Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FARBAR, Please Help Me!


  • This topic is locked This topic is locked
7 replies to this topic

#1 Punk4598

Punk4598

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 23 February 2012 - 05:36 PM

Farbar, I sent you a PM, but I wanted to post here just in case.

I am running Windows 7 Home Premium 64-bit.
I launched a scan and it found "Alureon-Bootkit". The end result was that a portion of the virus had been removed so it recommended that I should restart my computer.
After restarting, the Windows 7 splash screen shows up for about 2 seconds, then the blue screen of death flashes for less than 2 seconds; followed by being directed to "Windows Error Recovery" screen.

I ran FRST64, and here is my log file:

Scan result of Farbar Recovery Scan Tool Version: 23-02-2012 01
Ran by SYSTEM at 2012-02-23 17:25:44
Running from E:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup [16328736 2009-06-11] (NVIDIA Corporation)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [RunDLLEntry] "C:\Windows\system32\RunDLL32.exe" C:\Windows\system32\AmbRunE.dll,RunDLLEntry [17920 2009-02-26] (Creative Technology Ltd.)
HKLM-x32\...\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [CinemaNowMediaManagerApp] "C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe" -start [2088296 2009-06-11] (CinemaNow Inc.)
HKLM-x32\...\Run: [HControlUser] "C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [ATKOSD2] "C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [6859392 2009-08-17] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] "C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe" [170624 2009-08-19] (ASUS)
HKLM-x32\...\Run: [VolPanel] "C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe" /r [237693 2008-12-29] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] "C:\Windows\UpdReg.EXE" [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Turbo Gear Help] "C:\Program Files\ASUS\Turbo Gear\GearHelp.exe" [1026048 2009-08-05] ()
HKLM-x32\...\Run: [Turbo Gear] "C:\Program Files\ASUS\Turbo Gear\TurboGear.exe" -r [2987520 2009-08-05] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253672 2011-01-07] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKU\Matt\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1242448 2011-08-01] (Valve Corporation)
HKU\Matt\...\Run: [PlayNC Launcher] [x]
HKU\Matt\...\Run: [NCsoft] [x]
HKU\Matt\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-06-04] (Google Inc.)
HKU\Matt\...\Policies\system: [DisableTaskMgr] 0
HKU\Matt\...\Winlogon: [Shell] explorer.exe

==================== Services (Whitelisted) ======

2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-07] ()
2 BBUpdate; "C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE" [249648 2011-10-13] (Microsoft Corporation)
2 CinemaNow Service; C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [127352 2009-06-11] (CinemaNow, Inc.)
3 IDriverT; "C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" [69632 2005-04-03] (Macrovision Corporation)
2 NIS; "C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\diMaster.dll" /prefetch:1 [309688 2012-01-24] (Symantec Corporation)
2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
2 WBVGAservice; C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe [72248 2009-02-06] ()

========================== Drivers (Whitelisted) =============

2 ASMMAP64; \??\C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120215.001\BHDrvx64.sys [1157240 2011-11-30] (Symantec Corporation)
1 ccSet_NIS; C:\Windows\System32\drivers\NISx64\1305000.091\ccSetx64.sys [167048 2011-11-04] (Symantec Corporation)
1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [482936 2012-02-04] (Symantec Corporation)
1 EIO64; C:\Windows\System32\DRIVERS\EIO64.sys [16384 2009-07-22] (ASUSTeK Computer Inc.)
3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138360 2012-02-03] (Symantec Corporation)
1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120217.003\IDSvia64.sys [488568 2011-12-15] (Symantec Corporation)
1 ISODrive; \??\C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2009-02-10] (EZB Systems, Inc.)
3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
3 ManyCam; C:\Windows\System32\DRIVERS\ManyCam_x64.sys [27136 2008-03-12] (ManyCam LLC.)
3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [61952 2010-06-30] (MotioninJoy)
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120219.016\ENG64.SYS [117880 2012-02-19] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120219.016\EX64.SYS [2048632 2012-02-19] (Symantec Corporation)
3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1799680 2009-05-20] ()
3 SRTSP; C:\Windows\System32\Drivers\NISx64\1305000.091\SRTSP64.SYS [738936 2011-11-23] (Symantec Corporation)
1 SRTSPX; C:\Windows\System32\drivers\NISx64\1305000.091\SRTSPX64.SYS [37496 2011-11-23] (Symantec Corporation)
0 SymDS; C:\Windows\System32\drivers\NISx64\1305000.091\SYMDS64.SYS [451192 2011-07-25] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\NISx64\1305000.091\SYMEFA64.SYS [1092728 2011-11-23] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-01-31] (Symantec Corporation)
1 SymIRON; C:\Windows\System32\drivers\NISx64\1305000.091\Ironx64.SYS [190072 2011-11-16] (Symantec Corporation)
1 SymNetS; C:\Windows\System32\Drivers\NISx64\1305000.091\SYMNETS.SYS [405624 2011-11-16] (Symantec Corporation)
1 kgisjjsx; \??\C:\Windows\system32\drivers\kgisjjsx.sys [x]
3 tmlwf; [x]
3 tmwfp; [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-02-23 17:25 - 2012-02-23 17:26 - 0000000 ____D C:\FRST
2012-02-21 16:35 - 2012-02-21 16:35 - 0000000 ____D C:\Windows\Standalone System Sweeper
2012-02-20 14:51 - 2012-02-22 05:51 - 0000000 ____D C:\CWP
2012-02-16 20:35 - 2012-02-16 21:51 - 0010847 ____A C:\Users\Matt\Desktop\journal entry 4.docx
2012-02-16 09:34 - 2012-02-16 09:34 - 11098905 ____A C:\Users\Matt\Desktop\HensEss9e_ppt-123891.zip
2012-02-16 09:31 - 2012-02-16 09:37 - 0000000 ____D C:\Users\Matt\Desktop\Soc -101 2012
2012-02-16 09:29 - 2012-02-16 09:36 - 3988480 ____A C:\Users\Matt\Desktop\01Henslin.ppt
2012-02-14 18:33 - 2012-02-14 18:33 - 0000129 ____A C:\Windows\System32\MRT.INI
2012-02-14 18:31 - 2011-12-13 23:43 - 17790464 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-02-14 18:31 - 2011-12-13 23:16 - 10887168 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-02-14 18:31 - 2011-12-13 23:11 - 2308096 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-02-14 18:31 - 2011-12-13 23:04 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-02-14 18:31 - 2011-12-13 23:04 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-02-14 18:31 - 2011-12-13 23:03 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-02-14 18:31 - 2011-12-13 23:03 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-02-14 18:31 - 2011-12-13 23:01 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-02-14 18:31 - 2011-12-13 23:00 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-02-14 18:31 - 2011-12-13 22:59 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-02-14 18:31 - 2011-12-13 22:57 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-02-14 18:31 - 2011-12-13 22:57 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-02-14 18:31 - 2011-12-13 22:53 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-02-14 18:31 - 2011-12-13 19:30 - 12282368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-02-14 18:31 - 2011-12-13 19:10 - 9705472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-02-14 18:31 - 2011-12-13 19:04 - 1798656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-02-14 18:31 - 2011-12-13 18:57 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-02-14 18:31 - 2011-12-13 18:57 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-02-14 18:31 - 2011-12-13 18:56 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-02-14 18:31 - 2011-12-13 18:55 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-02-14 18:31 - 2011-12-13 18:54 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-02-14 18:31 - 2011-12-13 18:53 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-02-14 18:31 - 2011-12-13 18:52 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-02-14 18:31 - 2011-12-13 18:50 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-02-14 18:31 - 2011-12-13 18:50 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-02-14 18:31 - 2011-12-13 18:47 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-02-14 11:19 - 2012-01-13 20:06 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-02-14 11:19 - 2012-01-04 02:44 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-02-14 11:19 - 2012-01-04 02:44 - 0509952 ____A (Microsoft Corporation) C:\Windows\System32\ntshrui.dll
2012-02-14 11:19 - 2012-01-04 00:59 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-02-14 11:19 - 2012-01-04 00:58 - 0442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2012-02-14 11:19 - 2011-12-29 22:26 - 0515584 ____A (Microsoft Corporation) C:\Windows\System32\timedate.cpl
2012-02-14 11:19 - 2011-12-29 21:27 - 0478720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2012-02-14 11:19 - 2011-12-27 19:59 - 0498688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2012-02-14 11:19 - 2011-12-16 00:46 - 0634880 ____A (Microsoft Corporation) C:\Windows\System32\msvcrt.dll
2012-02-14 11:19 - 2011-12-15 23:52 - 0690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2012-02-14 00:09 - 2012-02-14 00:09 - 0013133 ____A C:\Windows\SysWOW64\hs_err_pid1884.log
2012-02-12 12:52 - 2012-02-12 20:39 - 0014263 ____A C:\Users\Matt\Desktop\chapter 3 soc.docx
2012-02-09 19:01 - 2012-02-12 12:52 - 0013533 ____A C:\Users\Matt\Desktop\journal2 history.docx
2012-02-05 10:12 - 2012-02-05 16:21 - 0014663 ____A C:\Users\Matt\Desktop\Article summaries #1.docx
2012-02-04 19:20 - 2012-02-04 19:20 - 0000085 ____A C:\Windows\wininit.ini
2012-02-04 19:00 - 2012-02-04 19:01 - 9502424 ____A (Malwarebytes Corporation ) C:\Users\Matt\Downloads\mbam--setup-1.60.1.1000.exe
2012-02-04 10:19 - 2012-02-05 09:19 - 0011673 ____A C:\Users\Matt\Desktop\soc chapter 2.docx
2012-02-02 09:27 - 2012-02-16 20:31 - 0000000 ____D C:\Users\Matt\AppData\Local\CrashDumps
2012-02-01 00:56 - 2012-02-01 00:56 - 0000000 __SHD C:\Windows\SysWOW64\%USERPROFILE%
2012-01-31 22:59 - 2012-01-31 22:59 - 0000012 ____A C:\Windows\srun.log
2012-01-31 09:11 - 2011-11-16 22:49 - 0152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-01-31 09:11 - 2011-11-16 22:49 - 0095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-01-31 09:11 - 2011-11-16 22:44 - 0459232 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-01-31 09:11 - 2011-11-16 22:35 - 1447936 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2012-01-31 09:11 - 2011-11-16 22:35 - 0395776 ____A (Microsoft Corporation) C:\Windows\System32\webio.dll
2012-01-31 09:11 - 2011-11-16 22:35 - 0340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-01-31 09:11 - 2011-11-16 22:35 - 0136192 ____A (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2012-01-31 09:11 - 2011-11-16 22:35 - 0029184 ____A (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2012-01-31 09:11 - 2011-11-16 22:35 - 0028160 ____A (Microsoft Corporation) C:\Windows\System32\secur32.dll
2012-01-31 09:11 - 2011-11-16 22:33 - 0031232 ____A (Microsoft Corporation) C:\Windows\System32\lsass.exe
2012-01-31 09:11 - 2011-11-16 21:35 - 0314880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2012-01-31 09:11 - 2011-11-16 21:34 - 0224768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-01-31 09:11 - 2011-11-16 21:34 - 0022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-01-31 09:11 - 2011-11-16 21:28 - 0096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-01-24 20:44 - 2012-01-29 20:48 - 0011842 ____A C:\Users\Matt\Desktop\zesfsguozgofiauewfiaguaufa.docx

============ 3 Months Modified Files and Folders =============

2012-02-23 17:26 - 2012-02-23 17:25 - 0000000 ____D C:\FRST
2012-02-22 05:51 - 2012-02-20 14:51 - 0000000 ____D C:\CWP
2012-02-21 16:35 - 2012-02-21 16:35 - 0000000 ____D C:\Windows\Standalone System Sweeper
2012-02-21 10:59 - 2009-07-13 19:18 - 0000000 __SHD C:\$Recycle.Bin
2012-02-20 12:35 - 2009-10-09 16:09 - 1078633 ____A C:\Windows\WindowsUpdate.log
2012-02-20 12:31 - 2011-06-04 11:43 - 0000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-02-20 12:23 - 2009-07-13 20:45 - 0010240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-02-20 12:23 - 2009-07-13 20:45 - 0010240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-02-20 12:16 - 2011-06-04 11:43 - 0000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-02-20 12:16 - 2009-12-25 09:25 - 0000000 ____D C:\Program Files (x86)\Steam
2012-02-20 12:16 - 2009-12-13 01:09 - 536109056 __ASH C:\hiberfil.sys
2012-02-20 12:16 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-02-20 12:16 - 2009-07-13 20:51 - 0164782 ____A C:\Windows\setupact.log
2012-02-16 21:51 - 2012-02-16 20:35 - 0010847 ____A C:\Users\Matt\Desktop\journal entry 4.docx
2012-02-16 20:31 - 2012-02-02 09:27 - 0000000 ____D C:\Users\Matt\AppData\Local\CrashDumps
2012-02-16 17:27 - 2009-12-31 12:53 - 0045056 ____A C:\Windows\System32\acovcnt.exe
2012-02-16 09:37 - 2012-02-16 09:31 - 0000000 ____D C:\Users\Matt\Desktop\Soc -101 2012
2012-02-16 09:36 - 2012-02-16 09:29 - 3988480 ____A C:\Users\Matt\Desktop\01Henslin.ppt
2012-02-16 09:34 - 2012-02-16 09:34 - 11098905 ____A C:\Users\Matt\Desktop\HensEss9e_ppt-123891.zip
2012-02-14 18:56 - 2009-12-13 01:13 - 0000174 __ASH C:\Users\Matt\Start Menu\Programs\Startup\desktop.ini
2012-02-14 18:56 - 2009-12-13 01:13 - 0000174 __ASH C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-14 18:55 - 2009-07-13 20:45 - 0342880 ____A C:\Windows\System32\FNTCACHE.DAT
2012-02-14 18:35 - 2009-07-13 21:13 - 0746568 ____A C:\Windows\System32\PerfStringBackup.INI
2012-02-14 18:34 - 2009-10-09 16:25 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-02-14 18:33 - 2012-02-14 18:33 - 0000129 ____A C:\Windows\System32\MRT.INI
2012-02-14 18:31 - 2009-12-13 01:33 - 54585368 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-02-14 00:09 - 2012-02-14 00:09 - 0013133 ____A C:\Windows\SysWOW64\hs_err_pid1884.log
2012-02-12 20:39 - 2012-02-12 12:52 - 0014263 ____A C:\Users\Matt\Desktop\chapter 3 soc.docx
2012-02-12 12:52 - 2012-02-09 19:01 - 0013533 ____A C:\Users\Matt\Desktop\journal2 history.docx
2012-02-05 16:21 - 2012-02-05 10:12 - 0014663 ____A C:\Users\Matt\Desktop\Article summaries #1.docx
2012-02-05 09:19 - 2012-02-04 10:19 - 0011673 ____A C:\Users\Matt\Desktop\soc chapter 2.docx
2012-02-04 21:11 - 2009-10-09 16:28 - 0056056 ____A C:\Windows\PFRO.log
2012-02-04 19:20 - 2012-02-04 19:20 - 0000085 ____A C:\Windows\wininit.ini
2012-02-04 19:01 - 2012-02-04 19:00 - 9502424 ____A (Malwarebytes Corporation ) C:\Users\Matt\Downloads\mbam--setup-1.60.1.1000.exe
2012-02-04 19:01 - 2011-06-03 08:39 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-02-02 20:44 - 2011-12-01 22:20 - 0010904 ____A C:\Users\Matt\Desktop\journal 13.docx
2012-02-01 00:56 - 2012-02-01 00:56 - 0000000 __SHD C:\Windows\SysWOW64\%USERPROFILE%
2012-01-31 22:59 - 2012-01-31 22:59 - 0000012 ____A C:\Windows\srun.log
2012-01-31 21:14 - 2011-12-01 16:06 - 0002514 ____A C:\Users\Public\Desktop\Norton Internet Security.lnk
2012-01-31 21:14 - 2011-12-01 16:06 - 0000000 ____D C:\Windows\System32\Drivers\NISx64
2012-01-31 16:24 - 2011-12-01 16:07 - 0175736 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS
2012-01-31 16:24 - 2011-12-01 16:07 - 0007488 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.CAT
2012-01-31 16:24 - 2011-12-01 16:07 - 0000855 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.INF
2012-01-31 16:24 - 2011-12-01 16:07 - 0000000 ____D C:\Program Files\Symantec
2012-01-29 20:48 - 2012-01-24 20:44 - 0011842 ____A C:\Users\Matt\Desktop\zesfsguozgofiauewfiaguaufa.docx
2012-01-19 10:34 - 2009-10-09 16:23 - 0000000 ____D C:\Program Files (x86)\Windows Live
2012-01-16 17:06 - 2010-02-18 21:38 - 0000000 ____D C:\Users\Matt\AppData\Local\ElevatedDiagnostics
2012-01-15 17:02 - 2012-01-15 17:02 - 0000000 ____D C:\Windows\pss
2012-01-13 20:06 - 2012-02-14 11:19 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-01-13 11:11 - 2012-01-13 11:11 - 0000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-01-10 09:37 - 2011-06-04 11:43 - 0000000 ____D C:\Users\Matt\AppData\Local\Google
2012-01-07 13:05 - 2009-07-13 21:08 - 0032654 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-01-04 02:44 - 2012-02-14 11:19 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-01-04 02:44 - 2012-02-14 11:19 - 0509952 ____A (Microsoft Corporation) C:\Windows\System32\ntshrui.dll
2012-01-04 00:59 - 2012-02-14 11:19 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-01-04 00:58 - 2012-02-14 11:19 - 0442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2011-12-29 22:26 - 2012-02-14 11:19 - 0515584 ____A (Microsoft Corporation) C:\Windows\System32\timedate.cpl
2011-12-29 21:27 - 2012-02-14 11:19 - 0478720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2011-12-29 11:54 - 2011-11-27 12:06 - 0001945 ____A C:\Windows\epplauncher.mif
2011-12-29 11:53 - 2009-07-13 19:20 - 0000000 ___HD C:\Windows\System32\GroupPolicy
2011-12-27 19:59 - 2012-02-14 11:19 - 0498688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2011-12-19 16:53 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\rescache
2011-12-16 23:23 - 2011-12-12 13:44 - 0000000 ____D C:\Users\Matt\Desktop\Final
2011-12-16 19:40 - 2011-12-16 19:32 - 0032160 ____A C:\Users\Matt\Desktop\BIO FINAL.docx
2011-12-16 00:46 - 2012-02-14 11:19 - 0634880 ____A (Microsoft Corporation) C:\Windows\System32\msvcrt.dll
2011-12-15 23:52 - 2012-02-14 11:19 - 0690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2011-12-15 23:29 - 2011-12-15 23:29 - 0012449 ____A C:\Users\Matt\Desktop\bio final 2-4.docx
2011-12-15 23:27 - 2011-11-22 18:16 - 0012455 ____A C:\Users\Matt\Desktop\journal 12.docx
2011-12-15 22:42 - 2011-12-15 22:42 - 0011993 ____A C:\Users\Matt\Desktop\Bio final 2-1.docx
2011-12-15 22:42 - 2011-10-06 19:16 - 0011999 ____A C:\Users\Matt\Desktop\Journal 4.docx
2011-12-15 21:07 - 2011-12-15 17:10 - 0031684 ____A C:\Users\Matt\Desktop\Foraging_and_Owl_Pellet_Lab.docx
2011-12-15 17:01 - 2011-12-15 17:01 - 0010688 ____A C:\Users\Matt\Desktop\journal1000000000000000000000.docx
2011-12-15 12:14 - 2011-12-15 12:14 - 0011799 ____A C:\Users\Matt\Desktop\career story..docx
2011-12-15 12:13 - 2011-12-15 12:13 - 0011791 ____A C:\Users\Matt\Documents\career story..docx
2011-12-15 12:13 - 2011-11-10 20:38 - 0011825 ____A C:\Users\Matt\Documents\journal 10.docx
2011-12-15 06:04 - 2011-12-14 16:41 - 0018288 ____A C:\Users\Matt\Desktop\ELA reasearch paper 2011.docx
2011-12-15 05:34 - 2011-12-15 05:34 - 0000162 ___AH C:\Users\Matt\Desktop\~$A reasearch paper 2011.docx
2011-12-15 05:34 - 2011-12-14 16:41 - 0016942 ___AH C:\Users\Matt\Desktop\~WRL0314.tmp
2011-12-15 00:05 - 2009-10-09 16:06 - 0000000 ____D C:\Users\All Users\Microsoft Help
2011-12-15 00:05 - 2009-10-09 16:06 - 0000000 ____D C:\ProgramData\Microsoft Help
2011-12-14 16:40 - 2011-11-10 20:38 - 0010074 ____A C:\Users\Matt\Desktop\journal 10.docx
2011-12-13 23:43 - 2012-02-14 18:31 - 17790464 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2011-12-13 23:16 - 2012-02-14 18:31 - 10887168 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2011-12-13 23:11 - 2012-02-14 18:31 - 2308096 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2011-12-13 23:04 - 2012-02-14 18:31 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2011-12-13 23:04 - 2012-02-14 18:31 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2011-12-13 23:03 - 2012-02-14 18:31 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2011-12-13 23:03 - 2012-02-14 18:31 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2011-12-13 23:01 - 2012-02-14 18:31 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2011-12-13 23:00 - 2012-02-14 18:31 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2011-12-13 22:59 - 2012-02-14 18:31 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2011-12-13 22:57 - 2012-02-14 18:31 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2011-12-13 22:57 - 2012-02-14 18:31 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2011-12-13 22:53 - 2012-02-14 18:31 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2011-12-13 19:30 - 2012-02-14 18:31 - 12282368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2011-12-13 19:10 - 2012-02-14 18:31 - 9705472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2011-12-13 19:04 - 2012-02-14 18:31 - 1798656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2011-12-13 18:57 - 2012-02-14 18:31 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2011-12-13 18:57 - 2012-02-14 18:31 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2011-12-13 18:56 - 2012-02-14 18:31 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2011-12-13 18:55 - 2012-02-14 18:31 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2011-12-13 18:54 - 2012-02-14 18:31 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2011-12-13 18:53 - 2012-02-14 18:31 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2011-12-13 18:52 - 2012-02-14 18:31 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2011-12-13 18:50 - 2012-02-14 18:31 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2011-12-13 18:50 - 2012-02-14 18:31 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2011-12-13 18:47 - 2012-02-14 18:31 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2011-12-10 12:24 - 2011-06-03 08:39 - 0023152 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2011-12-09 11:26 - 2011-12-09 11:26 - 0501688 ____A C:\Windows\Minidump\120911-24819-01.dmp
2011-12-09 11:26 - 2011-06-20 10:12 - 0000000 ____D C:\Windows\Minidump
2011-12-09 11:25 - 2011-06-20 10:12 - 602482610 ____A C:\Windows\MEMORY.DMP
2011-12-08 22:41 - 2011-12-08 22:41 - 0010850 ____A C:\Users\Matt\Desktop\journal 14.docx
2011-12-08 22:26 - 2011-10-27 21:13 - 0010834 ____A C:\Users\Matt\Desktop\plants.docx
2011-12-08 22:14 - 2011-12-08 12:28 - 3479291 ____A C:\Users\Matt\Desktop\LAB_12_Animalia.docx
2011-12-06 22:42 - 2011-12-06 22:42 - 0001144 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2011-12-06 22:42 - 2011-07-07 08:58 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2011-12-05 11:11 - 2011-08-27 11:55 - 0000000 ____D C:\Users\Matt\Desktop\summer in the city
2011-12-03 03:47 - 2009-10-09 16:38 - 0001679 ____A C:\Windows\System32\ServiceFilter.ini
2011-12-01 16:07 - 2011-12-01 16:07 - 0000000 ____D C:\Program Files\Common Files\Symantec Shared
2011-12-01 16:06 - 2011-12-01 16:06 - 0000000 ____D C:\Program Files (x86)\Norton Internet Security
2011-12-01 16:06 - 2011-06-26 03:46 - 0000000 ____D C:\Users\All Users\Norton
2011-12-01 16:06 - 2011-06-26 03:46 - 0000000 ____D C:\ProgramData\Norton
2011-12-01 16:01 - 2011-06-26 03:46 - 0000000 ____D C:\Users\All Users\NortonInstaller
2011-12-01 16:01 - 2011-06-26 03:46 - 0000000 ____D C:\ProgramData\NortonInstaller
2011-12-01 16:00 - 2011-12-01 16:00 - 0000000 ____D C:\Program Files (x86)\NortonInstaller
2011-11-30 02:55 - 2011-11-27 11:43 - 0023686 ____A C:\Users\Matt\Desktop\Jackie Robinson and the American dilemma.docx
2011-11-28 20:01 - 2011-11-23 11:28 - 0000000 ____D C:\Program Files (x86)\CD4A7
2011-11-28 19:16 - 2011-11-28 19:16 - 0000320 ____A C:\Users\All Users\~ShJwVjc8TQGTlP
2011-11-28 19:16 - 2011-11-28 19:16 - 0000320 ____A C:\ProgramData\~ShJwVjc8TQGTlP
2011-11-28 19:16 - 2011-11-28 19:16 - 0000224 ____A C:\Users\All Users\~ShJwVjc8TQGTlPr
2011-11-28 19:16 - 2011-11-28 19:16 - 0000224 ____A C:\ProgramData\~ShJwVjc8TQGTlPr
2011-11-28 19:12 - 2009-10-09 16:38 - 0002170 ____A C:\Windows\System32\AutoRunFilter.ini
2011-11-28 19:10 - 2011-11-23 11:27 - 0000000 ____D C:\Users\Matt\AppData\Roaming\Soloemo
2011-11-28 16:10 - 2011-11-28 15:43 - 0385838 ____A C:\Windows\ntbtlog.txt
2011-11-28 15:57 - 2011-11-23 11:27 - 0000000 ____D C:\Users\Matt\AppData\Roaming\Hacuweu
2011-11-27 19:58 - 2011-08-27 11:56 - 0038704 ____A (NCSoft) C:\Users\Matt\Desktop\NCLauncher.exe
2011-11-27 12:58 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2011-11-27 12:11 - 2011-11-23 11:27 - 0000000 ____D C:\Users\Matt\AppData\Roaming\B08CD
2011-11-27 12:06 - 2011-11-27 12:06 - 0749728 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2011-11-27 12:04 - 2009-07-13 18:34 - 0000824 ____N C:\Windows\System32\Drivers\etc\hosts
2011-11-26 14:24 - 2011-11-26 14:24 - 0795838 ____A C:\Users\Matt\Desktop\LAB_11PLANTAE_Report.docx

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe
[2011-04-26 20:07] - [2011-02-24 21:30] - 2616320 ____A (Microsoft Corporation) 8B88EBBB05A0E56B7DCC708498C02B3E

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 10%
Total physical RAM: 6143.04 MB
Available physical RAM: 5489.43 MB
Total Pagefile: 6141.18 MB
Available Pagefile: 5477.09 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:431.58 GB) (Free:334.74 GB) NTFS ==>[Drive with boot components (obtanied from BCD)]
3 Drive e: (CWP Bench) (Removable) (Total:3.73 GB) (Free:2.71 GB) NTFS
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 19 GB
Disk 1 Online 3819 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 14 GB 1024 KB
Partition 2 Primary 431 GB 14 GB

Disk: 0
Partition 1
Type : 1C
Hidden: Yes
Active: No

There is no volume associated with this partition.

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C OS NTFS Partition 431 GB Healthy

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3818 MB 16 KB

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E CWP Bench NTFS Removable 3818 MB Healthy


==========================================================
TDL4: custom:26000022


==========================================================

Last Boot: 2012-02-20 00:09

======================= End Of Log ==========================

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:47 PM

Posted 24 February 2012 - 02:16 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

TDL4: custom:26000022
CMD: bootrec /FixMbr


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Punk4598

Punk4598
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 24 February 2012 - 03:09 PM

Log from fix:
Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 23-02-2012 01
Ran by SYSTEM at 2012-02-24 15:01:53 R:1
Running from E:\

==============================================


The operation completed successfully.
The operation completed successfully.

========= bootrec /FixMbr =========

˙ūT h e o p e r a t i o n c o m p l e t e d s u c c e s s f u l l y .

========= End of CMD: =========


==== End of Fixlog ====




**THANK YOU VERY MUCH KIND PEOPLE!!!!!! YOU SAVED ME FROM REINSTALLING WINDOWS 7**
I tried Fixmbr manually myself and it did not work. I guess your program helped out :)

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:47 PM

Posted 24 February 2012 - 03:17 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Punk4598

Punk4598
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 24 February 2012 - 04:30 PM

Laptop is running fine. I ran MBAM, Spybot, and Norton and all came back clean except for a few tracking cookies.
No Problems at all.


ComboFix Log:

ComboFix 12-02-24.02 - Matt 02/24/2012 16:06:56.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6143.4196 [GMT -5:00]
Running from: c:\users\Matt\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\LP
c:\program files (x86)\LP\141B\121A.tmp
c:\program files (x86)\LP\141B\2230.tmp
c:\program files (x86)\LP\141B\5264.tmp
c:\program files (x86)\LP\141B\907E.tmp
c:\program files (x86)\LP\141B\BE20.tmp
c:\program files (x86)\LP\141B\CA7F.tmp
c:\program files (x86)\LP\141B\EE15.tmp
c:\program files (x86)\LP\141B\F9C8.tmp
c:\program files (x86)\Search Toolbar
c:\program files (x86)\Search Toolbar\icon.ico
c:\users\Matt\AppData\Local\assembly\tmp
c:\users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix
c:\users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix\System Fix.lnk
c:\users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix\Uninstall System Fix.lnk
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-01-24 to 2012-02-24 )))))))))))))))))))))))))))))))
.
.
2012-02-24 21:12 . 2012-02-24 21:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-24 20:32 . 2012-02-24 20:32 -------- d-----w- c:\program files\iPod
2012-02-24 20:32 . 2012-02-24 20:32 -------- d-----w- c:\program files\iTunes
2012-02-24 20:32 . 2012-02-24 20:32 -------- d-----w- c:\program files (x86)\iTunes
2012-02-24 20:28 . 2012-02-24 20:28 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-02-24 20:28 . 2012-02-24 20:28 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-02-24 20:28 . 2012-02-24 20:28 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-02-24 20:28 . 2012-02-24 20:28 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-02-24 20:28 . 2012-02-24 20:28 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-02-24 20:28 . 2012-02-24 20:28 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-02-24 20:28 . 2012-02-24 20:28 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-02-24 20:27 . 2012-02-24 20:28 -------- d-----w- c:\program files (x86)\QuickTime
2012-02-24 20:25 . 2012-02-24 20:25 -------- d-----w- c:\program files\Bonjour
2012-02-24 20:25 . 2012-02-24 20:25 -------- d-----w- c:\program files (x86)\Bonjour
2012-02-24 20:10 . 2012-02-24 20:10 -------- d-----w- c:\program files (x86)\Belarc
2012-02-24 01:25 . 2012-02-24 01:26 -------- d-----w- C:\FRST
2012-02-22 00:35 . 2012-02-22 00:35 -------- d-----w- c:\windows\Standalone System Sweeper
2012-02-20 22:51 . 2012-02-22 13:51 -------- d-----w- C:\CWP
2012-02-14 19:19 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-14 19:19 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-14 19:19 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-14 19:19 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-14 19:19 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-14 19:19 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-14 19:19 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-14 19:19 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-02 17:27 . 2012-02-17 04:31 -------- d-----w- c:\users\Matt\AppData\Local\CrashDumps
2012-02-01 08:56 . 2012-02-01 08:56 -------- d-sh--w- c:\windows\SysWow64\%USERPROFILE%
2012-02-01 00:23 . 2012-02-01 05:12 -------- d-----w- c:\windows\system32\drivers\NISx64\1305000.091
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-24 21:14 . 2009-12-31 20:53 45056 ----a-w- c:\windows\system32\acovcnt.exe
2012-02-01 00:24 . 2011-12-02 00:07 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2011-12-10 20:24 . 2011-06-03 16:39 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-02-09 23:06 764296 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2009-02-09 764296]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-08-02 1242448]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-08-17 6859392]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-08-20 170624]
"VolPanel"="c:\program files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe" [2008-12-29 237693]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Turbo Gear Help"="c:\program files\ASUS\Turbo Gear\GearHelp.exe" [2009-08-06 1026048]
"Turbo Gear"="c:\program files\ASUS\Turbo Gear\TurboGear.exe" [2009-08-06 2987520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
R1 kgisjjsx;kgisjjsx;c:\windows\system32\drivers\kgisjjsx.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-04 136176]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2009-10-10 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-10-10 79360]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-04 136176]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [x]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1305000.091\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1305000.091\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120215.001\BHDrvx64.sys [2011-12-01 1157240]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1305000.091\ccSetx64.sys [x]
S1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120223.002\IDSvia64.sys [2011-12-15 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1305000.091\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1305000.091\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
S2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2009-06-11 127352]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe [2011-11-30 138248]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
S2 WBVGAservice;WB VGA Service;c:\program files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe [2009-02-06 72248]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-04 138360]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-04 19:43]
.
2012-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-04 19:43]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 23:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-11 16328736]
"RunDLLEntry"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:49253
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: cinemanow.com
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 24.92.226.11 24.92.226.12
FF - ProfilePath - c:\users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\wfpabkt7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 49253
FF - prefs.js: network.proxy.type - 1
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-PlayNC Launcher - (no file)
Wow6432Node-HKCU-Run-NCsoft - (no file)
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-ASUS_ScreenSaver_GSeries - c:\windows\system32\ASUS_ScreenSaver_GSeries.scr
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.5.0.145\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1144954076-3440943499-1613949985-1000\Software\SecuROM\License information*]
"datasecu"=hex:e7,01,ee,d6,b6,46,2e,11,76,8c,1e,b7,ce,1a,e7,46,e4,d1,3a,b7,f7,
f8,c3,5b,70,fe,c1,8f,3c,5e,17,c0,12,0c,a9,aa,98,d1,ed,94,65,e4,77,37,fe,49,\
"rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Hotkey\WDC.exe
c:\program files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\wbctlvga.exe
c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe
c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
.
**************************************************************************
.
Completion time: 2012-02-24 16:20:11 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-24 21:20
.
Pre-Run: 359,462,866,944 bytes free
Post-Run: 361,554,231,296 bytes free
.
- - End Of File - - 9A7BF0A8005302EB86B6210401DD05AA

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:47 PM

Posted 24 February 2012 - 05:12 PM

Greetings

Laptop is running fine. - that is great news!! I am going to give it a good cleaning out to make sure.

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:47 PM

Posted 27 February 2012 - 12:48 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:47 PM

Posted 01 March 2012 - 09:50 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users