    My son can bring round a CD with Malwarebytes from his computer. Is this worth doing or do you think our checks have been ok?
    The forest would be very silent if no birds sang except for the birds that sang the best






This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 352K Banking & Borrowing
  • 253.5K Reduce Debt & Boost Income
  • 454.2K Spending & Discounts
  • 245K Work, Benefits & Business
  • 600.6K Mortgages, Homes & Bills
  • 177.4K Life & Family
  • 258.8K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.2K Discuss & Feedback
  • 37.6K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture