Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Win 7 Internet Security 2012 [Solved]


  • This topic is locked This topic is locked

#1
renditions`

renditions`

    Member

  • Member
  • PipPipPip
  • 123 posts
About a week ago I've been affected with this fake program.

It won't let me run MBAM and at the same time, when I try to go into msconfig, I get a Win 7 Internet Security 2012 Firewall Alert telling me that msconfig.exe is infected with Trojan-BNK.Win32.Keylogger.gen.

It would be greatly appreciated if I could get help to remove this from my computer.

Edit: It would even let me open up OTL, apparently it pops up the same message Win 7 Internet Security 2012 Firewall Alert telling me that OTL.exe is infected with Trojan-BNK.Win32.Keylogger.gen.

Edited by renditions`, 20 December 2011 - 04:45 PM.

  • 0

Advertisements


#2
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi and welcome to GeeksToGo! Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :)

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just in case you are unable to access this site.

Please note:
  • Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
  • Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyse and fix your PC in the long run.
  • Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
  • Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
  • Please reply within 3 days to be fair to other people asking for help.
  • Please tell me if you have your original Windows CD/DVD available
  • When in doubt, please stop and ask first. There's no harm in asking questions!

Step 1

Download RogueKiller to your desktop

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 1 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.

Step 2

  • Please download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe to run it.

    Posted Image
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click the Scan button to start scan.

    Posted Image
  • On completion of the scan click Save log, save it to your desktop and post in your next reply.
  • Also on Desktop there should be a file called MBR.dat after that, zip it and then attach it here

How to add an attachment to a new topic or reply
  • 0

#3
renditions`

renditions`

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 123 posts
Thanks for the reply, I'm going to try to follow the steps you give to help me get my computer clean.

By the way, I don't have my original Windows CDs

RogueKiller V6.2.0 [12/12/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: DJ [Admin rights]
Mode: Scan -- Date : 12/21/2011 18:49:53

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 4 ¤¤¤
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤
--- User ---
[MBR] 225db7beff712bab38dd2322a44d1c4a
[BSP] 82a45891a10abe89054f2563aa293fa3 : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 2048 | Size: 104 Mo
1 - [XXXXXX] NTFS [VISIBLE] Offset (sectors): 206848 | Size: 500000 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

_______

aswMBR version 0.9.9.1116 Copyright© 2011 AVAST Software
Run date: 2011-12-21 18:50:53
-----------------------------
18:50:53.825 OS Version: Windows x64 6.1.7601 Service Pack 1
18:50:53.826 Number of processors: 8 586 0x1A05
18:50:53.826 ComputerName: BEAST UserName: DJ
18:50:55.009 Initialize success
18:52:30.262 AVAST engine defs: 11122102
18:54:55.017 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
18:54:55.018 Disk 0 Vendor: WDC_WD5001AALS-00L3B2 01.03B01 Size: 476940MB BusType: 3
18:54:57.024 Disk 0 MBR read successfully
18:54:57.026 Disk 0 MBR scan
18:54:57.032 Disk 0 Windows 7 default MBR code
18:54:57.035 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
18:54:57.047 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
18:54:57.052 Service scanning
18:55:01.109 Modules scanning
18:55:01.113 Disk 0 trace - called modules:
18:55:01.123 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
18:55:01.127 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800652b790]
18:55:01.132 3 CLASSPNP.SYS[fffff880019be43f] -> nt!IofCallDriver -> [0xfffffa80062e9520]
18:55:01.138 5 ACPI.sys[fffff88000f9f7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa80062e5680]
18:55:01.942 AVAST engine scan C:\Windows
18:55:05.771 AVAST engine scan C:\Windows\system32
18:56:24.670 AVAST engine scan C:\Windows\system32\drivers
18:56:34.527 AVAST engine scan C:\Users\DJ
18:58:36.050 AVAST engine scan C:\ProgramData
19:02:12.260 Scan finished successfully
19:04:57.095 Disk 0 MBR has been saved successfully to "C:\Users\DJ\Desktop\MBR.dat"
19:04:57.099 The log file has been saved successfully to "C:\Users\DJ\Desktop\aswMBR.txt"

I wasn't able to unzip the file, I got the message "The archive is in either unknown format or damaged," So I just attached the MBR.dat file.
  • 0

#4
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Please download ComboFix from Here or Here to your Desktop.

Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.

  • If you are using Firefox, make sure that your download settings are as follows:
    • Tools->Options->Main tab
    • Set to "Always ask me where to Save the files".
  • During the download, rename Combofix to Combo-Fix as follows:

    Posted Image

    Posted Image
  • It is important you rename Combofix during the download, but not after.
  • Please do not rename Combofix to other names, but only to the one indicated.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection
  • Double click on combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" for further review

Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall.
  • 0

#5
renditions`

renditions`

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 123 posts
I followed the steps correctly and after downloading ComboFix and disabling my ESET NOD32 as instructed, when I try to run ComboFix, it says that NOD32 is still running.
I'm afraid to continue the process because it suggests that I disable all Antiviruses running and it may cause damage to my computer.

What should I do?
  • 0

#6
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Please temporary uninstall NOD32 and then run Combofix.
  • 0

#7
renditions`

renditions`

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 123 posts
Sorry I've been busy with work since it's the holidays.

But I just uninstalled NOD32 and restarted my computer then attempted to run ComboFix. It still says that NOD32 is running for some reason when I don't even have it anymore. I'm confused.
  • 0

#8
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
I'm sorry for the late reply.

Please just ignore that message and proceed with running it.
  • 0

#9
renditions`

renditions`

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 123 posts
ComboFix 11-12-27.01 - DJ 12/27/2011 17:44:47.4.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6135.5132 [GMT -10:00]
Running from: c:\users\DJ\Downloads\Combo-Fix.exe
AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-28 )))))))))))))))))))))))))))))))
.
.
2011-12-28 03:50 . 2011-12-28 03:50 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-12-28 03:50 . 2011-12-28 03:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-15 04:14 . 2011-12-15 04:14 -------- d-----w- c:\windows\system32\Macromed
2011-12-14 07:29 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-14 07:28 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-12-14 07:25 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2011-12-14 07:25 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-14 07:24 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-14 07:24 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-12-10 04:22 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6B951C08-5A3A-4045-ADDE-A18E73768FF7}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-15 04:14 . 2011-05-15 19:05 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-17 03:06 . 2010-03-03 03:21 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-11-17 03:06 . 2010-03-03 03:20 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-11-17 03:01 . 2010-03-03 03:20 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-10-28 07:21 . 2010-03-03 03:20 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-10-21 03:13 . 2011-10-21 03:13 53248 ----a-r- c:\users\DJ\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-09-29 16:29 . 2011-11-09 02:14 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-03-02 09:30 . 2010-03-02 09:30 500064 ----a-w- c:\program files\GPU-Z.0.3.9.exe
.
.
((((((((((((((((((((((((((((( SnapShot_2011-12-16_09.52.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-20 21:54 . 2011-12-20 21:54 76800 c:\windows\SysWOW64\SetIEInstalledDate.exe
+ 2011-12-20 21:54 . 2011-12-20 21:54 74752 c:\windows\SysWOW64\RegisterIEPKEYs.exe
+ 2011-12-20 21:54 . 2011-12-20 21:54 54272 c:\windows\SysWOW64\pngfilt.dll
+ 2011-12-20 21:54 . 2011-12-20 21:54 48640 c:\windows\SysWOW64\mshtmler.dll
+ 2011-12-20 21:54 . 2011-12-20 21:54 72704 c:\windows\SysWOW64\mshtmled.dll
+ 2011-12-20 21:54 . 2011-12-20 21:54 11776 c:\windows\SysWOW64\mshta.exe
+ 2011-12-20 21:54 . 2011-12-20 21:54 10752 c:\windows\SysWOW64\msfeedssync.exe
+ 2011-12-20 21:54 . 2011-12-20 21:54 41472 c:\windows\SysWOW64\msfeedsbs.dll
+ 2011-12-20 21:54 . 2011-12-20 21:54 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2011-12-20 21:54 . 2011-12-20 21:54 23552 c:\windows\SysWOW64\licmgr10.dll
+ 2011-12-20 21:54 . 2011-12-20 21:54 65024 c:\windows\SysWOW64\jsproxy.dll
+ 2011-12-20 21:54 . 2011-12-20 21:54 78848 c:\windows\SysWOW64\inseng.dll
+ 2011-12-20 21:54 . 2011-12-20 21:54 35840 c:\windows\SysWOW64\imgutil.dll
+ 2011-12-20 21:54 . 2011-12-20 21:54 86528 c:\windows\SysWOW64\iesysprep.dll
+ 2011-12-20 21:54 . 2011-12-20 21:54 74752 c:\windows\SysWOW64\iesetup.dll
+ 2011-12-20 21:54 . 2011-12-20 21:54 31744 c:\windows\SysWOW64\iernonce.dll
+ 2011-12-20 21:54 . 2011-12-20 21:54 74240 c:\windows\SysWOW64\ie4uinit.exe
+ 2011-12-20 21:54 . 2011-12-20 21:54 66048 c:\windows\SysWOW64\icardie.dll
+ 2010-02-27 09:05 . 2011-12-22 04:21 37558 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-12-28 03:56 29336 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-02-27 08:47 . 2011-12-28 03:56 15356 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2435747040-2352147718-2655177463-1000_UserData.bin
+ 2011-12-20 21:54 . 2011-12-20 21:54 91648 c:\windows\system32\SetIEInstalledDate.exe
+ 2011-12-20 21:54 . 2011-12-20 21:54 89088 c:\windows\system32\RegisterIEPKEYs.exe
+ 2011-12-20 21:54 . 2011-12-20 21:54 65024 c:\windows\system32\pngfilt.dll
+ 2011-12-20 21:54 . 2011-12-20 21:54 48640 c:\windows\system32\mshtmler.dll
+ 2011-12-20 21:54 . 2011-12-20 21:54 96256 c:\windows\system32\mshtmled.dll
+ 2011-12-20 21:54 . 2011-12-20 21:54 12288 c:\windows\system32\mshta.exe
+ 2011-12-20 21:54 . 2011-12-20 21:54 10752 c:\windows\system32\msfeedssync.exe
+ 2011-12-20 21:54 . 2011-12-20 21:54 55296 c:\windows\system32\msfeedsbs.dll
+ 2011-12-20 21:54 . 2011-12-20 21:54 86528 c:\windows\system32\migration\WininetPlugin.dll
+ 2011-12-20 21:54 . 2011-12-20 21:54 30720 c:\windows\system32\licmgr10.dll
+ 2011-12-20 21:54 . 2011-12-20 21:54 85504 c:\windows\system32\jsproxy.dll
+ 2011-12-20 21:54 . 2011-12-20 21:54 49664 c:\windows\system32\imgutil.dll
+ 2011-12-20 21:54 . 2011-12-20 21:54 85504 c:\windows\system32\iesetup.dll
+ 2011-12-20 21:54 . 2011-12-20 21:54 39936 c:\windows\system32\iernonce.dll
+ 2011-12-20 21:54 . 2011-12-20 21:54 89088 c:\windows\system32\ie4uinit.exe
+ 2011-12-20 21:54 . 2011-12-20 21:54 82432 c:\windows\system32\icardie.dll
+ 2009-07-14 05:30 . 2011-12-20 22:13 86016 c:\windows\system32\DriverStore\infpub.dat
- 2009-07-14 05:30 . 2011-10-28 08:19 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2011-08-19 19:27 . 2011-08-19 19:27 25632 c:\windows\system32\DriverStore\FileRepository\lpro564c.inf_amd64_neutral_4adc5141ff5390b2\lvbflt64.sys
+ 2010-02-27 02:31 . 2011-12-20 22:03 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-27 02:31 . 2011-12-15 04:13 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-02-27 02:31 . 2011-12-20 22:03 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-02-27 02:31 . 2011-12-15 04:13 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-12-15 04:13 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-12-20 22:03 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-02-27 08:47 . 2011-12-16 03:32 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-02-27 08:47 . 2011-12-16 10:12 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-27 08:47 . 2011-12-16 03:32 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-02-27 08:47 . 2011-12-16 10:12 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-02-27 08:47 . 2011-12-16 10:12 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-02-27 08:47 . 2011-12-16 03:32 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-02-27 08:47 . 2011-12-16 03:32 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-02-27 08:47 . 2011-12-20 21:22 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-27 08:47 . 2011-12-16 03:32 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-02-27 08:47 . 2011-12-20 21:22 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-04-06 06:15 . 2011-12-15 04:09 35088 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\oisicon.exe
+ 2010-04-06 06:15 . 2011-12-20 22:12 35088 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\oisicon.exe
- 2010-04-06 06:15 . 2011-12-15 04:09 18704 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\mspicons.exe
+ 2010-04-06 06:15 . 2011-12-20 22:12 18704 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\mspicons.exe
+ 2010-04-06 06:15 . 2011-12-20 22:12 20240 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\cagicon.exe
- 2010-04-06 06:15 . 2011-12-15 04:09 20240 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-02-27 04:43 . 2009-02-27 04:43 71520 c:\windows\Installer\$PatchCache$\Managed\00002119E20000000000000000F01FEC\12.0.6612\XL12CNVP.DLL
+ 2009-02-27 03:45 . 2009-02-27 03:45 20808 c:\windows\Installer\$PatchCache$\Managed\00002119E20000000000000000F01FEC\12.0.6612\WRD12EXE.EXE
+ 2009-04-02 22:01 . 2009-04-02 22:01 56680 c:\windows\Installer\$PatchCache$\Managed\00002119E20000000000000000F01FEC\12.0.4518\EXP_XPS.DLL
  • 0

#10
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
This is only a part of log. Please post whole Combofix log.
  • 0

Advertisements


#11
renditions`

renditions`

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 123 posts
ComboFix 11-12-27.01 - DJ 12/27/2011 17:44:47.4.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6135.5132 [GMT -10:00]
Running from: c:\users\DJ\Downloads\Combo-Fix.exe
AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-28 )))))))))))))))))))))))))))))))
.
.
2011-12-28 03:50 . 2011-12-28 03:50 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-12-28 03:50 . 2011-12-28 03:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-15 04:14 . 2011-12-15 04:14 -------- d-----w- c:\windows\system32\Macromed
2011-12-14 07:29 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-14 07:28 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-12-14 07:25 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2011-12-14 07:25 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-14 07:24 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-14 07:24 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-12-10 04:22 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6B951C08-5A3A-4045-ADDE-A18E73768FF7}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-15 04:14 . 2011-05-15 19:05 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-17 03:06 . 2010-03-03 03:21 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-11-17 03:06 . 2010-03-03 03:20 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-11-17 03:01 . 2010-03-03 03:20 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-10-28 07:21 . 2010-03-03 03:20 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-10-21 03:13 . 2011-10-21 03:13 53248 ----a-r- c:\users\DJ\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-09-29 16:29 . 2011-11-09 02:14 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-03-02 09:30 . 2010-03-02 09:30 500064 ----a-w- c:\program files\GPU-Z.0.3.9.exe
.
.
((((((((((((((((((((((((((((( SnapShot_2011-12-16_09.52.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-20 21:54 . 2011-12-20 21:54 76800 c:\windows\SysWOW64\SetIEInstalledDate.exe
+ 2011-12-20 21:54 . 2011-12-20 21:54 74752 c:\windows\SysWOW64\RegisterIEPKEYs.exe
+ 2011-12-20 21:54 . 2011-12-20 21:54 54272 c:\windows\SysWOW64\pngfilt.dll
+ 2011-12-20 21:54 . 2011-12-20 21:54 48640 c:\windows\SysWOW64\mshtmler.dll
+ 2011-12-20 21:54 . 2011-12-20 21:54 72704 c:\windows\SysWOW64\mshtmled.dll
+ 2011-12-20 21:54 . 2011-12-20 21:54 11776 c:\windows\SysWOW64\mshta.exe
+ 2011-12-20 21:54 . 2011-12-20 21:54 10752 c:\windows\SysWOW64\msfeedssync.exe
+ 2011-12-20 21:54 . 2011-12-20 21:54 41472 c:\windows\SysWOW64\msfeedsbs.dll
+ 2011-12-20 21:54 . 2011-12-20 21:54 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2011-12-20 21:54 . 2011-12-20 21:54 23552 c:\windows\SysWOW64\licmgr10.dll
+ 2011-12-20 21:54 . 2011-12-20 21:54 65024 c:\windows\SysWOW64\jsproxy.dll
+ 2011-12-20 21:54 . 2011-12-20 21:54 78848 c:\windows\SysWOW64\inseng.dll
+ 2011-12-20 21:54 . 2011-12-20 21:54 35840 c:\windows\SysWOW64\imgutil.dll
+ 2011-12-20 21:54 . 2011-12-20 21:54 86528 c:\windows\SysWOW64\iesysprep.dll
+ 2011-12-20 21:54 . 2011-12-20 21:54 74752 c:\windows\SysWOW64\iesetup.dll
+ 2011-12-20 21:54 . 2011-12-20 21:54 31744 c:\windows\SysWOW64\iernonce.dll
+ 2011-12-20 21:54 . 2011-12-20 21:54 74240 c:\windows\SysWOW64\ie4uinit.exe
+ 2011-12-20 21:54 . 2011-12-20 21:54 66048 c:\windows\SysWOW64\icardie.dll
+ 2010-02-27 09:05 . 2011-12-22 04:21 37558 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-12-28 03:56 29336 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-02-27 08:47 . 2011-12-28 03:56 15356 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2435747040-2352147718-2655177463-1000_UserData.bin
+ 2011-12-20 21:54 . 2011-12-20 21:54 91648 c:\windows\system32\SetIEInstalledDate.exe
+ 2011-12-20 21:54 . 2011-12-20 21:54 89088 c:\windows\system32\RegisterIEPKEYs.exe
+ 2011-12-20 21:54 . 2011-12-20 21:54 65024 c:\windows\system32\pngfilt.dll
+ 2011-12-20 21:54 . 2011-12-20 21:54 48640 c:\windows\system32\mshtmler.dll
+ 2011-12-20 21:54 . 2011-12-20 21:54 96256 c:\windows\system32\mshtmled.dll
+ 2011-12-20 21:54 . 2011-12-20 21:54 12288 c:\windows\system32\mshta.exe
+ 2011-12-20 21:54 . 2011-12-20 21:54 10752 c:\windows\system32\msfeedssync.exe
+ 2011-12-20 21:54 . 2011-12-20 21:54 55296 c:\windows\system32\msfeedsbs.dll
+ 2011-12-20 21:54 . 2011-12-20 21:54 86528 c:\windows\system32\migration\WininetPlugin.dll
+ 2011-12-20 21:54 . 2011-12-20 21:54 30720 c:\windows\system32\licmgr10.dll
+ 2011-12-20 21:54 . 2011-12-20 21:54 85504 c:\windows\system32\jsproxy.dll
+ 2011-12-20 21:54 . 2011-12-20 21:54 49664 c:\windows\system32\imgutil.dll
+ 2011-12-20 21:54 . 2011-12-20 21:54 85504 c:\windows\system32\iesetup.dll
+ 2011-12-20 21:54 . 2011-12-20 21:54 39936 c:\windows\system32\iernonce.dll
+ 2011-12-20 21:54 . 2011-12-20 21:54 89088 c:\windows\system32\ie4uinit.exe
+ 2011-12-20 21:54 . 2011-12-20 21:54 82432 c:\windows\system32\icardie.dll
+ 2009-07-14 05:30 . 2011-12-20 22:13 86016 c:\windows\system32\DriverStore\infpub.dat
- 2009-07-14 05:30 . 2011-10-28 08:19 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2011-08-19 19:27 . 2011-08-19 19:27 25632 c:\windows\system32\DriverStore\FileRepository\lpro564c.inf_amd64_neutral_4adc5141ff5390b2\lvbflt64.sys
+ 2010-02-27 02:31 . 2011-12-20 22:03 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-27 02:31 . 2011-12-15 04:13 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-02-27 02:31 . 2011-12-20 22:03 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-02-27 02:31 . 2011-12-15 04:13 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-12-15 04:13 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-12-20 22:03 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-02-27 08:47 . 2011-12-16 03:32 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-02-27 08:47 . 2011-12-16 10:12 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-27 08:47 . 2011-12-16 03:32 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-02-27 08:47 . 2011-12-16 10:12 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-02-27 08:47 . 2011-12-16 10:12 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-02-27 08:47 . 2011-12-16 03:32 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-02-27 08:47 . 2011-12-16 03:32 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-02-27 08:47 . 2011-12-20 21:22 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-27 08:47 . 2011-12-16 03:32 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-02-27 08:47 . 2011-12-20 21:22 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-04-06 06:15 . 2011-12-15 04:09 35088 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\oisicon.exe
+ 2010-04-06 06:15 . 2011-12-20 22:12 35088 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\oisicon.exe
- 2010-04-06 06:15 . 2011-12-15 04:09 18704 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\mspicons.exe
+ 2010-04-06 06:15 . 2011-12-20 22:12 18704 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\mspicons.exe
+ 2010-04-06 06:15 . 2011-12-20 22:12 20240 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\cagicon.exe
- 2010-04-06 06:15 . 2011-12-15 04:09 20240 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-02-27 04:43 . 2009-02-27 04:43 71520 c:\windows\Installer\$PatchCache$\Managed\00002119E20000000000000000F01FEC\12.0.6612\XL12CNVP.DLL
+ 2009-02-27 03:45 . 2009-02-27 03:45 20808 c:\windows\Installer\$PatchCache$\Managed\00002119E20000000000000000F01FEC\12.0.6612\WRD12EXE.EXE
+ 2009-04-02 22:01 . 2009-04-02 22:01 56680 c:\windows\Installer\$PatchCache$\Managed\00002119E20000000000000000F01FEC\12.0.4518\EXP_XPS.DLL
+ 2009-04-04 04:46 . 2009-04-04 04:46 97640 c:\windows\Installer\$PatchCache$\Managed\00002119E20000000000000000F01FEC\12.0.4518\EXP_PDF.DLL
+ 2006-10-27 06:13 . 2006-10-27 06:13 56192 c:\windows\Installer\$PatchCache$\Managed\00002119E20000000000000000F01FEC\12.0.4518\ACECNFLT.EXE
+ 2011-12-20 22:12 . 2011-12-20 22:12 63336 c:\windows\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
- 2010-04-06 12:56 . 2010-04-06 12:56 63336 c:\windows\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
- 2011-12-16 09:46 . 2011-12-16 09:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-12-28 03:51 . 2011-12-28 03:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-12-28 03:51 . 2011-12-28 03:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-12-16 09:46 . 2011-12-16 09:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-12-20 21:54 . 2011-12-20 21:54 152064 c:\windows\SysWOW64\wextract.exe
+ 2011-12-20 21:54 . 2011-12-20 21:54 203776 c:\windows\SysWOW64\webcheck.dll
+ 2011-12-20 21:54 . 2011-12-20 21:54 420864 c:\windows\SysWOW64\vbscript.dll
+ 2011-12-20 21:54 . 2011-12-20 21:54 231936 c:\windows\SysWOW64\url.dll
+ 2011-12-20 21:54 . 2011-12-20 21:54 123392 c:\windows\SysWOW64\occache.dll
+ 2011-12-20 21:54 . 2011-12-20 21:54 162304 c:\windows\SysWOW64\msrating.dll
+ 2011-12-20 21:54 . 2011-12-20 21:54 161792 c:\windows\SysWOW64\msls31.dll
+ 2011-12-20 21:54 . 2011-12-20 21:54 580608 c:\windows\SysWOW64\msfeeds.dll
- 2011-04-13 20:35 . 2011-02-18 05:41 716800 c:\windows\SysWOW64\jscript.dll
+ 2011-12-20 21:54 . 2011-12-20 21:54 716800 c:\windows\SysWOW64\jscript.dll
+ 2011-12-20 21:54 . 2011-12-20 21:54 150528 c:\windows\SysWOW64\iexpress.exe
+ 2011-12-20 21:54 . 2011-12-20 21:54 142848 c:\windows\SysWOW64\ieUnatt.exe
- 2011-12-14 07:29 . 2011-11-11 05:40 176640 c:\windows\SysWOW64\ieui.dll
+ 2011-12-20 21:54 . 2011-12-20 21:54 176640 c:\windows\SysWOW64\ieui.dll
+ 2011-12-20 21:54 . 2011-12-20 21:54 118784 c:\windows\SysWOW64\iepeers.dll
+ 2011-12-20 21:54 . 2011-12-20 21:54 353584 c:\windows\SysWOW64\iedkcs32.dll
+ 2011-12-20 21:54 . 2011-12-20 21:54 434176 c:\windows\SysWOW64\ieapfltr.dll
+ 2011-12-20 21:54 . 2011-12-20 21:54 163840 c:\windows\SysWOW64\ieakui.dll
- 2009-07-13 23:42 . 2009-07-14 01:05 163840 c:\windows\SysWOW64\ieakui.dll
+ 2011-12-20 21:54 . 2011-12-20 21:54 227840 c:\windows\SysWOW64\ieaksie.dll
+ 2011-12-20 21:54 . 2011-12-20 21:54 130560 c:\windows\SysWOW64\ieakeng.dll
+ 2011-12-20 21:54 . 2011-12-20 21:54 110592 c:\windows\SysWOW64\IEAdvpack.dll
+ 2011-12-20 21:54 . 2011-12-20 21:54 223232 c:\windows\SysWOW64\dxtrans.dll
+ 2011-12-20 21:54 . 2011-12-20 21:54 353792 c:\windows\SysWOW64\dxtmsft.dll
+ 2011-12-20 21:54 . 2011-12-20 21:54 101888 c:\windows\SysWOW64\admparse.dll
+ 2009-09-28 19:22 . 2009-09-28 19:22 496128 c:\windows\system32\yk62x64.dll
+ 2011-12-20 21:54 . 2011-12-20 21:54 160256 c:\windows\system32\wextract.exe
+ 2011-12-20 21:54 . 2011-12-20 21:54 249344 c:\windows\system32\webcheck.dll
+ 2010-03-04 06:39 . 2011-12-28 03:41 325018 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2011-12-20 21:54 . 2011-12-20 21:54 603648 c:\windows\system32\vbscript.dll
+ 2011-12-20 21:54 . 2011-12-20 21:54 237056 c:\windows\system32\url.dll
+ 2009-07-14 02:36 . 2011-12-24 21:27 623940 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-10-21 03:53 623940 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-12-24 21:27 106316 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-10-21 03:53 106316 c:\windows\system32\perfc009.dat
+ 2011-12-20 21:54 . 2011-12-20 21:54 149504 c:\windows\system32\occache.dll
+ 2011-12-20 21:54 . 2011-12-20 21:54 197120 c:\windows\system32\msrating.dll
+ 2011-12-20 21:54 . 2011-12-20 21:54 222208 c:\windows\system32\msls31.dll
- 2009-07-13 23:39 . 2009-07-14 01:41 222208 c:\windows\system32\msls31.dll
+ 2011-12-20 21:54 . 2011-12-20 21:54 697344 c:\windows\system32\msfeeds.dll
+ 2011-12-20 21:54 . 2011-12-20 21:54 818688 c:\windows\system32\jscript.dll
+ 2011-12-20 21:54 . 2011-12-20 21:54 103936 c:\windows\system32\inseng.dll
+ 2011-12-20 21:54 . 2011-12-20 21:54 165888 c:\windows\system32\iexpress.exe
+ 2011-12-20 21:54 . 2011-12-20 21:54 173056 c:\windows\system32\ieUnatt.exe
+ 2011-12-20 21:54 . 2011-12-20 21:54 248320 c:\windows\system32\ieui.dll
+ 2011-12-20 21:54 . 2011-12-20 21:54 111616 c:\windows\system32\iesysprep.dll
+ 2011-12-20 21:54 . 2011-12-20 21:54 145920 c:\windows\system32\iepeers.dll
+ 2011-12-20 21:54 . 2011-12-20 21:54 403248 c:\windows\system32\iedkcs32.dll
+ 2011-12-20 21:54 . 2011-12-20 21:54 534528 c:\windows\system32\ieapfltr.dll
- 2009-07-13 23:58 . 2009-07-14 01:27 163840 c:\windows\system32\ieakui.dll
+ 2011-12-20 21:54 . 2011-12-20 21:54 163840 c:\windows\system32\ieakui.dll
- 2009-07-13 23:58 . 2009-07-14 01:41 267776 c:\windows\system32\ieaksie.dll
+ 2011-12-20 21:54 . 2011-12-20 21:54 267776 c:\windows\system32\ieaksie.dll
+ 2011-12-20 21:54 . 2011-12-20 21:54 160256 c:\windows\system32\ieakeng.dll
+ 2011-12-20 21:54 . 2011-12-20 21:54 135168 c:\windows\system32\IEAdvpack.dll
+ 2011-12-20 21:54 . 2011-12-20 21:54 282112 c:\windows\system32\dxtrans.dll
+ 2011-12-20 21:54 . 2011-12-20 21:54 452608 c:\windows\system32\dxtmsft.dll
+ 2009-07-14 05:30 . 2011-12-20 22:13 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2011-10-28 08:19 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2011-10-28 08:19 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:30 . 2011-12-20 22:13 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-09-28 19:22 . 2009-09-28 19:22 395264 c:\windows\system32\DriverStore\FileRepository\yk62x64.inf_amd64_neutral_9375a6a6bcdda22b\yk62x64.sys
+ 2009-09-28 19:22 . 2009-09-28 19:22 496128 c:\windows\system32\DriverStore\FileRepository\yk62x64.inf_amd64_neutral_9375a6a6bcdda22b\yk62x64.dll
+ 2011-08-19 19:26 . 2011-08-19 19:26 685592 c:\windows\system32\DriverStore\FileRepository\lpro564s.inf_amd64_neutral_e38d7060879b6733\WUApp64.exe
+ 2011-08-19 19:27 . 2011-08-19 19:27 351136 c:\windows\system32\DriverStore\FileRepository\lpro564s.inf_amd64_neutral_e38d7060879b6733\lvrs64.sys
+ 2011-08-19 19:27 . 2011-08-19 19:27 263456 c:\windows\system32\DriverStore\FileRepository\lpro564s.inf_amd64_neutral_e38d7060879b6733\lvcoin64.dll
+ 2009-09-28 19:22 . 2009-09-28 19:22 395264 c:\windows\system32\drivers\yk62x64.sys
+ 2011-08-19 19:27 . 2011-08-19 19:27 351136 c:\windows\system32\drivers\lvrs64.sys
+ 2011-12-20 21:54 . 2011-12-20 21:54 114176 c:\windows\system32\admparse.dll
- 2009-07-14 04:46 . 2011-12-16 09:33 107632 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-07-14 04:46 . 2011-12-24 20:38 107632 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-10-28 08:11 . 2011-12-28 03:50 227984 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-10-28 08:11 . 2011-12-16 03:33 227984 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-07-14 05:01 . 2011-12-16 09:33 389832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-12-28 03:50 389832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-04-06 06:15 . 2011-12-20 22:12 888080 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\wordicon.exe
- 2010-04-06 06:15 . 2011-12-15 04:09 888080 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\wordicon.exe
+ 2010-04-06 06:15 . 2011-12-20 22:12 272648 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\pubs.exe
- 2010-04-06 06:15 . 2011-12-15 04:09 272648 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\pubs.exe
+ 2010-04-06 06:15 . 2011-12-20 22:12 922384 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\pptico.exe
- 2010-04-06 06:15 . 2011-12-15 04:09 922384 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\pptico.exe
- 2010-04-06 06:15 . 2011-12-15 04:09 845584 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\outicon.exe
+ 2010-04-06 06:15 . 2011-12-20 22:12 845584 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\outicon.exe
- 2010-04-06 06:15 . 2011-12-15 04:09 217864 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\misc.exe
+ 2010-04-06 06:15 . 2011-12-20 22:12 217864 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\misc.exe
- 2010-04-06 06:15 . 2011-12-15 04:09 184080 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\joticon.exe
+ 2010-04-06 06:15 . 2011-12-20 22:12 184080 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\joticon.exe
+ 2010-04-06 06:15 . 2011-12-20 22:12 159504 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\inficon.exe
- 2010-04-06 06:15 . 2011-12-15 04:09 159504 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\inficon.exe
+ 2011-12-20 22:10 . 2011-12-20 22:10 217864 c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
- 2011-04-23 11:16 . 2011-04-23 11:16 217864 c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
+ 2011-01-14 17:10 . 2011-01-14 17:10 155520 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKWORD6.DLL
+ 2011-01-14 17:10 . 2011-01-14 17:10 140160 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKEXCEL2.DLL
+ 2007-06-08 05:51 . 2007-06-08 05:51 465800 c:\windows\Installer\$PatchCache$\Managed\00002119E20000000000000000F01FEC\12.0.6612\OUTLFLTR.DLL
+ 2008-03-19 16:27 . 2008-03-19 16:27 661536 c:\windows\Installer\$PatchCache$\Managed\00002119E20000000000000000F01FEC\12.0.6612\OGALEGIT.DLL
+ 2006-07-24 20:50 . 2006-07-24 20:50 125744 c:\windows\Installer\$PatchCache$\Managed\00002119E20000000000000000F01FEC\12.0.6612\MSSTDFMT.DLL
+ 2008-10-25 16:18 . 2008-10-25 16:18 172880 c:\windows\Installer\$PatchCache$\Managed\00002119E20000000000000000F01FEC\12.0.6612\IEAWSDC.DLL
+ 2006-10-27 06:13 . 2006-10-27 06:13 764800 c:\windows\Installer\$PatchCache$\Managed\00002119E20000000000000000F01FEC\12.0.4518\ACECNF.DLL
+ 2011-12-20 22:12 . 2011-12-20 22:12 608136 c:\windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath.Client.Internal.Host\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.dll
+ 2011-12-20 22:12 . 2011-12-20 22:12 117160 c:\windows\assembly\GAC_32\Microsoft.Office.InfoPath.Client.Internal.Host.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.Interop.dll
+ 2011-12-20 22:12 . 2011-12-20 22:12 149368 c:\windows\assembly\GAC\Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Graph.dll
+ 2011-12-20 21:54 . 2011-12-20 21:54 1127424 c:\windows\SysWOW64\wininet.dll
+ 2011-12-20 21:54 . 2011-12-20 21:54 1103360 c:\windows\SysWOW64\urlmon.dll
+ 2011-12-20 21:54 . 2011-12-20 21:54 1798144 c:\windows\SysWOW64\jscript9.dll
+ 2011-12-20 21:54 . 2011-12-20 21:54 1792000 c:\windows\SysWOW64\iertutil.dll
+ 2011-12-20 21:54 . 2011-12-20 21:54 9705472 c:\windows\SysWOW64\ieframe.dll
+ 2011-12-20 21:54 . 2011-12-20 21:54 3695416 c:\windows\SysWOW64\ieapfltr.dat
+ 2011-12-20 21:54 . 2011-12-20 21:54 1390080 c:\windows\system32\wininet.dll
+ 2011-12-20 21:54 . 2011-12-20 21:54 1345536 c:\windows\system32\urlmon.dll
+ 2011-12-20 21:54 . 2011-12-20 21:54 2309120 c:\windows\system32\jscript9.dll
+ 2011-12-20 21:54 . 2011-12-20 21:54 2144256 c:\windows\system32\iertutil.dll
+ 2011-12-20 21:54 . 2011-12-20 21:54 3695416 c:\windows\system32\ieapfltr.dat
+ 2009-07-14 04:45 . 2011-12-20 21:59 7378886 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2011-12-15 04:15 7378886 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-09-16 04:40 . 2011-09-16 04:40 7959552 c:\windows\Installer\c51b2.msp
+ 2011-09-16 04:34 . 2011-09-16 04:34 8499712 c:\windows\Installer\c5194.msp
+ 2011-09-16 04:35 . 2011-09-16 04:35 1411072 c:\windows\Installer\c4fc9.msp
+ 2011-01-15 19:46 . 2011-01-15 19:46 2049536 c:\windows\Installer\1716079b.msi
- 2010-04-06 06:15 . 2011-12-15 04:09 1172240 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\xlicons.exe
+ 2010-04-06 06:15 . 2011-12-20 22:12 1172240 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\xlicons.exe
- 2010-04-06 06:15 . 2011-12-15 04:09 1165584 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\accicons.exe
+ 2010-04-06 06:15 . 2011-12-20 22:12 1165584 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\accicons.exe
+ 2011-01-14 17:10 . 2011-01-14 17:10 2395008 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKWORD.DLL
+ 2011-01-14 17:10 . 2011-01-14 17:10 2180992 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKPOWERPOINT.DLL
+ 2011-01-14 17:10 . 2011-01-14 17:10 3443072 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKEXCEL.DLL
+ 2009-10-10 09:10 . 2009-10-10 09:10 2594632 c:\windows\Installer\$PatchCache$\Managed\00002119E20000000000000000F01FEC\12.0.6612\VBE6.DLL
+ 2011-12-20 21:52 . 2011-08-30 04:21 12872704 c:\windows\SysWOW64\shell32.dll
+ 2011-12-20 21:54 . 2011-12-20 21:54 12279808 c:\windows\SysWOW64\mshtml.dll
+ 2009-07-14 02:34 . 2011-12-20 21:56 10747904 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2011-12-20 21:52 . 2011-08-30 05:25 14173184 c:\windows\system32\shell32.dll
+ 2011-12-20 21:54 . 2011-12-20 21:54 17786368 c:\windows\system32\mshtml.dll
+ 2011-12-20 21:54 . 2011-12-20 21:54 10886656 c:\windows\system32\ieframe.dll
+ 2010-04-27 12:37 . 2011-12-28 03:50 28455172 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2435747040-2352147718-2655177463-1000-12288.dat
+ 2011-09-16 04:39 . 2011-09-16 04:39 11163136 c:\windows\Installer\c51a9.msp
+ 2011-09-16 04:38 . 2011-09-16 04:38 10838528 c:\windows\Installer\c519e.msp
+ 2011-09-16 04:37 . 2011-09-16 04:37 16691712 c:\windows\Installer\c4fd0.msp
+ 2011-09-16 04:37 . 2011-09-16 04:37 34428416 c:\windows\Installer\c4fca.msp
+ 2011-09-16 04:34 . 2011-09-16 04:34 428804608 c:\windows\Installer\c5188.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-29 08:44 1400712 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-08 1242448]
"Octoshape Streaming Services"="c:\users\DJ\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]
"Facebook Update"="c:\users\DJ\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-10-20 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-11-11 421160]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-01-10 1230704]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-09 343168]
.
c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk - c:\program files (x86)\Logitech\Ereg\eReg.exe [2009-11-16 517384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-19 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-12 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-12 136176]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-08-19 450848]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech QuickCam Pro 9000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2435747040-2352147718-2655177463-1000Core.job
- c:\users\DJ\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-19 09:40]
.
2011-12-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2435747040-2352147718-2655177463-1000UA.job
- c:\users\DJ\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-19 09:40]
.
2011-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-12 00:24]
.
2011-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-12 00:24]
.
.
--------- x86-64 -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.0.1.1
FF - ProfilePath - c:\users\DJ\AppData\Roaming\Mozilla\Firefox\Profiles\4vj7mp37.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/|http://forums.joerogan.net/forumdisplay.php?f=5|http://www.twitch.tv/directory|http://www.mmo-champion.com/content/|http://www.heroesofnewerth.com/|http://www.teamliquid.net/
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2435747040-2352147718-2655177463-1000\Software\SecuROM\License information*]
"datasecu"=hex:e2,b3,32,ec,e2,87,8f,56,e3,fe,7f,17,11,9a,13,7c,b8,b1,fb,14,3d,
82,8f,e9,79,ac,85,07,93,ae,42,a3,29,aa,74,46,e8,53,15,57,03,72,b4,c9,57,9c,\
"rkeysecu"=hex:15,ca,2d,32,86,95,b6,18,91,7d,21,af,8a,99,fa,de
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Completion time: 2011-12-27 18:00:47 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-28 04:00
ComboFix2.txt 2011-12-16 09:56
ComboFix3.txt 2011-12-12 02:38
ComboFix4.txt 2011-10-19 21:56
.
Pre-Run: 345,307,664,384 bytes free
Post-Run: 345,066,606,592 bytes free
.
- - End Of File - - F65DADF2EDFA49E1F8E105B793BC261B
  • 0

#12
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Try to run MBAM now, please.
  • 0

#13
renditions`

renditions`

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 123 posts
I ran MBAM and it didn't detect anything
  • 0

#14
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
We should proceed with general antimalware scan which can take quite a long time so please be patient.

Download Virus Removal Tool (VRT) from Here to your desktop
(You have to enter your e-mail address and click on Submit Form button. Please download latest English version of this tool)

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
(Please be patient as this scan can take a few hours)
Posted Image

Allow VRT to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post


Now the Analysis

Rerun VRT and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image
  • 0

#15
renditions`

renditions`

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 123 posts
The scan didn't detect any threats so it didn't allow me to save but here's the zip file you asked me to post

Attached Files


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP