Computer Hope
Software => Computer viruses and spyware => Virus and spyware removal => Topic started by: altvic on September 01, 2012, 06:53:19 AM
-
Firefox 15 is hanging and unresponsive. Tried re-installing etc. MB says it is clean and dds and adwcleaner say ok. IExplorer seems to be ok. Below is combo fix.
ComboFix 12-08-31.08 - Cesare 01/09/2012 12:52:46.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2815.1325 [GMT 1:00]
Running from: c:\users\Cesare\Downloads\ComboFix.exe
AV: Lavasoft Ad-Aware *Enabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
SP: Lavasoft Ad-Aware *Enabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\packardbell.ico
c:\programdata\FullRemove.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-08-01 to 2012-09-01 )))))))))))))))))))))))))))))))
.
.
2012-09-01 12:03 . 2012-09-01 12:03 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2012-09-01 12:03 . 2012-09-01 12:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-01 08:11 . 2012-09-01 08:11 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-01 08:11 . 2012-07-03 12:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-01 07:15 . 2012-07-13 13:08 504136 ----a-w- c:\windows\system32\EasyRedirect64.dll
2012-09-01 07:15 . 2012-07-13 13:08 364360 ----a-w- c:\windows\SysWow64\EasyRedirect.dll
2012-09-01 07:14 . 2012-09-01 07:14 -------- d-----w- c:\program files\Easy-Hide-IP
2012-08-31 17:52 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FBA07272-DF88-43EC-9087-B27B39FA6B1B}\mpengine.dll
2012-08-31 16:40 . 2012-08-31 16:40 -------- d-----w- c:\users\Cesare\AppData\Local\adaware
2012-08-31 16:40 . 2012-09-01 08:03 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2012-08-31 16:40 . 2011-12-19 11:44 60536 ----a-w- c:\windows\system32\drivers\sbhips.sys
2012-08-31 16:40 . 2011-12-19 12:21 45936 ----a-w- c:\windows\system32\sbbd.exe
2012-08-31 16:40 . 2011-10-26 13:23 57976 ----a-w- c:\windows\system32\drivers\sbredrv.sys
2012-08-31 16:40 . 2012-08-31 16:40 -------- d-----w- c:\programdata\Lavasoft
2012-08-31 16:40 . 2012-08-31 17:17 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus
2012-08-31 16:39 . 2012-08-31 16:39 -------- d-----w- c:\users\Cesare\AppData\Local\Downloaded Installations
2012-08-31 16:38 . 2012-08-31 18:25 -------- d-----w- c:\users\Cesare\AppData\Roaming\Ad-Aware Antivirus
2012-08-31 09:06 . 2012-06-26 10:25 773968 ----a-w- c:\windows\system32\msvcr100.dll
2012-08-31 03:59 . 2009-05-18 12:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-31 03:59 . 2008-04-17 11:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-08-31 03:59 . 2008-04-17 11:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-08-31 03:58 . 2012-08-31 03:58 -------- d-----w- c:\program files\iPod
2012-08-31 03:58 . 2012-08-31 03:59 -------- d-----w- c:\program files\iTunes
2012-08-31 03:58 . 2012-08-31 03:59 -------- d-----w- c:\program files (x86)\iTunes
2012-08-31 03:18 . 2012-08-31 03:18 -------- d-----w- c:\program files\Bonjour
2012-08-30 17:56 . 2012-08-30 17:56 -------- d-----w- c:\programdata\Okidata
2012-08-30 17:53 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-30 17:48 . 2010-09-10 04:49 67584 ----a-w- c:\windows\system32\okis2lna64.dll
2012-08-30 17:48 . 2010-01-27 05:05 105984 ----a-w- c:\windows\system32\okscllna64.dll
2012-08-29 07:24 . 2012-08-29 07:24 -------- d-----w- c:\users\Cesare\AppData\Roaming\iFunbox_UserCache
2012-08-29 07:24 . 2012-08-29 07:24 -------- d-----w- c:\program files (x86)\i-Funbox DevTeam
2012-08-28 18:19 . 2012-08-28 18:19 -------- d-----w- c:\users\Cesare\AppData\Local\Macromedia
2012-08-28 18:04 . 2012-08-28 18:04 -------- d-----w- c:\program files (x86)\Common Files\IVA
2012-08-28 18:04 . 2012-08-28 18:04 -------- d-----w- c:\program files (x86)\Common Files\Nuance
2012-08-28 18:02 . 2012-08-28 18:02 -------- d-----w- c:\programdata\Macrovision
2012-08-28 17:35 . 2012-08-28 17:35 -------- d-----w- c:\program files (x86)\Creative
2012-08-28 12:29 . 2012-08-28 12:29 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-08-28 12:26 . 2012-08-28 12:26 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-08-28 12:00 . 2003-11-10 17:14 729088 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2012-08-28 12:00 . 2003-11-10 17:13 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2012-08-28 12:00 . 2003-11-10 17:12 266240 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2012-08-28 12:00 . 2003-11-10 17:12 192512 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2012-08-28 12:00 . 2003-11-10 17:11 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2012-08-28 12:00 . 2012-08-28 12:00 311428 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2012-08-28 12:00 . 2012-08-28 12:00 188548 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2012-08-28 11:59 . 2012-08-28 11:59 -------- d-----w- C:\Live! Cam
2012-08-28 11:59 . 2007-06-14 08:54 99328 ----a-w- c:\windows\CtDrvIns.exe
2012-08-28 11:59 . 2007-02-15 12:26 811008 ----a-w- c:\windows\SysWow64\cximage.dll
2012-08-28 11:59 . 2005-07-07 00:07 25088 ----a-w- c:\windows\system32\CtCamMgr.dll
2012-08-28 10:33 . 2012-08-28 10:33 -------- d-----w- c:\program files (x86)\Enigma Software Group
2012-08-28 10:31 . 2012-08-31 15:50 -------- d-----w- c:\windows\CC1F6DA021D2425AB1B65B164A598450.TMP
2012-08-28 10:31 . 2012-08-28 10:31 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-08-28 10:26 . 2012-08-28 12:17 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-28 10:24 . 2012-08-28 10:24 -------- d-----w- c:\users\Cesare\AppData\Local\Scansoft
2012-08-28 10:17 . 2012-02-09 13:17 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-08-28 10:17 . 2012-02-09 13:17 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E6383379-76B9-4ABD-AAAB-7777CCF30B6D}\gapaengine.dll
2012-08-28 10:05 . 2012-08-28 10:05 -------- d-----w- c:\windows\Temp250F8E53-DD37-B6DA-3FAD-F7846A9417EE-Signatures
2012-08-28 10:00 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-08-28 10:00 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-08-28 10:00 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-08-28 10:00 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-08-28 10:00 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-08-28 10:00 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-08-28 10:00 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-08-28 09:30 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-08-28 09:30 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-08-28 09:09 . 2012-08-28 09:09 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-08-28 09:04 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-08-28 09:04 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-08-28 09:04 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2012-08-28 09:04 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-08-28 09:03 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2012-08-28 09:03 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2012-08-28 09:03 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-08-28 09:03 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-08-28 09:02 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-08-28 09:02 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-08-28 09:01 . 2011-11-17 06:35 395776 ----a-w- c:\windows\system32\webio.dll
2012-08-28 09:01 . 2011-11-17 05:35 314880 ----a-w- c:\windows\SysWow64\webio.dll
2012-08-28 09:01 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-08-28 09:01 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-08-28 09:01 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-08-28 09:01 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-08-28 09:01 . 2010-06-26 03:55 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-08-28 09:01 . 2010-06-26 03:24 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2012-08-28 09:00 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2012-08-28 09:00 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-08-28 09:00 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-08-28 09:00 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-08-28 08:59 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-28 08:59 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2012-08-28 08:59 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2012-08-28 08:58 . 2012-08-28 08:58 -------- d-----w- c:\programdata\InstallShield
2012-08-28 08:58 . 2012-08-28 08:58 -------- d-----w- c:\users\Cesare\AppData\Roaming\ScanSoft
2012-08-28 08:58 . 2012-06-09 05:43 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-08-28 08:58 . 2012-08-28 08:58 -------- d-----w- c:\program files (x86)\ScanSoft
2012-08-28 08:56 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-08-28 08:55 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-28 08:55 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-08-28 08:55 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-08-28 08:54 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2012-08-28 08:54 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2012-08-28 08:54 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2012-08-28 08:54 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
2012-08-28 08:53 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-08-28 08:53 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-08-28 08:52 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-08-28 08:52 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-08-28 08:52 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-08-28 08:52 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-08-28 08:52 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-08-28 08:52 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-08-28 08:52 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-08-28 08:52 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-08-28 08:52 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-08-28 08:51 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
2012-08-28 08:51 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
2012-08-28 08:51 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-08-28 08:51 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-08-28 08:50 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-08-28 08:50 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-08-28 08:49 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-08-28 08:48 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2012-08-28 08:48 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2012-08-28 08:48 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-28 12:17 . 2011-06-15 13:25 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-03 03:27 . 2011-06-15 08:02 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-06-25 15:04 . 2012-06-25 15:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll
2012-06-06 07:49 . 2012-06-06 07:49 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{73A89C60-CF59-4EC7-9215-9B7EF05ECEA4}]
2012-07-18 18:26 195448 ----a-w- c:\program files (x86)\Nuance\NaturallySpeaking12\Program\ieshim.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Cesare\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Cesare\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Cesare\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Cesare\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-28 39408]
"Easy-Hide-IP"="c:\program files\Easy-Hide-IP\easy-hide-ip.exe" [2012-07-13 4612424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\users\Cesare\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Cesare\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Stickies.lnk - c:\program files (x86)\Stickies\stickies.exe [2008-1-16 1122304]
Wi-Fire Connection Manager.lnk - c:\program files (x86)\hField Technologies, Inc\Wi-Fire Connection Manager\Wi-Fire Connection Manager.exe [2011-8-25 417792]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
R2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-07-12 1239952]
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-28 135664]
R2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2011-12-19 3289032]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-28 250056]
R3 esgiguard;esgiguard;c:\program files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-28 135664]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2010-04-19 22528]
R3 netr28ux;Belkin N+ Wireless USB Adapter Driver;c:\windows\system32\DRIVERS\netr28ux.sys [2011-06-14 1061888]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2011-12-19 60536]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
R3 VF0350Afx;VF0350 Audio FX;c:\windows\system32\Drivers\V0350Afx.sys [2007-06-11 214240]
R3 VF0350Vfx;VF0350 Video FX;c:\windows\system32\DRIVERS\V0350VFx.sys [2007-03-05 12288]
R3 VF0350Vid;Live! Cam Video IM (VF0350);c:\windows\system32\DRIVERS\V0350Vid.sys [2007-08-29 214976]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-06-14 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2008-06-16 55024]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-10-26 57976]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-12-08 169312]
S2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [2012-07-18 310232]
S2 EasyRedirect;EasyRedirect;c:\program files\Easy-Hide-IP\rdr\EasyRedirect.exe [2012-07-13 3542856]
S2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files (x86)\Packard Bell GameZone\GameConsole\OberonGameConsoleService.exe [2009-08-29 44312]
S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-02-10 144672]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2011-11-29 74872]
S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2009-07-04 240160]
S3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrxusb.sys [2008-07-28 1075712]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2009-08-21 84512]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-31 c:\windows\Tasks\0.job
- c:\program files (x86)\internet explorer\iexplore.exe [2012-08-28 01:00]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Cesare\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Cesare\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Cesare\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Cesare\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bbc.co.uk/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=imedia_s3720&r=173606119306p03f5v1k5y4721031q
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Cesare\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Cesare\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Open with PDF Viewer Plus - c:\program files (x86)\Nuance\PDFViewerPlus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
LSP: c:\windows\system32\EasyRedirect.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Cesare\AppData\Roaming\Mozilla\Firefox\Profiles\sdbtzu4f.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/
FF - prefs.js: network.proxy.type - 0
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-09-01 13:20:52
ComboFix-quarantined-files.txt 2012-09-01 12:20
.
Pre-Run: 36,748,992,512 bytes free
Post-Run: 36,613,259,264 bytes free
.
- - End Of File - - 5FBC790BC3BB303F89368B4FD269C0CB
[year+ old attachment deleted by admin]
-
Hi there.
Please download aswMBR from here (http://public.avast.com/%7Egmerek/aswMBR.exe)
- Save aswMBR.exe to your Desktop
- Double click aswMBR.exe to run it
- Click the Scan button to start the scan as illustrated below
(http://i1096.photobucket.com/albums/g328/Crush_PCHF/aswMBR_Scan.jpg)
Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives (http://en.wikipedia.org/wiki/False_positive)
- Once the scan finishes click Save log to save the log to your Desktop
(http://i1096.photobucket.com/albums/g328/Crush_PCHF/aswMBR_SaveLog.png)
- Copy and paste the contents of aswMBR.txt back here for review
-
Thanks DMJ
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-01 19:46:42
-----------------------------
19:46:42.604 OS Version: Windows x64 6.1.7601 Service Pack 1
19:46:42.604 Number of processors: 4 586 0x170A
19:46:42.605 ComputerName: CESARE-PC UserName: Cesare
19:46:43.393 Initialize success
19:48:40.504 AVAST engine defs: 12090100
19:48:54.964 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005c
19:48:54.968 Disk 0 Vendor: Hitachi_ ST2O Size: 305245MB BusType: 3
19:48:55.021 Disk 0 MBR read successfully
19:48:55.027 Disk 0 MBR scan
19:48:55.037 Disk 0 Windows 7 default MBR code
19:48:55.045 Disk 0 Partition 1 00 42 SFS 0 MB offset 63
19:48:55.072 Disk 0 Partition 2 00 27 Hidden NTFS WinRE NTFS 15360 MB offset 2048
19:48:55.087 Disk 0 Partition 3 80 (A) 42 SFS NTFS 100 MB offset 31459328
19:48:55.103 Disk 0 Partition 4 00 42 SFS NTFS 144846 MB offset 31664128
19:48:55.111 Disk 0 scanning C:\Windows\system32\drivers
19:48:55.119 Service scanning
19:49:23.738 Modules scanning
19:49:23.750 Disk 0 trace - called modules:
19:49:23.770 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys
19:49:24.011 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800334b060]
19:49:24.019 3 CLASSPNP.SYS[fffff88001bbd43f] -> nt!IofCallDriver -> [0xfffffa8002fc2e40]
19:49:24.031 5 ACPI.sys[fffff88000f877a1] -> nt!IofCallDriver -> \Device\0000005c[0xfffffa8002fb66f0]
19:49:25.130 AVAST engine scan C:\Windows
19:49:25.139 AVAST engine scan C:\Windows\system32
19:49:25.152 AVAST engine scan C:\Windows\system32\drivers
19:49:25.162 AVAST engine scan C:\Users\Cesare
19:49:25.173 AVAST engine scan C:\ProgramData
19:49:25.183 Scan finished successfully
19:49:58.375 Disk 0 MBR has been saved successfully to "C:\Users\Cesare\Desktop\MBR.dat"
19:49:58.389 The log file has been saved successfully to "C:\Users\Cesare\Desktop\aswMBR001.txt"
-
Please download AdwCleaner (http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner) by Xplode onto your Desktop.
- Double click on AdwCleaner.exe to run the tool.
- Click on Search.
- A logfile will automatically open after the scan has finished.
- Please post the content of that logfile in your reply.
- You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.
-
# AdwCleaner v2.000 - Logfile created 09/02/2012 at 23:16:08
# Updated 30/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Cesare - CESARE-PC
# Boot Mode : Normal
# Running from : C:\Users\Cesare\Downloads\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
***** [Registry] *****
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
-\\ Mozilla Firefox v15.0 (en-US)
Profile name : default
File : C:\Users\Cesare\AppData\Roaming\Mozilla\Firefox\Profiles\sdbtzu4f.default\prefs.js
[OK] File is clean.
-\\ Google Chrome v [Unable to get version]
File : C:\Users\Cesare\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
-\\ Opera v11.11.2109.0
File : C:\Users\Cesare\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] File is clean.
*************************
AdwCleaner[S1].txt - [5842 octets] - [01/09/2012 09:01:21]
AdwCleaner[R1].txt - [1179 octets] - [02/09/2012 12:22:01]
AdwCleaner[S2].txt - [1390 octets] - [02/09/2012 12:22:21]
AdwCleaner[R2].txt - [1151 octets] - [02/09/2012 23:16:08]
########## EOF - C:\AdwCleaner[R2].txt - [1211 octets] ##########
Cheers
altvic
-
RogueKiller log:
RogueKiller V8.0.2 [08/31/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Cesare [Admin rights]
Mode : Scan -- Date : 09/02/2012 23:20:52
¤¤¤ Bad processes : 3 ¤¤¤
[RESIDUE] iexplore.exe -- C:\Program Files (x86)\Internet Explorer\iexplore.exe -> KILLED [TermProc]
[RESIDUE] iexplore.exe -- C:\Program Files (x86)\Internet Explorer\iexplore.exe -> KILLED [TermProc]
[RESIDUE] iexplore.exe -- C:\Program Files (x86)\Internet Explorer\iexplore.exe -> KILLED [TermThr]
¤¤¤ Registry Entries : 11 ¤¤¤
[TASK][ROGUE ST] 0.job : c:\program files (x86)\internet explorer\iexplore.exe -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[FILEASSO] HKLM\[...]\command : ("C:\Program Files (x86)\Internet Explorer\iexplore.exe") -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: Hitachi HDT721032SLA SCSI Disk Device +++++
--- User ---
[MBR] b6fca15b00ab5cfcd59958d591ebc78d
[BSP] 018e58c0f60582cf2d35679dcc2f8b1b : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 0 Mo
1 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15360 Mo
2 - [ACTIVE] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 31459328 | Size: 100 Mo
3 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 31664128 | Size: 144846 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[1].txt >>
RKreport[1].txt
-
Please download and run TDSSKiller (http://support.kaspersky.com/downloads/utils/tdsskiller.exe) to your desktop as outlined below:
Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
(http://img.photobucket.com/albums/v257/MrChalee/tdss_1.jpg)
-------------------------
Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
(http://img.photobucket.com/albums/v257/MrChalee/tdss_2.jpg)
------------------------
Click the Start Scan button.
(http://img.photobucket.com/albums/v257/MrChalee/tdss_3.jpg)
-----------------------
If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue
(http://img.photobucket.com/albums/v257/MrChalee/tdss_4.jpg)
----------------------
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
(http://img.photobucket.com/albums/v257/MrChalee/tdss_5.jpg)
--------------------
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.
-------------------
Here's a summary of what to do if you would like to print it out:
If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.