We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
IE8 Crashing/locking up
rizla01
Posts: 7,260 Forumite
in Techie Stuff
Hi,
I have just recovered my PC from an infection using the instructions listed here.
I am now left with a problem.
IE8 keeps locking up on me requiring Task Manager to close it.
I can have ONE tab open then open another and it then does it or I can have MANY tabs open and then go to open another and it does it. Sometimes a search will crash it.
Firefox isn't misbehaving hardly and is working well as is Chrome but I need to deal with IE.
Tried searching but to no avail.
Any kind lady/gent help me in return for that fine joke that I just posted (On the joke thread)?
I have just recovered my PC from an infection using the instructions listed here.
I am now left with a problem.
IE8 keeps locking up on me requiring Task Manager to close it.
I can have ONE tab open then open another and it then does it or I can have MANY tabs open and then go to open another and it does it. Sometimes a search will crash it.
Firefox isn't misbehaving hardly and is working well as is Chrome but I need to deal with IE.
Tried searching but to no avail.
Any kind lady/gent help me in return for that fine joke that I just posted (On the joke thread)?
"Unhappiness is not knowing what we want, and killing ourselves to get it."
Post Count: 4,111 Thanked 3,111 Times in 1,111 Posts (Actual figures as they once were))
Women and cats will do as they please, and men and dogs should relax and get used to the idea.
0
Comments
-
We can take a look to see if there's anything missed by the scans you've run - should take around 3 minutes.
Download DDS from the link below and save it to your desktop:
Link
After you've downloaded it and saved it to your desktop:- Double click DDS to run it.
- When it's finished, DDS will open two logs:
- DDS.txt
- Attach.txt
Copy & paste the contents of just DDS.txt for now and post it here (you may need to split the log over separate posts)0 -
I do really don't like IE Browser at all.
i think you may try some others such as chrome which is small and fast.
and fireworks which is powerful and Stable.0 -
I do really don't like IE Browser at all.
i think you may try some others such as chrome which is small and fast.
and fireworks which is powerful and Stable.
Which amazingly they said they were having no problems with in their OP."If you no longer go for a gap, you are no longer a racing driver" - Ayrton Senna0 -
Hi Waddler,
Thanks for taking the time.
Heres the log that it made (I could only see ONE)
The referenve to Avast is strange because the infection I had killed Avast and I did what i could to delete it and thought I had - till i saw it in this log.
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_27
Run by Terry at 10:42:15 on 2012-03-07
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1173 [GMT 0:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
G:\Zentimo\ZentimoService.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\devldr32.exe
G:\Admuncher\AdMunch.exe
G:\360Amigo\360Amigo.exe
C:\WINDOWS\system32\ctfmon.exe
G:\Zentimo\Zentimo.exe
H:\Art\Mooo0\Magnifier 1.12\Magnifier.exe
G:\SuperSpyware\SASCORE.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = about:blank
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
uRun: [360Amigo] "g:\360amigo\360Amigo.exe" -autorun
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Zentimo xStorage Manager] g:\zentimo\Zentimo.exe /startup
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Ad Muncher] "g:\admuncher\AdMunch.exe" /bt
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\terry\startm~1\programs\startup\moo0ma~1.lnk - h:\art\mooo0\magnifier 1.12\Magnifier.exe
uPolicies-explorer: NoWinKeys = 1 (0x1)
IE: Block frame with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=SS40WVB5&id=menu_ie_frame
IE: Block image with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=SS40WVB5&id=menu_ie_image
IE: Block link with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=SS40WVB5&id=menu_ie_link
IE: Don't filter page with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=SS40WVB5&id=menu_ie_exclude
IE: Report page to the Ad Muncher developers - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=SS40WVB5&id=menu_ie_report
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{022D88C5-86CE-4055-8906-97682792E838} : DhcpNameServer = 192.168.1.254
Notify: !SASWinLogon - g:\superspyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - g:\superspyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\terry\application data\mozilla\firefox\profiles\avs2z08o.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2481032&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?AF=108976&babsrc=HP_ss&mntrId=d41c22a90000000000000019d106eb94
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=108976&babsrc=adbartrp&mntrId=d41c22a90000000000000019d106eb94&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\terry\local settings\application data\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: f:\plugins\npqtplugin.dll
FF - plugin: f:\plugins\npqtplugin2.dll
FF - plugin: f:\plugins\npqtplugin3.dll
FF - plugin: f:\plugins\npqtplugin4.dll
FF - plugin: f:\plugins\npqtplugin5.dll
FF - plugin: f:\plugins\npqtplugin6.dll
FF - plugin: f:\plugins\npqtplugin7.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2012-3-6 64512]
R1 AmgHips;AmgHips;c:\windows\system32\drivers\AmgHips.sys [2011-10-31 25248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2007-5-24 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2007-5-24 314456]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-2-25 36000]
R1 SASDIFSV;SASDIFSV;g:\superspyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;g:\superspyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;g:\superspyware\SASCore.exe [2011-8-11 116608]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-2-25 86224]
R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-2-25 110032]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2007-5-24 20568]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-2-25 74640]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-12-23 2152152]
R2 ZentimoService;Zentimo Assistant;g:\zentimo\ZentimoService.exe [2011-12-12 259072]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2011-6-2 11336]
S3 DigiartyVirtualCDBus;Digiarty Virtual Driver;c:\windows\system32\drivers\DigiartyVirtualCDBus.sys [2012-1-6 163616]
S3 FarMntIo;FarMntIo;c:\windows\system32\drivers\FarMntIo.sys [2012-2-24 20824]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-12-23 15232]
S4 ADExchange;ArcSoft Exchange Service;c:\program files\common files\arcsoft\esinter\bin\eservutil.exe [2011-10-26 37280]
S4 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2007-5-24 44768]
S4 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [2012-1-3 132768]
.
=============== File Associations ===============
.
JSEFile=NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2012-03-07 10:09:33 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-07 02:10:34 16432 ----a-w- c:\windows\system32\lsdelete.exe
2012-03-06 22:10:32 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2012-03-06 22:10:23
d
w- c:\program files\Lavasoft
2012-03-02 11:11:47
d
w- c:\documents and settings\terry\application data\ElevatedDiagnostics
2012-03-01 13:32:33 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-02-27 09:48:31 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
2012-02-27 09:48:31 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
2012-02-27 09:48:31 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
2012-02-27 09:48:31 45016 ----a-w- c:\program files\mozilla firefox\mozutils.dll
2012-02-26 10:21:26 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2012-02-25 23:44:18 98816 ----a-w- c:\windows\sed.exe
2012-02-25 23:44:18 518144 ----a-w- c:\windows\SWREG.exe
2012-02-25 23:44:18 256000 ----a-w- c:\windows\PEV.exe
2012-02-25 23:44:18 208896 ----a-w- c:\windows\MBR.exe
2012-02-25 19:18:47
d
w- c:\documents and settings\terry\application data\Avira
2012-02-25 19:18:16 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-02-25 19:18:16 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-02-25 19:18:15
d
w- c:\program files\Avira
2012-02-25 19:18:15
d
w- c:\documents and settings\all users\application data\Avira
2012-02-25 16:16:09
d
w- c:\windows\system32\wbem\repository\FS
2012-02-25 16:16:09
d
w- c:\windows\system32\wbem\Repository
2012-02-24 15:47:55 20824 ----a-w- c:\windows\system32\drivers\FarMntIo.sys
2012-02-18 16:21:00
d
w- C:\output
2012-02-17 10:40:07
d
w- c:\documents and settings\terry\local settings\application data\Aiseesoft Studio
2012-02-16 16:47:47 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-16 16:47:47 3072
w- c:\windows\system32\iacenc.dll
2012-02-16 15:17:58
d
w- c:\documents and settings\terry\local settings\application data\IsolatedStorage
2012-02-16 14:44:41
d
w- c:\program files\Complitly
2012-02-16 14:44:41
d
w- c:\documents and settings\terry\application data\Complitly
2012-02-16 13:17:14
d
w- c:\program files\DCoder Image Source
2012-02-16 13:17:05
d
w- c:\program files\FFMPEG Core Files
2012-02-16 13:16:55
d
w- c:\program files\CD Audio Reader Filter
2012-02-16 13:16:53
d
w- c:\program files\OpenSource AVI Splitter
2012-02-16 13:16:51
d
w- c:\program files\Gabest MPEG Splitter
2012-02-16 13:16:49
d
w- c:\program files\OpenSource DTSAC3DD+ Source Filter
2012-02-16 13:16:47
d
w- c:\program files\DScaler5
2012-02-16 13:16:42
d
w- c:\program files\OpenSource Flash Video Splitter
2012-02-16 13:16:39
d
w- c:\program files\DirectVobSub
2012-02-16 13:16:33
d
w- c:\program files\LAV Filters
2012-02-16 13:16:12
d
w- c:\program files\Bass Audio Decoder
2012-02-16 12:51:15 79360 ----a-w- c:\windows\system32\ff_vfw.dll
2012-02-16 12:32:53
d
w- c:\documents and settings\all users\application data\Zoom Player
2012-02-15 19:20:44 388096 ----a-r- c:\documents and settings\terry\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-02-09 10:40:21
d
w- c:\documents and settings\terry\local settings\application data\MediaMonkey
2012-02-08 15:01:43
d
w- c:\documents and settings\terry\local settings\application data\Deployment
2012-02-07 09:06:19
d
w- c:\documents and settings\terry\application data\Zoner
2012-02-07 09:06:19
d
w- c:\documents and settings\all users\application data\Zoner
2012-02-07 09:06:17
d
w- c:\documents and settings\terry\local settings\application data\Zoner
2012-02-07 09:05:36
d
w- c:\program files\Zoner
2012-02-06 12:17:10
d
w- c:\documents and settings\terry\application data\XYplorer
.
==================== Find3M ====================
.
2012-02-24 16:26:11 163616 ----a-w- c:\windows\system32\drivers\DigiartyVirtualCDBus.sys
2012-02-12 11:55:24 25248 ----a-w- c:\windows\system32\drivers\AmgHips.sys
2012-01-12 16:53:24 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:46:36 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46:36 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46:36 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22:58 385024 ----a-w- c:\windows\system32\html.iec
2011-12-12 23:42:23 74703 ----a-w- c:\windows\system32\mfc45.dll
2011-12-10 15:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 10:48:23.51 ==============="Unhappiness is not knowing what we want, and killing ourselves to get it."Post Count: 4,111 Thanked 3,111 Times in 1,111 Posts (Actual figures as they once were))Women and cats will do as they please, and men and dogs should relax and get used to the idea.0 -
Hi again.
OK, I was troubled by the appearance of AVAST so hunted around and found a removal tool for it (Eventually) and it would seem that I have got rid.
Here is the new DDS file.
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_27
Run by Terry at 12:11:21 on 2012-03-07
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1437 [GMT 0:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
G:\Zentimo\ZentimoService.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
G:\Admuncher\AdMunch.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\devldr32.exe
G:\360Amigo\360Amigo.exe
C:\WINDOWS\system32\ctfmon.exe
G:\Zentimo\Zentimo.exe
svchost.exe
H:\Art\Mooo0\Magnifier 1.12\Magnifier.exe
G:\SuperSpyware\SASCORE.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = about:blank
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
uRun: [360Amigo] "g:\360amigo\360Amigo.exe" -autorun
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Zentimo xStorage Manager] g:\zentimo\Zentimo.exe /startup
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Ad Muncher] "g:\admuncher\AdMunch.exe" /bt
mRun: [QuickTime Task] "F:\qttask.exe" -atboottime
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\terry\startm~1\programs\startup\moo0ma~1.lnk - h:\art\mooo0\magnifier 1.12\Magnifier.exe
uPolicies-explorer: NoWinKeys = 1 (0x1)
IE: Block frame with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=SS40WVB5&id=menu_ie_frame
IE: Block image with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=SS40WVB5&id=menu_ie_image
IE: Block link with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=SS40WVB5&id=menu_ie_link
IE: Don't filter page with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=SS40WVB5&id=menu_ie_exclude
IE: Report page to the Ad Muncher developers - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=SS40WVB5&id=menu_ie_report
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{022D88C5-86CE-4055-8906-97682792E838} : DhcpNameServer = 192.168.1.254
Notify: !SASWinLogon - g:\superspyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - g:\superspyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\terry\application data\mozilla\firefox\profiles\avs2z08o.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2481032&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?AF=108976&babsrc=HP_ss&mntrId=d41c22a90000000000000019d106eb94
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=108976&babsrc=adbartrp&mntrId=d41c22a90000000000000019d106eb94&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\terry\local settings\application data\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: f:\plugins\npqtplugin.dll
FF - plugin: f:\plugins\npqtplugin2.dll
FF - plugin: f:\plugins\npqtplugin3.dll
FF - plugin: f:\plugins\npqtplugin4.dll
FF - plugin: f:\plugins\npqtplugin5.dll
FF - plugin: f:\plugins\npqtplugin6.dll
FF - plugin: f:\plugins\npqtplugin7.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2012-3-6 64512]
R1 AmgHips;AmgHips;c:\windows\system32\drivers\AmgHips.sys [2011-10-31 25248]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-2-25 36000]
R1 SASDIFSV;SASDIFSV;g:\superspyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;g:\superspyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;g:\superspyware\SASCore.exe [2011-8-11 116608]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-2-25 86224]
R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-2-25 110032]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-2-25 74640]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-12-23 2152152]
R2 ZentimoService;Zentimo Assistant;g:\zentimo\ZentimoService.exe [2011-12-12 259072]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2011-6-2 11336]
S3 DigiartyVirtualCDBus;Digiarty Virtual Driver;c:\windows\system32\drivers\DigiartyVirtualCDBus.sys [2012-1-6 163616]
S3 FarMntIo;FarMntIo;c:\windows\system32\drivers\FarMntIo.sys [2012-2-24 20824]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-12-23 15232]
S4 ADExchange;ArcSoft Exchange Service;c:\program files\common files\arcsoft\esinter\bin\eservutil.exe [2011-10-26 37280]
S4 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [2012-1-3 132768]
.
=============== File Associations ===============
.
JSEFile=NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2012-03-07 10:09:33 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-07 02:10:34 16432 ----a-w- c:\windows\system32\lsdelete.exe
2012-03-06 22:10:32 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2012-03-06 22:10:23
d
w- c:\program files\Lavasoft
2012-03-02 11:11:47
d
w- c:\documents and settings\terry\application data\ElevatedDiagnostics
2012-03-01 13:32:33 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-02-27 09:48:31 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
2012-02-27 09:48:31 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
2012-02-27 09:48:31 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
2012-02-27 09:48:31 45016 ----a-w- c:\program files\mozilla firefox\mozutils.dll
2012-02-26 10:21:26 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2012-02-25 23:44:18 98816 ----a-w- c:\windows\sed.exe
2012-02-25 23:44:18 518144 ----a-w- c:\windows\SWREG.exe
2012-02-25 23:44:18 256000 ----a-w- c:\windows\PEV.exe
2012-02-25 23:44:18 208896 ----a-w- c:\windows\MBR.exe
2012-02-25 19:18:47
d
w- c:\documents and settings\terry\application data\Avira
2012-02-25 19:18:16 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-02-25 19:18:16 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-02-25 19:18:15
d
w- c:\program files\Avira
2012-02-25 19:18:15
d
w- c:\documents and settings\all users\application data\Avira
2012-02-25 16:16:09
d
w- c:\windows\system32\wbem\repository\FS
2012-02-25 16:16:09
d
w- c:\windows\system32\wbem\Repository
2012-02-24 15:47:55 20824 ----a-w- c:\windows\system32\drivers\FarMntIo.sys
2012-02-18 16:21:00
d
w- C:\output
2012-02-17 10:40:07
d
w- c:\documents and settings\terry\local settings\application data\Aiseesoft Studio
2012-02-16 16:47:47 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-16 16:47:47 3072
w- c:\windows\system32\iacenc.dll
2012-02-16 15:17:58
d
w- c:\documents and settings\terry\local settings\application data\IsolatedStorage
2012-02-16 14:44:41
d
w- c:\program files\Complitly
2012-02-16 14:44:41
d
w- c:\documents and settings\terry\application data\Complitly
2012-02-16 13:17:14
d
w- c:\program files\DCoder Image Source
2012-02-16 13:17:05
d
w- c:\program files\FFMPEG Core Files
2012-02-16 13:16:55
d
w- c:\program files\CD Audio Reader Filter
2012-02-16 13:16:53
d
w- c:\program files\OpenSource AVI Splitter
2012-02-16 13:16:51
d
w- c:\program files\Gabest MPEG Splitter
2012-02-16 13:16:49
d
w- c:\program files\OpenSource DTSAC3DD+ Source Filter
2012-02-16 13:16:47
d
w- c:\program files\DScaler5
2012-02-16 13:16:42
d
w- c:\program files\OpenSource Flash Video Splitter
2012-02-16 13:16:39
d
w- c:\program files\DirectVobSub
2012-02-16 13:16:33
d
w- c:\program files\LAV Filters
2012-02-16 13:16:12
d
w- c:\program files\Bass Audio Decoder
2012-02-16 12:51:15 79360 ----a-w- c:\windows\system32\ff_vfw.dll
2012-02-16 12:32:53
d
w- c:\documents and settings\all users\application data\Zoom Player
2012-02-15 19:20:44 388096 ----a-r- c:\documents and settings\terry\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-02-09 10:40:21
d
w- c:\documents and settings\terry\local settings\application data\MediaMonkey
2012-02-08 15:01:43
d
w- c:\documents and settings\terry\local settings\application data\Deployment
2012-02-07 09:06:19
d
w- c:\documents and settings\terry\application data\Zoner
2012-02-07 09:06:19
d
w- c:\documents and settings\all users\application data\Zoner
2012-02-07 09:06:17
d
w- c:\documents and settings\terry\local settings\application data\Zoner
2012-02-07 09:05:36
d
w- c:\program files\Zoner
2012-02-06 12:17:10
d
w- c:\documents and settings\terry\application data\XYplorer
.
==================== Find3M ====================
.
2012-02-24 16:26:11 163616 ----a-w- c:\windows\system32\drivers\DigiartyVirtualCDBus.sys
2012-02-12 11:55:24 25248 ----a-w- c:\windows\system32\drivers\AmgHips.sys
2012-01-12 16:53:24 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:46:36 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46:36 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46:36 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22:58 385024 ----a-w- c:\windows\system32\html.iec
2011-12-12 23:42:23 74703 ----a-w- c:\windows\system32\mfc45.dll
2011-12-10 15:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 12:11:59.23 ===============
I will now see if I have cured the problem but meanwhile, if there is anything untoward in the NEW DDS file, then perhaps you would be good enough to flag it up? Thx"Unhappiness is not knowing what we want, and killing ourselves to get it."Post Count: 4,111 Thanked 3,111 Times in 1,111 Posts (Actual figures as they once were))Women and cats will do as they please, and men and dogs should relax and get used to the idea.0 -
control panel , then internet options has an option to default internet explorer settings
might be worth a try if happens againEx forum ambassador
Long term forum member0 -
Hi Browntoa,
Nice hearing from you again.
I tried that a couple of times and it didn't work.
Seems Avast, for all its good, doesn't protect itself very well and when I got infected, it didn't survive but DID leave a bad mess behind.
In particular the hook to IE. which, I assume prevented Avira from stopping adware Etc from downloading over and over.
Even the AVAST removal tool from their site failed. Had to get the file from US to do it and point it at 'C' when it asked for the folder as there was no folder called Avast (It got deleted when I uninstalled it - Duh!).
Hopefully, if anyone does a search on here, this info might be of value to them."Unhappiness is not knowing what we want, and killing ourselves to get it."Post Count: 4,111 Thanked 3,111 Times in 1,111 Posts (Actual figures as they once were))Women and cats will do as they please, and men and dogs should relax and get used to the idea.0 -
They look ok. I'd try IE in no add-ons mode or try uninstalling admuncher and see if that helps.
Is there definitely no file named attach.txt?
Post combofix.txt, it'll be at the root of the C:\ drive.0 -
Oh, I forgot.
Yep Attach.exe showed itself after I posted that.
Here is the result of running Combofix.
ComboFix 12-03-07.03 - Terry 07/03/2012 15:00:19.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1389 [GMT 0:00]
Running from: c:\documents and settings\Terry\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\system32\dllcache\dlimport.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-02-07 to 2012-03-07 )))))))))))))))))))))))))))))))
.
.
2012-03-07 10:09 . 2012-03-07 10:11 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-07 02:10 . 2012-03-06 22:12 16432 ----a-w- c:\windows\system32\lsdelete.exe
2012-03-06 22:10 . 2011-12-23 07:12 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2012-03-06 22:10 . 2012-03-06 22:10
d
w- c:\program files\Lavasoft
2012-03-02 11:11 . 2012-03-02 11:11
d
w- c:\documents and settings\Terry\Application Data\ElevatedDiagnostics
2012-03-01 13:32 . 2012-03-01 13:32 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-03-01 13:30 . 2012-03-06 22:10
d
w- c:\documents and settings\All Users\Application Data\Lavasoft
2012-02-27 09:48 . 2012-02-28 15:11 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-02-27 09:48 . 2012-02-28 15:11 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-02-27 09:48 . 2012-02-28 15:11 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-02-27 09:48 . 2012-02-28 15:11 45016 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-02-26 10:21 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2012-02-25 19:18 . 2012-02-25 19:18
d
w- c:\documents and settings\Terry\Application Data\Avira
2012-02-25 19:18 . 2012-02-26 19:19 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-02-25 19:18 . 2011-09-15 23:55 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-02-25 19:18 . 2011-09-15 23:55 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-02-25 19:18 . 2012-02-25 19:18
d
w- c:\program files\Avira
2012-02-25 19:18 . 2012-02-25 19:18
d
w- c:\documents and settings\All Users\Application Data\Avira
2012-02-25 16:16 . 2012-02-25 16:16
d
w- c:\windows\system32\wbem\Repository
2012-02-24 15:47 . 2010-06-04 10:58 20824 ----a-w- c:\windows\system32\drivers\FarMntIo.sys
2012-02-18 16:21 . 2012-03-02 14:24
d
w- C:\output
2012-02-17 10:40 . 2012-02-25 16:15
d
w- c:\documents and settings\Terry\Local Settings\Application Data\Aiseesoft Studio
2012-02-16 16:47 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-16 16:47 . 2012-01-11 19:06 3072
w- c:\windows\system32\iacenc.dll
2012-02-16 15:17 . 2012-02-16 15:17
d
w- c:\documents and settings\Terry\Local Settings\Application Data\IsolatedStorage
2012-02-16 14:44 . 2012-02-16 14:44
d
w- c:\program files\Complitly
2012-02-16 14:44 . 2012-02-16 14:44
d
w- c:\documents and settings\Terry\Application Data\Complitly
2012-02-16 13:17 . 2012-02-16 13:17
d
w- c:\program files\DCoder Image Source
2012-02-16 13:17 . 2012-02-16 13:17
d
w- c:\program files\7-Zip
2012-02-16 13:17 . 2012-02-16 13:17
d
w- c:\program files\FFMPEG Core Files
2012-02-16 13:16 . 2012-02-16 13:16
d
w- c:\program files\CD Audio Reader Filter
2012-02-16 13:16 . 2012-02-16 13:16
d
w- c:\program files\OpenSource AVI Splitter
2012-02-16 13:16 . 2012-02-16 13:16
d
w- c:\program files\Gabest MPEG Splitter
2012-02-16 13:16 . 2012-02-16 13:16
d
w- c:\program files\OpenSource DTSAC3DD+ Source Filter
2012-02-16 13:16 . 2012-02-16 13:16
d
w- c:\program files\DScaler5
2012-02-16 13:16 . 2012-02-16 13:16
d
w- c:\program files\OpenSource Flash Video Splitter
2012-02-16 13:16 . 2012-02-16 13:16
d
w- c:\program files\DirectVobSub
2012-02-16 13:16 . 2012-02-16 13:16
d
w- c:\program files\LAV Filters
2012-02-16 13:16 . 2012-02-16 13:16
d
w- c:\program files\Bass Audio Decoder
2012-02-16 12:51 . 2012-01-03 13:14 79360 ----a-w- c:\windows\system32\ff_vfw.dll
2012-02-16 12:32 . 2012-02-26 00:16
d
w- c:\documents and settings\All Users\Application Data\Zoom Player
2012-02-15 19:20 . 2012-02-15 19:20 388096 ----a-r- c:\documents and settings\Terry\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-09 10:40 . 2012-02-25 21:30
d
w- c:\documents and settings\Terry\Local Settings\Application Data\MediaMonkey
2012-02-08 18:08 . 2012-02-08 18:08
d-sh--w- c:\documents and settings\NetworkService\IETldCache
2012-02-08 18:08 . 2012-02-25 16:15
d
w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2012-02-08 15:01 . 2012-02-08 15:01
d
w- c:\documents and settings\Terry\Local Settings\Application Data\Deployment
2012-02-07 09:06 . 2012-02-07 09:06
d
w- c:\documents and settings\Terry\Application Data\Zoner
2012-02-07 09:06 . 2012-02-07 09:06
d
w- c:\documents and settings\All Users\Application Data\Zoner
2012-02-07 09:06 . 2012-02-07 09:06
d
w- c:\documents and settings\Terry\Local Settings\Application Data\Zoner
2012-02-07 09:05 . 2012-02-07 09:05
d
w- c:\program files\Zoner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-05 12:32 . 2012-03-05 12:32 264554 ----a-w- C:\Wilks Family_MAIN.zip
2012-02-24 16:26 . 2012-01-06 10:26 163616 ----a-w- c:\windows\system32\drivers\DigiartyVirtualCDBus.sys
2012-02-12 11:55 . 2011-10-31 18:48 25248 ----a-w- c:\windows\system32\drivers\AmgHips.sys
2012-01-12 16:53 . 2004-08-04 10:00 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:46 . 2006-03-04 03:33 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2004-08-04 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46 . 2004-08-04 10:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22 . 2004-08-04 10:00 385024 ----a-w- c:\windows\system32\html.iec
2011-12-12 23:42 . 2011-12-12 23:42 74703 ----a-w- c:\windows\system32\mfc45.dll
2011-12-10 15:24 . 2011-10-22 12:52 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-28 15:11 . 2007-05-24 01:41 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"360Amigo"="g:\360amigo\360Amigo.exe" [2012-02-12 5334816]
"Zentimo xStorage Manager"="g:\zentimo\Zentimo.exe" [2011-12-09 2068480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-07-21 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-07-21 86016]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-07-21 81920]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-03-26 458865]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-09-23 258512]
"Ad Muncher"="g:\admuncher\AdMunch.exe" [2011-11-23 540872]
"QuickTime Task"="F:\qttask.exe" [2011-10-24 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Terry\Start Menu\Programs\Startup\
Moo0 Magnifier 1.12.lnk - h:\art\Mooo0\Magnifier 1.12\Magnifier.exe [2011-9-30 1560576]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoWinKeys"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "g:\superspyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- g:\superspyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Terry^Start Menu^Programs^Startup^Spartan.lnk]
backup=c:\windows\pss\Spartan.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\360Amigo]
2012-02-12 11:55 5334816 ----a-w- g:\360amigo\360Amigo.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 07:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-02-08 15:02 136176 ----atw- c:\documents and settings\Terry\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OPSE reminder]
2003-07-07 09:29 729088 ----a-r- f:\arcsoft photo\EregEng\Ereg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
2003-05-08 11:00 49152 ----a-w- f:\arcsoft photo\opwareSE2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 14:28 421888 ----a-w- F:\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
2011-12-25 09:50 160328 ----a-w- c:\program files\Siber Systems\AI RoboForm\robotaskbaricon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-12-15 18:33 1242448 ----a-w- g:\steam download\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 12:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-02-05 15:56 4617600 ----a-w- g:\superspyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector v2]
2004-08-27 18:22 90112 ----a-w- c:\program files\Common Files\Ulead Systems\AutoDetector\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"JavaQuickStarterService"=2 (0x2)
"Steam Client Service"=3 (0x3)
"ADExchange"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"wlidsvc"=2 (0x2)
"SeaPort"=2 (0x2)
"Intel(R) PROSet Monitoring Service"=2 (0x2)
"Lavasoft Ad-Aware Service"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"g:\\SickBeard-win32-alpha-build488\\SickBeard-win32-alpha-build488\\SickBeard.exe"=
"g:\\Steam Download\\Steam.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [06/03/2012 22:10 64512]
R1 AmgHips;AmgHips;c:\windows\system32\drivers\AmgHips.sys [31/10/2011 18:48 25248]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [25/02/2012 19:18 36000]
R1 SASDIFSV;SASDIFSV;g:\superspyware\sasdifsv.sys [22/07/2011 16:27 12880]
R1 SASKUTIL;SASKUTIL;g:\superspyware\SASKUTIL.SYS [12/07/2011 21:55 67664]
R2 !SASCORE;SAS Core Service;g:\superspyware\SASCore.exe [11/08/2011 23:38 116608]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [25/02/2012 19:18 86224]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [23/12/2011 07:12 2152152]
S2 ZentimoService;Zentimo Assistant;g:\zentimo\ZentimoService.exe [12/12/2011 09:40 259072]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [02/06/2011 10:08 11336]
S3 DigiartyVirtualCDBus;Digiarty Virtual Driver;c:\windows\system32\drivers\DigiartyVirtualCDBus.sys [06/01/2012 10:26 163616]
S3 FarMntIo;FarMntIo;c:\windows\system32\drivers\FarMntIo.sys [24/02/2012 15:47 20824]
S4 ADExchange;ArcSoft Exchange Service;c:\program files\Common Files\ArcSoft\esinter\Bin\eservutil.exe [26/10/2011 02:32 37280]
S4 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [03/01/2012 11:49 132768]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - Lavasoft Kernexplorer
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-07 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-12-23 22:12]
.
2012-02-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:57]
.
2012-03-07 c:\windows\Tasks\GlaryInitialize.job
- g:\glary utilities\initialize.exe [2012-01-25 09:50]
.
2012-03-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-492894223-725345543-1004Core.job
- c:\documents and settings\Terry\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-08 15:02]
.
2012-03-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-492894223-725345543-1004UA.job
- c:\documents and settings\Terry\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-08 15:02]
.
2012-03-07 c:\windows\Tasks\WpsUpdateTask_Terry.job
- h:\kingsoft office\office6\wpsupdate.exe [2011-10-29 16:00]
.
.
Supplementary Scan
.
uStart Page = hxxp://groups.yahoo.com/group/WoSFreegle/pending
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\Terry\Application Data\Mozilla\Firefox\Profiles\avs2z08o.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2481032&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?AF=108976&babsrc=HP_ss&mntrId=d41c22a90000000000000019d106eb94
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=108976&babsrc=adbartrp&mntrId=d41c22a90000000000000019d106eb94&q=
FF - prefs.js: network.proxy.type - 0
.
.
File Associations
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-07 15:05
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
LOCKED REGISTRY KEYS
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"Licence0"="04F0D21-79D8-7A25-D702-433F"
.
DLLs Loaded Under Running Processes
.
- - - - - - - > 'winlogon.exe'(688)
g:\superspyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2012-03-07 15:13:06
ComboFix-quarantined-files.txt 2012-03-07 15:13
ComboFix2.txt 2012-02-26 00:03
ComboFix3.txt 2011-12-23 14:55
.
Pre-Run: 26,348,429,312 bytes free
Post-Run: 26,351,030,272 bytes free
.
- - End Of File - - 8D2722B5078AEC82A9E84F39DAF3504A"Unhappiness is not knowing what we want, and killing ourselves to get it."Post Count: 4,111 Thanked 3,111 Times in 1,111 Posts (Actual figures as they once were))Women and cats will do as they please, and men and dogs should relax and get used to the idea.0 -
Yep Attach.exe showed itself after I posted that
Post that then, please.
Have you tried IE in no add-ons mode - any success?0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 350.1K Banking & Borrowing
- 252.8K Reduce Debt & Boost Income
- 453.1K Spending & Discounts
- 243K Work, Benefits & Business
- 597.4K Mortgages, Homes & Bills
- 176.5K Life & Family
- 256K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards