Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I Own a Dell Vostro 1000 I need help!


  • This topic is locked This topic is locked
2 replies to this topic

#1 Fiallo

Fiallo

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 05 October 2010 - 11:02 AM

This is the Log I got from Combofix, They said i should post this and someone would analyze this and help me out.
Anyone have any suggestions.


My computer has been really slow, freezes up, doesn't start up right. I Believe there is a virus or malware. even tho malwarebytes didn't find anything. I need help.





LOG:


ComboFix 10-10-04.02 - Shelly 10/05/2010 10:41:35.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1918.1071 [GMT -5:00]
Running from: c:\users\Shelly\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Shelly\AppData\Roaming\inst.exe

.
((((((((((((((((((((((((( Files Created from 2010-09-05 to 2010-10-05 )))))))))))))))))))))))))))))))
.

2010-10-05 15:48 . 2010-10-05 15:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-05 14:04 . 2010-10-05 14:04 -------- d-----w- c:\users\Shelly\AppData\Roaming\Malwarebytes
2010-10-05 14:04 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-05 14:04 . 2010-10-05 14:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-05 14:04 . 2010-10-05 14:04 -------- d-----w- c:\programdata\Malwarebytes
2010-10-05 14:04 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-01 01:45 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll
2010-09-30 21:34 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2010-09-30 14:21 . 2010-05-09 09:14 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-09-30 14:21 . 2010-05-09 09:14 417792 ----a-w- c:\windows\system32\msdri.dll
2010-09-30 14:21 . 2009-12-13 09:30 465408 ----a-w- c:\windows\system32\psisdecd.dll
2010-09-30 14:21 . 2010-06-19 06:33 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-09-30 14:21 . 2010-06-19 06:33 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-09-30 14:21 . 2010-06-14 06:12 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-09-30 14:20 . 2009-09-26 05:58 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2010-09-30 14:20 . 2010-08-21 05:32 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-30 14:19 . 2010-07-29 06:30 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-09-30 14:19 . 2010-07-29 06:30 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-09-30 14:19 . 2009-10-31 05:45 2614272 ----a-w- c:\windows\explorer.exe
2010-09-30 14:19 . 2009-10-28 06:17 285696 ----a-w- c:\windows\system32\winlogon.exe
2010-09-30 14:19 . 2010-06-19 06:15 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-30 14:19 . 2009-08-29 06:57 34816 ----a-w- c:\windows\system32\msasn1.dll
2010-09-30 14:19 . 2009-12-11 07:44 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2010-09-30 14:19 . 2009-12-11 07:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2010-09-30 14:18 . 2010-06-19 06:23 37376 ----a-w- c:\windows\system32\rtutils.dll
2010-09-30 14:18 . 2010-03-04 07:33 740864 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-30 14:18 . 2010-06-08 06:02 1233920 ----a-w- c:\windows\system32\msxml3.dll
2010-09-30 14:18 . 2010-03-24 06:37 1286456 ----a-w- c:\windows\system32\ntdll.dll
2010-09-30 14:18 . 2009-10-02 04:06 728648 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2010-09-30 14:18 . 2009-09-03 07:04 1320960 ----a-w- c:\windows\system32\CertEnroll.dll
2010-09-30 14:18 . 2009-08-19 07:20 442920 ----a-w- c:\windows\system32\winresume.exe
2010-09-30 14:18 . 2009-08-19 07:20 507568 ----a-w- c:\windows\system32\winload.exe
2010-09-30 14:18 . 2009-08-29 06:54 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-30 14:17 . 2010-03-05 07:42 67584 ----a-w- c:\windows\system32\asycfilt.dll
2010-09-30 14:17 . 2010-06-22 02:47 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-09-30 14:17 . 2010-06-22 02:47 307200 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-09-30 14:17 . 2010-06-22 02:47 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-09-30 14:11 . 2010-05-27 07:24 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-09-30 14:11 . 2010-05-27 03:49 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-09-30 14:11 . 2009-10-19 14:10 70656 ----a-w- c:\windows\system32\fontsub.dll
2010-09-30 03:33 . 2010-09-30 01:24 -------- d-----w- c:\windows\Panther
2010-09-30 03:22 . 2010-09-30 01:09 -------- d-----w- C:\$WINDOWS.~Q
2010-09-30 03:18 . 2010-09-30 03:20 -------- d-----w- C:\$INPLACE.~TR
2010-09-30 01:31 . 2009-12-29 06:55 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-09-30 01:31 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll
2010-09-30 01:28 . 2009-11-25 17:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-09-30 01:28 . 2009-11-25 17:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-09-30 01:28 . 2009-11-25 17:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-09-30 01:28 . 2009-11-25 17:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-09-30 01:28 . 2009-11-25 17:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-09-30 01:27 . 2010-09-30 01:27 68320 ----a-w- c:\users\Shelly\AppData\Local\GDIPFONTCACHEV1.DAT
2010-09-30 01:24 . 2010-10-05 15:22 -------- d-----w- c:\windows\system32\wbem\Performance
2010-09-30 01:06 . 2010-09-30 01:06 21316 ----a-w- c:\windows\system32\emptyregdb.dat
2010-09-30 00:58 . 2010-09-30 00:58 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2010-09-29 15:19 . 2010-09-30 00:56 -------- d-----w- c:\users\Shelly\AppData\Roaming\ATI
2010-09-29 15:19 . 2010-09-30 00:56 -------- d-----w- c:\users\Shelly\AppData\Local\ATI
2010-09-29 15:15 . 2010-09-29 15:15 10134 ----a-r- c:\users\Shelly\AppData\Roaming\Microsoft\Installer\{DBDC98BC-90C7-0670-684F-B44E1EADA3B7}\ARPPRODUCTICON.exe
2010-09-29 15:15 . 2010-09-29 15:15 10134 ----a-r- c:\users\Shelly\AppData\Roaming\Microsoft\Installer\{82B8F51F-7FE2-B8CF-7DED-9B2763CA67BD}\ARPPRODUCTICON.exe
2010-09-29 15:14 . 2010-09-30 00:42 -------- d-----w- c:\program files\ATI Technologies
2010-09-29 15:12 . 2010-09-30 00:42 -------- d-----w- c:\program files\ATI
2010-09-29 15:12 . 2007-03-23 21:24 229376 ----a-w- c:\windows\system32\Oemdspif.dll
2010-09-29 15:00 . 2010-09-30 00:55 -------- d-----w- c:\users\Shelly\AppData\Local\Apps
2010-09-29 14:45 . 2010-09-30 00:45 -------- d-----w- c:\programdata\Uniblue
2010-09-29 14:45 . 2010-09-30 00:56 -------- d-----w- c:\users\Shelly\AppData\Roaming\Uniblue
2010-09-29 14:24 . 2010-09-29 14:24 56765 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-09-29 14:24 . 2010-09-29 14:24 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
2010-09-29 03:34 . 2010-09-30 00:45 -------- d-----w- c:\program files\Windows Live Safety Center
2010-09-24 20:14 . 2010-09-30 00:45 -------- d-----w- c:\program files\QuickTime
2010-09-14 15:31 . 2010-09-14 15:31 53632 ----a-w- c:\users\Shelly\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-05 15:29 . 2010-10-05 15:29 13014836 ----a-w- c:\programdata\SPL6F26.tmp
2010-10-05 15:21 . 2010-10-05 15:21 13014836 ----a-w- c:\programdata\SPL966B.tmp
2010-10-01 01:38 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-09-30 01:31 . 2010-01-30 20:26 -------- d-----w- c:\program files\Microsoft.NET
2010-09-30 00:56 . 2010-03-11 05:11 -------- d-----w- c:\users\Shelly\AppData\Roaming\Vso
2010-09-30 00:56 . 2010-02-15 05:48 -------- d-----w- c:\users\Shelly\AppData\Roaming\Nero
2010-09-30 00:56 . 2010-01-30 20:22 -------- d-----w- c:\users\Shelly\AppData\Roaming\U3
2010-09-30 00:56 . 2010-02-19 04:43 -------- d-----w- c:\users\Shelly\AppData\Roaming\DivX
2010-09-30 00:56 . 2010-02-12 06:28 -------- d-----w- c:\users\Shelly\AppData\Roaming\InfraRecorder
2010-09-30 00:56 . 2010-07-14 15:42 -------- d-----w- c:\users\Shelly\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-09-30 00:56 . 2010-02-12 04:32 -------- d-----w- c:\users\Shelly\AppData\Roaming\Azureus
2010-09-30 00:56 . 2010-05-11 11:48 -------- d-----w- c:\users\Shelly\AppData\Roaming\AVS4YOU
2010-09-30 00:56 . 2010-03-03 04:26 -------- d-----w- c:\users\Shelly\AppData\Roaming\Apple Computer
2010-09-30 00:56 . 2010-02-12 11:52 -------- d-----w- c:\users\Shelly\AppData\Roaming\AviDvdBurner
2010-09-30 00:44 . 2010-02-12 11:51 -------- d-----w- c:\program files\Movie DVD Maker
2010-09-30 00:44 . 2010-01-30 20:26 -------- d-----w- c:\program files\Microsoft Works
2010-09-30 00:44 . 2010-02-12 04:33 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-30 00:44 . 2010-07-21 02:08 -------- d-----w- c:\program files\Linksys
2010-09-30 00:44 . 2010-01-31 04:37 -------- d-----w- c:\program files\lx_cats
2010-09-30 00:44 . 2010-01-31 04:36 -------- d-----w- c:\program files\Lexmark 3400 Series
2010-09-30 00:44 . 2010-09-03 18:50 -------- d-----w- c:\program files\iTunes
2010-09-30 00:43 . 2010-09-03 18:50 -------- d-----w- c:\program files\iPod
2010-09-30 00:43 . 2010-04-15 07:00 -------- d-----w- c:\program files\Google
2010-09-30 00:43 . 2010-02-28 02:45 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-30 00:43 . 2010-02-19 04:41 -------- d-----w- c:\program files\DivX
2010-09-30 00:43 . 2010-05-13 18:16 -------- d-----w- c:\program files\Coupons
2010-09-30 00:43 . 2010-02-19 04:41 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-09-30 00:43 . 2010-02-15 05:21 -------- d-----w- c:\program files\Common Files\Nero
2010-09-30 00:42 . 2010-02-12 04:32 -------- d-----w- c:\program files\Common Files\i4j_jres
2010-09-30 00:42 . 2010-05-11 11:47 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-09-30 00:42 . 2010-02-19 04:41 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-09-30 00:42 . 2010-02-01 15:38 -------- d-----w- c:\program files\Common Files\Apple
2010-09-30 00:42 . 2010-06-26 14:02 -------- d-----w- c:\program files\Bonjour
2010-09-30 00:42 . 2010-01-31 05:21 -------- d-----w- c:\program files\Common Files\Adobe
2010-09-30 00:42 . 2010-01-31 05:19 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-09-30 00:42 . 2010-04-15 15:12 -------- d-----w- c:\program files\Bing Bar Installer
2010-09-30 00:42 . 2010-02-01 15:38 -------- d-----w- c:\program files\Apple Software Update
2010-09-30 00:42 . 2010-01-30 20:35 -------- d-----w- c:\program files\Alwil Software
2010-09-30 00:39 . 2010-09-30 00:39 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2010-09-29 15:35 . 2010-03-11 05:11 47360 ----a-w- c:\users\Shelly\AppData\Roaming\pcouffin.sys
2010-09-29 15:35 . 2010-03-11 05:11 47360 ----a-w- c:\users\Shelly\AppData\Roaming\pcouffin.sys
2010-09-29 15:34 . 2010-05-11 11:46 -------- d-----w- c:\program files\AVS4YOU
2010-09-29 14:25 . 2010-08-27 02:26 144696 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-09-29 14:24 . 2010-04-15 07:07 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-09-29 14:23 . 2010-08-27 02:39 193832 ----a-w- c:\programdata\DivX\Setup\finishPlugin.dll
2010-09-29 14:23 . 2010-04-15 07:07 1062184 ----a-w- c:\programdata\DivX\Setup\Resource.dll
2010-09-29 14:23 . 2010-04-15 07:07 876824 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-09-14 15:31 . 2010-01-31 05:19 53632 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-09-07 15:12 . 2010-06-30 07:17 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 15:11 . 2010-01-30 20:35 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2010-01-30 20:36 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2010-01-30 20:36 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2010-01-30 20:36 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2010-01-30 20:36 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-09-07 14:47 . 2010-01-30 20:36 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-03 18:42 . 2010-09-03 18:42 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe
2010-08-27 02:39 . 2010-08-27 02:39 56997 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-08-27 02:39 . 2010-08-27 02:39 57691 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe
2010-08-27 02:38 . 2010-08-27 02:38 54153 ----a-w- c:\programdata\DivX\DFXPlugin\Uninstaller.exe
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"EzPrint"="c:\program files\Lexmark 3400 Series\ezprint.exe" [2009-05-01 82600]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"LXCYCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCYtime.dll" [2006-11-21 106496]
"lxcymon.exe"="c:\program files\Lexmark 3400 Series\lxcymon.exe" [2009-05-01 291496]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-15 135664]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-30 1343400]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [2009-11-04 17408]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]

.
Contents of the 'Scheduled Tasks' folder

2010-10-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-15 07:00]

2010-10-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-15 07:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7c,00,66,e1,ba,96,c9,46,9e,36,48,\
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7c,00,66,e1,ba,96,c9,46,9e,36,48,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-10-05 10:51:04
ComboFix-quarantined-files.txt 2010-10-05 15:51

Pre-Run: 22,807,375,872 bytes free
Post-Run: 22,793,367,552 bytes free

- - End Of File - - 5EC1C37522BD479A871349C0DB9E3922

Edited by Budapest, 05 October 2010 - 04:01 PM.
Moved from Intros ~BP


BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:16 PM

Posted 12 October 2010 - 05:44 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    drivers32 /all
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.sys /90
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    CREATERESTOREPOINT

  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new OTL log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


In your reply, please post both OTL logs and the GMER log.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:16 PM

Posted 17 October 2010 - 06:05 AM

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users