jberk01 Posted February 16, 2012 ID:527171 Share Posted February 16, 2012 Hello Maniac,I had a similar problem to Emma above. I kept finding 2 Trojan Agents using MBW but each time I deleted and rebooted, they came back. I followed your steps above and as directed am posting the results of my combofix to see if there is anything else I need to correct. Your help is greatly appreciated.ComboFix 12-02-15.01 - Jessica 02/15/2012 18:36:27.1.2 - x64Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.4085.2702 [GMT -5:00]Running from: c:\users\Jessica\Desktop\ComboFix.exeAV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\users\Jessica\AppData\Local\Temp\1.tmp\F_IN_BOX.dllc:\users\Jessica\WINDOWSc:\users\Public\SPL7FE.tmpc:\windows\dasetup.logc:\windows\SSFM1032.DLLc:\windows\svchost.exec:\windows\system32\drivers\etc\lmhostsc:\windows\usp10.dll..((((((((((((((((((((((((( Files Created from 2012-01-15 to 2012-02-15 )))))))))))))))))))))))))))))))..2012-02-15 23:22 . 2012-02-15 23:25 -------- d-----w- C:\TDSSKiller_Quarantine2012-02-15 06:04 . 2011-12-16 08:45 696600 ----a-w- c:\program files\Internet Explorer\iexplore.exe2012-02-14 19:03 . 2012-02-14 22:35 134104 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll2012-02-14 19:03 . 2012-02-14 22:35 97240 ----a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll2012-02-14 19:03 . 2012-02-14 22:35 801752 ----a-w- c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll2012-02-14 19:03 . 2012-02-14 22:35 45016 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll2012-02-14 19:03 . 2012-02-14 22:35 437208 ----a-w- c:\program files (x86)\Mozilla Firefox\libGLESv2.dll2012-02-14 19:03 . 2012-02-14 22:35 1911768 ----a-w- c:\program files (x86)\Mozilla Firefox\mozjs.dll2012-02-14 19:03 . 2012-02-14 22:35 15832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozalloc.dll2012-02-14 19:03 . 2012-02-14 19:03 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll2012-02-14 19:03 . 2012-02-14 19:03 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll2012-02-14 19:03 . 2012-02-14 19:03 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll2012-02-14 19:03 . 2012-02-14 19:03 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll2012-02-14 19:03 . 2012-02-14 19:03 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll2012-02-14 18:37 . 2012-02-14 18:37 -------- d-----w- c:\windows\system32\Macromed2012-02-13 23:48 . 2012-02-13 23:48 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\8AE.tmp2012-02-13 23:48 . 2012-02-13 23:48 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\8AD.tmp2012-01-31 17:01 . 2012-01-31 17:02 -------- d-----w- c:\program files (x86)\iTunes2012-01-31 17:01 . 2012-01-31 17:01 -------- d-----w- c:\program files\iPod...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-02-14 18:38 . 2011-07-15 00:55 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2011-12-24 14:33 . 2011-12-24 14:33 53248 ----a-r- c:\users\Jessica\AppData\Roaming\Microsoft\Installer\{7196E6BD-4B65-43F9-9D30-73A8E58D0E84}\ARPPRODUCTICON.exe2011-12-12 20:00 . 2011-12-12 20:00 10 ----a-w- c:\windows\Fonts\wfonts.key2011-12-10 20:24 . 2011-12-10 18:03 23152 ----a-w- c:\windows\system32\drivers\mbam.sys2011-11-21 11:40 . 2011-12-09 09:28 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C214D7D0-5F6E-4CDD-AB51-799BB3EE360E}\mpengine.dll2011-11-19 15:07 . 2012-01-11 02:13 77312 ----a-w- c:\windows\system32\packager.dll2011-11-19 14:06 . 2012-01-11 02:13 67072 ----a-w- c:\windows\SysWow64\packager.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]@="{95A27763-F62A-4114-9072-E81D87DE3B68}"[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]2011-03-04 00:52 762000 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]@="{E300CD91-100F-4E67-9AF3-1384A6124015}"[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]2011-03-04 00:52 762000 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]2011-03-04 00:52 762000 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2011-02-18 05:12 94208 ----a-w- c:\users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2011-02-18 05:12 94208 ----a-w- c:\users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2011-02-18 05:12 94208 ----a-w- c:\users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2011-11-11 59240]"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2011-11-11 59240].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"P17RunE"="P17RunE.dll" [2008-03-28 14848]"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 281768]"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-03-06 236016]"Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2011-03-04 948880]"InstaLAN"="c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2010-07-28 1485208]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]"SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [2011-12-13 922976]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736].c:\users\Jessica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - c:\users\Jessica\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-1-18 24246216].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp.R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-29 136176]R3 adptahci;adptahci;c:\windows\system32\DRIVERS\adptahci.sys [x]R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-12-24 79360]R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-29 136176]R3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]R3 megasas2;megasas2;c:\windows\system32\DRIVERS\megasas2.sys [x]R3 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys [x]R3 siigPCIeSer;siigPCIeSer;c:\windows\system32\DRIVERS\siigPCIeSer.sys [x]R3 siigPPort;siigPPort;c:\windows\system32\DRIVERS\siigPPort.sys [x]R3 SQLAgent$NR2005;SQLAgent$NR2005;c:\program files (x86)\Microsoft SQL Server\MSSQL$NR2005\Binn\sqlagent.EXE [2002-12-17 311872]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-29 136360]S2 Belkin Local Backup Service;Belkin Local Backup Service;c:\program files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [2010-02-17 181760]S2 Belkin Network USB Helper;Belkin Network USB Helper;c:\program files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [2010-02-09 55296]S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]S2 MSSQL$NR2005;MSSQL$NR2005;c:\program files (x86)\Microsoft SQL Server\MSSQL$NR2005\Binn\sqlservr.exe [2002-12-17 7520337]S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]S3 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys [x]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - WS2IFSL.Contents of the 'Scheduled Tasks' folder.2012-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-29 00:09].2012-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-29 00:09]..--------- x86-64 -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]@="{95A27763-F62A-4114-9072-E81D87DE3B68}"[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]2011-03-04 00:36 1174672 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]@="{E300CD91-100F-4E67-9AF3-1384A6124015}"[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]2011-03-04 00:36 1174672 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]2011-03-04 00:36 1174672 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2011-02-18 05:12 97792 ----a-w- c:\users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2011-02-18 05:12 97792 ----a-w- c:\users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2011-02-18 05:12 97792 ----a-w- c:\users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]2011-02-18 05:12 97792 ----a-w- c:\users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-09-16 8114720]"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]"LoadAppInit_DLLs"=0x0.------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = hxxp://home.bellsouth.net/mLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localuSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%sIE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000Trusted Zone: intuit.com\ttlcTCP: DhcpNameServer = 192.168.1.254FF - ProfilePath - c:\users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\fi0h6g0e.default\FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=FF - prefs.js: browser.startup.homepage - hxxp://www.google.comFF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p=FF - user.js: network.cookie.cookieBehavior - 0FF - user.js: privacy.clearOnShutdown.cookies - falseFF - user.js: security.warn_viewing_mixed - falseFF - user.js: security.warn_viewing_mixed.show_once - falseFF - user.js: security.warn_submit_insecure - falseFF - user.js: security.warn_submit_insecure.show_once - false.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)Toolbar-Locked - (no file)...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.10".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\program files (x86)\Creative\Shared Files\CTAudSvc.exec:\program files (x86)\Belkin\Router Setup and Monitor\BelkinService.exec:\program files (x86)\Avira\AntiVir Desktop\avguard.exec:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\program files (x86)\Citrix\GoToMyPC\g2svc.exec:\program files (x86)\Citrix\GoToMyPC\g2comm.exec:\program files (x86)\Citrix\GoToMyPC\g2pre.exec:\program files (x86)\Citrix\GoToMyPC\g2tray.exec:\program files (x86)\Nero\Nero8\Nero BackItUp\NBService.exec:\windows\SysWOW64\IoctlSvc.exec:\windows\SysWOW64\rundll32.exec:\program files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exec:\program files (x86)\Belkin\Router Setup and Monitor\dlnaPlugin.exec:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe.**************************************************************************.Completion time: 2012-02-15 18:48:17 - machine was rebootedComboFix-quarantined-files.txt 2012-02-15 23:48.Pre-Run: 383,344,844,800 bytes freePost-Run: 383,301,365,760 bytes free.- - End Of File - - 9324443662A6C32F887CFB1418E26D53 Link to post Share on other sites More sharing options...
Maurice Naggar Posted March 21, 2012 ID:536642 Share Posted March 21, 2012 Hello,Please advise if you have resolved your issues.If not, and you need guided help, do the following.If I do not hear back from you in 4 days, this topic will be closed.Step 11. Go >> Here << and download ERUNT (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)2. Install ERUNT by following the prompts (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)3. Start ERUNT (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)4. Choose a location for the backup (the default location is C:\WINDOWS\ERDNT which is acceptable).5. Make sure that at least the first two check boxes are ticked 6. Press OK7. Press YES to create the folder.Step 2To show all files:Go to your DesktopDouble-Click the Computer icon. From the menu options, Select Tools, then Folder Options. Next click the View tab. Locate and uncheck Hide file extensions for known file types. Locate and uncheck Hide protected operating system files (Recommended). Locate and click Show hidden files and folders and drives. Click Apply > OK. Step 3Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)Step 4Download Security Check by screen317 and save it to your Desktop: here or hereRun Security Check Follow the onscreen instructions inside of the command window.A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!Step 5Close all open browsers at this point.Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our toolsFor directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware ProgramsDo NOT turn off the firewallStart Internet ExplorerUsing Internet Explorer browser only, go to BitDefender Quickscan website:http://quickscan.bitdefender.comand click "Start Scan".Observe your browser in case it shows a notice/message bar to allow download and installation of a tool.Allow the download and install of qsax.cab from BitDefender. Right-click the IE info bar and select Install to install the BitDefender quick scan module.If prompted, reply yes to allow it to run.Press the Allow button and follow prompts.Press the "Start Scan" once more.You'll see the EULA in a pop-up window. Click the I accept & then the OK buttonNote: The FAQ is here --> http://quickscan.bitdefender.com/faq/and that QuickScan has no removal capability.The site boasts a 60-second scan. Do have patience as it likely will take longer.It may seem to stall at moments, but have patience; it will move on.You'll see a progress bar at top right of window.Hopefully you will see a No infections found in the bar-winddow. Press the View Log button.The log report will show in your text editor. Save the log.Do a Select ALL, Copy. Then paste contents into your next reply.RE-Enable your antivirus program.Copy & Paste contents of Log.txt & Info.txt & Checkup.txt & log from Bitdefender.Use separate replies as needed if logs do not fit into one reply box. Link to post Share on other sites More sharing options...
Maurice Naggar Posted March 24, 2012 ID:537308 Share Posted March 24, 2012 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts