Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

have a couple of serious laptop issues


  • This topic is locked This topic is locked
42 replies to this topic

#1 simon.mall

simon.mall

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:30 PM

Posted 27 May 2013 - 03:22 PM

Hello,

 

I have been futzing around for about two weeks, and getting nowhere, so I am swallowing pride, and contacting the pros...

 

I have a Dell Inspiron Laptop, model 1545, running Win 7 Home Premium 64 bit, that has a couple of serious issues:

 

 

 

1.  It cannot connect to the internet, either wirelessly, or with an ethernet cable.  (Wireless router is up and running)

 

 

2.  Most programs will not run, returning the warning  "The subsystem needed to support the image type is not present."

 

 

When I first got this laptop from a friend to clean, I was able to run Avast, and remove about 500 infections...since then, nothing wants to run, and I lost the internet.  Trying to enter "Device Manager" to uninstall, reinstall, but I cannot even get into "Device Manager".

 

Any ideas?  or am I looking at my future boat anchor?

 

Thanks,

Simon



BC AdBot (Login to Remove)

 


#2 simon.mall

simon.mall
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:30 PM

Posted 29 May 2013 - 03:17 PM

I've noticed that a lot of the advice starts with scanning/posting DDS...I tried, but am unable due to error: 

 

 

The subsystem needed to support the image type is not present.

 

 

Where do/can I go from here?

 

thanks



#3 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:12:30 PM

Posted 30 May 2013 - 10:26 AM

Hi simon.mall,

:welcome: to Bleeping Computer.

My name is Jason and I'll be helping you with your computer problems. You can call me by my screename jntkwx or Jason is fine.

Some things to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please do not attach logs or put logs in code or quote boxes (unless explicitly asked to)
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can also help.
  • Do not run anything while running a fix.
  • If you don't understand a step, please ask for clarification before continuing with any future steps.

In the upper right hand corner of the topic you will see the Follow This Topic button. Click on this then choose Receive Notification Immediately and then click Follow This Topic and you will be sent an email once I have posted a response and make the cleaning process faster.

Note to others: The instructions here are intended for the person who began this topic. If you need help, please create your own topic in the appropriate forum.

 

 

FRST

  • Please download Farbar Recovery Scan Tool and save it to a flash drive.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    Plug the flashdrive into the infected PC.
    :spacer:
  • Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
    To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html



    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
  • On the System Recovery Options menu you will get the following options:
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt


    Select Command Prompt
    :spacer:
  • Once in the Command Prompt:
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#4 simon.mall

simon.mall
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:30 PM

Posted 30 May 2013 - 06:25 PM

Jason,

 

Thanks for getting back to me...here are results of FRST scan...

 

 

Simon

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-05-2013 01
Ran by SYSTEM on 30-05-2013 19:21:29
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery
 
The current controlset is ControlSet003
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1281512 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [1832760 2012-09-20] (Logitech, Inc.)
HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot [273528 2011-09-15] (RealNetworks, Inc.)
HKLM-x32\...\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [114992 2011-08-01] (SweetIM Technologies Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [StartNowToolbarHelper] "C:\Program Files (x86)\StartNow Toolbar\ToolbarHelper.exe" [x]
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [x]
HKLM-x32\...\Run: [NACAgentUI] C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe [524512 2011-03-09] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.)
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [x]
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized [523216 2011-08-03] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [209153 2009-03-02] (Avira GmbH)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35736 2010-11-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [932288 2010-11-10] (Adobe Systems Incorporated)
HKU\Vicky\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1597864 2013-02-15] (Valve Corporation)
HKU\Vicky\...\Run: [StartNow Search Protect] "C:\Program Files (x86)\StartNow Toolbar\search_protect.exe" /RELAY /REPORT /PROTECT [x]
HKU\Vicky\...\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\Vicky\...\Run: [MediaGet2] C:\Users\Vicky\AppData\Local\MediaGet2\mediaget.exe --minimized [x]
HKU\Vicky\...\Run: [iFunBoxConnector] "C:\Program Files (x86)\i-Funbox DevTeam\ifb_conn.exe" [812544 2012-11-19] ()
HKU\Vicky\...\Run: [Facebook Update] "C:\Users\Vicky\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-11] (Facebook Inc.)
HKU\Vicky\...\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent [3325952 2009-03-28] (Electronic Arts)
 
==================== Services (Whitelisted) =================
 
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [108289 2009-05-13] (Avira GmbH)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [185089 2009-05-11] (Avira GmbH)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
S2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\diMaster.dll [135032 2010-04-29] (Symantec Corporation)
S2 NACAgent; C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe [1104608 2011-03-09] (Cisco Systems, Inc.)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
S3 FLEXnet Licensing Service; "C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" [x]
S3 Microsoft Office Groove Audit Service; "C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe" [x]
S3 odserv; "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE" [x]
S2 SkypeUpdate; "C:\Program Files (x86)\Skype\Updater\Updater.exe" [x]
S2 vpnagent; "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe" [x]
 
==================== Drivers (Whitelisted) ====================
 
S2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
S1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1025808 2013-05-09] (AVAST Software)
S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378432 2013-05-09] (AVAST Software)
S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-05-09] ()
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [73048 2009-04-06] (Avira GmbH)
S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20130412.001\BHDrvx64.sys [1390680 2013-04-12] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-09] (Symantec Corporation)
S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20130426.001\IDSvia64.sys [513184 2012-08-31] (Symantec Corporation)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20130426.023\ENG64.SYS [126192 2013-01-18] (Symantec Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [173104 2011-01-30] (Symantec Corporation)
S3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [254464 2011-04-22] (Jungo)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S1 ccHP; \SystemRoot\system32\drivers\N360x64\0404000.00C\ccHPx64.sys [x]
S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20130426.023\EX64.SYS [x]
S1 nsiproxy; system32\drivers\nsiproxy.sys [x]
S0 SmartDefragDriver; System32\Drivers\SmartDefragDriver.sys [x]
S3 SRTSP; \SystemRoot\System32\Drivers\N360x64\0404000.00C\SRTSP64.SYS [x]
S1 SRTSPX; \SystemRoot\system32\drivers\N360x64\0404000.00C\SRTSPX64.SYS [x]
S0 SymDS; system32\drivers\N360x64\0404000.00C\SYMDS64.SYS [x]
S0 SymEFA; system32\drivers\N360x64\0404000.00C\SYMEFA64.SYS [x]
S1 SymIRON; \SystemRoot\system32\drivers\N360x64\0404000.00C\Ironx64.SYS [x]
S1 SYMTDIv; \SystemRoot\System32\Drivers\N360x64\0404000.00C\SYMTDIV.SYS [x]
S2 wuaserv;  
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-05-28 15:34 - 2013-05-28 15:34 - 00277432 ____A C:\Windows\Minidump\052813-29515-01.dmp
2013-05-28 15:33 - 2013-05-28 15:33 - 485448475 ____A C:\Windows\MEMORY.DMP
2013-05-27 10:51 - 2013-05-27 11:03 - 00000035 ____A C:\Users\Vicky\AppData\Roaming\mbam.context.scan
2013-05-26 19:52 - 2013-05-26 19:52 - 00000000 ____D C:\FRST
2013-05-26 09:12 - 2013-05-26 09:12 - 00002154 ____A C:\Windows\epplauncher.mif
2013-05-26 09:11 - 2013-05-26 09:12 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-05-26 09:11 - 2013-05-26 09:11 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-05-26 09:10 - 2010-04-09 03:06 - 00374664 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2013-05-26 03:50 - 2013-05-30 14:55 - 00865088 ____A C:\Windows\WindowsUpdate.log
2013-05-17 12:51 - 2013-05-17 12:51 - 16948616 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-05-17 11:02 - 2013-05-30 15:14 - 00003986 ____A C:\Windows\setupact.log
2013-05-17 11:02 - 2013-05-17 11:02 - 00000000 ____A C:\Windows\setuperr.log
2013-05-16 17:32 - 2013-05-16 17:32 - 00000000 ____D C:\ProgramData\Avira
2013-05-16 17:32 - 2013-05-16 17:32 - 00000000 ____D C:\Program Files (x86)\Avira
2013-05-16 17:32 - 2009-05-11 06:12 - 00028520 ____A (Avira GmbH) C:\Windows\SysWOW64\Drivers\ssmdrv.sys
2013-05-16 17:32 - 2009-04-06 06:51 - 00073048 ____A (Avira GmbH) C:\Windows\System32\Drivers\avgntflt.sys
2013-05-16 17:12 - 2013-03-07 00:41 - 00003883 ____A C:\build.dat
2013-05-16 17:12 - 2013-03-07 00:41 - 00000000 ____D C:\int
2013-05-16 17:12 - 2013-03-07 00:40 - 01707880 ____A (Avira Operations GmbH & Co. KG) C:\avwebloadergui.dll
2013-05-16 17:12 - 2013-03-07 00:40 - 00126824 ____A (Avira Operations GmbH & Co. KG) C:\scewxmlw.dll
2013-05-16 17:12 - 2013-03-07 00:40 - 00046440 ____A (Avira Operations GmbH & Co. KG) C:\avwebloader.dll
2013-05-16 17:12 - 2013-03-07 00:40 - 00019304 ____A (Avira Operations GmbH & Co. KG) C:\rcnwload_es.dll
2013-05-16 17:12 - 2013-03-07 00:39 - 00021864 ____A (Avira Operations GmbH & Co. KG) C:\rcNwLoad_pt.dll
2013-05-16 17:12 - 2013-03-07 00:39 - 00020328 ____A (Avira Operations GmbH & Co. KG) C:\rcNwLoad_fr.dll
2013-05-16 17:12 - 2013-03-07 00:39 - 00019816 ____A (Avira Operations GmbH & Co. KG) C:\rcnwload_nl.dll
2013-05-16 17:12 - 2013-03-07 00:39 - 00019816 ____A (Avira Operations GmbH & Co. KG) C:\rcNwLoad_it.dll
2013-05-16 17:12 - 2013-03-07 00:39 - 00019304 ____A (Avira Operations GmbH & Co. KG) C:\rcNwLoad_zhtw.dll
2013-05-16 17:12 - 2013-03-07 00:39 - 00019304 ____A (Avira Operations GmbH & Co. KG) C:\rcNwLoad_zhcn.dll
2013-05-16 17:12 - 2013-03-07 00:39 - 00019304 ____A (Avira Operations GmbH & Co. KG) C:\rcnwload_tr.dll
2013-05-16 17:12 - 2013-03-07 00:39 - 00018792 ____A (Avira Operations GmbH & Co. KG) C:\rcNwLoad_ru.dll
2013-05-16 17:12 - 2013-03-07 00:39 - 00018280 ____A (Avira Operations GmbH & Co. KG) C:\rcnwload_ar.dll
2013-05-16 17:12 - 2013-03-07 00:39 - 00017256 ____A (Avira Operations GmbH & Co. KG) C:\rcNwLoad_ko.dll
2013-05-16 17:12 - 2013-03-07 00:39 - 00017256 ____A (Avira Operations GmbH & Co. KG) C:\rcNwLoad_jp.dll
2013-05-16 17:12 - 2013-02-01 01:04 - 00049000 ____A (Avira Operations GmbH & Co. KG) C:\avmres.dll
2013-05-16 17:12 - 2013-02-01 01:04 - 00019304 ____A (Avira Operations GmbH & Co. KG) C:\rcnwload_en.dll
2013-05-16 17:12 - 2013-02-01 01:03 - 00913768 ____A (Avira Operations GmbH & Co. KG) C:\rcimage.dll
2013-05-16 17:12 - 2013-02-01 01:03 - 00019304 ____A (Avira Operations GmbH & Co. KG) C:\rcNwLoad_de.dll
2013-05-16 17:12 - 2013-02-01 01:03 - 00004347 ____A C:\loadercontrol.xml
2013-05-16 17:12 - 2012-11-08 00:01 - 00421200 ____A (Microsoft Corporation) C:\msvcp100.dll
2013-05-16 17:12 - 2012-09-19 03:14 - 02064232 ____A (Avira Operations GmbH & Co. KG) C:\update.dll
2013-05-16 17:12 - 2012-09-19 03:14 - 00005160 ____A C:\updatemsg.avr
2013-05-16 15:43 - 2013-05-17 11:01 - 00200540 ____A C:\Windows\PFRO.log
2013-05-16 15:36 - 2013-05-16 15:36 - 00001922 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-05-16 15:36 - 2013-05-16 15:36 - 00000350 ___AH C:\Windows\Tasks\avast! Emergency Update.job
2013-05-16 15:36 - 2013-05-16 15:36 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2013-05-16 15:36 - 2013-05-09 00:59 - 01025808 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2013-05-16 15:36 - 2013-05-09 00:59 - 00378432 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2013-05-16 15:36 - 2013-05-09 00:59 - 00189936 ____A C:\Windows\System32\Drivers\aswVmm.sys
2013-05-16 15:36 - 2013-05-09 00:59 - 00080816 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2013-05-16 15:36 - 2013-05-09 00:59 - 00072016 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2013-05-16 15:36 - 2013-05-09 00:59 - 00065336 ____A C:\Windows\System32\Drivers\aswRvrt.sys
2013-05-16 15:36 - 2013-05-09 00:59 - 00064288 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2013-05-16 15:36 - 2013-05-09 00:59 - 00033400 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2013-05-16 15:36 - 2013-05-09 00:58 - 00287840 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2013-05-16 15:35 - 2013-05-16 15:35 - 00000000 ____D C:\Program Files\AVAST Software
2013-05-16 15:35 - 2013-05-09 00:58 - 00041664 ____A (AVAST Software) C:\Windows\avastSS.scr
2013-05-16 15:34 - 2013-05-16 15:35 - 00000000 ____D C:\ProgramData\AVAST Software
2013-05-16 15:03 - 2013-05-16 15:21 - 117478104 ____A C:\Users\Vicky\Downloads\avast_free_antivirus_setup.exe
2013-05-16 14:59 - 2013-05-16 14:59 - 02240352 ____A (Kaspersky Lab ZAO) C:\Users\Vicky\Downloads\tdsskiller.exe
2013-05-16 14:54 - 2013-05-16 15:30 - 274602838 ____A C:\Users\Vicky\Downloads\EmsisoftEmergencyKit.zip
2013-05-16 14:31 - 2013-05-16 14:31 - 00000000 ____D C:\Users\Vicky\AppData\Roaming\Malwarebytes
2013-05-16 14:30 - 2013-05-16 14:50 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-16 14:30 - 2013-05-16 14:30 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-05-16 14:30 - 2013-04-04 10:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-05-16 14:29 - 2013-05-16 14:29 - 10285040 ____A (Malwarebytes Corporation                                    ) C:\Users\Vicky\Downloads\mbam-setup-1.75.0.1300.exe
2013-05-16 14:16 - 2013-05-16 14:16 - 00021792 ____A C:\ComboFix.txt
2013-05-16 14:09 - 2013-05-16 14:16 - 00000000 ____D C:\ComboFix
2013-05-14 12:03 - 2013-05-16 14:16 - 00000000 ____D C:\Qoobox
2013-05-14 12:03 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-05-14 12:02 - 2013-05-16 14:05 - 00000000 ____D C:\Windows\erdnt
2013-05-14 11:00 - 2013-05-14 11:00 - 00000000 ____D C:\Windows\pss
2013-05-14 10:35 - 2013-05-14 10:35 - 00000450 ____A C:\Windows\Tasks\COMODO Updater.job
2013-05-14 10:34 - 2013-05-14 10:41 - 00000987 ____A C:\Users\Public\Desktop\COMODO System-Cleaner.lnk
2013-05-14 10:34 - 2013-05-14 10:34 - 00000000 ____D C:\Program Files\COMODO
2013-05-14 09:18 - 2013-05-14 09:18 - 00000050 ____A C:\Users\Vicky\.directory
2013-05-14 09:17 - 2013-05-14 09:17 - 00180000 ____A (Kaspersky Lab) C:\Users\Vicky\Desktop\kss12.0.1.117EN_RU_DE_FR_2926.exe
2013-05-11 11:52 - 2013-05-11 11:52 - 00000000 ____D C:\Users\Vicky\AppData\Roaming\IObit
2013-05-11 11:52 - 2013-05-11 11:52 - 00000000 ____D C:\ProgramData\IObit
2013-05-11 11:52 - 2013-05-11 11:52 - 00000000 ____D C:\Program Files (x86)\IObit
2013-05-11 11:52 - 2012-05-08 14:34 - 00032600 ____A (IObit) C:\Windows\System32\SmartDefragBootTime.exe
2013-05-11 11:52 - 2010-11-26 14:02 - 00017720 ____A C:\Windows\System32\Drivers\SmartDefragDriver.sys
2013-05-11 11:46 - 2013-05-14 10:33 - 00000000 ____D C:\Program Files\CCleaner
2013-05-11 11:07 - 2013-05-11 11:07 - 00006832 ____N C:\bootsqm.dat
2013-05-02 14:48 - 2013-05-02 15:29 - 00000000 ____D C:\ProgramData\ETTB
 
==================== One Month Modified Files and Folders =======
 
2013-05-30 15:14 - 2013-05-17 11:02 - 00003986 ____A C:\Windows\setupact.log
2013-05-30 15:14 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-30 14:55 - 2013-05-26 03:50 - 00865088 ____A C:\Windows\WindowsUpdate.log
2013-05-28 15:43 - 2009-07-13 20:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-28 15:43 - 2009-07-13 20:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-28 15:40 - 2009-07-13 21:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-28 15:34 - 2013-05-28 15:34 - 00277432 ____A C:\Windows\Minidump\052813-29515-01.dmp
2013-05-28 15:34 - 2011-02-02 12:23 - 00000000 ____D C:\Windows\Minidump
2013-05-28 15:33 - 2013-05-28 15:33 - 485448475 ____A C:\Windows\MEMORY.DMP
2013-05-28 12:56 - 2013-05-14 11:00 - 00000000 ____D C:\Windows\pss
2013-05-27 15:37 - 2011-09-13 11:19 - 00000928 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-313215869-768390203-734742281-1001UA.job
2013-05-27 15:37 - 2011-09-13 11:19 - 00000906 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-313215869-768390203-734742281-1001Core.job
2013-05-27 12:10 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2013-05-27 11:03 - 2013-05-27 10:51 - 00000035 ____A C:\Users\Vicky\AppData\Roaming\mbam.context.scan
2013-05-26 19:52 - 2013-05-26 19:52 - 00000000 ____D C:\FRST
2013-05-26 09:12 - 2013-05-26 09:12 - 00002154 ____A C:\Windows\epplauncher.mif
2013-05-26 09:12 - 2013-05-26 09:11 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-05-26 09:11 - 2013-05-26 09:11 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-05-26 07:22 - 2013-03-13 10:35 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-05-26 07:22 - 2013-02-06 16:43 - 00000000 ____D C:\Users\Vicky\Documents\Pathfinder
2013-05-26 07:22 - 2011-11-21 14:21 - 00000000 ____D C:\Users\Vicky\Downloads\gs
2013-05-26 07:22 - 2011-11-08 16:13 - 00000000 ____D C:\Users\Vicky\AppData\Local\MediaGet2
2013-05-26 07:22 - 2011-02-17 15:04 - 00000000 ____D C:\Users\Vicky\Documents\Angry Birds PC
2013-05-26 07:22 - 2011-02-05 08:10 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-05-26 07:22 - 2011-01-31 16:13 - 00000000 ____D C:\Program Files (x86)\SecondLifeViewer2
2013-05-26 07:21 - 2013-03-13 10:35 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-05-26 07:21 - 2012-05-06 18:57 - 00000000 ____D C:\Program Files\Paint.NET
2013-05-26 07:21 - 2011-11-29 19:33 - 00000000 ____D C:\Program Files (x86)\BESMCG
2013-05-24 15:44 - 2009-07-13 21:08 - 00032604 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-05-17 12:51 - 2013-05-17 12:51 - 16948616 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-05-17 11:02 - 2013-05-17 11:02 - 00000000 ____A C:\Windows\setuperr.log
2013-05-17 11:01 - 2013-05-16 15:43 - 00200540 ____A C:\Windows\PFRO.log
2013-05-16 17:32 - 2013-05-16 17:32 - 00000000 ____D C:\ProgramData\Avira
2013-05-16 17:32 - 2013-05-16 17:32 - 00000000 ____D C:\Program Files (x86)\Avira
2013-05-16 15:36 - 2013-05-16 15:36 - 00001922 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-05-16 15:36 - 2013-05-16 15:36 - 00000350 ___AH C:\Windows\Tasks\avast! Emergency Update.job
2013-05-16 15:36 - 2013-05-16 15:36 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2013-05-16 15:35 - 2013-05-16 15:35 - 00000000 ____D C:\Program Files\AVAST Software
2013-05-16 15:35 - 2013-05-16 15:34 - 00000000 ____D C:\ProgramData\AVAST Software
2013-05-16 15:30 - 2013-05-16 14:54 - 274602838 ____A C:\Users\Vicky\Downloads\EmsisoftEmergencyKit.zip
2013-05-16 15:21 - 2013-05-16 15:03 - 117478104 ____A C:\Users\Vicky\Downloads\avast_free_antivirus_setup.exe
2013-05-16 14:59 - 2013-05-16 14:59 - 02240352 ____A (Kaspersky Lab ZAO) C:\Users\Vicky\Downloads\tdsskiller.exe
2013-05-16 14:50 - 2013-05-16 14:30 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-16 14:49 - 2011-08-20 09:03 - 00000000 ____D C:\Program Files (x86)\Steam
2013-05-16 14:31 - 2013-05-16 14:31 - 00000000 ____D C:\Users\Vicky\AppData\Roaming\Malwarebytes
2013-05-16 14:30 - 2013-05-16 14:30 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-05-16 14:29 - 2013-05-16 14:29 - 10285040 ____A (Malwarebytes Corporation                                    ) C:\Users\Vicky\Downloads\mbam-setup-1.75.0.1300.exe
2013-05-16 14:16 - 2013-05-16 14:16 - 00021792 ____A C:\ComboFix.txt
2013-05-16 14:16 - 2013-05-16 14:09 - 00000000 ____D C:\ComboFix
2013-05-16 14:16 - 2013-05-14 12:03 - 00000000 ____D C:\Qoobox
2013-05-16 14:14 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2013-05-16 14:06 - 2009-07-13 19:20 - 00000000 __RHD C:\users\Default
2013-05-16 14:05 - 2013-05-14 12:02 - 00000000 ____D C:\Windows\erdnt
2013-05-14 12:09 - 2009-07-13 18:34 - 70778880 ____A C:\Windows\System32\config\SOFTWARE.bak
2013-05-14 12:09 - 2009-07-13 18:34 - 21233664 ____A C:\Windows\System32\config\SYSTEM.bak
2013-05-14 12:09 - 2009-07-13 18:34 - 00262144 ____A C:\Windows\System32\config\SECURITY.bak
2013-05-14 12:09 - 2009-07-13 18:34 - 00262144 ____A C:\Windows\System32\config\SAM.bak
2013-05-14 12:09 - 2009-07-13 18:34 - 00262144 ____A C:\Windows\System32\config\DEFAULT.bak
2013-05-14 12:01 - 2011-11-08 16:16 - 00000000 ____D C:\Users\Vicky\AppData\Roaming\Media Get LLC
2013-05-14 12:01 - 2011-11-08 16:16 - 00000000 ____D C:\ProgramData\Media Get LLC
2013-05-14 10:41 - 2013-05-14 10:34 - 00000987 ____A C:\Users\Public\Desktop\COMODO System-Cleaner.lnk
2013-05-14 10:35 - 2013-05-14 10:35 - 00000450 ____A C:\Windows\Tasks\COMODO Updater.job
2013-05-14 10:34 - 2013-05-14 10:34 - 00000000 ____D C:\Program Files\COMODO
2013-05-14 10:34 - 2011-03-23 15:34 - 00000000 ____D C:\Users\Vicky\AppData\Local\CrashDumps
2013-05-14 10:33 - 2013-05-11 11:46 - 00000000 ____D C:\Program Files\CCleaner
2013-05-14 10:33 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Resources
2013-05-14 09:18 - 2013-05-14 09:18 - 00000050 ____A C:\Users\Vicky\.directory
2013-05-14 09:18 - 2011-01-30 07:01 - 00000000 ____D C:\users\Vicky
2013-05-14 09:17 - 2013-05-14 09:17 - 00180000 ____A (Kaspersky Lab) C:\Users\Vicky\Desktop\kss12.0.1.117EN_RU_DE_FR_2926.exe
2013-05-11 11:52 - 2013-05-11 11:52 - 00000000 ____D C:\Users\Vicky\AppData\Roaming\IObit
2013-05-11 11:52 - 2013-05-11 11:52 - 00000000 ____D C:\ProgramData\IObit
2013-05-11 11:52 - 2013-05-11 11:52 - 00000000 ____D C:\Program Files (x86)\IObit
2013-05-11 11:49 - 2012-09-10 14:04 - 00000000 ____D C:\Users\Vicky\Documents\Chem Fa12
2013-05-11 11:48 - 2011-02-04 19:55 - 00000000 ____D C:\Users\Vicky\AppData\Roaming\Skype
2013-05-11 11:48 - 2011-01-30 09:52 - 00000000 ____D C:\Windows\Panther
2013-05-11 11:07 - 2013-05-11 11:07 - 00006832 ____N C:\bootsqm.dat
2013-05-10 12:21 - 2011-02-01 20:18 - 00000000 ____D C:\2e9c19f718a718fd376f0933621728
2013-05-09 00:59 - 2013-05-16 15:36 - 01025808 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2013-05-09 00:59 - 2013-05-16 15:36 - 00378432 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2013-05-09 00:59 - 2013-05-16 15:36 - 00189936 ____A C:\Windows\System32\Drivers\aswVmm.sys
2013-05-09 00:59 - 2013-05-16 15:36 - 00080816 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2013-05-09 00:59 - 2013-05-16 15:36 - 00072016 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2013-05-09 00:59 - 2013-05-16 15:36 - 00065336 ____A C:\Windows\System32\Drivers\aswRvrt.sys
2013-05-09 00:59 - 2013-05-16 15:36 - 00064288 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2013-05-09 00:59 - 2013-05-16 15:36 - 00033400 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2013-05-09 00:58 - 2013-05-16 15:36 - 00287840 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2013-05-09 00:58 - 2013-05-16 15:35 - 00041664 ____A (AVAST Software) C:\Windows\avastSS.scr
2013-05-02 15:29 - 2013-05-02 14:48 - 00000000 ____D C:\ProgramData\ETTB
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== EXE ASSOCIATION =====================
 
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
 
==================== Restore Points  =========================
 
Restore point made on: 2013-05-26 09:10:30
Restore point made on: 2013-05-28 15:31:47
 
==================== Memory info ===========================  
 
Percentage of memory in use: 20%
Total physical RAM: 4056.36 MB
Available physical RAM: 3210.61 MB
Total Pagefile: 4054.51 MB
Available Pagefile: 3201.57 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:451.07 GB) (Free:361.88 GB) NTFS (Disk=0 Partition=3)
Drive g: (SOFWARE) (Removable) (Total:1.92 GB) (Free:1.92 GB) FAT32 (Disk=2 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:9.49 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 75349890)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (Size: 2 GB) (Disk ID: 6F20736B)
Partition 1: (Not Active) - (Size=544 GB) - (Type=72)
Partition 2: (Not Active) - (Size=923 GB) - (Type=65)
Partition 3: (Not Active) - (Size=923 GB) - (Type=79)
Partition 4: (Not Active) - (Size=27 MB) - (Type=0D)
 
 
Last Boot: 2013-04-23 18:30
 
==================== End Of Log ============================



#5 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:12:30 PM

Posted 30 May 2013 - 11:41 PM

Simon,

 

It appears Combofix was run. If it exists, the Combofix log will be located at C:\Combofix.txt  Please post that log in your next reply.


Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#6 simon.mall

simon.mall
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:30 PM

Posted 31 May 2013 - 02:20 PM

Here is the ComboFix log...

 

I do not know how accurate it is, since I did not run it,  (I kind of draw the line at running ComboFix on my own), and do not know what was done after it was run....

 

 

 

 

 

ComboFix 13-05-16.02 - Vicky 05/16/2013  18:10:33.3.2 - x64 NETWORK
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.4056.3021 [GMT -4:00]
Running from: c:\users\Vicky\Downloads\ComboFix.exe
AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Security Suite *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2013-04-16 to 2013-05-16  )))))))))))))))))))))))))))))))
.
.
2013-05-16 22:14 . 2013-05-16 22:14    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-05-14 18:34 . 2013-05-14 18:34    --------    d-----w-    c:\program files\COMODO
2013-05-11 19:52 . 2012-05-08 22:34    32600    ----a-w-    c:\windows\system32\SmartDefragBootTime.exe
2013-05-11 19:52 . 2013-05-11 19:52    --------    d-----w-    c:\programdata\IObit
2013-05-11 19:52 . 2013-05-11 19:52    --------    d-----w-    c:\users\Vicky\AppData\Roaming\IObit
2013-05-11 19:52 . 2010-11-26 22:02    17720    ----a-w-    c:\windows\system32\drivers\SmartDefragDriver.sys
2013-05-11 19:52 . 2013-05-11 19:52    --------    d-----w-    c:\program files (x86)\IObit
2013-05-11 19:46 . 2013-05-14 18:33    --------    d-----w-    c:\program files\CCleaner
2013-05-02 22:48 . 2013-05-02 23:29    --------    d-----w-    c:\programdata\ETTB
2013-04-24 02:10 . 2013-04-12 14:36    1653096    ----a-w-    c:\windows\system32\drivers\ntfs.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-19 06:19 . 2013-04-10 21:09    5497688    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-03-19 05:54 . 2013-04-10 21:09    43520    ----a-w-    c:\windows\system32\csrsrv.dll
2013-03-19 05:06 . 2013-04-10 21:09    3958120    ----a-w-    c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:06 . 2013-04-10 21:09    3902312    ----a-w-    c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:53 . 2013-04-10 21:09    6656    ----a-w-    c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:19 . 2013-04-10 21:09    112640    ----a-w-    c:\windows\system32\smss.exe
2013-03-12 20:49 . 2013-03-05 19:08    693976    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-12 20:49 . 2012-03-04 22:22    73432    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-01 03:32 . 2013-04-10 21:09    3150848    ----a-w-    c:\windows\system32\win32k.sys
2013-02-22 06:57 . 2013-04-12 04:00    17817088    ----a-w-    c:\windows\system32\mshtml.dll
2013-02-22 06:29 . 2013-04-12 04:00    10925568    ----a-w-    c:\windows\system32\ieframe.dll
2013-02-22 06:27 . 2013-04-12 04:00    2312704    ----a-w-    c:\windows\system32\jscript9.dll
2013-02-22 06:21 . 2013-04-12 04:00    1346560    ----a-w-    c:\windows\system32\urlmon.dll
2013-02-22 06:20 . 2013-04-12 04:00    1392128    ----a-w-    c:\windows\system32\wininet.dll
2013-02-22 06:19 . 2013-04-12 04:00    1494528    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-02-22 06:18 . 2013-04-12 04:00    237056    ----a-w-    c:\windows\system32\url.dll
2013-02-22 06:17 . 2013-04-12 04:00    85504    ----a-w-    c:\windows\system32\jsproxy.dll
2013-02-22 06:15 . 2013-04-12 04:00    173056    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-02-22 06:15 . 2013-04-12 04:00    599040    ----a-w-    c:\windows\system32\vbscript.dll
2013-02-22 06:15 . 2013-04-12 04:00    816640    ----a-w-    c:\windows\system32\jscript.dll
2013-02-22 06:14 . 2013-04-12 04:00    729088    ----a-w-    c:\windows\system32\msfeeds.dll
2013-02-22 06:13 . 2013-04-12 04:00    2147840    ----a-w-    c:\windows\system32\iertutil.dll
2013-02-22 06:13 . 2013-04-12 04:00    96768    ----a-w-    c:\windows\system32\mshtmled.dll
2013-02-22 06:12 . 2013-04-12 04:00    2382848    ----a-w-    c:\windows\system32\mshtml.tlb
2013-02-22 06:09 . 2013-04-12 04:00    248320    ----a-w-    c:\windows\system32\ieui.dll
2013-02-22 03:46 . 2013-04-12 04:00    1800704    ----a-w-    c:\windows\SysWow64\jscript9.dll
2013-02-22 03:38 . 2013-04-12 04:00    1129472    ----a-w-    c:\windows\SysWow64\wininet.dll
2013-02-22 03:37 . 2013-04-12 04:00    1427968    ----a-w-    c:\windows\SysWow64\inetcpl.cpl
2013-02-22 03:34 . 2013-04-12 04:00    142848    ----a-w-    c:\windows\SysWow64\ieUnatt.exe
2013-02-22 03:34 . 2013-04-12 04:00    420864    ----a-w-    c:\windows\SysWow64\vbscript.dll
2013-02-22 03:31 . 2013-04-12 04:00    2382848    ----a-w-    c:\windows\SysWow64\mshtml.tlb
2013-02-18 01:03 . 2013-02-18 01:03    4126720    ----a-w-    c:\program files (x86)\GUT80C3.tmp
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{48afc532-7765-4b70-9aed-f1dcd5043485}]
2013-01-14 12:37    1031752    ----a-w-    c:\users\Vicky\AppData\Roaming\DownTangoFTbToolbar\DownTangoFTbToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{6E13D095-45C3-4271-9475-F3B48227DD9F}]
c:\program files (x86)\StartNow Toolbar\Toolbar32.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2011-08-24 23:21    1299248    ----a-r-    c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2012-08-10 22:54    194928    ----a-w-    c:\program files (x86)\Yontoo\YontooIEClient.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2011-08-24 1299248]
"{5911488E-9D1E-40ec-8CBB-06B231CC153F}"= "c:\program files (x86)\StartNow Toolbar\Toolbar32.dll" [BU]
"{48afc532-7765-4b70-9aed-f1dcd5043485}"= "c:\users\Vicky\AppData\Roaming\DownTangoFTbToolbar\DownTangoFTbToolbar.dll" [2013-01-14 1031752]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{5911488e-9d1e-40ec-8cbb-06b231cc153f}]
.
[HKEY_CLASSES_ROOT\clsid\{48afc532-7765-4b70-9aed-f1dcd5043485}]
[HKEY_CLASSES_ROOT\wtb.Band.1]
[HKEY_CLASSES_ROOT\TypeLib\{5f22c739-8537-4d16-81f1-b40d4f634da7}]
[HKEY_CLASSES_ROOT\wtb.Band]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~3\BROWSE~1\261123~1.78\{D1538~1\brwmngr.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20130412.001\BHDrvx64.sys [2013-04-12 1390680]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360x64\0404000.00C\ccHPx64.sys [2011-08-04 593544]
R1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20130426.001\IDSvia64.sys [2012-09-01 513184]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0404000.00C\Ironx64.SYS [2010-04-29 150064]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360x64\0404000.00C\SYMTDIV.SYS [2011-08-22 451704]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe [2011-08-04 126400]
R2 NACAgent;Cisco NAC Agent;c:\program files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe [2011-03-09 1104608]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2011-08-03 468432]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys [2011-08-03 94864]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-09 138912]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-01 1255736]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 17720]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0404000.00C\SYMDS64.SYS [2009-10-15 433200]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0404000.00C\SYMEFA64.SYS [2011-08-22 221304]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-12 03:57    1642448    ----a-w-    c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-05 20:49]
.
2013-05-14 c:\windows\Tasks\COMODO Updater.job
- c:\program files\COMODO\COMODO System-Cleaner\Updater.exe [2010-12-09 12:08]
.
2013-05-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-313215869-768390203-734742281-1001Core.job
- c:\users\Vicky\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-13 03:08]
.
2013-05-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-313215869-768390203-734742281-1001UA.job
- c:\users\Vicky\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-13 03:08]
.
2013-05-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-05 03:56]
.
2013-05-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-05 03:56]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
c:\users\Vicky\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
c:\users\Vicky\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
c:\users\Vicky\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
c:\users\Vicky\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.startnow.com/s/?src=startpage&provider=&provider_name=startnow&provider_code=&partner_id=999&product_id=10&affiliate_id=&channel=&toolbar_id=&toolbar_version=&install_country=&install_date=20130313&user_guid=E3D360E901A247BFBC93202A44067834&machine_id=fb6c7b33d71bf9ba1785f0e82ba14cac&browser=IE&os=win&os_version=6.1-x64-SP0&iesrc={referrer:source}
uDefault_Search_URL = hxxp://search.certified-toolbar.com?si=41460&tid=3192&st=bs&q=
mDefault_Search_URL = hxxp://search.certified-toolbar.com?si=41460&tid=3192&st=bs&q=
mStart Page = hxxp://search.certified-toolbar.com?si=41460&st=home&tid=3192
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://search.certified-toolbar.com?si=41460&tid=3192&st=bs&q=
mSearch Bar = hxxp://search.certified-toolbar.com?si=41460&tid=3192&st=bs&q=
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {{15c46b05-72d4-4ffc-8890-aed4f8da8634} - {48afc532-7765-4b70-9aed-f1dcd5043485} - c:\users\Vicky\AppData\Roaming\DownTangoFTbToolbar\DownTangoFTbToolbar.dll
IE: {{A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - c:\program files (x86)\SpecialSavings\SpecialSavingsSinged.dll
TCP: DhcpNameServer = 192.168.15.1 192.168.1.1
FF - ProfilePath - c:\users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\2hsafsld.default\
FF - prefs.js: browser.search.defaulturl -  
FF - prefs.js: browser.search.selectedEngine - StartNow  
FF - prefs.js: browser.startup.homepage - hxxp://search.startnow.com/s/?src=startpage&provider=&provider_name=startnow&provider_code=&partner_id=999&product_id=10&affiliate_id=&channel=&toolbar_id=&toolbar_version=&install_country=&install_date=20130313&user_guid=E3D360E901A247BFBC93202A44067834&machine_id=fb6c7b33d71bf9ba1785f0e82ba14cac&browser=FF&os=win&os_version=6.1-x64-SP0
FF - prefs.js: keyword.URL - hxxp://search.startnow.com/s/?src=addrbar&provider=&provider_name=startnow&provider_code=&partner_id=999&product_id=10&affiliate_id=&channel=&toolbar_id=&toolbar_version=&install_country=&install_date=&user_guid=E3D360E901A247BFBC93202A44067834&machine_id=fb6c7b33d71bf9ba1785f0e82ba14cac&browser=FF&os=win&os_version=6.1-x64-SP0&q=
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
FF - Ext: SpecialSavings: specialsavings@superfish.com - %profile%\extensions\specialsavings@superfish.com
FF - Ext: SweetIM Toolbar for Firefox: {EEE6C361-6118-11DC-9C72-001320C79847} - %profile%\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn
FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn_2010_9_0_6
FF - user.js: extentions.y2layers.installId - 00b6d7a3-ac70-458a-af82-2aa58d1c7fca
FF - user.js: extentions.y2layers.defaultEnableAppsList - bestvideodownloader,buzzdock,YontooNewOffers
FF - user.js: extensions.autoDisableScopes - 14
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Savings Sidekick - c:\program files (x86)\Savings Sidekick\Uninstall.exe
AddRemove-StartNow Toolbar - c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\4.4.0.12\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-05-16  18:16:45
ComboFix-quarantined-files.txt  2013-05-16 22:16
ComboFix2.txt  2013-05-16 22:06
.
Pre-Run: 394,237,022,208 bytes free
Post-Run: 394,163,871,744 bytes free
.
- - End Of File - - BE0280EF92B65FED7F41BC1E74A48D0E



#7 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:12:30 PM

Posted 31 May 2013 - 02:42 PM

Rerun FRST
 
Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

CMD: sfc /scannow

 
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.
 
Boot back into System Recovery Options, as we've done previously.
Run FRST64and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.


Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#8 simon.mall

simon.mall
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:30 PM

Posted 31 May 2013 - 04:05 PM

jason...

 

here is the fixlist log...i see you are from new england...a Sox fan?

 

 

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-05-2013 01
Ran by SYSTEM at 2013-05-31 17:03:21 Run:1
Running from G:\
Boot Mode: Recovery
==============================================
 
 
=========  sfc /scannow =========
 
 
Beginning system scan.  This process will take some time.  
 
 
There is a system repair pending which requires reboot to complete.  Restart   
Windows and run sfc again.  
 
========= End of CMD: =========
 
 
==== End of Fixlog ====



#9 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:12:30 PM

Posted 31 May 2013 - 05:12 PM

jason...

 

here is the fixlist log...i see you are from new england...a Sox fan?

 

Sort of. I don't really follow sports.

 

Try restarting the computer, and see if you're still having the same trouble as you were before.


Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#10 simon.mall

simon.mall
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:30 PM

Posted 31 May 2013 - 05:57 PM

Still a problem...every program i try to execute returns the error:

 

The subsystem needed to support the image type is not present.

 

and I still have no wireless internet.  There is a red X over the icon, and clicking on the icon says there are no connections available...

 

Odd because i am looking at my wireless router as i type this, and I checked it by swapping hdd and it worked fine.

 

 

 

I'm from the delaware valley, and the sox and phillies just played four...hence the questions.

 

Thanks,

simon



#11 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:12:30 PM

Posted 31 May 2013 - 06:05 PM

Let's try this...

 

Rerun FRST
 
Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt


Last Boot: 2013-04-23 18:30

 
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.
 
Boot back into System Recovery Options, as we've done previously.
Run FRST64and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.


Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#12 simon.mall

simon.mall
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:30 PM

Posted 31 May 2013 - 06:55 PM

Here you go...

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-05-2013 01
Ran by SYSTEM at 2013-05-31 17:03:21 Run:1
Running from G:\
Boot Mode: Recovery
==============================================
 
 
=========  sfc /scannow =========
 
 
Beginning system scan.  This process will take some time.  
 
 
There is a system repair pending which requires reboot to complete.  Restart   
Windows and run sfc again.  
 
========= End of CMD: =========
 
 
==== End of Fixlog ====



#13 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:12:30 PM

Posted 31 May 2013 - 07:27 PM

That appears to be the log from the previous scan (Sfc /scannow), not the result from the Last Boot command.  Please try my previous instructions again. :)


Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#14 simon.mall

simon.mall
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:30 PM

Posted 31 May 2013 - 07:44 PM

does this look better?

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-05-2013 01
Ran by SYSTEM at 2013-05-31 19:53:21 Run:2
Running from G:\
Boot Mode: Recovery
==============================================
 
DEFAULT hive was successfully copied to System32\config\HiveBackup
DEFAULT hive was successfully restored from registry back up.
SAM hive was successfully copied to System32\config\HiveBackup
SAM hive was successfully restored from registry back up.
SECURITY hive was successfully copied to System32\config\HiveBackup
SECURITY hive was successfully restored from registry back up.
SOFTWARE hive was successfully copied to System32\config\HiveBackup
SOFTWARE hive was successfully restored from registry back up.
SYSTEM hive was successfully copied to System32\config\HiveBackup
SYSTEM hive was successfully restored from registry back up.
 
==== End of Fixlog ====



#15 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:12:30 PM

Posted 31 May 2013 - 07:46 PM

Yes. :)

 

Are you able to boot successfully in Normal mode? How does the computer act now?


Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users