Jump to content

StarGazer368

Members
 View Profile  See their activity

  • Posts

    3

  • Joined

  • Last visited

Reputation

0 Neutral
  1. StarGazer368
    Didn't have a chance to reboot after seeing "Illegal operation attempted on a registery key that has been marked for deletion" while attempting to open Outlook, Firefox and the like. I ended up restoring from the restore point made by ComboFix. I will run it again if needed but I realize now I need to do so after work hours so I have more time. The log was saved: ComboFix 12-11-14.01 - jfunk 11/15/2012 8:39.1.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8089.6050 [GMT -5:00] Running from: c:\users\jfunk\Downloads\ComboFix.exe AV: Lavasoft Ad-Aware *Enabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800} AV: Symantec Endpoint Protection *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B} FW: Symantec Endpoint Protection *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Lavasoft Ad-Aware *Enabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD} SP: Symantec Endpoint Protection *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk c:\users\jfunk\AppData\Local\assembly\tmp c:\users\jfunk\AppData\Roaming\adaware-installer-reboot-required.tmp c:\windows\SysWow64\instsrv.exe . . ((((((((((((((((((((((((( Files Created from 2012-10-15 to 2012-11-15 ))))))))))))))))))))))))))))))) . . 2012-11-15 13:43 . 2012-11-15 13:43 -------- d-----w- c:\users\Win7Client\AppData\Local\temp 2012-11-15 13:43 . 2012-11-15 13:43 -------- d-----w- c:\users\swalter\AppData\Local\temp 2012-11-14 21:21 . 2012-11-14 21:21 -------- d-----w- c:\users\jfunk\AppData\Roaming\Aim 2012-11-14 21:20 . 2012-11-14 21:20 -------- d-----w- c:\programdata\Viewpoint 2012-11-14 21:20 . 2012-11-14 21:20 -------- d-----w- c:\program files (x86)\Viewpoint 2012-11-14 21:20 . 2012-11-14 21:20 -------- d-----w- c:\program files (x86)\AOD 2012-11-14 20:50 . 2012-11-14 20:50 -------- d-----w- c:\program files (x86)\Common Files\Software Update Utility 2012-11-14 20:43 . 2012-11-14 21:24 -------- d-----w- c:\program files (x86)\Common Files\AOL 2012-11-14 15:50 . 2012-11-14 15:50 -------- d-----w- c:\users\jfunk\AppData\Roaming\Malwarebytes 2012-11-14 15:00 . 2012-11-14 15:00 -------- d-----w- c:\programdata\Malwarebytes 2012-11-14 15:00 . 2012-11-14 15:01 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-11-14 15:00 . 2012-09-30 00:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-14 14:05 . 2012-11-14 14:05 -------- d-----w- c:\users\jfunk\AppData\Roaming\LavasoftStatistics 2012-11-14 13:53 . 2012-11-14 13:53 -------- d-----w- c:\users\jfunk\AppData\Local\Downloaded Installations 2012-11-13 13:45 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{86AB7AB5-2730-4AD6-B47C-97235C5E0F23}\mpengine.dll 2012-10-22 17:42 . 2012-09-28 04:18 65309168 ----a-w- c:\windows\system32\MRT.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-08 13:03 . 2012-03-30 12:36 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-11-08 13:03 . 2012-02-29 14:58 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-09 14:24 . 2012-10-09 14:24 10220472 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2012-09-14 19:19 . 2012-10-10 12:28 2048 ----a-w- c:\windows\system32\tzres.dll 2012-09-14 18:28 . 2012-10-10 12:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-08-30 18:03 . 2012-10-10 12:28 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-30 17:12 . 2012-10-10 12:28 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-08-30 17:12 . 2012-10-10 12:28 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-08-24 18:05 . 2012-10-10 12:28 220160 ----a-w- c:\windows\system32\wintrust.dll 2012-08-24 16:57 . 2012-10-10 12:28 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-08-24 11:15 . 2012-09-24 22:04 17810944 ----a-w- c:\windows\system32\mshtml.dll 2012-08-24 10:39 . 2012-09-24 22:04 10925568 ----a-w- c:\windows\system32\ieframe.dll 2012-08-24 10:31 . 2012-09-24 22:05 2312704 ----a-w- c:\windows\system32\jscript9.dll 2012-08-24 10:22 . 2012-09-24 22:05 1346048 ----a-w- c:\windows\system32\urlmon.dll 2012-08-24 10:21 . 2012-09-24 22:05 1392128 ----a-w- c:\windows\system32\wininet.dll 2012-08-24 10:20 . 2012-09-24 22:05 1494528 ----a-w- c:\windows\system32\inetcpl.cpl 2012-08-24 10:18 . 2012-09-24 22:05 237056 ----a-w- c:\windows\system32\url.dll 2012-08-24 10:17 . 2012-09-24 22:05 85504 ----a-w- c:\windows\system32\jsproxy.dll 2012-08-24 10:14 . 2012-09-24 22:05 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-08-24 10:14 . 2012-09-24 22:05 816640 ----a-w- c:\windows\system32\jscript.dll 2012-08-24 10:13 . 2012-09-24 22:05 599040 ----a-w- c:\windows\system32\vbscript.dll 2012-08-24 10:12 . 2012-09-24 22:05 2144768 ----a-w- c:\windows\system32\iertutil.dll 2012-08-24 10:11 . 2012-09-24 22:05 729088 ----a-w- c:\windows\system32\msfeeds.dll 2012-08-24 10:10 . 2012-09-24 22:05 96768 ----a-w- c:\windows\system32\mshtmled.dll 2012-08-24 10:09 . 2012-09-24 22:05 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-08-24 10:04 . 2012-09-24 22:05 248320 ----a-w- c:\windows\system32\ieui.dll 2012-08-24 06:59 . 2012-09-24 22:05 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-08-24 06:51 . 2012-09-24 22:05 1129472 ----a-w- c:\windows\SysWow64\wininet.dll 2012-08-24 06:51 . 2012-09-24 22:05 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-08-24 06:47 . 2012-09-24 22:05 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-08-24 06:47 . 2012-09-24 22:05 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2012-08-24 06:43 . 2012-09-24 22:05 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-08-22 18:12 . 2012-09-12 12:15 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-08-22 18:12 . 2012-09-12 12:15 376688 ----a-w- c:\windows\system32\drivers\netio.sys 2012-08-22 18:12 . 2012-09-12 12:15 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 94208 ----a-w- c:\users\jfunk\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 94208 ----a-w- c:\users\jfunk\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 94208 ----a-w- c:\users\jfunk\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PhotoSync"="c:\program files (x86)\PhotoSync\PhotoSync.exe" [2012-03-14 1732208] "Spotify Web Helper"="c:\users\jfunk\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-09-04 1193176] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-03-12 462993] "RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336] "PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-18 50472] "RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112] "Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] . c:\users\Administrator.ESCHOOLMALL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Smart Settings.lnk - c:\program files\Dell\Feature Enhancement Pack\SmartSettings.exe [2011-8-24 494488] . c:\users\swalter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Smart Settings.lnk - c:\program files\Dell\Feature Enhancement Pack\SmartSettings.exe [2011-8-24 494488] . c:\users\Win7Client\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Smart Settings.lnk - c:\program files\Dell\Feature Enhancement Pack\SmartSettings.exe [2011-8-24 494488] . c:\users\jfunk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\jfunk\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840] OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] Smart Settings.lnk - c:\program files\Dell\Feature Enhancement Pack\SmartSettings.exe [2011-8-24 494488] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files (x86)\Digital Line Detect\DLG.exe [2012-2-29 50688] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Smart Settings.lnk - c:\program files\Dell\Feature Enhancement Pack\SmartSettings.exe [2011-8-24 494488] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "DisableCAD"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x] R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-06-07 191752] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168] R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-27 158976] R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys [2010-11-21 168448] R3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\O2MDFw7x64.sys [2011-01-03 72808] R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656] R3 SyDvCtrl;SyDvCtrl;c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\SyDvCtrl64.sys [2011-06-17 29664] R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys [2010-11-21 22528] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-13 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856] S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2011-07-16 22128] S0 SymDS;Symantec Data Store;c:\windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SYMDS64.SYS [2011-05-03 451192] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SYMEFA64.SYS [2011-05-18 928888] S1 BHDrvx64;BHDrvx64;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\BASHDefs\20121031.011\BHDrvx64.sys [2012-10-24 1384608] S1 IDSVia64;IDSVia64;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\IPSDefs\20121113.005\IDSvia64.sys [2012-09-01 513184] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\Drivers\SEP\0C01029F\136B.105\x64\Ironx64.SYS [2011-05-11 170104] S1 SYMNETS;Symantec Network Security WFP Driver;c:\windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SYMNETS.SYS [2011-04-21 386168] S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600] S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\ATService.exe [2010-05-10 2683712] S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-05-12 249648] S2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [2010-06-29 158720] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] S2 DFEPService;Dell Feature Enhancement Pack Service;c:\program files\Dell\Feature Enhancement Pack\DFEPService.exe [2011-08-24 2279320] S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944] S2 O2SDIOAssist;O2SDIOAssist;c:\windows\SysWOW64\srvany.exe [2003-04-19 8192] S2 SepMasterService;Symantec Endpoint Protection;c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe [2011-06-14 137224] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-03 2656280] S2 Wave Authentication Manager Service;Wave Authentication Manager Service;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [2011-07-01 1600000] S2 ZcfgSvc7;Intel® PROSet/Wireless ZeroConfig Service;c:\program files\Intel\WiFi\bin\ZCfgSvc7.exe [2010-12-23 992256] S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\accelern.sys [2011-07-22 27760] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-09-16 172960] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-09 138912] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440] S3 O2MDRRDR;O2MDRRDR;c:\windows\system32\DRIVERS\O2MDRw7x64.sys [2011-01-03 74984] S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\DRIVERS\o2sdjw7x64.sys [2011-03-23 83560] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2012-11-15 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 13:03] . 2012-11-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-584401621-148716861-618671499-3892Core.job - c:\users\jfunk\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-12 17:24] . 2012-11-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-584401621-148716861-618671499-3892UA.job - c:\users\jfunk\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-12 17:24] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 97792 ----a-w- c:\users\jfunk\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 97792 ----a-w- c:\users\jfunk\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 97792 ----a-w- c:\users\jfunk\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 97792 ----a-w- c:\users\jfunk\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay] @="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}" [HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}] 2011-05-27 23:46 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay] @="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}" [HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}] 2011-05-27 23:46 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-07-20 611192] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-25 525312] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-28 167704] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-28 392472] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-28 416024] "IntelPROSet"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-23 1934608] "FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2011-07-25 686704] "DFEPApplication"="c:\program files\Dell\Feature Enhancement Pack\DFEPApplication.exe" [2011-08-24 7077272] "TdmNotify"="c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe" [2011-05-27 257392] "DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2011-03-08 227328] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.79 FF - ProfilePath - c:\users\jfunk\AppData\Roaming\Mozilla\Firefox\Profiles\c7xpft97.default\ FF - prefs.js: browser.startup.homepage - about:home FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q= FF - prefs.js: network.proxy.type - 0 FF - ExtSQL: 2012-10-22 14:58; savedpasswordeditor@daniel.dawson; c:\users\jfunk\AppData\Roaming\Mozilla\Firefox\Profiles\c7xpft97.default\extensions\savedpasswordeditor@daniel.dawson.xpi FF - ExtSQL: 2012-11-14 11:42; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; c:\users\jfunk\AppData\Roaming\Mozilla\Firefox\Profiles\c7xpft97.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKCU-Run-AIM for Windows - c:\users\jfunk\AppData\Local\AOL\AIM\aim.exe Wow6432Node-HKLM-Run-<NO NAME> - (no file) Notify-SEP - c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\WinLogoutNotifier.dll Toolbar-Locked - (no file) . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SepMasterService] "ImagePath"="\"c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe\" /s \"Symantec Endpoint Protection\" /m \"c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\sms.dll\" /prefetch:1" -- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SmcService] "ImagePath"="\"c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\Smc.exe\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\CurrentVersion] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe c:\windows\system32\DRIVERS\o2flash.exe c:\windows\sysWOW64\SDIOAssist.exe c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe . ************************************************************************** . Completion time: 2012-11-15 08:52:55 - machine was rebooted ComboFix-quarantined-files.txt 2012-11-15 13:52 . Pre-Run: 245,280,288,768 bytes free Post-Run: 245,085,044,736 bytes free . - - End Of File - - B8851790BAAD069EBF0AF29DF7F0FDAC ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- The original issue of Firefox redirecting to a chosurvey URL is intermittent so it could be a while before I could say it's fixed. I just accessed two of the sites that I know have redirected me in the past and they both opened without any issue. Thanks again for your help!
  2. StarGazer368
    Thank you Gringo! I ran all three programs. Results are below: Security Check Results of screen317's Security Check version 0.99.54 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Lavasoft Ad-Aware Symantec Endpoint Protection Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Ad-Aware Malwarebytes Anti-Malware version 1.65.1.1000 JavaFX 2.0.3 Java 6 Update 31 Java 7 Update 3 Java version out of Date! Adobe Flash Player 11.5.502.110 Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox (16.0.2) Google Chrome 21.0.1180.83 Google Chrome 21.0.1180.89 Google Chrome 22.0.1229.79 Google Chrome 22.0.1229.92 Google Chrome 22.0.1229.94 Google Chrome 23.0.1271.64 Google Chrome plugins... ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe Ad-Aware AAWService.exe is disabled! Ad-Aware AAWTray.exe is disabled! Ad-Aware Antivirus AdAwareService.exe Ad-Aware Antivirus SBAMSvc.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 13% Defragment your hard drive soon! (Do NOT defrag if SSD!) ````````````````````End of Log`````````````````````` AdwCleaner # AdwCleaner v2.007 - Logfile created 11/14/2012 at 13:00:02 # Updated 06/11/2012 by Xplode # Operating system : Windows 7 Professional Service Pack 1 (64 bits) # User : jfunk - WIN7-GPXG4S1 # Boot Mode : Normal # Running from : C:\Users\jfunk\Downloads\adwcleaner(1).exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} Key Deleted : HKLM\SOFTWARE\Classes\AppID\BHO.DLL ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. -\\ Mozilla Firefox v16.0.2 (en-US) Profile name : default File : C:\Users\jfunk\AppData\Roaming\Mozilla\Firefox\Profiles\c7xpft97.default\prefs.js Deleted : user_pref("browser.search.selectedEngine", "blekko"); -\\ Google Chrome v23.0.1271.64 File : C:\Users\jfunk\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[s1].txt - [1050 octets] - [14/11/2012 13:00:02] ########## EOF - C:\AdwCleaner[s1].txt - [1110 octets] ########## RogueKiller RogueKiller V8.2.3 [11/07/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website: http://tigzy.geekstogo.com/roguekiller.php Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : jfunk [Admin rights] Mode : Scan -- Date : 11/14/2012 13:44:03 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 3 ¤¤¤ [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD3200BPVT-75JJ5T0 +++++ --- User --- [MBR] cb03c73b97eb3289b68309f9c2d87108 [bSP] 99ca10d4aa42f096c32348b64c5f6aa8 : Windows Vista MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 11568 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 23773184 | Size: 293636 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_11142012_02d1344.txt >> RKreport[1]_S_11142012_02d1344.txt
  3. StarGazer368
    Hi, Occasionally when I browse to certain sites in Firefox on my work laptop, I am redirected to a page asking me to take a survey. The URL for the survey page is chosurvey.net. I haven't noticed this behavior in Chrome. I am currently running Firefox 16.0.2. This issue started occurring a few weeks ago. I ran a full scan in Ad-Aware and Malwarebytes and no issues were found. DDS and Attach logs are attached. Thanks for your help! dds.txt attach.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.