Des Posted March 21, 2011 ID:402569 Share Posted March 21, 2011 Hi there,I'm reaching out for some expert help.My PC started having some strange issues (not allowing me to do System Restore, Not allowing to run Process Monitor, some weird redirects when browsing...etc)I run ComboFix and it found some stuff that deleted it.I would greatly appreciate somebody to analyze it see if there is anything that need to be addressed. Here is the log:ComboFix 11-03-19.04 - Des 03/20/2011 21:56:30.1.4 - x64Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.6142.4645 [GMT -4:00]Running from: c:\users\Des\Downloads\ComboFix.exeAV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}FW: COMODO Firewall *Enabled* {5F676F4C-DD6D-A47C-12D6-C449366C71EE}SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}SP: COMODO Defense+ *Enabled/Updated* {DC3D0F8D-B138-AAAA-0339-560EB3387C28}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..C:\datac:\data\cmdline.cfgc:\users\Des\Documents\regbu.regc:\windows\SysWow64\local.txt..((((((((((((((((((((((((( Files Created from 2011-02-21 to 2011-03-21 )))))))))))))))))))))))))))))))..2011-03-20 14:28 . 2011-03-20 14:28 -------- d-----w- c:\windows\CheckSur2011-03-20 12:36 . 2009-07-14 00:06 5632 ----a-w- c:\windows\system32\drivers\drmkaud.sys2011-03-20 12:36 . 2009-07-13 23:38 29184 ----a-w- c:\windows\system32\drivers\vgapnp.sys2011-03-20 11:57 . 2011-03-20 11:57 -------- d-----w- c:\windows\system32\EventProviders2011-03-18 11:41 . 2011-02-11 07:30 7947600 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{47CD8B24-49E9-46E8-A364-3943015A2C01}\mpengine.dll2011-03-16 16:26 . 2011-02-23 14:04 238968 ----a-w- c:\windows\system32\aswBoot.exe2011-03-16 16:26 . 2011-02-23 13:57 505176 ----a-w- c:\windows\system32\drivers\aswSnx.sys2011-03-15 13:14 . 2011-03-15 14:34 -------- d-----w- c:\users\Des\.idlerc2011-03-13 16:43 . 2011-03-14 03:50 -------- d-----w- C:\VritualRoot2011-03-13 15:25 . 2011-03-13 16:26 -------- d-----w- c:\programdata\Comodo2011-03-08 22:39 . 2010-12-23 06:07 1118720 ----a-w- c:\windows\system32\sbe.dll2011-03-08 22:39 . 2010-12-23 06:07 961024 ----a-w- c:\windows\system32\CPFilters.dll2011-03-08 22:39 . 2010-12-23 06:07 723968 ----a-w- c:\windows\system32\EncDec.dll2011-03-08 22:39 . 2010-12-23 05:28 850432 ----a-w- c:\windows\SysWow64\sbe.dll2011-03-08 22:39 . 2010-12-23 05:28 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll2011-03-08 22:39 . 2010-12-23 05:28 534528 ----a-w- c:\windows\SysWow64\EncDec.dll2011-03-08 22:39 . 2010-12-23 05:24 199680 ----a-w- c:\windows\SysWow64\mpg2splt.ax2011-03-08 22:39 . 2010-12-18 06:12 3138048 ----a-w- c:\windows\system32\mstscax.dll2011-03-08 22:39 . 2010-12-18 06:08 1097216 ----a-w- c:\windows\system32\mstsc.exe2011-03-08 22:39 . 2010-12-18 05:30 2690560 ----a-w- c:\windows\SysWow64\mstscax.dll2011-03-08 22:39 . 2010-12-18 05:26 1034240 ----a-w- c:\windows\SysWow64\mstsc.exe2011-03-08 17:18 . 2011-03-08 17:18 -------- d-----w- c:\programdata\IMSIDesign2011-03-08 17:17 . 2011-03-08 17:19 -------- d-----w- c:\users\Des\AppData\Roaming\IMSIDesign2011-02-28 19:53 . 2011-02-28 19:53 -------- d-----w- c:\windows\SysWow64\BestPractices2011-02-28 19:53 . 2011-02-28 19:53 -------- d-----w- c:\windows\system32\BestPractices2011-02-28 19:53 . 2011-02-28 20:03 -------- d-----w- C:\inetpub2011-02-28 19:12 . 2011-02-28 19:12 -------- d-----w- c:\users\Des\AppData\Roaming\Process Hacker 22011-02-28 19:03 . 2011-02-28 19:03 -------- d-----w- c:\program files\Process Hacker 22011-02-28 17:56 . 2011-02-28 18:47 96 ----a-w- c:\users\Des\advanced_ip_scanner_MAC.bin2011-02-28 17:41 . 2011-02-28 17:41 -------- d-----w- c:\program files (x86)\Advanced IP Scanner v22011-02-27 21:31 . 2011-02-27 21:31 -------- d-----w- c:\users\Des\AppData\Local\www.ispyconnect.com..(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2011-03-20 12:36 . 2009-07-13 23:33 67072 ----a-w- c:\windows\SysWow64\CertEnrollCtrl.exe2011-03-20 12:36 . 2009-07-14 00:01 152064 ----a-w- c:\windows\system32\iscsicli.exe2011-03-20 12:36 . 2009-07-14 00:01 89088 ----a-w- c:\windows\system32\iscsiwmi.dll2011-03-20 12:36 . 2009-07-13 23:42 980992 ----a-w- c:\windows\system32\d2d1.dll2011-03-20 12:36 . 2009-07-14 00:01 78848 ----a-w- c:\windows\system32\hbaapi.dll2011-03-20 12:36 . 2009-07-13 23:57 705536 ----a-w- c:\windows\system32\imagesp1.dll2011-03-20 12:36 . 2009-07-13 23:26 313856 ----a-w- c:\windows\system32\newdev.dll2011-03-20 12:36 . 2009-07-13 23:29 537600 ----a-w- c:\windows\SysWow64\objsel.dll2011-03-20 12:36 . 2009-07-14 00:18 58368 ----a-w- c:\windows\SysWow64\findnetprinters.dll2011-03-20 12:36 . 2009-07-13 23:36 296960 ----a-w- c:\windows\system32\rstrui.exe2011-03-20 12:36 . 2009-07-14 00:10 99328 ----a-w- c:\windows\system32\rasauto.dll2011-03-17 00:36 . 2010-05-19 21:17 234576 ----a-w- c:\windows\SysWow64\PnkBstrB.exe2011-03-17 00:36 . 2010-05-19 21:16 234576 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr2011-02-23 14:04 . 2010-06-29 10:31 40648 ----a-w- c:\windows\avastSS.scr2011-02-23 14:04 . 2010-05-19 18:47 190016 ----a-w- c:\windows\SysWow64\aswBoot.exe2011-02-23 13:57 . 2010-05-19 18:48 280408 ----a-w- c:\windows\system32\drivers\aswSP.sys2011-02-23 13:55 . 2010-05-19 18:48 53592 ----a-w- c:\windows\system32\drivers\aswTdi.sys2011-02-23 13:55 . 2010-05-19 18:48 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys2011-02-23 13:55 . 2010-05-19 18:48 64344 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys2011-02-23 13:54 . 2010-05-19 18:48 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys2011-02-02 22:11 . 2010-05-19 18:19 270720 ------w- c:\windows\system32\MpSigStub.exe2011-01-07 08:06 . 2011-02-09 21:13 46080 ----a-w- c:\windows\system32\atmlib.dll2011-01-07 07:27 . 2011-02-09 21:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll2011-01-07 05:49 . 2011-02-09 21:13 366080 ----a-w- c:\windows\system32\atmfd.dll2011-01-07 05:33 . 2011-02-09 21:13 294400 ----a-w- c:\windows\SysWow64\atmfd.dll2011-01-06 21:37 . 2011-01-06 21:37 89840 ----a-w- c:\windows\system32\drivers\inspect.sys2011-01-06 21:37 . 2011-01-06 21:37 39888 ----a-w- c:\windows\system32\drivers\cmdhlp.sys2011-01-06 21:36 . 2011-01-06 21:36 250008 ----a-w- c:\windows\system32\drivers\cmdGuard.sys2011-01-06 21:36 . 2011-01-06 21:36 14184 ----a-w- c:\windows\system32\drivers\cmderd.sys2011-01-05 06:20 . 2011-02-09 21:13 612352 ----a-w- c:\windows\system32\vbscript.dll2011-01-05 05:37 . 2011-02-09 21:13 428032 ----a-w- c:\windows\SysWow64\vbscript.dll2011-01-05 04:00 . 2011-02-09 21:13 3127808 ----a-w- c:\windows\system32\win32k.sys2010-12-29 05:42 . 2010-12-29 05:42 285480 ----a-w- c:\windows\SysWow64\guard32.dll2010-12-29 05:42 . 2010-12-29 05:42 362784 ----a-w- c:\windows\system32\guard64.dll2010-12-26 21:00 . 2010-09-08 17:16 466456 ----a-w- c:\windows\system32\wrap_oal.dll2010-12-26 21:00 . 2010-09-08 17:16 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll2010-12-26 21:00 . 2010-09-08 17:16 122904 ----a-w- c:\windows\system32\OpenAL32.dll2010-12-26 21:00 . 2010-09-08 17:16 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll..------- Sigcheck -------.[-] 2009-07-14 . 24ACB7E5BE595468E3B9AA488B9B4FCB . 328704 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe[-] 2009-07-14 . 24ACB7E5BE595468E3B9AA488B9B4FCB . 328704 . . [6.1.7600.16385] .. c:\windows\system32\services.exe.[-] 2009-07-14 . 0C12A2B863FEA45598134E3B6E379F88 . 51200 . . [7.3.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.3.7600.16385_none_8ca5655e8bc7dae9\wuauclt.exe[-] 2009-07-14 . 0C12A2B863FEA45598134E3B6E379F88 . 51200 . . [7.3.7600.16385] .. c:\windows\system32\wuauclt.exe.[-] 2009-07-14 . C78655BC80301D76ED4FEF1C1EA40A7D . 27136 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe[-] 2009-07-14 . C78655BC80301D76ED4FEF1C1EA40A7D . 27136 . . [6.1.7600.16385] .. c:\windows\system32\svchost.exe.[-] 2009-07-14 . 6F8F1376A13114CC10C0E69274F5A4DE . 30208 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe[-] 2009-07-14 . 6F8F1376A13114CC10C0E69274F5A4DE . 30208 . . [6.1.7600.16385] .. c:\windows\system32\userinit.exe.[-] 2009-07-14 . 94355C28C1970635A31B3FE52EB7CEBA . 129024 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe[-] 2009-07-14 . 94355C28C1970635A31B3FE52EB7CEBA . 129024 . . [6.1.7600.16385] .. c:\windows\system32\wininit.exe.[-] 2009-07-14 . 42B6A94DD747DF2B5F628A2752E62A98 . 9728 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_f9257e7aaa4290ce\ctfmon.exe[-] 2009-07-14 . 42B6A94DD747DF2B5F628A2752E62A98 . 9728 . . [6.1.7600.16385] .. c:\windows\system32\ctfmon.exe.[-] 2009-07-14 . 54A47F6B5E09A77E61649109C6A08866 . 20992 . . [6.1.7600.16385] .. c:\windows\SysWOW64\svchost.exe[-] 2009-07-14 . 54A47F6B5E09A77E61649109C6A08866 . 20992 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe.[-] 2009-07-14 . 6DE80F60D7DE9CE6B8C2DDFDF79EF175 . 26112 . . [6.1.7600.16385] .. c:\windows\SysWOW64\userinit.exe[-] 2009-07-14 . 6DE80F60D7DE9CE6B8C2DDFDF79EF175 . 26112 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe.[-] 2009-07-14 . B5C5DCAD3899512020D135600129D665 . 96256 . . [6.1.7600.16385] .. c:\windows\SysWOW64\wininit.exe[-] 2009-07-14 . B5C5DCAD3899512020D135600129D665 . 96256 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe.[-] 2009-07-14 . 4A3CDCEF8ED41B221F3DBEF5792FB52D . 8704 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ctfmon.exe[-] 2009-07-14 . 4A3CDCEF8ED41B221F3DBEF5792FB52D . 8704 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_9d06e2f6f1e51f98\ctfmon.exe.[-] 2009-07-14 . A45D184DF6A8803DA13A0B329517A64A . 149504 . . [6.1.7600.16385] .. c:\windows\SysWOW64\appmgmts.dll[-] 2009-07-14 . A45D184DF6A8803DA13A0B329517A64A . 149504 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-g..oftwareinstallation_31bf3856ad364e35_6.1.7600.16385_none_e818845daa1b69db\appmgmts.dll.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NZXT Gaming Mouse"="c:\users\Des\AppData\Roaming\NZXT Avatar Gaming Mouse\hid.exe" [2009-02-19 229376]"cdloader"="c:\users\Des\AppData\Roaming\mjusbsp\cdloader2.exe" [2010-12-03 50592].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"TurboV EVO"="c:\program files\ASUS\TurboV EVO\TurboV_EVO.exe" [2010-01-20 9900672]"Six Engine"="c:\program files (x86)\ASUS\EPU\EPU.exe" [2010-01-25 5297072]"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496]"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-02-23 3451496]"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-04 98304]"ASUS Update Checker"="c:\program files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe" [2009-10-08 114688].c:\users\Habibi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0)"PromptOnSecureDesktop"= 0 (0x0)"DisableCAD"= 1 (0x1).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]"LoadAppInit_DLLs"=1 (0x1)"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll.[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]Notification Packages REG_MULTI_SZ scecli c:\program files\Protector Suite\psqlpwd.dll.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]@="".[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]"JMB36X IDE Setup"=c:\windows\RaidTool\xInsIDE.exe"SSDMonitor"=c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe.R2 ftpsvc;Microsoft FTP Service;c:\windows\system32\svchost.exe [2009-07-14 27136]R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-19 133104]R2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe [2010-09-30 341296]R3 aswArKrn;aswArKrn;f:\temp\aswArKrn.sys [x]R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-09-09 79360]R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-09-08 79360]R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\33B.tmp [x]R3 npusbio;npusbio;c:\windows\system32\Drivers\npusbio_x64.sys [x]R3 SaiH0461;SaiH0461;c:\windows\system32\DRIVERS\SaiH0461.sys [x]R3 SMSIVZAM5X64;SMSIVZAM5X64 NDIS Protocol Driver;c:\progra~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS [2009-05-25 43032]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]R4 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-12-07 632792]S0 ahcix64;ahcix64;c:\windows\system32\DRIVERS\ahcix64.sys [x]S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]S1 aswSnx;aswSnx; [x]S1 aswSP;aswSP; [x]S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-12-28 96896]S2 aswFsBlk;aswFsBlk; [x]S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x64.sys [x]S2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [2009-10-16 319488]S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]S3 nzxtFltr;NZXT Avatar Gaming Mouse;c:\windows\system32\drivers\nzxtFltr.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]S3 skfiltv;skfiltv;c:\windows\system32\drivers\skfiltv.sys [x]S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]..[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvciissvcs REG_MULTI_SZ w3svc wasapphost REG_MULTI_SZ apphostsvc.Contents of the 'Scheduled Tasks' folder.2011-03-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-19 18:48].2011-03-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-19 18:48]..--------- x86-64 -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]@="{472083B0-C522-11CF-8763-00608CC02F24}"[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]2011-02-23 14:04 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]2010-03-29 19:25 5947656 ----a-w- c:\program files\Protector Suite\farchns.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]2010-03-29 19:25 5947656 ----a-w- c:\program files\Protector Suite\farchns.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"PSQLLauncher"="c:\program files\Protector Suite\launcher.exe" [2010-03-29 84744]"COMODO Internet Security"="g:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-01-18 8866120].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]"AppInit_DLLs"=c:\windows\System32\guard64.dll.------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = hxxp://www.google.com/uDefault_Search_URL = hxxp://www.google.com/iemLocal Page = c:\windows\SysWOW64\blank.htmmWindow Title = uSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%sIE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200FF - ProfilePath - c:\users\Des\AppData\Roaming\Mozilla\Firefox\Profiles\qe6exagg.default\FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/FF - prefs.js: network.proxy.type - 0FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox 4.0 Beta 6\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}FF - Ext: PasswordBank: passwordbank@upek.com - %profile%\extensions\passwordbank@upek.comFF - Ext: Wishpot: {DE2EB073-84DF-46aa-9A76-7B54C75366FA} - %profile%\extensions\{DE2EB073-84DF-46aa-9A76-7B54C75366FA}FF - Ext: 20-20 3D Viewer: 2020Player@2020Technologies.com - %profile%\extensions\2020Player@2020Technologies.com.- - - - ORPHANS REMOVED - - - -.AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe...[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]"ImagePath"="\??\c:\windows\system32\33B.tmp".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-2921665104-77496823-751803648-1000\Software\G*e*n*i*e*"!\FM Genie Scout 10]"GameDir"="c:\\Users\\Des\\Documents\\Sports Interactive\\Football Manager 2010\\games""ShortlistDir"="c:\\Users\\Des\\Documents\\Sports Interactive\\Football Manager 2010\\shortlists""ScreenshotsDir"="c:\\Users\\Des\\Documents\\Sports Interactive\\Football Manager 2010""SaveDir"="c:\\Users\\Des\\Documents\\Sports Interactive\\Football Manager 2010\\""LangDB"="""LastSaveGame"="c:\\Users\\Des\\Documents\\Sports Interactive\\Football Manager 2010\\games\\Uruguay.fm""Language"="English""LoadLangDB"=dword:00000000"CompressHistoryPoints"=dword:00000000"HighlightedAttributes"=dword:00000000"MinCondition"=dword:00000050"GraphStep"=dword:00000000"SkinName"="Steklo Black""LastUpdateCheck"=dword:00009dd0"HighQualityGUI"=dword:00000001"AutomaticallyUpdateCheck"=dword:00000001"AdvancedGeneration"=dword:00000000"TranslateStaffSkills"=dword:00000001"TranslatePlayerSkills"=dword:00000001"TranslatePositions"=dword:00000001"ShowHistory"=dword:00000001"Version"=dword:00000074"UniqueID"="D4-F655-20C3""Currency"=dword:00000056"UseProxy"=dword:00000000"ProxyHost"="""ProxyPort"="""UseAuthentication"=dword:00000000"UserName"="""UserPassword"="".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.10".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2011-03-20 22:02:12ComboFix-quarantined-files.txt 2011-03-21 02:02.Pre-Run: 24,790,511,616 bytes freePost-Run: 24,674,521,088 bytes free.- - End Of File - - 3E1160CAFA553CF2F80218670D54A652Thanks in advance!!CheersDes Link to post Share on other sites More sharing options...
Staff screen317 Posted March 24, 2011 Staff ID:404132 Share Posted March 24, 2011 Hi Des and welcome to Malwarebytes.Please update MBAM, run a Quick Scan, and post its log.Next, download DDS by sUBs and save it to your Desktop.Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post DDS.txt directly into your reply.Please describe what issues you are currently experiencing, in detail. Link to post Share on other sites More sharing options...
Staff screen317 Posted April 27, 2011 Staff ID:421874 Share Posted April 27, 2011 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts