Jump to content

Colin_Glover

Honorary Members
  • Posts

    37
  • Joined

  • Last visited

Everything posted by Colin_Glover

  1. Will do. If it fails I'll have to do a rollback. Hope it will recover the wifes doccuments. I've not told her they've vanished. Thanks for all your help.
  2. The only thing I can think of is try the 32 bit version as Dos isn't 64 bit.
  3. Logged onto the G:\, then ran the DIR command. Typing FRST64.exe as it appears on screen, just returns me to the G:\. I don't know what to do next.
  4. I assume g:\dir will show the contents of g:\? Frst64 is visible when I use the all files parameter in notepad. I can log onto g:\ but it won't run. My first PC was a dos system and I know the basic dos commands. I'll try again l8r as I'm on my way home from work.
  5. Sorry for taking so long. My wifes been in hospital. I've logged on to the g:\ in dos, but typing g:\frst64 is doesn't run the scan though it's a 64 bit system.
  6. By the way, the link for Recovery Scan Tool was non existent. it said and coildn't be clicked. Typing this from my own P.C.
  7. Things are serious. I updated flash on my wifes PC yesterday and it put Mcaffeee security on as part of the install. Itried fixit to remove itbut it failed. It won't boot in normal mode,'The User Profile Service service failed the logon. User profile cannot be loaded.' is the error msg. I can log onto safe mode but it's as if someone has remote acces to my wife's laptop. It's like the system's been rolled back to a fresh install. All the logs from the anti malware programmes have vanished from the desktop, as have adw cleaner, combofix and the other programmes you asked me to run. Windows explorer is non existent, and Firefox is a brand new installation. The latest restore point is 3/09/13, even though the fix it programme last night created a new restore point. Thr only anti spyware on the desktop is malwarebytes. What is going on? This is genuine.
  8. Didn't work. Still not uninstalling. Flash plugin now unstable and although it appears to update,it doesn't. What next please?
  9. Don't know if my last post made it to this board as it's not showing. No spyware will run in normal mode, and can't uninstall most programmes usind add remove get the error msg that it may have aready been removed. Clicking yes to remove it from. The list doesn't work, even in safe mode. Adobe reader won't update, and 2 windows updates wouldnt install either. I'm baffled.
  10. Also, on the router set up page, no devices show as attached, though both are connected. For a second or two last night my wifes laptop did show but mine didn't.
  11. No malware/spyware will run in normal mode. and trying to uninstall generates 'An Error occurred while trying to uninstall xxxxxxx. It may have already been uninstalled. Would you like to remove xxxxxxx frrom the programs and features list?' xxxxxxx is the programme name. Clicking yes does nothing, even in safe mode. Suspicious items include 'Dream Day First Home' (never installed by us) and Toolbar cleaner 1.0 (again never installed by us).
  12. Not checked it yet. Still @ work. Wouldn't run anti spyware in normal mode, but not checked for deleted programmes etc. Let you know later. Thanks.
  13. Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.09.01.04 Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking) Internet Explorer 10.0.9200.16660 Anne :: ANNE-PC [administrator] 04/09/2013 00:16:08 mbam-log-2013-09-04 (00-16-08).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 221074 Time elapsed: 5 minute(s), 34 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  14. # AdwCleaner v3.002 - Report created 03/09/2013 at 23:59:16 # Updated 01/09/2013 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Anne - ANNE-PC # Running from : C:\Users\Anne\Desktop\AdwCleaner.exe # Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml File Found : C:\Users\Public\Desktop\eBay.lnk Folder Found C:\Program Files (x86)\AVG Secure Search Folder Found C:\Program Files (x86)\Common Files\AVG Secure Search Folder Found C:\ProgramData\AVG Secure Search Folder Found C:\ProgramData\Partner Folder Found C:\Users\Anne\AppData\Local\AVG Secure Search Folder Found C:\Users\Anne\AppData\LocalLow\AVG Secure Search Folder Found C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\6obyaair.default\FCTB ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKCU\Software\AVG Secure Search Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} Key Found : [x64] HKCU\Software\AVG Secure Search Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} Key Found : HKLM\Software\AVG Secure Search Key Found : HKLM\Software\AVG Security Toolbar Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2} Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL Key Found : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339} Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3} Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKLM\SOFTWARE\Classes\FCTB000061465.FCTB000061465Pos Key Found : HKLM\SOFTWARE\Classes\FCTB000061465.FCTB000061465Pos.1 Key Found : HKLM\SOFTWARE\Classes\FCTB000061465.IEToolbar Key Found : HKLM\SOFTWARE\Classes\FCTB000061465.IEToolbar.1 Key Found : HKLM\SOFTWARE\Classes\FCTB000061465.JSOptionsImpl Key Found : HKLM\SOFTWARE\Classes\FCTB000061465.JSOptionsImpl.1 Key Found : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook Key Found : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1 Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1 Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1 Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706} Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}] Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt] Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar] ***** [ Browsers ] ***** -\\ Internet Explorer v0.0.0.0 -\\ Mozilla Firefox v12.0 (en-GB) [ File : C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\6obyaair.default\prefs.js ] Line Found : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\15.5.0.2"); Line Found : user_pref("avg.userPreferences.URLBarFocus.whiteList", "bing\\.com|google\\.\\w+|yahoo\\.\\w+|gmail\\.\\w+|hotmail\\.\\w+|live\\.\\w+|isearch\\.avg\\.com|mysearch\\.avg\\.com"); Line Found : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.2803282.KeywordHistory", "facebook%7Cyou%2520tube%7C%7Cthurnham%2520hall%7Cthe%2520great%2520hall%2520at%2520mains"); Line Found : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.AutoSearchEventData", "auto%20search"); Line Found : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.ClearCacheDate", 3); Line Found : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.DNSCatch", true); Line Found : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.DisplayEULA", false); Line Found : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.DnsCatchEventData", "dns%20catch"); Line Found : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.FirstLaunchShown", true); Line Found : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.LoadLayoutDate.61465", 3); Line Found : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.NewTabSearchEventData", "tab%20search"); Line Found : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.ShowRecommendedOptions", true); Line Found : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.StateReportDate", "1378242854059"); Line Found : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.TopRightSearchEventData", "top%20right%20search"); Line Found : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.beforeInstallSaved", true); Line Found : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.beforeinstall.homepage", "hxxp%3A//homepage.emachines.com/rdr.aspx%3Fb%3DACEW%26l%3D0809%26m%3Dg627%26r%3D273603113665l03f4z1h5r59i2344o"); Line Found : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.beforeinstall.search", "Google"); Line Found : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.comp.affiliate.2803296.disabled", false); Line Found : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.comp.search.2803282.engine_img", "aHR0cDovL3MzdG9vbGJhci5mcmVlY2F1c2UuY29tL3lhaG9vX3B1cnBsZV95YmFuZy5wbmc%3D"); Line Found : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.comp.search.2803282.engine_url", "aHR0cDovL3VrLnNlYXJjaC55YWhvby5jb20vc2VhcmNoP291cm1hcms9MSZlaT11dGYtOCZmcj1uZWN0YXItdGItdjImc2x2OC0mdHlwZT0ldG9vb[...] Line Found : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.comp.search.2803282.text", "Search%20to%20Collect%20Nectar%20Points"); Line Found : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.customNewTab", true); Line Found : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.helpUsImprove", true); Line Found : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.hideOthers", false); Line Found : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.partnerauth", false); Line Found : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.processAddrBar", true); Line Found : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.restoreSearch", false); Line Found : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.revision", "88"); Line Found : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.runcmd.", "1378062842"); Line Found : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.runcmd.123", "61684"); Line Found : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.runcmd.nectar_oct_promo_1350372634", "nectar_oct_promo_event_1350372634"); Line Found : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.runcmd.nectar_oct_promo_1351199819", "nectar_oct_promo_event_1351199819"); Line Found : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.runcmd.nectar_oct_promo_1351546161", "nectar_oct_promo_event_1351546161"); Line Found : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.runcmd.nectar_sept_1346507304", "nectar_sept_promo_1346507304"); Line Found : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.runcmd.nectar_sept_1347395116", "nectar_sept_promo_1347395116"); Line Found : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.runcmd.nectar_sept_1348306265", "nectar_sept_promo_1348306265"); Line Found : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.searchHistory", true); Line Found : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.session", "C02B3D15D70146FE6C31A1A3A64A546B6DEE0DE6AA721E341DE6FC7F0BC62DBDD5D2B92C7A2D90C46F3AA27B92525278866A2621A04FA96A99F8E87CE362528ED01434DF[...] Line Found : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.showFirstLaunchOptions", false); Line Found : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.tb_lang", "en"); Line Found : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.tool_id", "61465"); Line Found : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.user_id", "71626811"); Line Found : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.user_key", "d9723090546ba3c5c361c4d95c1dd3ed5c531e2d"); Line Found : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.user_layouts", "61465"); Line Found : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.user_lnames", "Nectar%20Search%20Toolbar"); Line Found : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.xml_service_url", "6bb94bbf55fe2f255901a560824a6ebe"); Line Found : user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.yahooSearch", true); -\\ Google Chrome v [ File : C:\Users\Anne\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [10526 octets] - [03/09/2013 23:52:50] AdwCleaner[R1].txt - [10433 octets] - [03/09/2013 23:59:16] ########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [10494 octets] ##########
  15. Had to run in safe mode with AVG as couldn't disable in safe mode. ComboFix 13-09-02.02 - Anne 03/09/2013 22:29:34.1.1 - x64 NETWORK Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.1788.1236 [GMT 1:00] Running from: c:\users\Anne\Desktop\ComboFix.exe AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\Microsoft c:\program files (x86)\Common Files\emachines.ico c:\users\Anne\AppData\Local\Microsoft\Windows\Temporary Internet Files\{1322A7B8-98FF-4D84-97E4-0216F0F68453}.xps c:\users\Anne\AppData\Local\Microsoft\Windows\Temporary Internet Files\{14AF482B-511C-46E5-97FA-145A9F848A4A}.xps c:\users\Anne\AppData\Local\Microsoft\Windows\Temporary Internet Files\{19435BDD-DEBF-4495-892F-6ADAFCB22C85}.xps c:\users\Anne\AppData\Local\Microsoft\Windows\Temporary Internet Files\{308BBBE1-530B-44BC-8276-8BDA211793BE}.xps c:\users\Anne\AppData\Local\Microsoft\Windows\Temporary Internet Files\{32523DF8-9C19-42D2-8B1F-BA651EBB2BBC}.xps c:\users\Anne\AppData\Local\Microsoft\Windows\Temporary Internet Files\{3A03BBD9-A4CF-454F-8A58-3337601A88E3}.xps c:\users\Anne\AppData\Local\Microsoft\Windows\Temporary Internet Files\{42317EE9-D826-4CE5-9BA7-37DA763958B4}.xps c:\users\Anne\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4411A663-F6A5-413C-A95C-36EBB463E438}.xps c:\users\Anne\AppData\Local\Microsoft\Windows\Temporary Internet Files\{557AE76E-1476-466B-8A5D-8B07B7434630}.xps c:\users\Anne\AppData\Local\Microsoft\Windows\Temporary Internet Files\{57042243-1BF5-4BF7-B203-3DE491F4127D}.xps c:\users\Anne\AppData\Local\Microsoft\Windows\Temporary Internet Files\{5CFE0FA6-033A-4B7B-97DB-F63926014F6C}.xps c:\users\Anne\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6FDB82BB-A306-44B2-AF32-D3EE5A82ABCC}.xps c:\users\Anne\AppData\Local\Microsoft\Windows\Temporary Internet Files\{72592467-07E9-453C-9B8C-FD2706534A74}.xps c:\users\Anne\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7AE6CB73-662C-414D-BE9C-6F824146BF95}.xps c:\users\Anne\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A1B65214-0893-444B-A0D2-ED46030F06DF}.xps c:\users\Anne\AppData\Local\Microsoft\Windows\Temporary Internet Files\{AB92AA18-3A70-48CC-8D6E-61C730D3253E}.xps c:\users\Anne\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D5D71A9F-509E-4479-BFB9-A5B46FADA7AE}.xps c:\users\Anne\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F560776E-A8E1-487D-A154-2653254C2054}.xps c:\users\Anne\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FA5D2160-EF9C-49D5-807C-1F7F2CC5B310}.xps c:\users\Anne\AppData\Roaming\.# c:\users\Anne\AppData\Roaming\.#\MBX@E88@1F92790.### c:\users\Anne\AppData\Roaming\.#\MBX@E88@1F927C0.### c:\users\Anne\Documents\~WRL0003.tmp c:\users\Anne\Documents\~WRL0004.tmp c:\users\Anne\Documents\~WRL0005.tmp c:\users\Anne\Documents\~WRL0006.tmp c:\users\Anne\Documents\~WRL0007.tmp c:\users\Anne\Documents\~WRL1967.tmp c:\users\Anne\Documents\~WRL3000.tmp c:\users\Anne\Documents\~WRL4076.tmp c:\windows\wininit.ini . . ((((((((((((((((((((((((( Files Created from 2013-08-03 to 2013-09-03 ))))))))))))))))))))))))))))))) . . 2013-09-03 21:38 . 2013-09-03 21:38 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-09-02 22:13 . 2013-09-02 22:52 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable) 2013-09-02 10:49 . 2013-09-02 10:49 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AF705C62-B07D-4A68-B471-15B634D784E1}\offreg.dll 2013-09-01 16:55 . 2013-09-01 16:55 -------- d-----w- c:\users\Anne\AppData\Roaming\Malwarebytes 2013-09-01 16:54 . 2013-09-01 16:54 -------- d-----w- c:\programdata\Malwarebytes 2013-09-01 16:54 . 2013-09-01 16:54 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-09-01 16:54 . 2013-04-04 13:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-09-01 16:54 . 2013-09-01 16:54 -------- d-----w- c:\users\Anne\AppData\Local\Programs 2013-09-01 16:35 . 2013-09-01 18:11 -------- d-----w- c:\users\Anne\AppData\Local\AVG Secure Search 2013-09-01 16:33 . 2013-09-01 16:33 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service 2013-09-01 16:33 . 2013-09-01 16:33 588728 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll 2013-09-01 16:33 . 2013-09-01 16:33 43960 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll 2013-09-01 16:33 . 2013-09-01 16:33 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe 2013-09-01 16:33 . 2013-09-01 16:33 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe 2013-09-01 16:33 . 2013-09-01 16:33 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll 2013-09-01 16:33 . 2013-09-01 16:33 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll 2013-09-01 16:33 . 2013-09-01 16:33 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll 2013-09-01 16:33 . 2013-09-01 16:33 -------- d-----w- c:\users\Anne\AppData\Roaming\AVG2013 2013-09-01 16:32 . 2013-09-01 16:32 -------- d-----w- c:\users\Anne\AppData\Roaming\TuneUp Software 2013-09-01 16:31 . 2013-09-02 20:30 45856 ----a-w- c:\windows\system32\drivers\avgtpx64.sys 2013-09-01 16:31 . 2013-09-01 16:32 -------- d-----w- c:\programdata\AVG Secure Search 2013-09-01 16:31 . 2013-09-01 16:31 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search 2013-09-01 16:31 . 2013-09-02 20:31 -------- d-----w- c:\program files (x86)\AVG Secure Search 2013-09-01 16:30 . 2013-09-01 16:30 -------- d-----w- C:\$AVG 2013-09-01 16:29 . 2013-09-01 16:32 -------- d-----w- c:\programdata\AVG2013 2013-09-01 16:29 . 2013-09-01 16:29 -------- d-----w- c:\program files (x86)\AVG 2013-09-01 16:26 . 2013-09-01 18:12 -------- d-----w- c:\users\Anne\AppData\Local\Avg2013 2013-09-01 16:26 . 2013-09-01 16:26 -------- d-----w- c:\users\Anne\AppData\Local\MFAData 2013-08-30 12:39 . 2013-08-19 23:46 9515512 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AF705C62-B07D-4A68-B471-15B634D784E1}\mpengine.dll 2013-08-28 13:11 . 2013-08-28 13:12 -------- d-----w- c:\users\Anne\AppData\Roaming\Dropbox 2013-08-14 23:30 . 2013-07-26 03:35 2706432 ----a-w- c:\windows\system32\mshtml.tlb 2013-08-14 23:30 . 2013-07-26 02:49 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb 2013-08-14 23:30 . 2013-07-26 05:12 526336 ----a-w- c:\windows\system32\ieui.dll 2013-08-14 23:30 . 2013-07-26 05:12 356864 ----a-w- c:\program files\Internet Explorer\IEShims.dll 2013-08-14 23:30 . 2013-07-26 03:11 257536 ----a-w- c:\program files (x86)\Internet Explorer\ieproxy.dll 2013-08-14 23:30 . 2013-07-26 05:13 279040 ----a-w- c:\program files\Internet Explorer\sqmapi.dll 2013-08-14 23:30 . 2013-07-26 03:13 218112 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll 2013-08-14 23:30 . 2013-07-26 03:12 236032 ----a-w- c:\program files (x86)\Internet Explorer\IEShims.dll 2013-08-14 20:36 . 2013-07-09 05:52 224256 ----a-w- c:\windows\system32\wintrust.dll 2013-08-14 20:36 . 2013-07-09 05:46 1472512 ----a-w- c:\windows\system32\crypt32.dll 2013-08-14 20:36 . 2013-07-09 04:52 175104 ----a-w- c:\windows\SysWow64\wintrust.dll 2013-08-14 20:36 . 2013-07-09 04:46 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll 2013-08-14 20:36 . 2013-07-09 05:46 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2013-08-14 20:36 . 2013-07-09 05:46 139776 ----a-w- c:\windows\system32\cryptnet.dll 2013-08-14 20:36 . 2013-07-09 04:46 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2013-08-14 20:36 . 2013-07-09 04:46 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2013-08-14 20:35 . 2013-07-19 01:58 2048 ----a-w- c:\windows\system32\tzres.dll 2013-08-14 20:35 . 2013-07-19 01:41 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2013-08-14 20:34 . 2013-07-25 09:25 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL 2013-08-14 20:34 . 2013-07-25 08:57 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL 2013-08-14 20:34 . 2013-07-09 05:03 3913664 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-08-14 20:34 . 2013-07-09 06:03 5550528 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-08-14 20:34 . 2013-07-09 05:03 3968960 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-08-14 20:34 . 2013-07-09 05:54 1732032 ----a-w- c:\windows\system32\ntdll.dll 2013-08-14 20:34 . 2013-07-09 05:53 243712 ----a-w- c:\windows\system32\wow64.dll 2013-08-14 20:34 . 2013-07-09 04:53 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll 2013-08-14 20:34 . 2013-07-09 02:49 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2013-08-14 20:33 . 2013-07-09 04:52 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2013-08-14 20:33 . 2013-07-09 02:49 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2013-08-14 20:33 . 2013-07-09 02:49 7680 ----a-w- c:\windows\SysWow64\instnm.exe 2013-08-14 20:33 . 2013-07-09 02:49 2048 ----a-w- c:\windows\SysWow64\user.exe 2013-08-14 20:33 . 2013-07-09 05:51 1217024 ----a-w- c:\windows\system32\rpcrt4.dll 2013-08-14 20:33 . 2013-07-09 04:52 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll 2013-08-14 20:33 . 2013-06-15 04:32 39936 ----a-w- c:\windows\system32\drivers\tssecsrv.sys 2013-08-14 20:33 . 2013-07-06 06:03 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-08-07 03:22 . 2011-03-27 23:30 278800 ------w- c:\windows\system32\MpSigStub.exe 2013-08-05 21:52 . 2011-03-30 20:59 236688 ----a-w- c:\windows\system32\drivers\RapportKE64.sys 2013-07-20 00:51 . 2013-07-20 00:51 311608 ----a-w- c:\windows\system32\drivers\avgloga.sys 2013-07-20 00:50 . 2013-07-20 00:50 71480 ----a-w- c:\windows\system32\drivers\avgidsha.sys 2013-07-20 00:50 . 2013-07-20 00:50 246072 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys 2013-07-20 00:50 . 2013-07-20 00:50 206648 ----a-w- c:\windows\system32\drivers\avgldx64.sys 2013-07-10 00:32 . 2013-07-10 00:32 45880 ----a-w- c:\windows\system32\drivers\avgrkx64.sys 2013-07-09 04:45 . 2013-08-14 20:34 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2013-07-01 00:45 . 2013-07-01 00:45 116536 ----a-w- c:\windows\system32\drivers\avgmfx64.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{ada2ac0d-15c6-4611-ba5d-5b0a8b52fd6d}"= "c:\program files (x86)\Nectar Search Toolbar\Helper.dll" [2011-04-28 357376] . [HKEY_CLASSES_ROOT\clsid\{ada2ac0d-15c6-4611-ba5d-5b0a8b52fd6d}] [HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1] [HKEY_CLASSES_ROOT\TypeLib\{8021825B-2FBA-43AA-8FC9-1289DCD80B76}] [HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{B7C2F0D8-2209-4693-A15D-5A537211D48B}] 2011-04-28 10:27 1534976 ----a-w- c:\program files (x86)\Nectar Search Toolbar\Toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}] 2012-03-15 21:02 86696 ----a-w- c:\program files (x86)\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{8020143D-5926-4394-A04D-DD0B649DA121}"= "c:\program files (x86)\Nectar Search Toolbar\Toolbar.dll" [2011-04-28 1534976] "{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"= "c:\program files (x86)\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll" [2012-03-15 86696] . [HKEY_CLASSES_ROOT\clsid\{8020143d-5926-4394-a04d-dd0b649da121}] [HKEY_CLASSES_ROOT\FCTB000061465.IEToolbar.1] [HKEY_CLASSES_ROOT\TypeLib\{22466F1F-0B10-41B0-A971-3A28599AA7C7}] [HKEY_CLASSES_ROOT\FCTB000061465.IEToolbar] . [HKEY_CLASSES_ROOT\clsid\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Spotify"="c:\users\Anne\AppData\Roaming\Spotify\Spotify.exe" [2013-07-10 4640768] "Spotify Web Helper"="c:\users\Anne\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-07-10 1104384] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-29 98304] "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208] "Panda Security URL Filtering"="c:\programdata\Panda Security URL Filtering\Panda_URL_Filtering.exe" [2012-03-19 217256] "AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-07-01 4411440] "vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2013-09-02 2314416] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "Malwarebytes Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2013-04-04 532040] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "panda2_0dn"="reg.exe delete HKCU\Software\AppDataLow\Software\panda2_0dn" [X] "panda2_0dn_XP"="reg.exe delete HKCU\Software\panda2_0dn" [X] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . R0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys;c:\windows\SYSNATIVE\Drivers\RapportKE64.sys [x] R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x] R1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x] R1 RapportCerberus_53984;RapportCerberus_53984;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\53984\RapportCerberus64_53984.sys;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\53984\RapportCerberus64_53984.sys [x] R1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [x] R1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [x] R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x] R2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 ePowerSvc;Acer ePower Service;c:\program files\eMachines\eMachines Power Management\ePowerSvc.exe;c:\program files\eMachines\eMachines Power Management\ePowerSvc.exe [x] R2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [x] R2 vToolbarUpdater15.5.0;vToolbarUpdater15.5.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [x] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x] R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys;c:\windows\SYSNATIVE\DRIVERS\Rts516xIR.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 Greg_Service;GRegService;c:\program files (x86)\eMachines\Registration\GregHSRW.exe;c:\program files (x86)\eMachines\Registration\GregHSRW.exe [x] S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x] S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x] S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x] S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x] S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x] S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x] . . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-28 7982112] "Acer ePower Management"="c:\program files\eMachines\eMachines Power Management\ePowerTray.exe" [2009-09-30 823840] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-06-11 301056] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "NoIE4StubProcessing"="c:\windows\system32\reg.exe DELETE HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" [X] "MSPCLOCK"="streamci" [X] "MSPQM"="streamci" [X] "MSKSSRV"="streamci" [X] "MSTEE.CxTransform"="streamci" [X] "MSTEE.Splitter"="streamci" [X] "WDM_DRMKAUD"="streamci" [X] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.1 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll FF - ProfilePath - c:\users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\6obyaair.default\ FF - prefs.js: network.proxy.type - 0 FF - ExtSQL: 2013-09-01 17:32; avg@toolbar; c:\programdata\AVG Secure Search\FireFoxExt\15.5.0.2 . - - - - ORPHANS REMOVED - - - - . BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file) Toolbar-Locked - (no file) Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file) Wow6432Node-HKLM-Run-<NO NAME> - (no file) Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start Toolbar-Locked - (no file) WebBrowser-{8020143D-5926-4394-A04D-DD0B649DA121} - (no file) ShellIconOverlayIdentifiers-{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6} - c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUNShell.DLL ShellIconOverlayIdentifiers-{9AE343CB-BA45-4618-AF6A-0230EE6FC793} - c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUNShell.DLL . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" "Key"="ActionsPane3" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-09-03 22:46:05 ComboFix-quarantined-files.txt 2013-09-03 21:46 . Pre-Run: 180,228,591,616 bytes free Post-Run: 181,351,161,856 bytes free . - - End Of File - - DF4DAC9D45677E01C5EE324196B60C99 A36C5E4F47E84449FF07ED3517B43A31
  16. Thanks. Will read it. Then I'll try it later tonight.
  17. Can't run combo fix. Same error as with roguekiller. Will run in safe mode but reports AVG is active and could interfere with result. How do I disable it in Safe mode please? No tray Icon to right click to disable. Seems any A/V or malware won't run in normal mode.
  18. It worked. RogueKiller V8.6.8 _x64_ [sep 2 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Safe mode with network support User : Anne [Admin rights] Mode : Scan -- Date : 09/02/2013 22:33:13 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 2 ¤¤¤ [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD2500BEVT-00ZCT0 ATA Device +++++ --- User --- [MBR] 0230e15838100e5e4a4ed197702cb044 [bSP] f92a03ce90eded4e8efd499fffa98382 : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 12291 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 25173855 | Size: 101 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 25382700 | Size: 226080 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_09022013_223313.txt >>
  19. Qheb I try to run Roguekiller I get the followung error:the service cannont be started either because it is diabled or has no enabled devices associated with it. Procwssor is Athlon TF-20 64 bit.
  20. Will do when I get home. What puzzles me is 0 infections reported from mwb. I had to use safe mode to install Avg last night as it wouldn't install normally.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.