Jump to content

cmmanes

Members
  • Posts

    16
  • Joined

  • Last visited

Reputation

0 Neutral
  1. it is the .program folders that are missing, unhide did not fix that. i don't see norton in control panel remove programs. i removed Java 6 update 25
  2. i don't think that swirl is normal. could it be like a process is running and checking for something? it's when i click on certain things only.
  3. Results of screen317's Security Check version 0.99.7 Windows 7 Service Pack 1 (UAC is enabled) Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! Norton Internet Security McAfee SecurityCenter WMI entry may not exist for antivirus; attempting automatic update. ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware Java 6 Update 25 Out of date Java installed! Adobe Flash Player Adobe Reader 9.1 Out of date Adobe Reader installed! ```````````````````````````````` Process Check: objlist.exe by Laurent ``````````End of Log````````````
  4. i also see a strange icon flash every once in a while on my cursor. it is quick but looks like a grey swirl.
  5. Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Attachments] "ScanWithAntiVirus"=dword:00000003 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum] "{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"=dword:00000001 "{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}"=dword:40000021 "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"=dword:00000020 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ratings] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=dword:00000005 "ConsentPromptBehaviorUser"=dword:00000003 "EnableInstallerDetection"=dword:00000001 "EnableLUA"=dword:00000001 "EnableSecureUIAPaths"=dword:00000001 "EnableUIADesktopToggle"=dword:00000000 "EnableVirtualization"=dword:00000001 "PromptOnSecureDesktop"=dword:00000001 "ValidateAdminCodeSignatures"=dword:00000000 "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "scforceoption"=dword:00000000 "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 "FilterAdministratorToken"=dword:00000000 "DisableRegistryTools"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\UIPI] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\UIPI\Clipboard] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\UIPI\Clipboard\ExceptionFormats] "CF_TEXT"=dword:00000001 "CF_BITMAP"=dword:00000002 "CF_OEMTEXT"=dword:00000007 "CF_DIB"=dword:00000008 "CF_PALETTE"=dword:00000009 "CF_UNICODETEXT"=dword:0000000d "CF_DIBV5"=dword:00000011 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Uninstall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\WindowsUpdate]
  6. Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"=dword:00000000 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Network] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\WindowsUpdate]
  7. restoring missing desktop items in control panel did the trick for missing desktop icons.
  8. Desktop items are back. but start up menu program folders are still empty. Also, I forgot to mention there are tons of files waiting to be burned???
  9. I think internet explorer might be having a problem or could i be running two explorers at once? After I quit IE and go to shut down the computer gives me a warning hat it is still waiting for IE to quit. Also I tried to uninstall IE and can't find it in control panel. And the installer file in folder won't work. Is this anything? Thanks for your help!!!
  10. No virus found on all scans. unhide did not work. anything else?
  11. I have scanned twice now and no threats are found, but no log files are created!!!???
  12. ComboFix 11-05-04.04 - Stephanie 05/05/2011 10:19:38.4.2 - x86 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2812.2060 [GMT -4:00] Running from: c:\users\Stephanie\Desktop\ComboFix.exe AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2011-04-05 to 2011-05-05 ))))))))))))))))))))))))))))))) . . 2011-05-05 14:26 . 2011-05-05 14:26 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-05-05 14:26 . 2011-05-05 14:26 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2011-05-05 01:51 . 2011-05-05 01:51 161792 ----a-w- c:\windows\system32\d3d10_1.dll 2011-05-05 01:51 . 2011-05-05 01:51 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys 2011-05-05 01:22 . 2011-05-05 01:22 -------- d-----w- c:\users\Stephanie\AppData\Roaming\IObit 2011-05-05 01:22 . 2011-05-05 01:22 -------- d-----w- c:\program files\IObit 2011-05-04 20:48 . 2011-05-04 20:48 -------- d-----w- c:\program files\ESET 2011-05-04 20:04 . 2011-05-04 20:04 -------- d-----w- c:\users\Stephanie\AppData\Roaming\Malwarebytes 2011-05-04 20:04 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-04 20:04 . 2011-05-04 20:04 -------- d-----w- c:\programdata\Malwarebytes 2011-05-04 20:03 . 2011-05-04 20:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-05-04 20:03 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-04-23 01:54 . 2011-04-23 01:54 -------- d-----w- c:\program files\iPod 2011-04-23 01:54 . 2011-04-23 01:55 -------- d-----w- c:\program files\iTunes 2011-04-23 01:51 . 2011-04-23 01:51 -------- d-----w- c:\program files\Bonjour 2011-04-16 13:57 . 2011-02-23 05:06 311296 ----a-w- c:\windows\system32\drivers\srv.sys 2011-04-16 13:57 . 2011-02-23 05:05 309760 ----a-w- c:\windows\system32\drivers\srv2.sys 2011-04-16 13:57 . 2011-02-23 05:05 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys 2011-04-16 13:57 . 2011-02-18 05:36 428032 ----a-w- c:\windows\system32\vbscript.dll 2011-04-16 13:56 . 2011-03-03 05:29 132608 ----a-w- c:\windows\system32\dnsrslvr.dll 2011-04-16 13:56 . 2011-03-03 05:27 28672 ----a-w- c:\windows\system32\dnscacheugc.exe 2011-04-16 13:53 . 2011-03-03 03:31 2331136 ----a-w- c:\windows\system32\win32k.sys 2011-04-16 13:53 . 2011-02-12 05:30 191488 ----a-w- c:\windows\system32\FXSCOVER.exe 2011-04-16 13:53 . 2011-02-24 05:32 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2011-04-16 13:53 . 2011-03-08 05:38 740864 ----a-w- c:\windows\system32\inetcomm.dll 2011-04-16 12:47 . 2011-03-11 05:40 1164288 ----a-w- c:\windows\system32\mfc42u.dll 2011-04-16 12:47 . 2011-03-11 05:40 1137664 ----a-w- c:\windows\system32\mfc42.dll 2011-04-16 12:47 . 2011-02-23 05:05 69632 ----a-w- c:\windows\system32\drivers\bowser.sys 2011-04-16 12:47 . 2011-02-23 05:05 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-04-16 12:47 . 2011-02-23 05:05 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2011-04-16 12:47 . 2011-02-23 05:05 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-04-06 20:20 . 2011-04-06 20:20 91424 ----a-w- c:\windows\system32\dnssd.dll 2011-04-06 20:20 . 2011-04-06 20:20 75040 ----a-w- c:\windows\system32\jdns_sd.dll 2011-04-06 20:20 . 2011-04-06 20:20 107808 ----a-w- c:\windows\system32\dns-sd.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-04-02 16:51 . 2010-06-24 16:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2011-02-19 05:33 . 2011-03-10 13:04 802304 ----a-w- c:\windows\system32\FntCache.dll 2011-02-19 05:32 . 2011-03-10 13:04 1074176 ----a-w- c:\windows\system32\DWrite.dll 2011-02-19 05:32 . 2011-03-10 13:04 739840 ----a-w- c:\windows\system32\d2d1.dll 2011-02-18 21:36 . 2011-02-18 21:36 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2011-02-18 21:36 . 2011-02-18 21:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MyTOSHIBA"="c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe" [2009-08-06 264048] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-02 39408] "Advanced SystemCare 4"="c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-04-21 402832] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-30 98304] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-29 7625248] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-21 1545512] "TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-21 476512] "SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088] "00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616] "ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2010-11-29 1294712] "TosWaitSrv"="c:\program files\TOSHIBA\TPHM\TosWaitSrv.exe" [2009-08-07 611672] "Teco"="c:\program files\TOSHIBA\TECO\Teco.exe" [2009-08-12 1324384] "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-04 611672] "NortonOnlineBackupReminder"="c:\program files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" [2009-07-16 529256] "LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-22 47904] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\Dell Photo P703w AIO Printer\3.2\Apps\apdproxy.exe" [2007-03-09 63712] "DLKAStatusMonitor"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLKAMUI.exe" [2008-07-29 1327104] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-11-22 1193848] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160] "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-18 135664] R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-18 135664] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-10-14 84264] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-08-06 171520] R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-13 1343400] S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-10-14 64304] S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-10-14 164840] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [2011-04-21 352656] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-30 176128] S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-08-11 185712] S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448] S2 Dell Network Discovery Service;Dell Network Discovery Service;c:\program files\Dell\Dell Photo P703w AIO Printer\Printer\Device\DLDiscovery.exe [2008-09-09 275696] S2 dlSvc;Dell Photo Device Service;c:\program files\Dell\Dell Photo P703w AIO Printer\printer\center\dlSvc.exe [2008-11-18 28672] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-01-23 203280] S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480] S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480] S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-10-14 188136] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-10-14 141792] S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-12 185712] S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 12920] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-10-14 55840] S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 7680] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-10-14 313288] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-31 187392] S3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-11-29 54136] S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-04 111960] S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-07 685424] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336] . . --- Other Services/Drivers In Memory --- . *Deregistered* - mfeavfk01 . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}] 2009-08-06 16:15 264048 ----a-w- c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe . Contents of the 'Scheduled Tasks' folder . 2011-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-18 04:35] . 2011-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-18 04:35] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.aol.com/?src=aim&ncid=snsusaimc00000001 mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ff,90,04,1a,48,65,8e,42,84,ac,95,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ff,90,04,1a,48,65,8e,42,84,ac,95,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(5236) c:\program files\McAfee\SiteAdvisor\saHook.dll . Completion time: 2011-05-05 10:29:12 ComboFix-quarantined-files.txt 2011-05-05 14:29 ComboFix2.txt 2011-05-05 13:58 . Pre-Run: 262,386,978,816 bytes free Post-Run: 262,338,142,208 bytes free . - - End Of File - - 3E1FC4560D39A841C2A2837510727D18
  13. ComboFix 11-05-04.04 - Stephanie 05/05/2011 10:19:38.4.2 - x86 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2812.2060 [GMT -4:00] Running from: c:\users\Stephanie\Desktop\ComboFix.exe AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2011-04-05 to 2011-05-05 ))))))))))))))))))))))))))))))) . . 2011-05-05 14:26 . 2011-05-05 14:26 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-05-05 14:26 . 2011-05-05 14:26 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2011-05-05 01:51 . 2011-05-05 01:51 161792 ----a-w- c:\windows\system32\d3d10_1.dll 2011-05-05 01:51 . 2011-05-05 01:51 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys 2011-05-05 01:22 . 2011-05-05 01:22 -------- d-----w- c:\users\Stephanie\AppData\Roaming\IObit 2011-05-05 01:22 . 2011-05-05 01:22 -------- d-----w- c:\program files\IObit 2011-05-04 20:48 . 2011-05-04 20:48 -------- d-----w- c:\program files\ESET 2011-05-04 20:04 . 2011-05-04 20:04 -------- d-----w- c:\users\Stephanie\AppData\Roaming\Malwarebytes 2011-05-04 20:04 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-04 20:04 . 2011-05-04 20:04 -------- d-----w- c:\programdata\Malwarebytes 2011-05-04 20:03 . 2011-05-04 20:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-05-04 20:03 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-04-23 01:54 . 2011-04-23 01:54 -------- d-----w- c:\program files\iPod 2011-04-23 01:54 . 2011-04-23 01:55 -------- d-----w- c:\program files\iTunes 2011-04-23 01:51 . 2011-04-23 01:51 -------- d-----w- c:\program files\Bonjour 2011-04-16 13:57 . 2011-02-23 05:06 311296 ----a-w- c:\windows\system32\drivers\srv.sys 2011-04-16 13:57 . 2011-02-23 05:05 309760 ----a-w- c:\windows\system32\drivers\srv2.sys 2011-04-16 13:57 . 2011-02-23 05:05 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys 2011-04-16 13:57 . 2011-02-18 05:36 428032 ----a-w- c:\windows\system32\vbscript.dll 2011-04-16 13:56 . 2011-03-03 05:29 132608 ----a-w- c:\windows\system32\dnsrslvr.dll 2011-04-16 13:56 . 2011-03-03 05:27 28672 ----a-w- c:\windows\system32\dnscacheugc.exe 2011-04-16 13:53 . 2011-03-03 03:31 2331136 ----a-w- c:\windows\system32\win32k.sys 2011-04-16 13:53 . 2011-02-12 05:30 191488 ----a-w- c:\windows\system32\FXSCOVER.exe 2011-04-16 13:53 . 2011-02-24 05:32 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2011-04-16 13:53 . 2011-03-08 05:38 740864 ----a-w- c:\windows\system32\inetcomm.dll 2011-04-16 12:47 . 2011-03-11 05:40 1164288 ----a-w- c:\windows\system32\mfc42u.dll 2011-04-16 12:47 . 2011-03-11 05:40 1137664 ----a-w- c:\windows\system32\mfc42.dll 2011-04-16 12:47 . 2011-02-23 05:05 69632 ----a-w- c:\windows\system32\drivers\bowser.sys 2011-04-16 12:47 . 2011-02-23 05:05 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-04-16 12:47 . 2011-02-23 05:05 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2011-04-16 12:47 . 2011-02-23 05:05 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-04-06 20:20 . 2011-04-06 20:20 91424 ----a-w- c:\windows\system32\dnssd.dll 2011-04-06 20:20 . 2011-04-06 20:20 75040 ----a-w- c:\windows\system32\jdns_sd.dll 2011-04-06 20:20 . 2011-04-06 20:20 107808 ----a-w- c:\windows\system32\dns-sd.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-04-02 16:51 . 2010-06-24 16:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2011-02-19 05:33 . 2011-03-10 13:04 802304 ----a-w- c:\windows\system32\FntCache.dll 2011-02-19 05:32 . 2011-03-10 13:04 1074176 ----a-w- c:\windows\system32\DWrite.dll 2011-02-19 05:32 . 2011-03-10 13:04 739840 ----a-w- c:\windows\system32\d2d1.dll 2011-02-18 21:36 . 2011-02-18 21:36 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2011-02-18 21:36 . 2011-02-18 21:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MyTOSHIBA"="c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe" [2009-08-06 264048] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-02 39408] "Advanced SystemCare 4"="c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-04-21 402832] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-30 98304] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-29 7625248] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-21 1545512] "TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-21 476512] "SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088] "00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616] "ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2010-11-29 1294712] "TosWaitSrv"="c:\program files\TOSHIBA\TPHM\TosWaitSrv.exe" [2009-08-07 611672] "Teco"="c:\program files\TOSHIBA\TECO\Teco.exe" [2009-08-12 1324384] "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-04 611672] "NortonOnlineBackupReminder"="c:\program files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" [2009-07-16 529256] "LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-22 47904] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\Dell Photo P703w AIO Printer\3.2\Apps\apdproxy.exe" [2007-03-09 63712] "DLKAStatusMonitor"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLKAMUI.exe" [2008-07-29 1327104] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-11-22 1193848] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160] "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-18 135664] R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-18 135664] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-10-14 84264] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-08-06 171520] R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-13 1343400] S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-10-14 64304] S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-10-14 164840] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [2011-04-21 352656] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-30 176128] S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-08-11 185712] S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448] S2 Dell Network Discovery Service;Dell Network Discovery Service;c:\program files\Dell\Dell Photo P703w AIO Printer\Printer\Device\DLDiscovery.exe [2008-09-09 275696] S2 dlSvc;Dell Photo Device Service;c:\program files\Dell\Dell Photo P703w AIO Printer\printer\center\dlSvc.exe [2008-11-18 28672] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-01-23 203280] S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480] S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480] S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-10-14 188136] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-10-14 141792] S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-12 185712] S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 12920] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-10-14 55840] S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 7680] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-10-14 313288] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-31 187392] S3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-11-29 54136] S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-04 111960] S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-07 685424] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336] . . --- Other Services/Drivers In Memory --- . *Deregistered* - mfeavfk01 . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}] 2009-08-06 16:15 264048 ----a-w- c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe . Contents of the 'Scheduled Tasks' folder . 2011-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-18 04:35] . 2011-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-18 04:35] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.aol.com/?src=aim&ncid=snsusaimc00000001 mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ff,90,04,1a,48,65,8e,42,84,ac,95,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ff,90,04,1a,48,65,8e,42,84,ac,95,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(5236) c:\program files\McAfee\SiteAdvisor\saHook.dll . Completion time: 2011-05-05 10:29:12 ComboFix-quarantined-files.txt 2011-05-05 14:29 ComboFix2.txt 2011-05-05 13:58 . Pre-Run: 262,386,978,816 bytes free Post-Run: 262,338,142,208 bytes free . - - End Of File - - 3E1FC4560D39A841C2A2837510727D18
  14. Hello. Thanks for your help. I ran unhide and no my files are not back in start menu or desktop. Malwarebytes log follows. Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6511 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 5/5/2011 9:01:04 AM mbam-log-2011-05-05 (09-01-04).txt Scan type: Quick scan Objects scanned: 159726 Time elapsed: 6 minute(s), 26 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.