Repeated malware

Status
Not open for further replies.
D

Doron_xyz

New member
Hello ,

I removed several malware that after a little are coming to my notebook.
I used the Malwarebytes' Anti-Malware and ComboFix. I notiched some Locked Register Keys as well, in ComboFix.

PLease see the text file from both programs and let me know what else could be done,

Thanks,

Doron

Malwarebytes
===============================
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6621

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

5/19/2011 11:51:53 PM
mbam-log-2011-05-19 (23-51-53).txt

Scan type: Full scan (C:\|)
Objects scanned: 313351
Time elapsed: 31 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\exqonczctruceg (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\qotkejri (Trojan.FakeAlertR.Gen) -> Value: qotkejri -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

ComboFix:
================================
ComboFix 11-05-18.04 - Eric 05/19/2011 23:57:18.9.2 - x64
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.4061.2009 [GMT -4:00]
Running from: D:\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-04-20 to 2011-05-20 )))))))))))))))))))))))))))))))
.
.
2011-05-20 04:01 . 2011-05-20 04:01 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-05-20 04:01 . 2011-05-20 04:01 -------- d-----w- c:\users\Edhy\AppData\Local\temp
2011-05-20 04:01 . 2011-05-20 04:01 -------- d-----w- c:\users\Doron\AppData\Local\temp
2011-05-20 04:01 . 2011-05-20 04:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-20 04:01 . 2011-05-20 04:01 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-05-17 23:28 . 2011-05-20 04:01 -------- d-----w- c:\users\Eric\AppData\Local\temp
2011-05-17 16:39 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-05-17 16:39 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2011-05-12 21:52 . 2011-05-12 22:28 -------- d-----w- c:\programdata\MicroFour
2011-05-12 16:24 . 2011-05-17 20:14 -------- d-----w- c:\users\Eric\AppData\Local\Adobe
2011-05-10 18:00 . 2011-04-09 07:02 5562240 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-10 18:00 . 2011-04-09 06:02 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-05-10 18:00 . 2011-04-09 06:02 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-05-10 18:00 . 2011-03-25 03:29 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-05-10 18:00 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-05-10 18:00 . 2011-03-25 03:29 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-05-10 18:00 . 2011-03-25 03:29 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-05-10 18:00 . 2011-03-25 03:29 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-05-10 18:00 . 2011-03-25 03:28 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-04-27 01:30 . 2011-04-27 01:30 -------- d-----w- C:\182b852d4a22afc859
2011-04-26 21:53 . 2011-02-25 06:19 2871808 ----a-w- c:\windows\explorer.exe
2011-04-26 21:53 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\SysWow64\explorer.exe
2011-04-26 21:53 . 2011-03-12 12:08 1465344 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-26 21:53 . 2011-03-12 11:23 870912 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-04-22 14:13 . 2011-04-11 08:21 8802128 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{49FEE7D0-6694-44DC-B3BB-78BC63E28957}\mpengine.dll
2011-04-21 03:51 . 2011-04-21 03:51 -------- d-----w- c:\users\Doron\AppData\Local\{6A69163C-11E2-4745-AFBD-D1D5714F586E}
2011-04-20 14:07 . 2011-04-20 14:07 -------- d-----w- c:\users\Doron\AppData\Local\{4B7B71CC-E78D-4501-8DAE-ABDA93AC1A56}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-17 04:07 . 2011-04-17 04:07 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-04-17 04:07 . 2011-04-17 04:07 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-04-17 04:07 . 2011-04-17 04:07 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-04-17 04:07 . 2011-04-17 04:07 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-04-17 04:07 . 2011-04-17 04:07 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-04-17 04:07 . 2011-04-17 04:07 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-04-17 04:07 . 2011-04-17 04:07 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-04-17 04:07 . 2011-04-17 04:07 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-04-17 04:07 . 2011-04-17 04:07 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-04-17 04:07 . 2011-04-17 04:07 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-04-17 04:07 . 2011-04-17 04:07 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-04-17 04:07 . 2011-04-17 04:07 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-04-17 04:07 . 2011-04-17 04:07 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-04-17 04:07 . 2011-04-17 04:07 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-04-17 04:07 . 2011-04-17 04:07 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-04-17 04:07 . 2011-04-17 04:07 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-04-17 04:07 . 2011-04-17 04:07 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-04-17 04:07 . 2011-04-17 04:07 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-04-17 04:07 . 2011-04-17 04:07 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-04-17 04:07 . 2011-04-17 04:07 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-04-17 04:07 . 2011-04-17 04:07 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-04-17 04:07 . 2011-04-17 04:07 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-04-17 04:07 . 2011-04-17 04:07 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-17 04:07 . 2011-04-17 04:07 222208 ----a-w- c:\windows\system32\msls31.dll
2011-04-17 04:07 . 2011-04-17 04:07 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-04-17 04:07 . 2011-04-17 04:07 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-04-17 04:07 . 2011-04-17 04:07 12288 ----a-w- c:\windows\system32\mshta.exe
2011-04-17 04:07 . 2011-04-17 04:07 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-04-17 04:07 . 2011-04-17 04:07 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-04-17 04:07 . 2011-04-17 04:07 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-04-17 04:07 . 2011-04-17 04:07 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-04-17 04:07 . 2011-04-17 04:07 448512 ----a-w- c:\windows\system32\html.iec
2011-04-17 04:07 . 2011-04-17 04:07 2303488 ----a-w- c:\windows\system32\jscript9.dll
2011-04-17 04:07 . 2011-04-17 04:07 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-04-17 04:07 . 2011-04-17 04:07 114176 ----a-w- c:\windows\system32\admparse.dll
2011-04-17 04:07 . 2011-04-17 04:07 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-04-17 04:07 . 2011-04-17 04:07 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-04-17 04:07 . 2011-04-17 04:07 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-04-17 04:07 . 2011-04-17 04:07 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-17 04:07 . 2011-04-17 04:07 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-04-17 04:07 . 2011-04-17 04:07 160256 ----a-w- c:\windows\system32\wextract.exe
2011-04-17 04:07 . 2011-04-17 04:07 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-17 04:01 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-04-17 04:01 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-03-11 06:34 . 2011-04-14 02:39 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-11 06:34 . 2011-04-14 02:39 1395712 ----a-w- c:\windows\system32\mfc42.dll
2011-03-11 05:33 . 2011-04-14 02:39 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2011-03-11 05:33 . 2011-04-14 02:39 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
2011-03-09 20:41 . 2010-06-24 16:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-08 06:29 . 2011-04-14 02:37 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-08 05:28 . 2011-04-14 02:37 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-03-04 06:19 . 2011-04-26 21:52 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:19 . 2011-04-26 21:52 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 06:24 . 2011-04-14 02:38 183296 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-03-03 06:21 . 2011-04-14 02:38 30208 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-03-03 05:36 . 2011-04-14 02:38 28672 ----a-w- c:\windows\SysWow64\dnscacheugc.exe
2011-03-03 03:52 . 2011-04-14 02:39 3135488 ----a-w- c:\windows\system32\win32k.sys
2011-02-24 06:15 . 2011-04-14 02:39 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-24 05:38 . 2011-04-14 02:39 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-02-23 04:56 . 2011-04-14 02:37 158208 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-23 04:56 . 2011-04-14 02:39 467456 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-23 04:56 . 2011-04-14 02:39 411648 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-02-23 04:55 . 2011-04-14 02:39 167936 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-02-23 04:55 . 2011-04-14 02:37 128000 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-02-23 04:55 . 2011-04-14 02:37 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-02-23 04:55 . 2011-04-14 02:37 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-02-19 12:05 . 2011-03-09 20:46 1139200 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 12:04 . 2011-03-09 20:46 1544192 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 12:04 . 2011-03-09 20:46 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-02-19 12:03 . 2011-04-14 02:38 46080 ----a-w- c:\windows\system32\atmlib.dll
2011-02-19 09:00 . 2011-04-14 02:38 367616 ----a-w- c:\windows\system32\atmfd.dll
2011-02-19 06:30 . 2011-03-09 20:46 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-02-19 06:30 . 2011-03-09 20:46 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-02-19 06:30 . 2011-04-14 02:38 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2011-02-19 04:34 . 2011-04-14 02:38 294912 ----a-w- c:\windows\SysWow64\atmfd.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-05-10_18.25.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-07 16:27 . 2011-05-18 14:53 65514 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-05-19 16:30 47628 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-10-28 22:37 . 2011-05-19 16:30 20588 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-123169825-2983614903-3252433451-1010_UserData.bin
+ 2009-10-07 00:48 . 2011-05-18 14:35 13554 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-123169825-2983614903-3252433451-1001_UserData.bin
- 2009-07-14 05:30 . 2011-04-28 02:51 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2011-05-17 04:56 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2011-05-10 18:00 . 2011-03-25 03:29 30720 c:\windows\system32\DriverStore\FileRepository\usbport.inf_amd64_neutral_189259810882aaea\usbuhci.sys
+ 2011-05-10 18:00 . 2011-03-25 03:29 25600 c:\windows\system32\DriverStore\FileRepository\usbport.inf_amd64_neutral_189259810882aaea\usbohci.sys
+ 2011-05-10 18:00 . 2011-03-25 03:29 52736 c:\windows\system32\DriverStore\FileRepository\usbport.inf_amd64_neutral_189259810882aaea\usbehci.sys
+ 2011-05-10 18:00 . 2011-03-25 03:29 98816 c:\windows\system32\DriverStore\FileRepository\usb.inf_amd64_neutral_153b489118ee37b8\usbccgp.sys
+ 2007-05-14 20:06 . 2007-05-14 20:06 27520 c:\windows\system32\DriverStore\FileRepository\rimusbnt.inf_amd64_neutral_0e62256bde3faf4b\RimUsb_AMD64.sys
+ 2007-05-14 20:06 . 2007-05-14 20:06 27520 c:\windows\system32\drivers\RimUsb_AMD64.sys
+ 2009-10-07 00:36 . 2011-05-19 21:25 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-07 00:36 . 2011-05-09 23:21 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-07 00:36 . 2011-05-09 23:21 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-07 00:36 . 2011-05-19 21:25 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-05-09 23:21 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-05-19 21:25 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2011-05-17 23:14 78776 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-05-10 18:00 . 2011-03-25 03:28 7936 c:\windows\system32\DriverStore\FileRepository\usbport.inf_amd64_neutral_189259810882aaea\usbd.sys
+ 2011-05-19 16:27 . 2011-05-19 16:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-05-10 17:54 . 2011-05-10 17:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-05-10 17:54 . 2011-05-10 17:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-05-19 16:27 . 2011-05-19 16:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-10-07 21:01 . 2011-05-20 03:14 279778 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2011-04-24 18:58 726704 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-05-17 04:57 726704 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-04-24 18:58 147596 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-05-17 04:57 147596 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:30 . 2011-05-17 04:56 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2011-04-28 02:51 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2011-04-28 02:51 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:30 . 2011-05-17 04:56 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2011-05-10 18:00 . 2011-03-25 03:29 325120 c:\windows\system32\DriverStore\FileRepository\usbport.inf_amd64_neutral_189259810882aaea\usbport.sys
+ 2011-05-10 18:00 . 2011-03-25 03:29 343040 c:\windows\system32\DriverStore\FileRepository\usbport.inf_amd64_neutral_189259810882aaea\usbhub.sys
+ 2011-05-10 18:00 . 2011-03-25 03:29 343040 c:\windows\system32\DriverStore\FileRepository\usb.inf_amd64_neutral_153b489118ee37b8\usbhub.sys
- 2009-07-14 05:31 . 2011-04-28 02:51 399360 c:\windows\system32\DriverStore\drvindex.dat
+ 2009-07-14 05:31 . 2011-05-11 14:12 399360 c:\windows\system32\DriverStore\drvindex.dat
- 2009-07-14 05:12 . 2011-04-20 01:28 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:12 . 2011-05-19 16:30 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:01 . 2011-05-10 03:49 477948 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-05-19 05:29 477948 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-05-18 01:04 . 2011-05-18 01:04 478716 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2009-07-14 04:45 . 2011-05-17 23:04 6817720 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2011-04-28 23:56 6817720 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2010-12-10 01:41 . 2011-05-19 05:29 5716796 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-123169825-2983614903-3252433451-1001-12288.dat
- 2009-07-14 02:34 . 2011-04-28 02:51 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2011-05-11 14:12 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-10-07 21:17 . 2011-05-10 18:41 44548040 c:\windows\system32\MRT.exe
+ 2011-04-17 04:51 . 2011-05-19 05:29 11655016 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-123169825-2983614903-3252433451-1010-12288.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-17 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"McAfeeUpdaterUI"="c:\utils\McAfee\Common Framework\udaterui.exe" [2008-03-14 136512]
"ShStatEXE"="c:\utils\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-09-29 124240]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
.
c:\users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk - d:\media\logitech webcam\Logitech WebCam Software\eReg.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SetPointII.lnk - c:\program files\Logitech\SetPoint II\SetPointII.exe [2009-7-21 815104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
R3 lvsels64;Logitech Selective Suspend Filter;c:\windows\system32\DRIVERS\lvsels64.sys [x]
R3 LVUVC64;QuickCam Orbit/Sphere AF(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;d:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 51456888]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-10 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2010-11-09 49752]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 LMIInfo;LogMeIn Kernel Information Provider;d:\program files (x86)\LogMeIn\x64\RaInfo.sys [2008-08-11 15928]
S2 McAfeeEngineService;McAfee Engine Service;c:\utils\McAfee\VirusScan Enterprise\x64\EngineServer.exe [2008-09-29 17920]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 MsDtsServer100;SQL Server Integration Services 10.0;d:\program files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [2008-07-10 214040]
S2 SBSDWSCService;SBSD Security Center Service;d:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-01-27 2253688]
S3 DKRtWrt;DKRtWrt;c:\windows\system32\DRIVERS\DKRtWrt.sys [x]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);d:\program files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [2008-07-10 34840]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\DRIVERS\OA001Ufd.sys [x]
S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\DRIVERS\OA001Vid.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 18:23]
.
2011-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 18:23]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"LogMeIn GUI"="d:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2008-08-11 57928]
"BCSSync"="d:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"CanonMyPrinter"="d:\program files\Canon Printer\BJMyPrt.exe" [2010-03-25 2726728]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Se&nd to OneNote - d:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
DPF: {2D168880-539F-4967-BA11-F7C2862B9E1D} - hxxp://www.shockwave.com/content/diaperdash/sis/DiaperDashWeb.1.0.0.4.cab
DPF: {74EF5274-F439-2168-B543-14745B625C72} - hxxp://www.shockwave.com/content/weddingdash2/sis/WeddingDash2Web.1.0.0.13.cab
DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} - hxxps://kingsisle.hs.llnwd.net/e1/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB
DPF: {FCB28D51-A017-46B2-9FB3-F7BFD53B2E42} - hxxp://www.shockwave.com/content/chocolatierdecadence/sis/Chocolatier3Web.1.0.0.6.cab
FF - ProfilePath - c:\users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\l9zeooyn.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - d:\program files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - d:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - d:\program files (x86)\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - d:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}"=hex:51,66,7a,6c,4c,1d,38,12,ed,e2,e6,
8b,ec,e5,85,03,cf,88,91,ea,bc,02,ef,f7
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{00C6482D-C502-44C8-8409-FCE54AD9C208}"=hex:51,66,7a,6c,4c,1d,38,12,43,4b,d5,
04,30,8b,a6,01,fb,1f,bf,a5,4f,87,86,1c
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,
57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b
"{601ED020-FB6C-11D3-87D8-0050DA59922B}"=hex:51,66,7a,6c,4c,1d,38,12,4e,d3,0d,
64,5e,b5,bd,54,f8,ce,43,10,df,07,d6,3f
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{7DB2D5A0-7241-4E79-B68D-6309F01C5231}"=hex:51,66,7a,6c,4c,1d,38,12,ce,d6,a1,
79,73,3c,17,0b,c9,9b,20,49,f5,42,16,25
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"=hex:51,66,7a,6c,4c,1d,38,12,2d,dd,7a,
ab,6a,33,56,03,c9,ec,8d,26,b0,f3,64,49
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{32004B8A-44A9-43E7-84E9-808838809519}"=hex:51,66,7a,6c,4c,1d,38,12,e4,48,13,
36,9b,0a,89,06,fb,ff,c3,c8,3d,de,d1,0d
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:e2,5c,99,2f,e8,14,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-05-20 00:04:04
ComboFix-quarantined-files.txt 2011-05-20 04:04
ComboFix2.txt 2011-05-17 23:41
ComboFix3.txt 2011-05-16 20:03
ComboFix4.txt 2011-05-13 21:16
ComboFix5.txt 2011-05-20 03:56
.
Pre-Run: 122,839,584,768 bytes free
Post-Run: 122,860,253,184 bytes free
.
- - End Of File - - 8A2FC32211C4E39A88629976DA28D426
 
Hello Doron_xyz,

In case you missed it please see the forum FAQ which also includes guidelines for this forum and instructions in post #2 on how to provide preliminary "DDS" logs used for analysis.
"BEFORE You POST"(Please read this Procedure Before Requesting Assistance)

Note: Please DO NOT RUN ComboFix without being asked ;)

"Microsoft Windows 7 Enterprise."
"McAfee VirusScan Enterprise"

Is this a business, corporate, institutional computer or used in that environment?
Personal computers or.....

Best regards.
 
Maleware keep are coming

Hello There,

Please find the attached DDS.zip file. At this point all Maleware were removed using the Malewarebyte program. Alos from to time one of the 3 maleware sending email using the hotmail account.

Please let me know.

Thanks,

Doron
 
Hi Doron_xyz,

If this is a personal computer please start a new topic, (helpers look for ones with a zero response), and copy paste the DDS.txt into it.

Also provide a link back to this thread, thanks.

Best regards.
 
Status
Not open for further replies.
Back
Top