|
|
|
slow running computer
|
|
AfterDawn Addict
|
5. October 2010 @ 14:00 |
Link to this message
|
|
Hi scorp,
Igmutaka's advice is good "an ounce of prevention is worth a pound of cure" but that only applies BEFORE the horses get out of the barn..... Now that their out, locking the door ain't gonna get 'um back in there.... :) LOL
2oG
|
|
Advertisement
|
  |
|
|
Senior Member
|
5. October 2010 @ 14:30 |
Link to this message
|
|
ok mate im going to go back over them issues you asked and i know the work has to be done my end but i did click them last night and fixed checked on the ones you asked but they must of crept back in ill have another look ,,,i done a full scan with malwarebytes and the result seemed negative but here it is any how ,,ive got plenty of patience and time and im not jumping ahead of myself just thought those issues were sorted last night cheers mate>>>>>>>>>
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4747
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943
06/10/2010 17:47:41
mbam-log-2010-10-06 (17-47-41).txt
Scan type: Full scan (C:\|E:\|F:\|)
Objects scanned: 284753
Time elapsed: 1 hour(s), 43 minute(s), 26 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
|
AfterDawn Addict
|
5. October 2010 @ 14:52 |
Link to this message
|
Yeah mate,
Right now I need clues as to what you have infecting your 'puter...
I had an idea that the MBAM Log would be clear - just wanted to see for sure.
If you have checked and fixed the lines in HJT and they came back then we may have a rootkit or some corrupted System Files..
All of the lines I had you Fix are still there. That's not impossible but almost unbelievable......
Step through the HJT procedure again and send me the Log... We will go from there.
Bare with me, we'll find the critter.. :)
2oG
|
Senior Member
|
5. October 2010 @ 15:11 |
Link to this message
|
ok mate the problem was that when i scan in normal mode a message comes up 2 seconds into the scan and says "for some reason your system denied write access to the hosts file.if any hijacked domains are in this file hijackthis may not be able to fix this,if that happens you need to edit the file yourself",,,,
and i go ahead with the scan and the result shows that those entries are gone but the log that comes up on notepad shows them still there so i done the scan in safemode and here is the results >>>>>
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:00:20, on 06/10/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Safe mode
Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk/ig/dell?hl=en&cl...=uk&ibd=4081204
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk/ig/dell?hl=en&cl...=uk&ibd=4081204
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [WatcherHelper] "C:\Program files\O2 Connection Manager\WaHelper.exe"
O4 - HKLM\..\Run: [TRUUpdater] "C:\Program Files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe" /bkground
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKCU\..\Run: [Mobile Partner] "C:\Program Files\O2\O2 Broadband USB Modem\O2 Broadband\O2 Broadband.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Global Startup: Scrybe.lnk = ?
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009...oUploader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_85b55258\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate1ca9a3ddcbfeac0) (gupdate1ca9a3ddcbfeac0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Scrybe Updater (ScrybeUpdater) - Synaptics, Inc. - C:\Program Files\Scrybe\Service\ScrybeUpdater.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_85b55258\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)
--
End of file - 8713 bytes
|
AfterDawn Addict
|
5. October 2010 @ 15:29 |
Link to this message
|
|
That looks good, if holds......
Before anything else let's check and repair System Files that may have been corrupted.
Go to -> START -> RUN and in the run box type or copy and past -> sfc /scannow
Click OK and let it run.. It may take a while but it will check and repair any bad system files.
When it's done, let me know if it found anything or what happened?
2oG
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...This message has been edited since posting. Last time this message was edited on 5. October 2010 @ 15:31
|
Senior Member
|
5. October 2010 @ 15:43 |
Link to this message
|
|
when i hit ok nothing comes up does it scan in the background???
|
AfterDawn Addict
|
5. October 2010 @ 15:49 |
Link to this message
|
|
it will scan in one of those black CMD boxes on the screen.
Be sure the command line is correct sfc /scannow space between c and /
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
Senior Member
|
5. October 2010 @ 15:57 |
Link to this message
|
|
the black box appears but then just dissappears straight away ,any idea??
i think i may have to change to the admin is that correct ??
This message has been edited since posting. Last time this message was edited on 5. October 2010 @ 16:00
|
AfterDawn Addict
|
5. October 2010 @ 16:04 |
Link to this message
|
|
You're running Vista and I HATE VISTA.... So it may require Admin. try and see if it works.
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
AfterDawn Addict
|
5. October 2010 @ 16:11 |
Link to this message
|
you know, that may have been the problem with HJT, need to run it as Administrator....
I by-passed Vista. Tried it for one day and went back to XP until Win 7 came out... :)
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
Senior Member
|
5. October 2010 @ 17:02 |
Link to this message
|
|
right having a bit of a problem with this whole admin thing ,vista is sh**e...any how ran as admin and the result took a while but it came up >>>
"windows resource protection found corrupt files but was unable to fix some of them,details are included in the CBS.log"
ok i went to find the log but as usual access denied so have to find a way to get access through admin but might have to restart as admin cos i only ran the other programs through admin cos logging in as admin can cause problems ,ill report back ,,cheers mate
|
Senior Member
|
5. October 2010 @ 18:04 |
Link to this message
|
|
ive accessed the logs but having trouble copy/pasting it cos its so long and i tried to attach it to my email address and still having trouble and in the mean time half of my shortcuts have dissappeared off my desktop , not to worry ,,any idea how to get them up for viewing or do you even need to see the logs ???
|
AfterDawn Addict
|
5. October 2010 @ 18:38 |
Link to this message
|
probably don't need the logs.. on a Vista system I proly wouldn't know what I was looking at :)
Are you running in the Admin acct ?? you need to in order for some of this stuff to work....
Let's try ComboFix and if we can get a good Log that will help a lot.
Be sure you are in the Admin account and follow these instructions EXACTLY!
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Go to Here for your reference.
1. Download Combo fix from one of these locations.
* IMPORTANT !!! Place combofix.exe on your Desktop but DO NOT RUN IT!
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Click start > run and Copy and Paste this in exactly, using the picture below for reference, then click OK.
Quote:
"%userprofile%\desktop\combofix.exe" /killall
3. Combo will begin to run DO NOTHING while this is happening.
? It will kill a few processes and disconnect you from the internet.
? If by chance it stops prematurely you can re-establish your internet connection by restarting your computer.
? This needs to be done so the program can work most efficiently for you.
Do not attempt to use the internet or anything else while it's doing its job for you.
**Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.
If when it's completed you can not get on the internet just reboot the computer
Post the log from comboFix for me located in
c:\comboFix.txt
Also run HJT and post a new HJT Log...
2oG
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...This message has been edited since posting. Last time this message was edited on 5. October 2010 @ 18:39
|
Senior Member
|
5. October 2010 @ 19:03 |
Link to this message
|
|
ok when i paste it in exactly in it cant find it,,im running as admin and i put combofix on my desktop but i didn`t install it so when i click on it i get the option to run but i didn`t ,,i am logged in as admin would i not be better running as admin cos when im logged in as admin none of my files are in this user accounts its empty so it might be pointless??
|
AfterDawn Addict
|
5. October 2010 @ 19:16 |
Link to this message
|
|
Like I said DO NOT RUN IT..... When you paste it into the run box it will start and run.. If not, you have System files so corrupted that they are not handling the commands correctly.. It doesn't seem to be responding to anything we have tried. In my opinion it's beyond help and time for reformat/reinstall of the operating system.. I really hate saying that, but it seems like that's what it has come down to..
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
Senior Member
|
5. October 2010 @ 19:22 |
Link to this message
|
|
i didn`t want to here that myself ,ah well...when i put it in the run box and hit enter it comes up could not find 'c:\users\administrator\desktop\combofix.exe'...does that mean its not taking the right commands or the name or folder path is wrong ??
|
AfterDawn Addict
|
5. October 2010 @ 19:36 |
Link to this message
|
|
Did you download it to the desktop in the admin account?
if you're in the admin acct and the icon is on the desktop - it should be able to find it when you run the command in the run box.
|
AfterDawn Addict
|
5. October 2010 @ 19:50 |
Link to this message
|
|
Hey buddy, just so you don?t think you?re the only one to go through this; I had a computer in my shop last month with basically the same problem? I couldn?t do a dam thing with it and had to move the files, the customer wanted to keep, to a USB HDD using a Lynux Boot Disk. Then reformatted the drive, re-installed the OS and put his files back on it. It can be tedious?
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
Senior Member
|
5. October 2010 @ 20:08 |
Link to this message
|
ComboFix 10-10-05.01 - Administrator 07/10/2010 0:55.1.2 - x86
Microsoft® Windows Vista? Home Premium 6.0.6002.2.1252.353.1033.18.3034.1865 [GMT 1:00]
Running from: c:\users\Administrator\Desktop\combofix.exe
Command switches used :: /killall
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\owner\AppData\Roaming\inst.exe
c:\users\Public\CryptStar-v1.5-Core257.bin
.
((((((((((((((((((((((((( Files Created from 2010-09-07 to 2010-10-07 )))))))))))))))))))))))))))))))
.
2010-10-07 00:06 . 2010-10-07 00:09 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-10-07 00:06 . 2010-10-07 00:06 -------- d-----w- c:\users\owner\AppData\Local\temp
2010-10-07 00:06 . 2010-10-07 00:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-06 21:25 . 2010-10-06 21:25 -------- d-----w- c:\users\Administrator\AppData\Local\Google
2010-10-06 21:24 . 2010-10-06 21:24 -------- d-----w- c:\users\Administrator\AppData\Roaming\Synaptics
2010-10-06 14:32 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-06 14:32 . 2010-10-06 14:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-06 14:32 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-06 00:04 . 2010-06-22 13:30 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-27 17:00 . 2010-09-27 17:00 388096 ----a-r- c:\users\owner\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-27 17:00 . 2010-09-27 17:00 -------- d-----w- c:\program files\Trend Micro
2010-09-24 20:16 . 2010-09-24 20:16 -------- d-----w- c:\program files\DVDFab 8
2010-09-23 21:56 . 2010-09-23 21:56 -------- d-----w- c:\programdata\SlySoft
2010-09-23 21:56 . 2010-09-23 21:56 -------- d-----w- c:\program files\SlySoft
2010-09-23 21:44 . 2010-09-23 21:45 -------- d-----w- c:\program files\DVD Decrypter
2010-09-23 12:04 . 2010-09-28 00:19 -------- d-----w- c:\users\owner\AppData\Roaming\dvdcss
2010-09-23 12:03 . 2010-09-28 00:15 -------- d-----w- c:\users\owner\AppData\Roaming\vlc
2010-09-23 12:02 . 2010-09-23 12:02 -------- d-----w- c:\program files\VideoLAN
2010-09-22 20:22 . 2010-09-23 12:41 -------- d-----w- c:\programdata\DVD Shrink
2010-09-22 20:22 . 2010-09-22 20:22 -------- d-----w- c:\program files\DVD Shrink
2010-09-16 21:01 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-16 21:01 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-16 21:01 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-16 21:01 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-16 12:09 . 2010-09-16 12:09 27432 ----a-w- c:\windows\system32\drivers\ElbyCDIO.sys
2010-09-15 21:19 . 2010-09-15 21:19 89256 ----a-w- c:\windows\system32\ElbyCDIO.dll
2010-09-14 13:16 . 2010-09-14 13:16 108480 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
2010-09-13 16:40 . 2010-09-13 16:40 -------- d-----w- c:\users\owner\AppData\Roaming\SUPERAntiSpyware.com
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-06 21:24 . 2010-10-06 21:23 -------- d-----w- c:\users\Administrator\AppData\Roaming\Sierra Wireless
2010-10-06 21:24 . 2010-10-06 21:23 -------- d-----w- c:\users\Administrator\AppData\Roaming\Epson
2010-10-06 21:23 . 2010-10-06 21:23 -------- d-----w- c:\users\Administrator\AppData\Roaming\Dell
2010-10-06 21:23 . 2010-10-06 21:23 66368 ----a-w- c:\users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2010-10-06 21:23 . 2010-10-06 21:23 -------- d-----w- c:\users\Administrator\AppData\Roaming\PC Suite
2010-10-06 19:09 . 2006-11-02 10:25 86016 ----a-w- c:\windows\Inf\infpub.dat
2010-10-06 19:09 . 2006-11-02 10:25 143360 ----a-w- c:\windows\Inf\infstrng.dat
2010-10-06 02:46 . 2010-08-28 22:53 -------- d-----w- c:\program files\AviSynth 2.5
2010-10-06 01:19 . 2010-06-11 18:41 -------- d-----w- c:\users\owner\AppData\Roaming\Intelli-studio
2010-10-06 01:09 . 2010-01-24 13:42 -------- d-----w- c:\program files\Microsoft Silverlight
2010-10-06 00:52 . 2009-04-14 21:24 -------- d-----w- c:\users\owner\AppData\Roaming\uTorrent
2010-10-06 00:40 . 2009-05-23 21:01 -------- d-----w- c:\program files\Yahoo!
2010-09-27 03:18 . 2009-11-05 23:50 -------- d-----w- c:\users\owner\AppData\Roaming\Epson
2010-09-26 01:16 . 2010-06-11 18:41 -------- d-----w- c:\program files\Samsung
2010-09-24 20:16 . 2010-01-25 01:43 -------- d-----w- c:\users\owner\AppData\Roaming\Vso
2010-09-20 14:35 . 2010-02-07 17:55 -------- d-----w- c:\program files\Veetle
2010-09-17 13:35 . 2009-05-05 00:26 -------- d-----w- c:\users\owner\AppData\Roaming\BitTorrent
2010-09-17 11:01 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-09-16 21:14 . 2009-04-21 17:33 3042 ----a-w- c:\users\owner\AppData\Roaming\wklnhst.dat
2010-09-07 15:12 . 2010-07-01 15:58 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 15:11 . 2010-05-07 22:48 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2010-05-07 22:48 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2010-05-07 22:48 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2010-05-07 22:48 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2010-05-07 22:48 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-09-07 14:47 . 2010-05-07 22:48 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-07 12:52 . 2010-01-13 21:10 -------- d-----w- c:\users\owner\AppData\Roaming\PC Suite
2010-09-05 19:41 . 2008-12-04 06:24 -------- d-----w- c:\programdata\Dell
2010-09-02 02:16 . 2010-09-02 02:16 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01001.Wdf
2010-09-02 02:16 . 2010-09-02 02:16 -------- d-----w- c:\program files\Apoint2K
2010-09-02 02:15 . 2006-11-02 10:25 143360 ----a-w- c:\windows\Inf\infstor.dat
2010-09-02 01:38 . 2010-09-02 01:33 -------- d-----w- c:\users\owner\AppData\Roaming\ImgBurn
2010-09-02 00:31 . 2010-09-02 00:31 -------- d-----w- c:\program files\ImgBurn
2010-08-31 14:56 . 2009-04-14 22:07 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-08-30 19:48 . 2010-08-30 19:48 -------- d-----w- c:\program files\DVDFab 7
2010-08-29 13:49 . 2010-08-29 13:49 -------- d-----w- c:\program files\Quick CD DVD Burner
2010-08-28 22:55 . 2010-08-28 22:52 -------- d-----w- c:\program files\Avi2Dvd
2010-08-28 22:54 . 2010-08-28 22:54 -------- d-----w- c:\program files\AC3Filter
2010-08-28 22:35 . 2010-08-28 22:35 -------- d-----w- c:\program files\Cucusoft
2010-08-28 19:05 . 2010-08-28 15:44 144696 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-08-28 19:05 . 2010-08-28 19:05 -------- d-----w- c:\program files\Conduit
2010-08-28 18:43 . 2009-05-05 00:26 -------- d-----w- c:\program files\BitTorrent
2010-08-28 15:55 . 2010-01-22 19:36 -------- d-----w- c:\users\owner\AppData\Roaming\DivX
2010-08-28 15:54 . 2010-08-28 15:54 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-08-28 15:54 . 2008-12-04 06:13 -------- d-----w- c:\program files\Google
2010-08-28 15:53 . 2010-01-21 02:02 -------- d-----w- c:\program files\DivX
2010-08-28 15:53 . 2010-08-28 15:53 56765 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-08-28 15:53 . 2010-08-28 15:43 -------- d-----w- c:\programdata\DivX
2010-08-28 15:53 . 2010-01-21 02:02 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-08-28 15:53 . 2010-08-28 15:53 56997 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-08-28 15:53 . 2010-08-28 15:53 57691 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe
2010-08-28 15:53 . 2010-08-28 15:53 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
2010-08-28 15:51 . 2010-08-28 15:51 56969 ----a-w- c:\programdata\DivX\ASPEncoder\Uninstaller.exe
2010-08-28 15:44 . 2010-08-28 15:54 185640 ----a-w- c:\programdata\DivX\Setup\finishPlugin.dll
2010-08-28 15:44 . 2010-08-28 15:54 1062184 ----a-w- c:\programdata\DivX\Setup\Resource.dll
2010-08-28 15:42 . 2010-08-28 15:54 850200 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-08-26 00:37 . 2010-08-26 00:37 -------- d-----w- c:\program files\Scrybe
2010-08-26 00:37 . 2010-08-26 00:37 -------- d-----w- c:\users\owner\AppData\Roaming\Synaptics
2010-08-26 00:37 . 2010-08-26 00:37 -------- d-----w- c:\programdata\Synaptics
2010-08-26 00:18 . 2010-08-26 00:18 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01009.Wdf
2010-08-26 00:18 . 2010-08-26 00:18 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-08-26 00:16 . 2010-08-26 00:16 -------- d-----w- c:\program files\Synaptics
2010-08-12 09:50 . 2008-12-04 06:17 -------- d-----w- c:\program files\Microsoft Works
2010-08-12 04:07 . 2007-11-14 09:00 45648 ------w- c:\windows\system32\drivers\pxhelp20.sys
2010-08-06 15:11 . 2010-08-06 15:11 348160 ----a-w- c:\users\owner\AppData\Roaming\Sports Interactive\Football Manager Live\fml_live_v1\add_ons\client\app_5489\msvcr71.dll
2010-08-06 15:11 . 2010-08-06 15:11 10674176 ----a-w- c:\users\owner\AppData\Roaming\Sports Interactive\Football Manager Live\fml_live_v1\add_ons\client\app_5489\fml.exe
2010-08-06 15:11 . 2010-08-06 15:11 1061944 ----a-w- c:\users\owner\AppData\Roaming\Sports Interactive\Football Manager Live\fml_live_v1\add_ons\client\app_5489\dbghelp.dll
2010-08-06 15:11 . 2010-08-06 15:11 1061944 ----a-w- c:\users\owner\AppData\Roaming\Sports Interactive\Football Manager Live\fml_live_v1\add_ons\client\app_5489\data\starter\dbghelp.dll
2010-08-06 15:11 . 2010-08-06 15:11 4178264 ----a-w- c:\users\owner\AppData\Roaming\Sports Interactive\Football Manager Live\fml_live_v1\add_ons\client\app_5489\data\starter\D3DX9_41.dll
2010-08-06 15:11 . 2010-08-06 15:11 622592 ----a-w- c:\users\owner\AppData\Roaming\Sports Interactive\Football Manager Live\fml_live_v1\add_ons\client\app_5489\data\starter\fml_launcher.exe
2010-08-06 15:11 . 2010-08-06 15:11 348160 ----a-w- c:\users\owner\AppData\Roaming\Sports Interactive\Football Manager Live\fml_live_v1\add_ons\client\app_5489\data\starter\msvcr71.dll
2010-08-06 15:11 . 2010-08-06 15:11 2414360 ----a-w- c:\users\owner\AppData\Roaming\Sports Interactive\Football Manager Live\fml_live_v1\add_ons\client\app_5489\data\starter\d3dx9_31.dll
2010-08-06 15:11 . 2010-05-05 13:47 4178264 ----a-w- c:\users\owner\AppData\Roaming\Sports Interactive\Football Manager Live\fml_live_v1\D3DX9_41.dll
2010-08-06 15:11 . 2010-03-12 15:02 1061944 ----a-w- c:\users\owner\AppData\Roaming\Sports Interactive\Football Manager Live\fml_live_v1\dbghelp.dll
2010-08-06 15:11 . 2010-03-12 14:57 348160 ----a-w- c:\users\owner\AppData\Roaming\Sports Interactive\Football Manager Live\fml_live_v1\msvcr71.dll
2010-08-06 15:11 . 2010-03-12 14:57 1519616 ----a-w- c:\users\owner\AppData\Roaming\Sports Interactive\Football Manager Live\fml_live_v1\fml_launcher.exe
2010-08-06 15:10 . 2010-06-12 13:47 2414360 ----a-w- c:\users\owner\AppData\Roaming\Sports Interactive\Football Manager Live\fml_live_v1\d3dx9_31.dll
2010-08-06 15:10 . 2010-08-06 15:10 4178264 ----a-w- c:\users\owner\AppData\Roaming\Sports Interactive\Football Manager Live\fml_live_v1\add_ons\client\app_5489\D3DX9_41.dll
2010-08-06 15:10 . 2010-08-06 15:10 2414360 ----a-w- c:\users\owner\AppData\Roaming\Sports Interactive\Football Manager Live\fml_live_v1\add_ons\client\app_5489\d3dx9_31.dll
2010-08-03 18:20 . 2010-08-03 18:20 348160 ----a-w- c:\users\owner\AppData\Roaming\Sports Interactive\Football Manager Live\fml_live_v1\add_ons\client\app_5480\msvcr71.dll
2010-08-03 18:20 . 2010-08-03 18:20 10674176 ----a-w- c:\users\owner\AppData\Roaming\Sports Interactive\Football Manager Live\fml_live_v1\add_ons\client\app_5480\fml.exe
2010-08-03 18:20 . 2010-08-03 18:20 1061944 ----a-w- c:\users\owner\AppData\Roaming\Sports Interactive\Football Manager Live\fml_live_v1\add_ons\client\app_5480\dbghelp.dll
2010-08-03 18:20 . 2010-08-03 18:20 1061944 ----a-w- c:\users\owner\AppData\Roaming\Sports Interactive\Football Manager Live\fml_live_v1\add_ons\client\app_5480\data\starter\dbghelp.dll
2010-08-03 18:20 . 2010-08-03 18:20 4178264 ----a-w- c:\users\owner\AppData\Roaming\Sports Interactive\Football Manager Live\fml_live_v1\add_ons\client\app_5480\data\starter\D3DX9_41.dll
2010-08-03 18:20 . 2010-08-03 18:20 622592 ----a-w- c:\users\owner\AppData\Roaming\Sports Interactive\Football Manager Live\fml_live_v1\add_ons\client\app_5480\data\starter\fml_launcher.exe
2010-08-03 18:20 . 2010-08-03 18:20 348160 ----a-w- c:\users\owner\AppData\Roaming\Sports Interactive\Football Manager Live\fml_live_v1\add_ons\client\app_5480\data\starter\msvcr71.dll
2010-08-03 18:20 . 2010-08-03 18:20 2414360 ----a-w- c:\users\owner\AppData\Roaming\Sports Interactive\Football Manager Live\fml_live_v1\add_ons\client\app_5480\data\starter\d3dx9_31.dll
2010-08-03 18:19 . 2010-08-03 18:19 4178264 ----a-w- c:\users\owner\AppData\Roaming\Sports Interactive\Football Manager Live\fml_live_v1\add_ons\client\app_5480\D3DX9_41.dll
2010-08-03 18:19 . 2010-08-03 18:19 2414360 ----a-w- c:\users\owner\AppData\Roaming\Sports Interactive\Football Manager Live\fml_live_v1\add_ons\client\app_5480\d3dx9_31.dll
2008-12-04 07:35 . 2008-12-04 07:34 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-04 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"WatcherHelper"="c:\program files\O2 Connection Manager\WaHelper.exe" [2009-08-26 62744]
"TRUUpdater"="c:\program files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe" [2009-08-25 562456]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-09-17 442460]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-17 145944]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-12-04 665424]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-10-04 206064]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-08-05 3563520]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-11 180224]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-08-20 1164584]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-08-28 1557800]
c:\users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-24 1295656]
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-24 1295656]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Scrybe.lnk - c:\windows\Installer\{50B77346-B214-4027-AC42-1D87CC15754B}\NewShortcut11_8ACB210B42E44145A8C31F8E3DD765A3.exe [2010-8-26 45056]
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-24 1295656]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-12-04 06:20 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1ca9a3ddcbfeac0;Google Update Service (gupdate1ca9a3ddcbfeac0);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-21 133104]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-09-27 30192]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-10-12 101120]
R3 SWNC8U90;Sierra Wireless MUX NDIS Driver (UMTS90);c:\windows\system32\DRIVERS\swnc8u90.sys [2009-07-22 197504]
R3 SWUMX90;Sierra Wireless USB MUX Driver (UMTS90);c:\windows\system32\DRIVERS\swumx90.sys [2009-07-22 148992]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 aswSP;aswSP; [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_85b55258\aestsrv.exe [2008-09-17 73728]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-09-24 155648]
S2 ScrybeUpdater;Scrybe Updater;c:\program files\Scrybe\Service\ScrybeUpdater.exe [2010-03-04 1300992]
S2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc [x]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-12-08 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
2010-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-21 02:02]
2010-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-21 02:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=4081204
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-787351531-217637538-1315479565-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,29,d0,68,8b,8d,c9,56,43,84,e4,7b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,29,d0,68,8b,8d,c9,56,43,84,e4,7b,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,29,d0,68,8b,8d,c9,56,43,84,e4,7b,\
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(2268)
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_85b55258\STacSV.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\conime.exe
c:\program files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\WUDFHost.exe
c:\program files\Alwil Software\Avast5\AvastUI.exe
c:\program files\Epson Software\Event Manager\EEventManager.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Apoint2K\ApMsgFwd.exe
c:\program files\Apoint2K\Apntex.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
.
**************************************************************************
.
Completion time: 2010-10-07 01:14:12 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-07 00:14
Pre-Run: 72,139,972,608 bytes free
Post-Run: 72,318,787,584 bytes free
- - End Of File - - 72EBFC384464FBC75FF55FB986AE6B08
|
Senior Member
|
5. October 2010 @ 20:12 |
Link to this message
|
i had downloaded combofix and then moved it to desktop but the folder path was still downloads so i directly downloaded to desktop and it worked grand , ill do hjt log now mate,i know a lot of people go through it , sure i know a small bit about computers and my cousin who doesn`t know much asked me to have a look and when i scanned it with malwarebytes it came up with 437 files infected
|
Senior Member
|
5. October 2010 @ 20:17 |
Link to this message
|
here is the hjkt logfile >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:00:20, on 06/10/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Safe mode
Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk/ig/dell?hl=en&cl...=uk&ibd=4081204
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk/ig/dell?hl=en&cl...=uk&ibd=4081204
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [WatcherHelper] "C:\Program files\O2 Connection Manager\WaHelper.exe"
O4 - HKLM\..\Run: [TRUUpdater] "C:\Program Files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe" /bkground
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKCU\..\Run: [Mobile Partner] "C:\Program Files\O2\O2 Broadband USB Modem\O2 Broadband\O2 Broadband.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Global Startup: Scrybe.lnk = ?
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009...oUploader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_85b55258\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate1ca9a3ddcbfeac0) (gupdate1ca9a3ddcbfeac0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Scrybe Updater (ScrybeUpdater) - Synaptics, Inc. - C:\Program Files\Scrybe\Service\ScrybeUpdater.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_85b55258\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)
--
End of file - 8713 bytes
|
AfterDawn Addict
|
5. October 2010 @ 20:18 |
Link to this message
|
|
There you go.... I'm looking over the log to see if I can find anything..
See if you can run sfc /scannow from admin now..
|
AfterDawn Addict
|
5. October 2010 @ 20:20 |
Link to this message
|
|
tnx mate
|
AfterDawn Addict
|
5. October 2010 @ 20:22 |
Link to this message
|
Try to run the HJT Log in Normal mode..
|
|
Advertisement
|
|
|
Senior Member
|
5. October 2010 @ 20:25 |
Link to this message
|
|
ok little problem in the admin account , if i try to click on any application or try open any file i get the same error message "illegal operation attempted on a registrey key that has been marked for deletion"...if i change over to my own user account ive no problems any idea??
|
|
