Jump to content

sheepdisease

Members
  • Posts

    20
  • Joined

  • Last visited

Reputation

0 Neutral
  1. I did look up that folder and saw that the tool always deleted it but nothing explained why. I don't have the files any more to check them out. I mean the restore points that you asked me to enable. I want them to be saved to a different partition.
  2. Thanks for your reply. I have attached the results of your instructions. Can you please tell me what this is? C:\Users\Hill\AppData\Roaming\AdvertismentImages C:\Users\Hill\AppData\Roaming\AdvertismentImages Also, I have a partition set up for backups. Can I tell Windows where to store the backup for the C:\ drive to another partition? Fixlog.txt
  3. Nothing found in MBAM. Not sure what this entry is in Adware: C:\Users\Hill\AppData\Roaming\AdvertismentImages For information I am using NordVPN and AdGuard (both up to date) so the IP addresses showing in hosts and elsewhere are very likely connected to that. MWBAM.txt AdwCleaner[S00].txt FRST.txt Addition.txt
  4. Hello there, I am very savvy when it comes to not getting caught out by phishing scams and any attempts to get me to provide sensitive information of bogus websites. That being said, somehow someone ordered two £100.00 Amazon Vouchers without my consent and not using my laptop this month. I know it is true because when I log into amazon.co.uk it shows as an order. I have contacted Amazon to inform them about it but it has left me wondering how this is even possible. I have two step authentication set up, so even if they knew my password from one of the many breaches which seem to happen all the time with websites being hacked, how did they get in? Even when I try to login, it usually asks me to verify using my phone. That makes me wonder if there is actually something on my system that I should be concerned about. I am using Bitdefender Total Security 2019 (fully up-to-date), which has detected nothing malicious during a thorough scan of everything (it took over 15 hours). I ran GMER 2.2.19882 and couldn't see anything obvious, could someone else please cast their eye over this? Needless to say, in the mean time I have changed my password. rootkit.log
  5. SystemLook 30.07.11 by jpshortstuff Log created at 06:56 on 29/08/2011 by Media Centre Administrator - Elevation successful ========== regfind ========== Searching for "Firefox.exe" [HKEY_CURRENT_USER\Software\Clients\StartMenuInternet] @="FIREFOX.EXE" [HKEY_CURRENT_USER\Software\Clients\StartMenuInternet\FIREFOX.EXE] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\84044d0f_0] @="{0.0.0.00000000}.{bf7cf083-b7c9-4013-9757-6080b6e91783}|\Device\HarddiskVolume3\Program Files (x86)\Mozilla Firefox\firefox.exe%b{00000000-0000-0000-0000-000000000000}" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.doc\OpenWithList] "b"="firefox.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\OpenWithList] "c"="firefox.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.msi\OpenWithList] "a"="firefox.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\OpenWithList] "a"="firefox.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rar\OpenWithList] "b"="firefox.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent\OpenWithList] "a"="firefox.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.zip\OpenWithList] "a"="firefox.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\DDECache\Firefox\WWW_OpenURL] "ProcessName"="firefox.exe" [HKEY_CURRENT_USER\Software\Classes\FirefoxHTML\shell\open\command] @=""C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"" [HKEY_CURRENT_USER\Software\Classes\FirefoxURL\DefaultIcon] @="C:\Program Files (x86)\Mozilla Firefox\firefox.exe,1" [HKEY_CURRENT_USER\Software\Classes\FirefoxURL\shell\open\command] @=""C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"" [HKEY_CURRENT_USER\Software\Classes\ftp\DefaultIcon] @="C:\Program Files (x86)\Mozilla Firefox\firefox.exe,1" [HKEY_CURRENT_USER\Software\Classes\http\DefaultIcon] @="C:\Program Files (x86)\Mozilla Firefox\firefox.exe,1" [HKEY_CURRENT_USER\Software\Classes\https\DefaultIcon] @="C:\Program Files (x86)\Mozilla Firefox\firefox.exe,1" [HKEY_CURRENT_USER\Software\Classes\https\shell\open\command] @=""C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FirefoxHTML\DefaultIcon] @="C:\Program Files (x86)\Mozilla Firefox\firefox.exe,1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FirefoxHTML\shell\open\command] @=""C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FirefoxURL\DefaultIcon] @="C:\Program Files (x86)\Mozilla Firefox\firefox.exe,1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FirefoxURL\shell\open\command] @=""C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"" [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE] [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\Capabilities] "ApplicationIcon"="C:\Program Files (x86)\Mozilla Firefox\firefox.exe,0" [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\Capabilities\StartMenu] "StartMenuInternet"="FIREFOX.EXE" [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\DefaultIcon] @="C:\Program Files (x86)\Mozilla Firefox\firefox.exe,0" [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command] @="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\properties\command] @=""C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences" [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command] @=""C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\firefox.exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\firefox.exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\firefox.exe] @="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\RegisteredApplications] "Firefox"="Software\Clients\StartMenuInternet\FIREFOX.EXE\Capabilities" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\MediaPlayer\ShimInclusionList\FIREFOX.EXE] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 5.0 (x86 en-GB)] "DisplayIcon"="C:\Program Files (x86)\Mozilla Firefox\firefox.exe,0" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\firefox.exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\firefox.exe] @="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Mozilla\Mozilla Firefox\5.0 (en-GB)\Main] "PathToExe"="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Mozilla\Mozilla Firefox 5.0\bin] "PathToExe"="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\FIREFOX.EXE] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\FIREFOX.EXE\Capabilities] "ApplicationIcon"="C:\Program Files (x86)\Mozilla Firefox\firefox.exe,0" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\FIREFOX.EXE\Capabilities\StartMenu] "StartMenuInternet"="FIREFOX.EXE" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\FIREFOX.EXE\DefaultIcon] @="C:\Program Files (x86)\Mozilla Firefox\firefox.exe,0" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command] @="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\FIREFOX.EXE\shell\properties\command] @=""C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command] @=""C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\RegisteredApplications] "Firefox"="Software\Clients\StartMenuInternet\FIREFOX.EXE\Capabilities" [HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\3] "Filename"="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\3] "DeviceName"="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\HIPS\Policy\13\Rules\12\Allowed\0] "Filename"="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\HIPS\Policy\13\Rules\12\Allowed\0] "DeviceName"="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\HIPS\Policy\14\Rules\12\Allowed\0] "Filename"="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\HIPS\Policy\14\Rules\12\Allowed\0] "DeviceName"="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\HIPS\Policy\25] "Filename"="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\HIPS\Policy\25] "DeviceName"="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000\Software\Clients\StartMenuInternet] @="FIREFOX.EXE" [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000\Software\Clients\StartMenuInternet\FIREFOX.EXE] [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\84044d0f_0] @="{0.0.0.00000000}.{bf7cf083-b7c9-4013-9757-6080b6e91783}|\Device\HarddiskVolume3\Program Files (x86)\Mozilla Firefox\firefox.exe%b{00000000-0000-0000-0000-000000000000}" [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.doc\OpenWithList] "b"="firefox.exe" [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\OpenWithList] "c"="firefox.exe" [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.msi\OpenWithList] "a"="firefox.exe" [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\OpenWithList] "a"="firefox.exe" [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rar\OpenWithList] "b"="firefox.exe" [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent\OpenWithList] "a"="firefox.exe" [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.zip\OpenWithList] "a"="firefox.exe" [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\DDECache\Firefox\WWW_OpenURL] "ProcessName"="firefox.exe" [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000\Software\Classes\FirefoxHTML\shell\open\command] @=""C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"" [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000\Software\Classes\FirefoxURL\DefaultIcon] @="C:\Program Files (x86)\Mozilla Firefox\firefox.exe,1" [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000\Software\Classes\FirefoxURL\shell\open\command] @=""C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"" [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000\Software\Classes\ftp\DefaultIcon] @="C:\Program Files (x86)\Mozilla Firefox\firefox.exe,1" [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000\Software\Classes\http\DefaultIcon] @="C:\Program Files (x86)\Mozilla Firefox\firefox.exe,1" [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000\Software\Classes\https\DefaultIcon] @="C:\Program Files (x86)\Mozilla Firefox\firefox.exe,1" [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000\Software\Classes\https\shell\open\command] @=""C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"" [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000_Classes\FirefoxHTML\shell\open\command] @=""C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"" [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000_Classes\FirefoxURL\DefaultIcon] @="C:\Program Files (x86)\Mozilla Firefox\firefox.exe,1" [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000_Classes\FirefoxURL\shell\open\command] @=""C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"" [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000_Classes\ftp\DefaultIcon] @="C:\Program Files (x86)\Mozilla Firefox\firefox.exe,1" [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000_Classes\http\DefaultIcon] @="C:\Program Files (x86)\Mozilla Firefox\firefox.exe,1" [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000_Classes\https\DefaultIcon] @="C:\Program Files (x86)\Mozilla Firefox\firefox.exe,1" [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000_Classes\https\shell\open\command] @=""C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"" -= EOF =-
  6. Apologies, I didn't follow your instructions correctly before: SystemLook 30.07.11 by jpshortstuff Log created at 07:19 on 25/08/2011 by Media Centre Administrator - Elevation successful WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results. ========== regfind ========== Searching for "Firefox.exe" [HKEY_CURRENT_USER\Software\Clients\StartMenuInternet] @="FIREFOX.EXE" [HKEY_CURRENT_USER\Software\Clients\StartMenuInternet\FIREFOX.EXE] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\84044d0f_0] @="{0.0.0.00000000}.{bf7cf083-b7c9-4013-9757-6080b6e91783}|\Device\HarddiskVolume3\Program Files (x86)\Mozilla Firefox\firefox.exe%b{00000000-0000-0000-0000-000000000000}" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.doc\OpenWithList] "b"="firefox.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\OpenWithList] "c"="firefox.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.msi\OpenWithList] "a"="firefox.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\OpenWithList] "a"="firefox.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rar\OpenWithList] "b"="firefox.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent\OpenWithList] "a"="firefox.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.zip\OpenWithList] "a"="firefox.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\DDECache\Firefox\WWW_OpenURL] "ProcessName"="firefox.exe" [HKEY_CURRENT_USER\Software\Classes\FirefoxHTML\shell\open\command] @=""C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"" [HKEY_CURRENT_USER\Software\Classes\FirefoxURL\DefaultIcon] @="C:\Program Files (x86)\Mozilla Firefox\firefox.exe,1" [HKEY_CURRENT_USER\Software\Classes\FirefoxURL\shell\open\command] @=""C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"" [HKEY_CURRENT_USER\Software\Classes\ftp\DefaultIcon] @="C:\Program Files (x86)\Mozilla Firefox\firefox.exe,1" [HKEY_CURRENT_USER\Software\Classes\http\DefaultIcon] @="C:\Program Files (x86)\Mozilla Firefox\firefox.exe,1" [HKEY_CURRENT_USER\Software\Classes\https\DefaultIcon] @="C:\Program Files (x86)\Mozilla Firefox\firefox.exe,1" [HKEY_CURRENT_USER\Software\Classes\https\shell\open\command] @=""C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer\ShimInclusionList\FIREFOX.EXE] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 5.0 (x86 en-GB)] "DisplayIcon"="C:\Program Files (x86)\Mozilla Firefox\firefox.exe,0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\firefox.exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\firefox.exe] @="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox\5.0 (en-GB)\Main] "PathToExe"="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 5.0\bin] "PathToExe"="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FirefoxHTML\DefaultIcon] @="C:\Program Files (x86)\Mozilla Firefox\firefox.exe,1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FirefoxHTML\shell\open\command] @=""C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FirefoxURL\DefaultIcon] @="C:\Program Files (x86)\Mozilla Firefox\firefox.exe,1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FirefoxURL\shell\open\command] @=""C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"" [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE] [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\Capabilities] "ApplicationIcon"="C:\Program Files (x86)\Mozilla Firefox\firefox.exe,0" [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\Capabilities\StartMenu] "StartMenuInternet"="FIREFOX.EXE" [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\DefaultIcon] @="C:\Program Files (x86)\Mozilla Firefox\firefox.exe,0" [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command] @="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\properties\command] @=""C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences" [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command] @=""C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode" [HKEY_LOCAL_MACHINE\SOFTWARE\RegisteredApplications] "Firefox"="Software\Clients\StartMenuInternet\FIREFOX.EXE\Capabilities" [HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\3] "Filename"="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\3] "DeviceName"="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\HIPS\Policy\20] "Filename"="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\HIPS\Policy\20] "DeviceName"="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\HIPS\Policy\8\Rules\12\Allowed\0] "Filename"="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\HIPS\Policy\8\Rules\12\Allowed\0] "DeviceName"="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\HIPS\Policy\9\Rules\12\Allowed\0] "Filename"="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\HIPS\Policy\9\Rules\12\Allowed\0] "DeviceName"="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000\Software\Clients\StartMenuInternet] @="FIREFOX.EXE" [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000\Software\Clients\StartMenuInternet\FIREFOX.EXE] [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\84044d0f_0] @="{0.0.0.00000000}.{bf7cf083-b7c9-4013-9757-6080b6e91783}|\Device\HarddiskVolume3\Program Files (x86)\Mozilla Firefox\firefox.exe%b{00000000-0000-0000-0000-000000000000}" [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.doc\OpenWithList] "b"="firefox.exe" [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\OpenWithList] "c"="firefox.exe" [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.msi\OpenWithList] "a"="firefox.exe" [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\OpenWithList] "a"="firefox.exe" [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rar\OpenWithList] "b"="firefox.exe" [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent\OpenWithList] "a"="firefox.exe" [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.zip\OpenWithList] "a"="firefox.exe" [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\DDECache\Firefox\WWW_OpenURL] "ProcessName"="firefox.exe" [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000\Software\Classes\FirefoxHTML\shell\open\command] @=""C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"" [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000\Software\Classes\FirefoxURL\DefaultIcon] @="C:\Program Files (x86)\Mozilla Firefox\firefox.exe,1" [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000\Software\Classes\FirefoxURL\shell\open\command] @=""C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"" [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000\Software\Classes\ftp\DefaultIcon] @="C:\Program Files (x86)\Mozilla Firefox\firefox.exe,1" [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000\Software\Classes\http\DefaultIcon] @="C:\Program Files (x86)\Mozilla Firefox\firefox.exe,1" [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000\Software\Classes\https\DefaultIcon] @="C:\Program Files (x86)\Mozilla Firefox\firefox.exe,1" [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000\Software\Classes\https\shell\open\command] @=""C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"" [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000_Classes\FirefoxHTML\shell\open\command] @=""C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"" [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000_Classes\FirefoxURL\DefaultIcon] @="C:\Program Files (x86)\Mozilla Firefox\firefox.exe,1" [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000_Classes\FirefoxURL\shell\open\command] @=""C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"" [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000_Classes\ftp\DefaultIcon] @="C:\Program Files (x86)\Mozilla Firefox\firefox.exe,1" [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000_Classes\http\DefaultIcon] @="C:\Program Files (x86)\Mozilla Firefox\firefox.exe,1" [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000_Classes\https\DefaultIcon] @="C:\Program Files (x86)\Mozilla Firefox\firefox.exe,1" [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000_Classes\https\shell\open\command] @=""C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"" -= EOF =-
  7. Thank you, I do appreciate all your hard work. When I tried running that program I was issued with a prompt, 'Script Required!'. It wouldn't run as a result.
  8. Firefox 5.0 Apologies, couldn;t attach the file directly as the forum restricted this. steam.exe.rar
  9. It's really annoying, whenever I use this program it deletes Steam! ComboFix 11-08-14.02 - Media Centre 08/14/2011 8:31.2.4 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8175.5993 [GMT 1:00] Running from: d:\downloads\ComboFix.exe AV: COMODO Antivirus *Disabled/Updated* {7554F4C5-5EC0-2FC6-8192-8DF831DBED51} FW: COMODO Firewall *Disabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A} SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\Steam\steam.exe . . ((((((((((((((((((((((((( Files Created from 2011-07-14 to 2011-08-14 ))))))))))))))))))))))))))))))) . . 2011-08-14 07:36 . 2011-08-14 07:36 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-08-10 22:21 . 2011-07-16 05:21 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll 2011-08-03 17:47 . 2011-08-03 17:51 -------- d-----w- c:\users\Media Centre\AppData\Roaming\GetRightToGo 2011-08-03 17:47 . 2011-08-03 17:47 -------- d-----w- c:\programdata\NCH Software 2011-07-20 16:28 . 2011-07-20 16:28 -------- d-----w- c:\program files\iTunes 2011-07-20 16:28 . 2011-07-20 16:28 -------- d-----w- c:\program files (x86)\iTunes 2011-07-20 16:28 . 2011-07-20 16:28 -------- d-----w- c:\program files\iPod 2011-07-20 16:26 . 2011-07-20 16:26 -------- d-----w- c:\program files\Bonjour 2011-07-20 16:26 . 2011-07-20 16:26 -------- d-----w- c:\program files (x86)\Bonjour . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-08-11 02:25 . 2011-06-11 01:15 25640 ----a-w- c:\windows\gdrv.sys 2011-07-16 04:26 . 2011-08-10 22:22 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2011-07-12 10:34 . 2011-07-12 10:34 96104 ----a-w- c:\windows\system32\dns-sd.exe 2011-07-12 10:34 . 2011-07-12 10:34 85864 ----a-w- c:\windows\system32\dnssd.dll 2011-07-12 10:34 . 2011-07-12 10:34 61288 ----a-w- c:\windows\system32\jdns_sd.dll 2011-07-12 10:34 . 2011-07-12 10:34 212840 ----a-w- c:\windows\system32\dnssdX.dll 2011-07-12 10:20 . 2011-07-12 10:20 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe 2011-07-12 10:20 . 2011-07-12 10:20 73064 ----a-w- c:\windows\SysWow64\dnssd.dll 2011-07-12 10:20 . 2011-07-12 10:20 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll 2011-07-12 10:20 . 2011-07-12 10:20 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll 2011-07-10 19:32 . 2011-06-11 06:21 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys 2011-07-10 11:16 . 2011-07-10 11:16 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-07-08 06:56 . 2011-06-11 00:59 30528 ----a-w- c:\windows\GVTDrv64.sys 2011-07-08 06:39 . 2011-07-08 06:42 430555 ----a-w- C:\ati_winflash_2.0.1.14.zip 2011-07-08 06:27 . 2011-07-08 06:44 2731134 ----a-w- C:\Mod_BIOS_HD_6950.zip 2011-07-07 21:34 . 2011-06-11 01:11 25640 ----a-w- c:\windows\etdrv.sys 2011-07-07 21:17 . 2011-07-07 21:17 53248 ----a-r- c:\users\Media Centre\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe 2011-07-07 11:48 . 2011-06-11 11:10 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2011-07-07 11:48 . 2011-06-11 11:09 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2011-07-06 17:35 . 2011-06-11 12:43 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-07-06 17:15 . 2011-07-06 17:15 285280 ----a-w- c:\windows\system32\drivers\afcdp.sys 2011-07-06 17:15 . 2011-06-11 17:05 1263200 ----a-w- c:\windows\system32\drivers\tdrpm273.sys 2011-07-06 17:15 . 2011-07-06 17:15 970336 ----a-w- c:\windows\system32\drivers\timntr.sys 2011-06-30 08:38 . 2011-05-07 15:17 92688 ----a-w- c:\windows\system32\drivers\inspect.sys 2011-06-30 08:38 . 2011-05-02 19:36 41712 ----a-w- c:\windows\system32\drivers\cmdhlp.sys 2011-06-30 08:38 . 2011-05-02 19:36 252344 ----a-w- c:\windows\system32\drivers\cmdGuard.sys 2011-06-30 08:38 . 2011-05-02 19:36 16016 ----a-w- c:\windows\system32\drivers\cmderd.sys 2011-06-30 08:37 . 2011-05-02 19:36 285256 ----a-w- c:\windows\SysWow64\guard32.dll 2011-06-30 08:37 . 2011-05-02 19:36 363560 ----a-w- c:\windows\system32\guard64.dll 2011-06-26 05:58 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2011-06-26 05:58 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll 2011-06-24 11:33 . 2011-06-11 11:27 2588952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll 2011-06-24 11:32 . 2011-06-11 11:27 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll 2011-06-13 18:19 . 2011-06-13 18:19 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2011-06-13 11:47 . 2011-06-13 11:47 710976 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll 2011-06-12 07:14 . 2011-06-12 07:14 466456 ----a-w- c:\windows\system32\wrap_oal.dll 2011-06-12 07:14 . 2011-06-12 07:14 122904 ----a-w- c:\windows\system32\OpenAL32.dll 2011-06-12 07:13 . 2011-06-12 07:13 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll 2011-06-12 07:13 . 2011-06-12 07:13 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll 2011-06-11 20:24 . 2011-06-11 20:24 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2011-06-11 20:24 . 2011-06-11 20:24 161792 ----a-w- c:\windows\SysWow64\msls31.dll 2011-06-11 20:23 . 2011-06-11 20:23 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll 2011-06-11 20:23 . 2011-06-11 20:23 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2011-06-11 20:23 . 2011-06-11 20:23 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2011-06-11 20:23 . 2011-06-11 20:23 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2011-06-11 20:23 . 2011-06-11 20:23 74752 ----a-w- c:\windows\SysWow64\iesetup.dll 2011-06-11 20:23 . 2011-06-11 20:23 63488 ----a-w- c:\windows\SysWow64\tdc.ocx 2011-06-11 20:23 . 2011-06-11 20:23 367104 ----a-w- c:\windows\SysWow64\html.iec 2011-06-11 20:23 . 2011-06-11 20:23 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2011-06-11 20:23 . 2011-06-11 20:23 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2011-06-11 20:23 . 2011-06-11 20:23 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll 2011-06-11 20:23 . 2011-06-11 20:23 152064 ----a-w- c:\windows\SysWow64\wextract.exe 2011-06-11 20:23 . 2011-06-11 20:23 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2011-06-11 20:23 . 2011-06-11 20:23 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2011-06-11 20:23 . 2011-06-11 20:23 35840 ----a-w- c:\windows\SysWow64\imgutil.dll 2011-06-11 20:23 . 2011-06-11 20:23 222208 ----a-w- c:\windows\system32\msls31.dll 2011-06-11 20:23 . 2011-06-11 20:23 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2011-06-11 20:23 . 2011-06-11 20:23 11776 ----a-w- c:\windows\SysWow64\mshta.exe 2011-06-11 20:23 . 2011-06-11 20:23 101888 ----a-w- c:\windows\SysWow64\admparse.dll 2011-06-11 20:23 . 2011-06-11 20:23 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2011-06-11 20:23 . 2011-06-11 20:23 85504 ----a-w- c:\windows\system32\iesetup.dll 2011-06-11 20:23 . 2011-06-11 20:23 76800 ----a-w- c:\windows\system32\tdc.ocx 2011-06-11 20:23 . 2011-06-11 20:23 49664 ----a-w- c:\windows\system32\imgutil.dll 2011-06-11 20:23 . 2011-06-11 20:23 48640 ----a-w- c:\windows\system32\mshtmler.dll 2011-06-11 20:23 . 2011-06-11 20:23 448512 ----a-w- c:\windows\system32\html.iec 2011-06-11 20:23 . 2011-06-11 20:23 30720 ----a-w- c:\windows\system32\licmgr10.dll 2011-06-11 20:23 . 2011-06-11 20:23 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2011-06-11 20:23 . 2011-06-11 20:23 1492992 ----a-w- c:\windows\system32\inetcpl.cpl 2011-06-11 20:23 . 2011-06-11 20:23 135168 ----a-w- c:\windows\system32\IEAdvpack.dll 2011-06-11 20:23 . 2011-06-11 20:23 12288 ----a-w- c:\windows\system32\mshta.exe 2011-06-11 20:23 . 2011-06-11 20:23 114176 ----a-w- c:\windows\system32\admparse.dll 2011-06-11 20:23 . 2011-06-11 20:23 111616 ----a-w- c:\windows\system32\iesysprep.dll 2011-06-11 20:23 . 2011-06-11 20:23 603648 ----a-w- c:\windows\system32\vbscript.dll 2011-06-11 20:23 . 2011-06-11 20:23 165888 ----a-w- c:\windows\system32\iexpress.exe 2011-06-11 20:23 . 2011-06-11 20:23 160256 ----a-w- c:\windows\system32\wextract.exe 2011-06-11 19:17 . 2011-06-11 19:17 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll 2011-06-11 17:05 . 2011-06-11 17:05 277088 ----a-w- c:\windows\system32\drivers\snapman.sys 2011-06-11 12:43 . 2011-06-11 12:43 388096 ----a-r- c:\users\Media Centre\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-06-11 11:10 . 2011-06-11 11:10 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll 2011-06-11 11:09 . 2011-06-11 11:09 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2011-06-11 06:43 . 2011-06-11 06:43 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll 2011-06-11 06:43 . 2011-06-11 06:43 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll 2011-06-11 03:07 . 2011-07-13 06:22 3137536 ----a-w- c:\windows\system32\win32k.sys 2011-06-11 00:58 . 2011-06-11 00:58 81744 ----a-w- c:\windows\SysWow64\mfcm100u.dll 2011-06-11 00:58 . 2011-06-11 00:58 81744 ----a-w- c:\windows\SysWow64\mfcm100.dll 2011-06-11 00:58 . 2011-06-11 00:58 773968 ----a-w- c:\windows\SysWow64\msvcr100.dll 2011-06-11 00:58 . 2011-06-11 00:58 64336 ----a-w- c:\windows\SysWow64\mfc100fra.dll 2011-06-11 00:58 . 2011-06-11 00:58 64336 ----a-w- c:\windows\SysWow64\mfc100deu.dll 2011-06-11 00:58 . 2011-06-11 00:58 63824 ----a-w- c:\windows\SysWow64\mfc100esn.dll 2011-06-11 00:58 . 2011-06-11 00:58 62288 ----a-w- c:\windows\SysWow64\mfc100ita.dll 2011-06-11 00:58 . 2011-06-11 00:58 60752 ----a-w- c:\windows\SysWow64\mfc100rus.dll 2011-06-11 00:58 . 2011-06-11 00:58 55120 ----a-w- c:\windows\SysWow64\mfc100enu.dll 2011-06-11 00:58 . 2011-06-11 00:58 51024 ----a-w- c:\windows\SysWow64\vcomp100.dll 2011-06-11 00:58 . 2011-06-11 00:58 4422992 ----a-w- c:\windows\SysWow64\mfc100u.dll 2011-06-11 00:58 . 2011-06-11 00:58 4397384 ----a-w- c:\windows\SysWow64\mfc100.dll 2011-06-11 00:58 . 2011-06-11 00:58 43856 ----a-w- c:\windows\SysWow64\mfc100jpn.dll 2011-06-11 00:58 . 2011-06-11 00:58 43344 ----a-w- c:\windows\SysWow64\mfc100kor.dll 2011-06-11 00:58 . 2011-06-11 00:58 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll 2011-06-11 00:58 . 2011-06-11 00:58 36176 ----a-w- c:\windows\SysWow64\mfc100cht.dll 2011-06-11 00:58 . 2011-06-11 00:58 36176 ----a-w- c:\windows\SysWow64\mfc100chs.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184] "Consumer Input Update"="c:\program files (x86)\Consumer Input\dca-ua.exe" [2011-02-21 175800] "RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2011-08-13 107000] "TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2011-04-22 247728] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "SAOB Monitor"="c:\program files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe" [2011-05-10 2536440] "TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-06-27 5550840] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-24 336384] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-07-19 421736] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoWinKeys"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x] R3 atillk64;atillk64;c:\users\MEDIAC~1\AppData\Local\Temp\Rar$EX00.121\atillk64.sys [x] R3 etdrv;etdrv;c:\windows\etdrv.sys [2011-07-07 25640] R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-03-01 130976] R3 GService;Easy Tune;c:\program files (x86)\GIGABYTE\ET6\GService.exe [2010-11-10 40960] R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2011-07-08 30528] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 51445112] R3 MSICDSetup;MSICDSetup;G:\CDriver64.sys [x] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 RRNetCap;RRNetCap Service;c:\windows\system32\DRIVERS\rrnetcap.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 Appupdater;Appupdater;c:\program files (x86)\Appupdater\appupdaters.exe [2009-04-22 2756979] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [x] S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x] S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [x] S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x] S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-05-04 128384] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-07-06 3246040] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 bbtest_svc;Broadband Test Application;c:\program files (x86)\Broadband Test Application\BroadbandTestApp.exe [2011-06-14 815104] S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x] S2 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2009-06-17 68136] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640] S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-13 114688] S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592] S2 TunerFreeMCEService;TunerFreeMCEService;c:\program files (x86)\MillieSoft\TunerFreeMCE\TunerFreeMCEService.exe [2011-04-26 13824] S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [x] S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 Ph3xIB64;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB64.sys [x] S3 RRNetCapMP;RRNetCapMP;c:\windows\system32\DRIVERS\rrnetcap.sys [x] S3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2010-05-27 14648] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2011-08-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3022568182-3715623078-2412027832-1000Core.job - c:\users\Media Centre\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-12 08:03] . 2011-08-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3022568182-3715623078-2412027832-1000UA.job - c:\users\Media Centre\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-12 08:03] . 2011-08-14 c:\windows\Tasks\IsposureAgent.job - c:\program files (x86)\Broadband Test Application\BroadbandTestApp.exe [2011-03-24 17:28] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{45d30484-7ded-43d9-957a-d2fd1f046511}] 2010-11-05 01:57 444752 ----a-w- c:\windows\System32\mscoree.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{1d09c093-f71e-43c3-b948-19316cbd695e}"= "mscoree.dll" [2010-11-05 444752] . [HKEY_CLASSES_ROOT\CLSID\{1d09c093-f71e-43c3-b948-19316cbd695e}] [HKEY_CLASSES_ROOT\tGBandObj.tGBandObjClass] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-05-03 324096] "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-06-30 9048392] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 112512] "Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2011-05-17 390736] "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-06-23 1744152] "VX1000"="c:\windows\vVX1000.exe" [2010-05-20 762736] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\windows\System32\guard64.dll . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: &ieSpell Options - c:\program files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Check &Spelling - c:\program files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html IE: Lookup on Merriam Webster - file://c:\program files (x86)\ieSpell\Merriam Webster.HTM IE: Lookup on Wikipedia - file://c:\program files (x86)\ieSpell\wikipedia.HTM IE: RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.254 . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-Steam - c:\program files (x86)\Steam\Steam.exe AddRemove-GoldenEye: Source - c:\program files (x86)\Steam\SteamApps\sourcemods\GoldenEye: Source_Uninstall.exe AddRemove-Steam App 218 - c:\program files (x86)\Steam\steam.exe AddRemove-Steam App 240 - c:\program files (x86)\Steam\steam.exe AddRemove-Steam App 260 - c:\program files (x86)\Steam\steam.exe AddRemove-Steam App 34330 - c:\program files (x86)\Steam\steam.exe AddRemove-Steam App 44320 - c:\program files (x86)\Steam\steam.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:68,c6,52,5a,ed,ee,85,70,9d,04,7c,9b,68,7f,17,ec,7c,c8,ef,9e,64,43,49, ca,f9,c7,c0,a2,e8,9b,f2,3f,01,c2,9a,c3,96,48,93,c3,9a,8d,78,7a,3d,ed,b7,9b,\ "??"=hex:5c,f1,83,89,34,2e,c3,29,75,49,0f,ac,fc,c3,b8,aa . [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000\Software\SecuROM\License information*] "datasecu"=hex:ee,5a,30,0f,a7,26,53,38,80,ef,b6,b4,d2,6b,95,dd,1d,53,97,e2,50, 9e,f2,60,40,4a,69,be,73,18,21,80,41,9e,26,ca,76,01,73,bc,8c,33,d6,e5,a3,88,\ "rkeysecu"=hex:bb,99,c2,b0,96,01,dc,a8,1e,60,1a,1a,86,2a,f3,2c . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2011-08-14 08:37:35 ComboFix-quarantined-files.txt 2011-08-14 07:37 ComboFix2.txt 2011-07-21 06:39 . Pre-Run: 93,202,755,584 bytes free Post-Run: 94,115,483,648 bytes free . - - End Of File - - CCA125A8F11B1AF3078C3F0F006283A5
  10. Still with you, unfortunately I am on holiday so unable to test your suggestion.
  11. Unfortunately, when I renamed firefox3.exe back to firefox.exe I get the crashing problems back and instability issues.
  12. # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6528 # api_version=3.0.2 # EOSSerial=1dadabdacc97944cb17ba5761f9731ab # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2011-07-10 10:46:08 # local_time=2011-07-10 11:46:08 (+0000, GMT Daylight Time) # country="United States" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=512 16777215 100 0 2492588 2492588 0 0 # compatibility_mode=3073 16777213 80 75 7319 865806 0 0 # compatibility_mode=5893 16776574 100 94 1132887 62753861 0 0 # compatibility_mode=8192 67108863 100 0 231 231 0 0 # scanned=386994 # found=2 # cleaned=2 # scan_time=5956 D:\Downloads\Tag & Rename 3.5.7+Patch[h33t][eSpNs].rar a variant of Win32/HackTool.Patcher.A application (deleted - quarantined) 00000000000000000000000000000000 C D:\Downloads\Unlocker1.9.1.exe Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C # version=7 # iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330) # OnlineScanner.ocx=1.0.0.6528 # api_version=3.0.2 # EOSSerial=1dadabdacc97944cb17ba5761f9731ab # end=stopped # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-07-31 10:06:10 # local_time=2011-07-31 11:06:10 (+0000, GMT Daylight Time) # country="United States" # lang=9 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=512 16777215 100 0 4353744 4353744 0 0 # compatibility_mode=3073 16777213 80 75 5688 2726962 0 0 # compatibility_mode=5893 16776574 100 94 2994043 64615017 0 0 # compatibility_mode=8192 67108863 100 0 1861387 1861387 0 0 # scanned=164 # found=0 # cleaned=0 # scan_time=2 esets_scanner_update returned -1 esets_gle=53251 # version=7 # iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330) # OnlineScanner.ocx=1.0.0.6528 # api_version=3.0.2 # EOSSerial=1dadabdacc97944cb17ba5761f9731ab # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2011-08-01 12:04:55 # local_time=2011-08-01 01:04:55 (+0000, GMT Daylight Time) # country="United States" # lang=9 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=512 16777215 100 0 4353774 4353774 0 0 # compatibility_mode=3073 16777213 80 75 5718 2726992 0 0 # compatibility_mode=5893 16776574 100 94 2994073 64615047 0 0 # compatibility_mode=8192 67108863 100 0 1861417 1861417 0 0 # scanned=406476 # found=0 # cleaned=0 # scan_time=7099 Results of screen317's Security Check version 0.99.18 Windows 7 (UAC is disabled!) Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Disabled! ESET Online Scanner v3 WMI entry may not exist for antivirus; attempting automatic update. ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware Adobe Flash Player 10.3.181.34 Adobe Reader X (10.1.0) Mozilla Firefox (x86 en-GB..) ```````````````````````````````` Process Check: objlist.exe by Laurent Malwarebytes' Anti-Malware mbamservice.exe Comodo Firewall cmdagent.exe Comodo Firewall cfp.exe Acronis TrueImageHome OnlineBackupStandalone TrueImageMonitor.exe ``````````End of Log````````````
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.