Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Temp folder is corrupted

Started by Darksider , Aug 12 2011 01:43 PM

  • This topic is locked This topic is locked
14 replies to this topic

#1 Darksider

Darksider

    New Member

  • Authentic Member
  • Pip
  • 7 posts

Posted 12 August 2011 - 01:43 PM

Hi, i think i have a virus because temp folder is not accesible and keep getting messages telling me that temp is corrupt and unreadable.

Here is log file :

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:29:30 PM, on 8/12/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Sapphire TRIXX\TRIXX.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 4\PMonitor.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Opera\bin\opera.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 4\Asc.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Program Files (x86)\Readon Technology\Readon TV Movie Radio Player 7.3.0.0\internettv.exe
C:\Users\DASHO\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpr...2-7CD559F74BE0}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpr...2-7CD559F74BE0}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - (no file)
R3 - URLSearchHook: Video Clip Grab Toolbar - {9b53772a-8259-495d-a6b2-fa5966fe52e1} - C:\Program Files (x86)\Video_Clip_Grab\prxtbVide.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Video Clip Grab - {9b53772a-8259-495d-a6b2-fa5966fe52e1} - C:\Program Files (x86)\Video_Clip_Grab\prxtbVide.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: SMTTB2009 - {B6E23FC8-6890-4844-9F4F-0A2C5CE95A6C} - C:\Program Files (x86)\Audio Tools Factory Toolbar\tbcore3.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - (no file)
O3 - Toolbar: Audio Tools Factory Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\Audio Tools Factory Toolbar\tbcore3.dll
O3 - Toolbar: GOM Player + Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Video Clip Grab Toolbar - {9b53772a-8259-495d-a6b2-fa5966fe52e1} - C:\Program Files (x86)\Video_Clip_Grab\prxtbVide.dll
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [HDInspector.exe] C:\Program Files (x86)\Hard Drive Inspector\HDInspector.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [XNotes] C:\Program Files (x86)\XNotes\XNotes.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [iolo Startup] "C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe"
O4 - HKCU\..\Run: [Screenpresso] "C:\Users\DASHO\AppData\Local\LearnPulse\Screenpresso\Screenpresso.exe" -startup
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Cleaner.lnk = C:\Program Files (x86)\Cleaner\Cleaner.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O23 - Service: ActiveSMART Service - Ariolic Software, Ltd. (http://www.ariolic.com) - C:\Program Files (x86)\ActiveSMART 2.9\ASmartService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Advanced SystemCare Service (AdvancedSystemCareService) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe
O23 - Service: HDD Information Service (HDDSvc) - AltrixSoft (http://www.altrixsoft.com/) - C:\Program Files (x86)\Common Files\AltrixSoft\HDDInfoService\HDDSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - iolo technologies, LLC - C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - iolo technologies, LLC - C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 11248 bytes

Thanks in advance for the help and sorry for my bad English im from Serbia :)

    Advertisements

Register to Remove

#2 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 15 August 2011 - 11:33 AM

Hi,

Please do the following:

Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.


NEXT

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

#3 Darksider

Darksider

    New Member

  • Authentic Member
  • Pip
  • 7 posts

Posted 15 August 2011 - 11:46 AM

Hi, :wavey:

Attached Files


#4 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 15 August 2011 - 12:40 PM

Hi

You have both ESET and ZoneAlarm AV's and FW's installed, having more than one AV and FW can cause conflicts, system slow downs and crashes.
I would uninstall one of them. (I would choose ESET over Zone Alarm, but that's entirely up to you - choose the one with the longest paid subscription)

NEXT

Refer to the ComboFix User's Guide

  • Download ComboFix from one of these locations:

    Link 1
    Link 2

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.


    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

#5 Darksider

Darksider

    New Member

  • Authentic Member
  • Pip
  • 7 posts

Posted 15 August 2011 - 01:24 PM

Done, i remove Zone alarm :) Here is my ComboFix Log file:

Attached Files


#6 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 15 August 2011 - 02:44 PM

That's looking better,

please do the following:

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish



NEXT


Please advise how the computer is running now and if there are any outstanding issues.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

#7 Darksider

Darksider

    New Member

  • Authentic Member
  • Pip
  • 7 posts

Posted 16 August 2011 - 02:49 AM

Dear, CatByte Thank you very much for your help, i did everything exactly as you said and yes my computer is better, now i can open temp folder :) Here is the MBAM log file Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Database version: 7474 Windows 6.1.7601 Service Pack 1 Internet Explorer 8.0.7601.17514 8/16/2011 12:23:43 AM mbam-log-2011-08-16 (00-23-43).txt Scan type: Quick scan Objects scanned: 177611 Time elapsed: 1 minute(s), 33 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

Attached Files


#8 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 16 August 2011 - 04:52 PM

Hi

I can tell you that downloading cracks and keygens is a certain way to become infected, it really isn't worth it.

You need to remove all the pirated programs from your system.

What the Tech does not condone the use of pirated software of any kind.


P2P - I see you have P2P software u torrent installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It likely contributed to your current situation. This page will give you further information.
Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
Please see this topic for more information:
Perils of P2P File Sharing.
I would strongly recommend that you uninstall this now. You can do so via Control Panel >> Add or Remove Programs.


NEXT


Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

File::
C:\Windows\Installer\11d1c9.msi	
D:\IGRICI\Duke Nukem Forever CRACK with Multiplayer.rar	
D:\IGRICI\Dirt.3-SKIDROW\sr-dirt3.iso	
D:\IGRICI\Fable.III-SKIDROW\sr-fable3.iso	
D:\IGRICI\The.Witcher.2.Assassins.of.Kings-SKIDROW\sr-tw2b.iso	
D:\PROGRAMI\EASEUS.Partition.Master.v6.0.1.Professional.Edition.Retail - rG\setup.exe	
D:\PROGRAMI\FinalWire.AIDA64.Extreme.Edition.v1.00.1111.MULTILINGUAL-CRD\FinalWire.AIDA64.Extreme.Edition.v1.00.1111.MULTILINGUAL-CRD.rar	
D:\PROGRAMI\Futuremark 3DMark 11 Professional edition\3DMark.11.Pro.v1.0-KEYGEN.rar	
D:\PROGRAMI\NEW Crack kaspersky internet security 2011-2048 ???\Crack\2 Files\2 Files\fltlib.dll	
D:\PROGRAMI\PROGRAMI INTERNET\IZotope Ozone? v4.01 + Keygen [GLADRAG_MANHUNT] [H33T]\IZotope Ozone.rar	
D:\PROGRAMI\UltraISO v9.33.2685 Retail\UltraISO v9.33.2685 Retail.rar	
D:\Razni Sitnici\Desktop 2 2011\Hack_Pack__33_hacking_tools_\007 keylogger\007install3.90\007install3.90.exe	
D:\Razni Sitnici\Desktop 2 2011\Hack_Pack__33_hacking_tools_\RATs\Y3kRat2k5RC10.zip	
D:\Studentski raboti\1800.PHP.Scripts._Web.Developers.Mega.Pack\Chat Scripts_2006_www.NETz.ru\blablite22_[www.netz.ru].zip	
D:\Studentski raboti\4 kurs kursovi i materiqli za ST IT, dekstop\pdyae2rt\pdtrain.exe

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

#9 Darksider

Darksider

    New Member

  • Authentic Member
  • Pip
  • 7 posts

Posted 17 August 2011 - 05:05 AM

Now, when i done this i have only 20GB free space on C:, before (49GB free) :unsure::/ ComboFix 11-08-15.07 - DASHO 08/17/2011 11:15:11.2.4 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1251.359.1033.18.4093.2530 [GMT 2:00] Running from: c:\users\DASHO\Desktop\ComboFix.exe Command switches used :: c:\users\DASHO\Desktop\CFScript.txt AV: ESET Smart Security 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA} SP: ESET Smart Security 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Resident AV is active . . FILE :: "c:\windows\Installer\11d1c9.msi" "d:\igrici\Dirt.3-SKIDROW\sr-dirt3.iso" "d:\igrici\Duke Nukem Forever CRACK with Multiplayer.rar" "d:\igrici\Fable.III-SKIDROW\sr-fable3.iso" "d:\igrici\The.Witcher.2.Assassins.of.Kings-SKIDROW\sr-tw2b.iso" "d:\programi\EASEUS.Partition.Master.v6.0.1.Professional.Edition.Retail - rG\setup.exe" "d:\programi\FinalWire.AIDA64.Extreme.Edition.v1.00.1111.MULTILINGUAL-CRD\FinalWire.AIDA64.Extreme.Edition.v1.00.1111.MULTILINGUAL-CRD.rar" "d:\programi\Futuremark 3DMark 11 Professional edition\3DMark.11.Pro.v1.0-KEYGEN.rar" "d:\programi\UltraISO v9.33.2685 Retail\UltraISO v9.33.2685 Retail.rar" "d:\razni sitnici\Desktop 2 2011\Hack_Pack__33_hacking_tools_\007 keylogger\007install3.90\007install3.90.exe" "d:\razni sitnici\Desktop 2 2011\Hack_Pack__33_hacking_tools_\RATs\Y3kRat2k5RC10.zip" "d:\studentski raboti\1800.PHP.Scripts._Web.Developers.Mega.Pack\Chat Scripts_2006_www.NETz.ru\blablite22_[www.netz.ru].zip" "d:\studentski raboti\4 kurs kursovi i materiqli za ST IT, dekstop\pdyae2rt\pdtrain.exe" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\Installer\11d1c9.msi d:\igrici\Dirt.3-SKIDROW\sr-dirt3.iso d:\igrici\Duke Nukem Forever CRACK with Multiplayer.rar d:\igrici\Fable.III-SKIDROW\sr-fable3.iso d:\igrici\The.Witcher.2.Assassins.of.Kings-SKIDROW\sr-tw2b.iso d:\programi\EASEUS.Partition.Master.v6.0.1.Professional.Edition.Retail - rG\setup.exe d:\programi\FinalWire.AIDA64.Extreme.Edition.v1.00.1111.MULTILINGUAL-CRD\FinalWire.AIDA64.Extreme.Edition.v1.00.1111.MULTILINGUAL-CRD.rar d:\programi\Futuremark 3DMark 11 Professional edition\3DMark.11.Pro.v1.0-KEYGEN.rar d:\programi\UltraISO v9.33.2685 Retail\UltraISO v9.33.2685 Retail.rar d:\razni sitnici\Desktop 2 2011\Hack_Pack__33_hacking_tools_\007 keylogger\007install3.90\007install3.90.exe d:\razni sitnici\Desktop 2 2011\Hack_Pack__33_hacking_tools_\RATs\Y3kRat2k5RC10.zip d:\studentski raboti\1800.PHP.Scripts._Web.Developers.Mega.Pack\Chat Scripts_2006_www.NETz.ru\blablite22_[www.netz.ru].zip d:\studentski raboti\4 kurs kursovi i materiqli za ST IT, dekstop\pdyae2rt\pdtrain.exe . . ((((((((((((((((((((((((( Files Created from 2011-07-17 to 2011-08-17 ))))))))))))))))))))))))))))))) . . 2011-08-17 09:19 . 2011-08-17 09:19 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-08-16 23:14 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{37E5B6CD-830B-43AA-8A5C-7E2276151CCA}\mpengine.dll 2011-08-16 21:30 . 2008-02-05 13:36 798208 ----a-w- c:\windows\SysWow64\NextControls.ocx 2011-08-16 21:30 . 2000-05-22 15:58 608448 ----a-w- c:\windows\SysWow64\comctl32.ocx 2011-08-16 21:30 . 1997-07-19 14:55 1347344 ----a-w- c:\windows\SysWow64\msvbvm50.dll 2011-08-16 21:30 . 2011-08-16 21:30 -------- d-----w- c:\program files (x86)\Winstep 2011-08-15 22:36 . 2011-08-15 22:36 -------- d-----w- c:\program files (x86)\ESET 2011-08-13 22:42 . 2011-08-13 22:42 -------- d-----w- c:\users\DASHO\AppData\Roaming\GAMGO 2011-08-13 14:09 . 2011-08-13 14:09 -------- d-----w- c:\users\DASHO\AppData\Roaming\MailFrontier 2011-08-13 13:49 . 2011-08-13 13:49 -------- d-----w- c:\users\DASHO\AppData\Roaming\CheckPoint 2011-08-13 13:49 . 2011-08-13 13:49 -------- d-----w- c:\program files (x86)\zonealarm_extreme_security 2011-08-13 13:49 . 2011-08-15 18:52 -------- d-----w- c:\program files\CheckPoint 2011-08-13 13:48 . 2011-08-13 13:48 -------- d-----w- c:\programdata\CheckPoint 2011-08-13 12:35 . 2011-08-15 18:52 -------- d-----w- c:\program files (x86)\CheckPoint 2011-08-12 21:31 . 2011-08-12 21:31 -------- d-----w- c:\programdata\Cateia Games 2011-08-12 21:30 . 2011-08-12 21:30 -------- d-----w- C:\Games 2011-08-12 20:19 . 2011-08-13 11:33 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2011-08-12 20:19 . 2011-08-12 20:19 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2011-08-12 19:45 . 2011-08-12 19:45 -------- d-----w- c:\programdata\IObit 2011-08-10 16:46 . 2011-08-10 16:48 -------- d-----w- c:\users\DASHO\AppData\Local\Microsoft Games 2011-08-10 12:37 . 2011-06-23 05:43 5561216 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-08-09 22:10 . 2011-08-09 22:25 -------- d-----w- c:\users\DASHO\AppData\Local\WMTools Downloaded Files 2011-08-09 22:07 . 2011-08-09 22:07 -------- d-----w- c:\program files (x86)\Movie Maker 2.6 2011-08-09 20:36 . 2007-07-09 04:48 20622 ----a-w- c:\windows\system32\drivers\bcmndis.sys 2011-08-09 19:05 . 2011-08-09 19:05 -------- d-----w- c:\users\DASHO\AppData\Roaming\AVS4YOU 2011-08-09 19:03 . 2010-12-02 08:11 10915840 ----a-w- c:\windows\SysWow64\libmfxhw32.dll 2011-08-09 19:03 . 2010-12-02 08:11 10833920 ----a-w- c:\windows\SysWow64\libmfxsw32.dll 2011-08-09 19:03 . 2011-08-09 19:05 -------- d-----w- c:\programdata\AVS4YOU 2011-08-09 19:03 . 2011-08-09 19:04 -------- d-----w- c:\program files (x86)\AVS4YOU 2011-08-09 19:03 . 2011-08-09 19:04 -------- d-----w- c:\program files (x86)\Common Files\AVSMedia 2011-08-09 19:03 . 2010-12-02 08:12 1700352 ----a-w- c:\windows\SysWow64\GdiPlus.dll 2011-08-07 11:51 . 2011-08-07 11:51 -------- d-----w- c:\program files\NETGATE 2011-08-07 11:49 . 2003-03-15 21:15 90112 ----a-w- c:\windows\unvise32.exe 2011-08-07 11:47 . 2011-08-10 13:25 -------- d-----w- c:\program files (x86)\HAL 2011-08-06 21:50 . 2011-08-06 21:50 -------- d-----w- c:\users\DASHO\Pavark 2011-07-31 18:50 . 2011-07-31 18:58 -------- d-----w- c:\program files (x86)\Dragon Age 2 2011-07-31 18:50 . 2011-07-31 18:54 -------- d-----w- c:\program files (x86)\Common Files\BioWare 2011-07-30 15:05 . 2011-07-30 15:51 -------- d-----w- c:\windows\SysWow64\Samsung_USB_Drivers 2011-07-30 15:05 . 2011-07-30 15:05 -------- d-----w- c:\program files (x86)\Samsung 2011-07-29 20:10 . 2011-08-13 15:49 -------- d-----w- c:\users\DASHO\AppData\Local\ElevatedDiagnostics 2011-07-24 21:14 . 2008-12-09 06:59 23464 ----a-w- c:\windows\system32\drivers\ElRawDsk.sys 2011-07-24 21:14 . 2010-12-02 12:27 97928 ----a-w- c:\windows\system32\IncContxMenu.dll 2011-07-24 21:13 . 2010-12-02 12:26 14848 ----a-w- c:\windows\system32\smrgdf.exe 2011-07-24 21:13 . 2010-12-02 12:26 45568 ----a-w- c:\windows\system32\iolobtdfg.exe 2011-07-24 21:13 . 2011-07-24 21:13 -------- d-----w- c:\program files (x86)\iolo 2011-07-24 21:05 . 2011-07-24 21:05 -------- d-----w- c:\program files\ESET 2011-07-24 19:52 . 2011-07-24 20:07 -------- d-----w- c:\programdata\Ubisoft 2011-07-24 19:47 . 2011-07-24 19:47 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe 2011-07-24 19:47 . 2011-07-24 19:47 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2011-07-24 19:47 . 2011-07-24 19:47 -------- d-----w- c:\users\DASHO\AppData\Roaming\PunkBuster 2011-07-21 18:01 . 2011-07-21 18:01 -------- d-----w- c:\program files\Hitman Pro 3.5 2011-07-21 18:00 . 2011-07-24 19:47 -------- d-----w- c:\program files (x86)\Ubisoft 2011-07-18 13:10 . 2011-07-18 13:10 -------- d-----w- c:\users\DASHO\AppData\Local\EA Games 2011-07-18 10:45 . 2011-07-18 10:45 -------- d-----w- c:\program files (x86)\Bethesda Softworks . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-08-10 16:38 . 2011-06-16 21:06 25640 ----a-w- c:\windows\etdrv.sys 2011-08-10 16:37 . 2011-06-15 17:14 30528 ----a-w- c:\windows\GVTDrv64.sys 2011-08-10 16:37 . 2011-06-15 16:39 25640 ----a-w- c:\windows\gdrv.sys 2011-07-30 11:43 . 2011-06-15 17:44 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-07-16 04:26 . 2011-08-10 12:38 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2011-07-06 22:02 . 2011-07-06 22:02 356352 ----a-w- c:\windows\eSellerateEngine.dll 2011-07-06 16:52 . 2011-07-15 01:32 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys 2011-07-06 16:52 . 2011-07-15 01:32 25912 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-07-01 09:55 . 2011-07-01 09:55 74703 ----a-w- c:\windows\SysWow64\mfc45.dll 2011-06-30 18:21 . 2011-06-30 18:21 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2011-06-27 20:30 . 2011-06-27 20:30 9883136 ----a-w- c:\windows\system32\drivers\atikmdag.sys 2011-06-27 20:16 . 2011-06-27 20:16 23385600 ----a-w- c:\windows\system32\atio6axx.dll 2011-06-27 19:52 . 2011-06-27 19:52 17940992 ----a-w- c:\windows\SysWow64\atioglxx.dll 2011-06-27 19:50 . 2011-06-27 19:50 151552 ----a-w- c:\windows\system32\atiapfxx.exe 2011-06-27 19:49 . 2011-06-27 19:49 689152 ----a-w- c:\windows\SysWow64\aticfx32.dll 2011-06-27 19:48 . 2011-05-25 04:11 814080 ----a-w- c:\windows\system32\aticfx64.dll 2011-06-27 19:45 . 2011-06-27 19:45 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll 2011-06-27 19:45 . 2011-06-27 19:45 485376 ----a-w- c:\windows\system32\atieclxx.exe 2011-06-27 19:44 . 2011-06-27 19:44 204288 ----a-w- c:\windows\system32\atiesrxx.exe 2011-06-27 19:43 . 2011-06-27 19:43 120320 ----a-w- c:\windows\system32\atitmm64.dll 2011-06-27 19:43 . 2011-06-27 19:43 423424 ----a-w- c:\windows\system32\atipdl64.dll 2011-06-27 19:43 . 2011-06-27 19:43 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll 2011-06-27 19:42 . 2011-06-27 19:42 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll 2011-06-27 19:42 . 2011-06-27 19:42 16384 ----a-w- c:\windows\system32\atimuixx.dll 2011-06-27 19:42 . 2011-06-27 19:42 59392 ----a-w- c:\windows\system32\atiedu64.dll 2011-06-27 19:42 . 2011-06-27 19:42 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll 2011-06-27 19:39 . 2011-06-27 19:39 4275712 ----a-w- c:\windows\SysWow64\atidxx32.dll 2011-06-27 19:29 . 2011-05-25 03:52 5072896 ----a-w- c:\windows\system32\atidxx64.dll 2011-06-27 19:27 . 2011-06-27 19:27 1113088 ----a-w- c:\windows\system32\atiumd6v.dll 2011-06-27 19:26 . 2011-06-27 19:26 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll 2011-06-27 19:26 . 2011-06-27 19:26 3847680 ----a-w- c:\windows\system32\atiumd6a.dll 2011-06-27 19:19 . 2011-06-27 19:19 51200 ----a-w- c:\windows\system32\aticalrt64.dll 2011-06-27 19:19 . 2011-06-27 19:19 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll 2011-06-27 19:19 . 2011-06-27 19:19 44544 ----a-w- c:\windows\system32\aticalcl64.dll 2011-06-27 19:19 . 2011-06-27 19:19 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll 2011-06-27 19:19 . 2011-06-27 19:19 8134656 ----a-w- c:\windows\system32\aticaldd64.dll 2011-06-27 19:17 . 2011-06-27 19:17 4367360 ----a-w- c:\windows\SysWow64\atiumdag.dll 2011-06-27 19:17 . 2011-06-27 19:17 4039680 ----a-w- c:\windows\SysWow64\atiumdva.dll 2011-06-27 19:15 . 2011-06-27 19:15 6739968 ----a-w- c:\windows\SysWow64\aticaldd.dll 2011-06-27 19:11 . 2011-06-27 19:11 5540352 ----a-w- c:\windows\system32\atiumd64.dll 2011-06-27 19:10 . 2011-06-27 19:10 58880 ----a-w- c:\windows\system32\coinst.dll 2011-06-27 19:03 . 2011-06-27 19:03 375808 ----a-w- c:\windows\system32\atiadlxx.dll 2011-06-27 19:03 . 2011-06-27 19:03 266240 ----a-w- c:\windows\SysWow64\atiadlxy.dll 2011-06-27 19:02 . 2011-06-27 19:02 15360 ----a-w- c:\windows\system32\atig6pxx.dll 2011-06-27 19:02 . 2011-06-27 19:02 13312 ----a-w- c:\windows\SysWow64\atiglpxx.dll 2011-06-27 19:02 . 2011-06-27 19:02 13312 ----a-w- c:\windows\system32\atiglpxx.dll 2011-06-27 19:02 . 2011-06-27 19:02 39936 ----a-w- c:\windows\system32\atig6txx.dll 2011-06-27 19:02 . 2011-06-27 19:02 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll 2011-06-27 19:02 . 2011-06-27 19:02 307712 ----a-w- c:\windows\system32\drivers\atikmpag.sys 2011-06-27 19:01 . 2011-06-27 19:01 40960 ----a-w- c:\windows\system32\atiuxp64.dll 2011-06-27 19:01 . 2011-06-27 19:01 31744 ----a-w- c:\windows\SysWow64\atiuxpag.dll 2011-06-27 19:01 . 2011-06-27 19:01 38912 ----a-w- c:\windows\system32\atiu9p64.dll 2011-06-27 19:01 . 2011-06-27 19:01 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll 2011-06-27 19:00 . 2011-06-27 19:00 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll 2011-06-27 19:00 . 2011-06-27 19:00 53760 ----a-w- c:\windows\system32\atimpc64.dll 2011-06-27 19:00 . 2011-06-27 19:00 53760 ----a-w- c:\windows\system32\amdpcom64.dll 2011-06-27 19:00 . 2011-06-27 19:00 52736 ----a-w- c:\windows\SysWow64\atimpc32.dll 2011-06-27 19:00 . 2011-06-27 19:00 52736 ----a-w- c:\windows\SysWow64\amdpcom32.dll 2011-06-27 13:23 . 2011-06-27 13:23 60416 ----a-w- c:\windows\system32\OVDecode64.dll 2011-06-27 13:23 . 2011-06-27 13:23 53760 ----a-w- c:\windows\SysWow64\OVDecode.dll 2011-06-27 13:22 . 2011-06-27 13:22 16906752 ----a-w- c:\windows\system32\amdocl64.dll 2011-06-27 13:22 . 2011-06-27 13:22 13904896 ----a-w- c:\windows\SysWow64\amdocl.dll 2011-06-20 20:15 . 2011-06-20 20:10 23112 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2011-06-19 22:55 . 2009-08-18 09:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll 2011-06-19 22:55 . 2009-08-18 08:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2011-06-19 22:50 . 2011-06-16 21:08 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll 2011-06-19 22:50 . 2011-06-15 16:59 466456 ----a-w- c:\windows\system32\wrap_oal.dll 2011-06-19 22:50 . 2011-06-15 16:59 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll 2011-06-19 22:50 . 2011-06-15 16:59 122904 ----a-w- c:\windows\system32\OpenAL32.dll 2011-06-18 10:16 . 2011-06-18 10:13 86088967 ----a-w- C:\motherboard_driver_audio_realtek_azalia-ati.exe 2011-06-18 10:07 . 2011-06-18 09:55 91589345 ----a-w- C:\Vista_Win7_R262.exe 2011-06-15 23:34 . 2011-06-15 23:34 142336 ----a-w- c:\windows\system32\poqexec.exe 2011-06-15 23:34 . 2011-06-15 23:34 123904 ----a-w- c:\windows\SysWow64\poqexec.exe 2011-06-15 23:33 . 2011-06-15 23:33 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2011-06-15 23:33 . 2011-06-15 23:33 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2011-06-15 23:33 . 2011-06-15 23:33 31232 ----a-w- c:\windows\SysWow64\prevhost.exe 2011-06-15 23:33 . 2011-06-15 23:33 31232 ----a-w- c:\windows\system32\prevhost.exe 2011-06-15 23:33 . 2011-06-15 23:33 902656 ----a-w- c:\windows\system32\d2d1.dll 2011-06-15 23:33 . 2011-06-15 23:33 739840 ----a-w- c:\windows\SysWow64\d2d1.dll 2011-06-15 23:33 . 2011-06-15 23:33 1544192 ----a-w- c:\windows\system32\DWrite.dll 2011-06-15 23:33 . 2011-06-15 23:33 1139200 ----a-w- c:\windows\system32\FntCache.dll 2011-06-15 23:33 . 2011-06-15 23:33 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll 2011-06-15 22:03 . 2011-06-15 22:03 939360 ----a-w- C:\GPU-Z 0.5.3 (kaldata.com).exe 2011-06-11 03:07 . 2011-07-13 12:07 3137536 ----a-w- c:\windows\system32\win32k.sys 2011-05-28 12:56 . 2011-05-28 12:56 71680 ----a-w- c:\windows\system32\frapsv64.dll 2011-05-28 12:56 . 2011-05-28 12:56 65536 ----a-w- c:\windows\SysWow64\frapsvid.dll 2011-05-24 21:04 . 2011-05-24 21:04 53760 ----a-w- c:\windows\system32\OpenCL.dll 2011-05-24 21:04 . 2011-05-24 21:04 51712 ----a-w- c:\windows\SysWow64\OpenCL.dll 2011-05-24 16:14 . 2010-11-21 03:27 270720 ------w- c:\windows\system32\MpSigStub.exe 2011-05-24 11:42 . 2011-06-29 06:57 404480 ----a-w- c:\windows\system32\umpnpmgr.dll 2011-05-24 10:40 . 2011-06-29 06:57 64512 ----a-w- c:\windows\SysWow64\devobj.dll 2011-05-24 10:40 . 2011-06-29 06:57 44544 ----a-w- c:\windows\SysWow64\devrtl.dll 2011-05-24 10:39 . 2011-06-29 06:57 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll 2011-05-24 10:37 . 2011-06-29 06:57 252928 ----a-w- c:\windows\SysWow64\drvinst.exe . . ((((((((((((((((((((((((((((( SnapShot@2011-08-15_19.10.01 ))))))))))))))))))))))))))))))))))))))))) . - 2009-07-14 04:54 . 2011-08-15 19:09 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2011-08-17 09:22 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:54 . 2011-08-15 19:09 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2011-08-17 09:22 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2011-08-15 19:09 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2011-08-17 09:22 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-11-21 03:09 . 2011-08-17 09:22 39174 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2011-08-17 09:22 37320 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin - 2011-06-16 13:47 . 2011-08-15 18:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-06-16 13:47 . 2011-08-17 09:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-06-16 13:47 . 2011-08-15 18:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-06-16 13:47 . 2011-08-17 09:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-06-15 17:15 . 2011-08-17 09:22 7058 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2208833854-272394439-2812781032-1000_UserData.bin + 2011-08-17 09:20 . 2011-08-17 09:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2011-08-15 19:09 . 2011-08-15 19:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2011-08-17 09:20 . 2011-08-17 09:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2011-07-18 13:32 . 2011-08-16 17:55 225088 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin - 2009-07-14 02:36 . 2011-08-15 18:57 619252 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2011-08-17 09:27 619252 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2011-08-17 09:27 107572 c:\windows\system32\perfc009.dat - 2009-07-14 02:36 . 2011-08-15 18:57 107572 c:\windows\system32\perfc009.dat - 2009-07-14 05:01 . 2011-08-15 19:09 390856 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2011-08-17 09:20 390856 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2011-06-15 20:52 . 2011-08-15 19:09 1934424 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2011-06-15 20:52 . 2011-08-17 09:20 1934424 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat - 2011-06-15 20:52 . 2011-08-15 19:09 2546832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2208833854-272394439-2812781032-1000-12288.dat + 2011-06-15 20:52 . 2011-08-17 09:20 2546832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2208833854-272394439-2812781032-1000-12288.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{9b53772a-8259-495d-a6b2-fa5966fe52e1}"= "c:\program files (x86)\Video_Clip_Grab\prxtbVide.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{9b53772a-8259-495d-a6b2-fa5966fe52e1}] . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{9b53772a-8259-495d-a6b2-fa5966fe52e1}] 2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\Video_Clip_Grab\prxtbVide.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{B6E23FC8-6890-4844-9F4F-0A2C5CE95A6C}] 2009-11-09 14:17 2766336 ------w- c:\program files (x86)\Audio Tools Factory Toolbar\tbcore3.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2011-05-17 10:29 1490312 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312] "{9b53772a-8259-495d-a6b2-fa5966fe52e1}"= "c:\program files (x86)\Video_Clip_Grab\prxtbVide.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CLASSES_ROOT\clsid\{9b53772a-8259-495d-a6b2-fa5966fe52e1}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Screenpresso"="c:\users\DASHO\AppData\Local\LearnPulse\Screenpresso\Screenpresso.exe" [2011-06-15 6425600] "uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2011-06-15 399736] "Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-02 1242448] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-06-15 15141768] "NextSTART"="c:\program files (x86)\Winstep\nextstart.exe" [2011-07-02 7590016] "Workshelf"="c:\program files (x86)\Winstep\workshelf.exe" [2011-07-02 15632512] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496] "HDInspector.exe"="c:\program files (x86)\Hard Drive Inspector\HDInspector.exe" [2010-01-29 3141312] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-06-27 336384] "XNotes"="c:\program files (x86)\XNotes\XNotes.exe" [2011-06-17 214986] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584] "iolo Startup"="c:\program files (x86)\iolo\Common\Lib\ioloLManager.exe" [2010-12-02 434360] . c:\users\DASHO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Cleaner.lnk - c:\program files (x86)\Cleaner\Cleaner.exe [N/A] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux2"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ \0 . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 ActiveSMART Service;ActiveSMART Service;c:\program files (x86)\ActiveSMART 2.9\ASmartService.exe [2011-01-05 602416] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 atidgllk;atidgllk;c:\program files (x86)\GIGABYTE\ET6\atidgllk.sys [2006-07-19 12048] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x] R3 cmudaxp;ASUS Xonar D1 Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x] R3 etdrv;etdrv;c:\windows\etdrv.sys [2011-08-10 25640] R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2011-03-01 130976] R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2011-08-10 30528] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2010-05-27 14648] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 USB_RNDIS_NTamd64;USB Remote Ndis Cable Modem Network Device Driver;c:\windows\system32\DRIVERS\usb8023.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\DRIVERS\vpcuxd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x] S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files (x86)\IObit\Advanced SystemCare 4\ASCService.exe [2011-05-28 353168] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-06-27 365568] S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x] S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x] S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2011-01-12 810144] S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x] S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2010-12-02 724664] S2 ioloSystemService;iolo System Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2010-12-02 724664] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640] S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x] S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 TRIXX;TRIXX;c:\users\DASHO\AppData\Local\Temp\TRIXX.sys [x] S3 vmcam325av;Vimicro USB2.0 PC Camera(VC0323);c:\windows\system32\Drivers\Vm323av64.sys [x] S3 vvftav323;vvftav323;c:\windows\system32\drivers\vvftav323.sys [x] . . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TNOD UP"="c:\program files (x86)\TNod User & Password Finder\TNODUP.exe" [BU] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-05-09 11821160] "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-01-12 2918656] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.bigseekpro.com/audiotoolsfactory/{3F5ED637-34CE-42D9-9A72-7CD559F74BE0} mStart Page = hxxp://www.bigseekpro.com/audiotoolsfactory/{3F5ED637-34CE-42D9-9A72-7CD559F74BE0} IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 212.73.140.66 . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-Run-NextSTART - (no file) Wow6432Node-HKLM-Run-Workshelf - (no file) WebBrowser-{9B53772A-8259-495D-A6B2-FA5966FE52E1} - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRing0_1_2_0] "ImagePath"="\??\c:\users\DASHO\AppData\Local\Temp\tmp75AC.tmp" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRing0_1_2_0] "ImagePath"="\??\c:\users\DASHO\AppData\Local\Temp\tmp75AC.tmp" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-2208833854-272394439-2812781032-1000\Software\SecuROM\License information*] "datasecu"=hex:16,5f,2e,9c,87,95,f9,fa,c4,bc,8a,24,2c,a0,77,e0,eb,b7,7d,ef,2d, b4,9f,6e,03,2c,66,7c,9f,0f,31,d7,4e,c9,7a,e9,0e,02,b7,e8,98,a6,5f,a4,85,22,\ "rkeysecu"=hex:f5,80,da,4a,2f,ce,39,90,73,ff,ed,e2,7a,3c,8b,4c . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3DA165B6-CC41-11d2-BDC6-00C04F79EC6B}\ProgID] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3DA165B6-CC41-11d2-BDC6-00C04F79EC6B}\Version] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\IObit\Advanced SystemCare 4\PMonitor.exe c:\program files (x86)\Sapphire TRIXX\TRIXX.exe c:\windows\SysWOW64\PnkBstrA.exe c:\program files (x86)\Common Files\AltrixSoft\HDDInfoService\HDDSvc.exe c:\program files (x86)\Opera\bin\opera.exe c:\program files (x86)\Internet Explorer\iexplore.exe c:\program files (x86)\Internet Explorer\iexplore.exe . ************************************************************************** . Completion time: 2011-08-17 11:41:22 - machine was rebooted ComboFix-quarantined-files.txt 2011-08-17 09:41 . Pre-Run: 49,959,104,512 bytes free Post-Run: 27,011,362,816 bytes free . - - End Of File - - F7088937317034A6DB4AE5EF5C9F52F2

#10 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 17 August 2011 - 05:35 AM

Please run the Temp File cleaner, then follow the instructions on the linked page for defragmenting your hard drive:

TempFileCleaner

Please download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should reboot your machine, if not, manually reboot to ensure a complete clean


NEXT

To Defragment your hard drive on Win7
http://windows.about...SdefragWin7.htm


NEXT

Please post a fresh DDS Log and advise how your computer is running now and if there are any outstanding issues

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

#11 Darksider

Darksider

    New Member

  • Authentic Member
  • Pip
  • 7 posts

Posted 17 August 2011 - 06:45 AM

Nope, still 20gb free space on C: : / ( I dont see any lags or issues, everything works fine :) )

Attached Files


#12 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 17 August 2011 - 06:01 PM

Hi

Logs appear to be clean now, just some housekeeping to do now. Please do the following:


You can delete the DDS and aswMBR logs and programs from your desktop.


NEXT

Follow these steps to uninstall Combofix

  • Make sure your security programs are totally disabled.
  • Click START then RUN
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Posted Image


If there are any logs/tools remaining on your desktop > right click and delete them.


NEXT


Below I have included a number of recommendations for how to protect your computer against malware infections.

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them     Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.

  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

  • Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean
    It's normal after running TFC cleaner that the PC will be slower to boot the first time.

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at this well written article:
    PC Safety and Security--What Do I Need?.


**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.


Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

#13 Darksider

Darksider

    New Member

  • Authentic Member
  • Pip
  • 7 posts

Posted 18 August 2011 - 05:26 AM

@CatByte,

All done!

Thank you very much for the time and effort in helping me to resolve my issues :notworthy:

:wavey:

#14 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 18 August 2011 - 05:34 PM

you are welcome stay safe :wavey: ~CB

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

#15 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 18 August 2011 - 05:39 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
and start a New Topic.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·