Jump to content

bmg

Honorary Members
 View Profile  See their activity

  • Posts

    129

  • Joined

  • Last visited

 Content Type 

Everything posted by bmg

  1. bmg
    This is downright laughable if it weren't so serious. I upgrade to the latest version of a popular sw, and now can't access files I need to make a living! (I think it may be time to ditch Eset.) Any other suggestions as to an anti-virus program THAT WORKS?
  2. bmg
    Hi, I cannot see any external drives after updating my Nod 32 virus protection to version 5. The drive appears in Device Manager, but will not appear in My Computer. The system then crashes, and I cannot open any files at all. I did a MB scan, which came up negative. Can someone please advise? Thanks...
  3. bmg
    Lavasoft is not available in the 'remove programs' panel. If I try to uninstall Avast, the uninstall box just re-appears. Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Database version: 8021 Windows 5.1.2600 Service Pack 3 Internet Explorer 6.0.2900.5512 10/25/2011 9:40:37 PM mbam-log-2011-10-25 (21-40-37).txt Scan type: Quick scan Objects scanned: 185028 Time elapsed: 11 minute(s), 51 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Systems seems to be operating normally. Just trying to get whatever was in my inbox back in there. Any recommended references on how to do that?
  4. bmg
    All Outlook Express Inbox mail is gone. May be a virus? . DDS (Ver_11-05-19.01) - NTFSx86 Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_26 Run by tim at 16:10:44 on 2011-10-21 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1082 [GMT -4:00] . AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33} AV: avast! Antivirus *Enabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D} AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} . ============== Running Processes =============== . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\WINDOWS\system32\astsrv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\VERIZONDM\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\Wacom_Tablet.exe C:\Program Files\VERIZONDM\bin\tgsrvc.exe C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe C:\WINDOWS\system32\Wacom_Tablet.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Apoint\HidFind.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Documents and Settings\tim\Desktop\malware programs\logging programs\dds.scr C:\WINDOWS\system32\WSCRIPT.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe" BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: SecureBrowsing bho: {7632abca-b104-4fbc-9c70-419c4147061b} - c:\program files\m86security secure browsing\SecureBrowsing.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Finjan Secure Browsing: {b99f805c-f0b1-48ea-8c8b-753bfcbed913} - c:\program files\m86security secure browsing\SecureBrowsing.dll TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe" uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe mRun: [intelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless mRun: [intelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe" mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe" mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [Apoint] c:\program files\apoint\Apoint.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [VERIZONDM] "c:\program files\verizondm\bin\sprtcmd.exe" /P VERIZONDM mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm IE: Download with IDM - c:\program files\internet download manager\IEExt.htm IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Notify: AtiExtEvent - Ati2evxx.dll Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\tim\application data\mozilla\firefox\profiles\uxsjyzcm.default\ FF - prefs.js: browser.search.selectedEngine - Bing FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/ FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z007&form=ZGAADF&q= FF - prefs.js: network.proxy.type - 0 FF - component: c:\documents and settings\tim\application data\idm\idmmzcc5\components\idmmzcc.dll FF - plugin: c:\documents and settings\tim\local settings\application data\unity\webplayer\loader\npUnity3D32.dll FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\tabletplugins\npwacom.dll FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\avast software\avast\webrep\FF FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: M86Security Secure Browsing: {27a03cf3-856f-46b8-91cb-7289f58c7e6e} - %profile%\extensions\{27a03cf3-856f-46b8-91cb-7289f58c7e6e} FF - Ext: KillJasmin: killjasmin@pierros14.com - %profile%\extensions\killjasmin@pierros14.com FF - Ext: IDM CC: mozilla_cc@internetdownloadmanager.com - c:\documents and settings\tim\application data\idm\idmmzcc5 . ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true . ============= SERVICES / DRIVERS =============== . R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-8-15 64512] R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-12-21 115008] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2010-12-21 94872] R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [2010-11-30 101616] R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-6-27 214024] R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2011-5-18 21464] R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-5-15 98392] R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2011-1-12 810144] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-8-29 366152] R2 PD91Agent;PD91Agent;c:\program files\raxco\perfectdisk2008\PD91Agent.exe [2008-9-9 693512] R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2011-5-18 69976] R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\verizondm\bin\sprtsvc.exe [2011-2-1 206120] R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2010-1-30 4463400] R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\verizondm\bin\tgsrvc.exe [2011-2-1 185640] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-8-29 22216] S3 dsiarhwprog;dsiarhwprog;c:\windows\system32\drivers\dsiarhwprog.sys [2010-7-3 29184] S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-1-1 79816] S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-1-1 35272] S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-1-1 34248] S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-1-1 40552] S3 PD91Engine;PD91Engine;c:\program files\raxco\perfectdisk2008\PD91Engine.exe [2008-9-9 906504] S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096] S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2010-1-28 16168] . =============== Created Last 30 ================ . 2011-10-19 21:57:50 -------- d-----w- c:\documents and settings\tim\local settings\application data\PackageAware 2011-10-01 02:21:13 -------- d-----w- c:\documents and settings\all users\application data\NortonInstaller . ==================== Find3M ==================== . 2011-09-28 19:02:46 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll 2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll 2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll 2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll 2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys 2011-09-05 13:56:22 667136 ----a-w- c:\windows\system32\wininet.dll 2011-09-05 13:56:22 61952 ----a-w- c:\windows\system32\tdc.ocx 2011-09-05 13:56:21 81920 ----a-w- c:\windows\system32\ieencode.dll 2011-09-05 12:35:09 369664 ----a-w- c:\windows\system32\html.iec 2011-08-31 21:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys 2011-08-12 17:51:26 26488 ----a-w- c:\windows\system32\spupdsvc.exe 2006-05-03 10:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll 2007-02-21 11:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll 2007-12-17 13:43:00 27648 --sh--w- c:\windows\system32\Smab0.dll 2008-02-04 19:26:34 151040 --sh--w- c:\windows\system32\VistaUltm.dll . ============= FINISH: 16:12:14.48 =============== attach.rar
  5. bmg
    Awoke this morning to see all of the contents of my Outlook Express 6 Inbox gone. Can this be caused by a virus, and is this something MB should have intercepted?
  6. bmg
    It seems to be OK for the past 2 days. I think it may have because I was always choosing 'restart' after any changes, instead of a shut down and restart.
  7. bmg
    Did all of the above - problem still persists.
  8. bmg
    Did this, and nothing seems to work. (Need to exclude the .exe file, right?)
  9. bmg
    Unfortunately, this occurred again this morning. There is something more serious happening here...
  10. bmg
    So does MB need to be added to this?
  11. bmg
    I am using ESET NOD32 AntiVirus and Windows Firewall.
  12. bmg
    Thanks, that seems to have fixed the problem. I do remember setting exceptions, but can't remember which ones at this time. (Hope that's not a future issue...)
  13. bmg
    I am getting the attached message on start up for the past few days. What does this mean?
  14. bmg
    Thanks for the info...
  15. bmg
    Why is MB trying to block access to the imaging resource web site when I try to visit? http://www.imaging-resource.com
  16. bmg
    Funny you should post this, as I've discovered I cannot update Avast; can this be related? My patience is already thin, so if this can't be updated, I'll send it packing as soon as I can...
  17. bmg
    I am using XP and used the uninstaller from the start menu, and from their site. It seems to be gone, but is still there in Control Panel. When I try to remove it from there, it says a fatal error has occurred, and it 'rolls back' the process. Definitely a turn-off when I have an experience like this, causing me to not really want this on my computer anymore. Will try Avast from now on.
  18. bmg
    Doesn't work for me...
  19. bmg
    It seems that after using MB for a week, it has turned my EST NOD 32 program into a trial version. I am trying to delete it fully, so I can reinstall it, but it's proving to be very difficult to do this. Is there a way this can be done?
  20. bmg
    I was actually talking about Ad Watch - not Ad Aware - is it OK to use this program again without conflict?
  21. bmg
    Just wondering why my Ad-Aware and Lavasoft folder were deleted after cleaning out a virus - is this normal after a clean-up?
  22. bmg
    Thanks so much for all the help - not even pay sites offer such service! I did decide to buy the pro version, so I hope this will keep me protected. Router is still screwed up though, so I'll try to reset it. Also, should I delete quarantined files?
  23. bmg
    The box did flash a message that said registry entry could not be found, but then said it was successful - is this OK? Was able to connect after restart and ran MB with no infections. I DO have 'automatically detect settings' checked in IE, is this OK also?
  24. bmg
    Have done all that - many, many times - but the problem still persists. Maybe it's on my ISP's side. Otherwise, am I good with everything else?
  25. bmg
    ComboFix 11-05-31.01 - tim 06/01/2011 9:04.3.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1429 [GMT -4:00] Running from: c:\documents and settings\tim\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\tim\Desktop\CFScript.txt AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33} . ADS - WINDOWS: deleted 0 bytes in 1 streams. . ((((((((((((((((((((((((( Files Created from 2011-05-01 to 2011-06-01 ))))))))))))))))))))))))))))))) . . 2011-05-30 02:28 . 2011-05-30 02:28 -------- d-----w- c:\program files\NT Registry Optimizer 2011-05-29 18:54 . 2011-05-29 18:54 -------- d-----w- c:\windows\system32\wbem\Repository 2011-05-29 16:38 . 2011-05-29 16:38 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Identities 2011-05-29 16:16 . 2011-05-29 16:16 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla 2011-05-29 16:02 . 2011-05-29 18:53 -------- d-s---w- c:\documents and settings\Administrator\UserData 2011-05-29 15:11 . 2011-05-29 15:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2011-05-27 02:01 . 2011-05-27 02:01 -------- d-----w- c:\program files\7-Zip 2011-05-18 19:19 . 2011-04-26 00:00 69976 ----a-w- c:\windows\system32\drivers\sbapifs.sys 2011-05-18 19:19 . 2011-04-26 00:00 21464 ----a-w- c:\windows\system32\drivers\sbaphd.sys 2011-05-15 16:55 . 2011-05-15 16:55 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-05-15 16:40 . 2011-05-15 16:40 -------- d-----w- c:\documents and settings\tim\Local Settings\Application Data\Sunbelt Software 2011-05-15 16:39 . 2011-05-15 16:39 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{91EC863D-D912-4466-91CC-9489A4A2ADD3} . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-04-26 00:00 . 2009-08-15 15:46 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys 2011-04-26 00:00 . 2009-08-15 16:51 16432 ----a-w- c:\windows\system32\lsdelete.exe 2011-03-28 17:46 . 2010-11-30 18:28 98160 ----a-w- c:\windows\system32\drivers\idmtdi.sys 2011-03-07 05:33 . 2008-12-31 19:05 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-03-04 06:45 . 2004-08-10 12:00 434176 ----a-w- c:\windows\system32\vbscript.dll 2011-03-03 13:21 . 2004-08-10 12:00 1857920 ----a-w- c:\windows\system32\win32k.sys 2006-05-03 10:06 163328 --sh--r- c:\windows\system32\flvDX.dll 2007-02-21 11:47 31232 --sh--r- c:\windows\system32\msfDX.dll 2007-12-17 13:43 27648 --sh--w- c:\windows\system32\Smab0.dll 2008-02-04 19:26 151040 --sh--w- c:\windows\system32\VistaUltm.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension] @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}" [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}] 2011-03-02 15:23 68216 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 147456] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432] "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-03-19 2029640] "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-06-29 1032192] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064] "ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392] "Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888] "VERIZONDM"="c:\program files\VERIZONDM\bin\sprtcmd.exe" [2011-02-01 206120] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist] 2008-12-31 19:49 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *\0lsdelete . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^OptiCAL Startup.lnk] backup=c:\windows\pss\OptiCAL Startup.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Register Mask Pro 3.0.lnk] backup=c:\windows\pss\Register Mask Pro 3.0.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2008-10-25 15:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2006-01-12 20:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPWebCap] 2001-10-15 20:16 43008 ----a-w- c:\progra~1\ScanSoft\PAPERP~1\PPWEBCAP.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] 2009-03-05 20:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2009-10-11 09:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Messenger\\msmsgs.exe"= . R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [8/15/2009 11:46 AM 64512] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [3/19/2009 6:45 AM 93848] R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [11/30/2010 2:28 PM 98160] R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [5/18/2011 3:19 PM 21464] R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [5/15/2011 12:55 PM 98392] R2 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [3/19/2009 6:44 AM 107256] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [3/19/2009 6:44 AM 731840] R2 PD91Agent;PD91Agent;c:\program files\Raxco\PerfectDisk2008\PD91Agent.exe [9/9/2008 2:49 PM 693512] R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [5/18/2011 3:19 PM 69976] R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\VERIZONDM\bin\sprtsvc.exe [2/1/2011 6:54 AM 206120] R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [1/30/2010 7:27 PM 4463400] R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\VERIZONDM\bin\tgsrvc.exe [2/1/2011 6:54 AM 185640] S2 .EsetTrialReset;Trial Reset;c:\program files\ESET\ESET NOD32 Antivirus\Shahed.exe /s --> c:\program files\ESET\ESET NOD32 Antivirus\Shahed.exe [?] S3 dsiarhwprog;dsiarhwprog;c:\windows\system32\drivers\dsiarhwprog.sys [7/3/2010 11:44 AM 29184] S3 PD91Engine;PD91Engine;c:\program files\Raxco\PerfectDisk2008\PD91Engine.exe [9/9/2008 2:49 PM 906504] S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 2:37 PM 517096] S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [1/28/2010 5:28 PM 16168] . Contents of the 'Scheduled Tasks' folder . 2011-05-31 c:\windows\Tasks\AdobeAAMUpdater-1.0-TIM-07416AF0AF2-tim.job - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-11-28 08:44] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe" uInternet Settings,ProxyServer = http=127.0.0.1:61758 IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\documents and settings\tim\Application Data\Mozilla\Firefox\Profiles\uxsjyzcm.default\ FF - prefs.js: browser.search.selectedEngine - Bing FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/ FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z007&form=ZGAADF&q= FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: IDM CC: mozilla_cc@internetdownloadmanager.com - c:\documents and settings\tim\Application Data\IDM\idmmzcc3 FF - user.js: yahoo.homepage.dontask - true . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-06-01 09:15 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6402ab58-768a-4bee-92e4-1e551656d9ec}] @Denied: (Full) (Everyone) "Model"=dword:0000005a "Therad"=dword:0000001d "MData"=hex(0):48,b3,89,6a,ca,5a,64,70,2f,25,21,e8,db,08,d1,fd,88,cf,7c,96,84, 16,ad,55,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\ . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}] @Denied: (Full) (Everyone) "scansk"=hex(0):62,04,54,93,35,26,1a,1a,81,22,09,7d,8b,34,a2,be,28,38,d6,7a,60, d1,26,21,39,5f,c7,c3,c7,05,e4,c2,dd,a7,16,8d,2e,90,3d,af,00,00,00,00,00,00,\ . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.