We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Help got virus etc on laptop and no antivirus in place
Options
Comments
-
Here I am again.
I have downloaded Avira and started to install it - a window popped up informing me that I have Windows Defender. Is WD any good? If so why did I get infected?
Shall I continue with Avira and disable WD as Avira advises me to do?
Thank you0 -
Avira is incompatible with Windows Defender, and it should be disabled or uninstalled. Using both can really cause conflicts and make you more vulnerable.
- Run Mcafee removal tool before installing Avira if not too late http://download.mcafee.com/products/licensed/cust_support_patches/MCPR.exe
0 -
Thank you I have run the Mcafee removal tool. I have not installed Avira yet. Is windows defender any good or is it better to have Avira?Avira is incompatible with Windows Defender, and it should be disabled or uninstalled. Using both can really cause conflicts and make you more vulnerable.- Run Mcafee removal tool before installing Avira if not too late http://download.mcafee.com/products/licensed/cust_support_patches/MCPR.exe
0 -
Avira every time. Defender is not an anti virus only a spyware detector.0
-
Avira every time. Defender is not an anti virus only a spyware detector.
..and a carp one at that
Once you've installed avira and disabled WD, run a full scan with avira. I suspect it will find some bits.... ......Gettin' There, Wherever There is......
I have a dodgy "i" key, so ignore spelling errors due to "i" issues, ...I blame Apple
0 -
before installing any new anti virus you need to run (uninstall Mcafee if you want first)
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
and post that log file , theres some nasty stuff on the malwarebytes log fileEx forum ambassador
Long term forum member0 -
Can you believe, how many problems are generated by not taking simple precautions?
Backup your hard drive in the first place, and take the precautions of keeping your protection up to date, and you shouldn't have a problem. (Don't depend on Windows in-built software; Defender, Firewall etc)
If you do get infected.......format your hard drive to get rid of it......reinstall from your hard drive back-up (built into Windows 7) and replace the protection(?) you WERE using, with something better, because what you were using, was clearly not good enough.
Or what about.......doing a Windows "Restore" the minute you spot the problem?0 -
Thank you Browntoabefore installing any new anti virus you need to run (uninstall Mcafee if you want first)
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
and post that log file , theres some nasty stuff on the malwarebytes log file
I have used dogmarys' link to uninstall mcafee.
Running combo laptop just restarted and it is preparing a Log Report0 -
ok ...AlienRik is the expert on those but I'll take a read...
shut all other programs down including Internet explorer while combofix is runningEx forum ambassador
Long term forum member0 -
ComboFix 11-02-22.04 - NashLaptop 23/02/2011 9:19.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.2811.1517 [GMT 0:00]
Running from: c:\combofix\ComboFix.exe
Command switches used :: ComboFix
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programdata\FullRemove.exe
c:\windows\temp31233764319.exe
.
((((((((((((((((((((((((( Files Created from 2011-01-23 to 2011-02-23 )))))))))))))))))))))))))))))))
.
2011-02-23 09:24 . 2011-02-23 09:24
d
w- c:\users\Default\AppData\Local\temp
2011-02-23 09:15 . 2011-02-23 09:16
d
w- C:\32788R22FWJFW
2011-02-23 09:08 . 2011-02-23 09:08
d
w- c:\users\NashLaptop\AppData\Local\{A331D15F-678D-4DF2-B50B-C8C86FE6F061}
2011-02-22 10:40 . 2011-02-02 17:10 7844688 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E1507C7B-EABD-4588-8857-D737E5BC1716}\mpengine.dll
2011-02-22 10:40 . 2011-02-02 17:11 270720
w- c:\windows\system32\MpSigStub.exe
2011-02-22 10:29 . 2011-02-22 18:17
d
w- c:\programdata\PC Tools
2011-02-22 10:27 . 2010-12-20 18:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-02-22 10:27 . 2010-12-20 18:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-22 10:27 . 2011-02-22 11:01
d
w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-02-22 10:11 . 2011-02-22 10:12
d
w- c:\users\NashLaptop\AppData\Local\{8F444BD0-DA73-42D5-86F3-4CCCC8CD00BF}
2011-02-22 07:57 . 2011-02-22 07:58
d
w- c:\users\NashLaptop\AppData\Local\{5A6B6B40-8B03-491E-B0E5-30F6A8582B6F}
2011-02-22 07:43 . 2011-02-22 07:45
dc----w- c:\users\NashLaptop\AppData\Local\MigWiz
2011-02-22 06:59 . 2011-02-22 07:53
d---a-r- c:\program files\PC Tools Security
2011-02-22 06:54 . 2011-02-22 06:54
d
w- c:\users\NashLaptop\AppData\Local\{CD20E29D-7F1A-4726-991F-F379673C05C2}
2011-02-21 15:44 . 2011-02-21 15:44
d
w- c:\users\NashLaptop\AppData\Local\Threat Expert
2011-02-21 08:57 . 2011-02-21 08:57
d
w- c:\users\NashLaptop\AppData\Local\{359051B7-CDB1-4FF7-A82F-A76D7799A924}
2011-02-20 20:34 . 2011-02-20 20:34
d
w- c:\users\NashLaptop\AppData\Local\ElevatedDiagnostics
2011-02-20 20:12 . 2011-02-20 20:12
d
w- c:\users\NashLaptop\AppData\Roaming\Malwarebytes
2011-02-20 20:12 . 2011-02-20 20:12
d
w- c:\programdata\Malwarebytes
2011-02-20 18:59 . 2011-02-20 18:59
d
w- c:\users\NashLaptop\AppData\Local\{195E9D57-8934-44B1-8765-0E85ACB489B8}
2011-02-19 10:50 . 2011-02-22 07:51
d
w- c:\programdata\pAaFmDp08520
2011-02-19 08:58 . 2011-02-19 08:59
d
w- c:\users\NashLaptop\AppData\Local\{6C4FC021-6BA5-4B0A-ACB1-39267062395A}
2011-02-18 15:29 . 2011-02-18 15:29
d
w- c:\users\NashLaptop\AppData\Local\{6EDEA643-1DF7-4216-8B8B-7F04887AE655}
2011-02-17 15:59 . 2011-02-17 16:00
d
w- c:\users\NashLaptop\AppData\Local\{996C8BC2-5DFD-45BB-849C-720D0DBC89FA}
2011-02-16 15:39 . 2011-02-16 15:40
d
w- c:\users\NashLaptop\AppData\Local\{442CE3C2-0B8A-4CCE-9821-9BF1A23F1DCA}
2011-02-15 11:43 . 2011-02-15 11:44
d
w- c:\users\NashLaptop\AppData\Local\{90D7E389-4075-4BC3-BA14-AA5C5F16E9D5}
2011-02-14 20:10 . 2011-02-14 20:10
d
w- c:\users\NashLaptop\AppData\Local\{D20944F6-DEFF-4CC3-8226-903E9BB0EEE5}
2011-02-14 08:09 . 2011-02-14 08:10
d
w- c:\users\NashLaptop\AppData\Local\{3A4815E7-F02D-4E28-A95C-002EC898F9BF}
2011-02-13 10:29 . 2011-02-13 10:29
d
w- c:\users\NashLaptop\AppData\Local\{565B1A15-1A1A-4ACA-A97C-4B6676326C71}
2011-02-13 08:41 . 2011-02-13 08:41
d
w- c:\users\NashLaptop\AppData\Local\{6079D1F8-B0A7-4ECA-B4F6-EEBD5D6A335F}
2011-02-13 08:06 . 2011-02-13 08:06
d
w- c:\users\NashLaptop\AppData\Local\{C95F61D7-7381-4348-830B-2E3A976A9713}
2011-02-12 11:03 . 2011-02-12 11:03
d
w- c:\users\NashLaptop\AppData\Local\{9A112E00-5318-4528-9923-81B149DAF5F7}
2011-02-11 20:18 . 2011-02-11 20:18
d
w- c:\users\NashLaptop\AppData\Local\{467A550A-F91E-4A97-900F-414D00BA86EF}
2011-02-11 08:17 . 2011-02-11 08:18
d
w- c:\users\NashLaptop\AppData\Local\{1C591E34-CA5B-46DE-B7C8-847D2690181A}
2011-02-10 11:03 . 2011-02-10 11:03
d
w- c:\users\NashLaptop\AppData\Local\{D7994067-5310-4A90-9282-B5D4CBE31010}
2011-02-09 21:27 . 2011-02-09 21:27
d
w- c:\users\NashLaptop\AppData\Local\{C046A8E5-8C15-4F86-B3D6-133372710300}
2011-02-09 07:56 . 2011-02-09 07:56
d
w- c:\users\NashLaptop\AppData\Local\{0E8FB1B1-9590-4947-B1FB-EF903FEEFD92}
2011-02-08 15:58 . 2011-02-08 15:58
d
w- c:\users\NashLaptop\AppData\Local\{D0CBEAE7-1E79-4E01-94EF-75F6ED4A5D34}
2011-02-07 09:26 . 2011-02-07 09:26
d
w- c:\users\NashLaptop\AppData\Local\{483C647D-45E0-41B8-84EE-F15984237C8D}
2011-02-06 17:51 . 2011-02-06 17:51
d
w- c:\users\NashLaptop\AppData\Local\{E8EACD05-2D00-48B5-8245-D4EC1229D8DC}
2011-02-06 05:24 . 2011-02-06 05:24
d
w- c:\users\NashLaptop\AppData\Local\{92292C6C-18F5-4A9D-ACA1-782728384E1F}
2011-02-05 08:36 . 2011-02-05 08:36
d
w- c:\users\NashLaptop\AppData\Local\{8959A1B3-6B9A-4669-9EA9-72CA4F48B1F5}
2011-02-04 15:58 . 2011-02-04 15:58
d
w- c:\users\NashLaptop\AppData\Local\{4EE8FC4E-36F7-47A0-AEC5-08588CFB9C35}
2011-02-03 16:00 . 2011-02-03 16:00
d
w- c:\users\NashLaptop\AppData\Local\{C9FACFB6-67F2-4704-9646-F37C6BA7921F}
2011-02-02 15:41 . 2011-02-02 15:41
d
w- c:\users\NashLaptop\AppData\Local\{F9DC277E-A352-498C-B57C-70BC6BDCFE2D}
2011-02-01 19:15 . 2011-02-01 19:15
d
w- c:\program files (x86)\Siber Systems
2011-02-01 15:57 . 2011-02-01 15:57
d
w- c:\users\NashLaptop\AppData\Local\{BC581217-436F-48C3-B77D-7FD8C1F11EB8}
2011-01-31 10:28 . 2011-01-31 10:29
d
w- c:\users\NashLaptop\AppData\Local\{63C4FD79-F962-49BC-AC7B-60261974AD2E}
2011-01-30 12:15 . 2011-01-30 12:15
d
w- c:\users\NashLaptop\AppData\Local\{4CECD4C5-0B0B-4326-8B76-8C609DF704B1}
2011-01-29 08:39 . 2011-01-29 08:39
d
w- c:\users\NashLaptop\AppData\Local\{7EF51081-0A9D-4D6B-9A72-D006F683BA8C}
2011-01-28 11:15 . 2011-01-28 11:15
d
w- c:\users\NashLaptop\AppData\Local\{F8A04F2F-FD49-4C37-B4EC-3FD2717D4C30}
2011-01-27 21:30 . 2011-01-27 21:31
d
w- c:\users\NashLaptop\AppData\Local\{A32C0C4F-3D9C-445D-9082-8DD68C68568E}
2011-01-27 09:30 . 2011-01-27 09:30
d
w- c:\users\NashLaptop\AppData\Local\{392B2E68-BA0F-4B30-839E-3502690B8BB2}
2011-01-26 16:47 . 2011-01-26 16:47
d
w- c:\users\NashLaptop\AppData\Local\{4137A593-D720-430E-93BF-CF1EA78BB056}
2011-01-25 10:38 . 2011-01-25 10:38
d
w- c:\users\NashLaptop\AppData\Local\{E7E11C24-F565-40E9-BFAF-E8124822C29F}
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:40 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2009-07-14 44544]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2011-02-01 160328]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-27 337264]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-06-28 265984]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-21 98304]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-10 975952]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"Communicator"="c:\program files (x86)\Microsoft Office Communicator\communicator.exe" [2010-11-12 5145952]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-20 136176]
R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrxusb.sys [2007-04-20 1037312]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-05-27 305520]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2010-06-17 246376]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-22 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-03 22576]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-03 20016]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-03 60464]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-04-20 202752]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-10 321104]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-06-11 868896]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-06-28 255744]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 483688]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-04-21 6406144]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-04-20 188928]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-04-13 135560]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-05-14 384040]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2010-04-24 721768]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2010-04-24 269672]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2010-04-24 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2010-04-24 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 209768]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
Contents of the 'Scheduled Tasks' folder
2011-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-20 15:33]
2011-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-20 15:33]
.
x86-64
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:42 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-22 10920552]
"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-27 349552]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-06-09 206208]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-06-11 861216]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
Supplementary Scan
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\NashLaptop\AppData\Roaming\Mozilla\Firefox\Profiles\dyaos3ub.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://login.yahoo.com/config/login_verify2?.intl=uk&.src=ym
FF - Ext: Update Service: [EMAIL="updater@foxstart.com"]updater@foxstart.com[/EMAIL] - c:\program files (x86)\Mozilla Firefox\extensions\updater@foxstart.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Autofill Forms: [EMAIL="autofillForms@blueimp.net"]autofillForms@blueimp.net[/EMAIL] - %profile%\extensions\autofillForms@blueimp.net
FF - Ext: RoboForm Online Toolbar: [EMAIL="xpirftoolbar@roboform.com"]xpirftoolbar@roboform.com[/EMAIL] - %profile%\extensions\xpirftoolbar@roboform.com
FF - Ext: AI Roboform Toolbar for Firefox: {22119944-ED35-4ab1-910B-E619EA06A115} - c:\program files (x86)\Siber Systems\AI RoboForm\Firefox
.
- - - - ORPHANS REMOVED - - - -
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-ETDWare - %ProgramFiles%\Elantech\ETDCtrl.exe
.
LOCKED REGISTRY KEYS
[HKEY_USERS\S-1-5-21-1919256559-960462587-2118319953-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
[HKEY_USERS\S-1-5-21-1919256559-960462587-2118319953-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Other Running Processes
.
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Launch Manager\LMworker.exe
.
**************************************************************************
.
Completion time: 2011-02-23 09:32:44 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-23 09:32
Pre-Run: 193,500,725,248 bytes free
Post-Run: 193,641,500,672 bytes free
- - End Of File - - DACDEFDDA16D1799328A3034547C09E10
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351.1K Banking & Borrowing
- 253.2K Reduce Debt & Boost Income
- 453.6K Spending & Discounts
- 244.1K Work, Benefits & Business
- 599.1K Mortgages, Homes & Bills
- 177K Life & Family
- 257.5K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards