We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Help with infected PC.
Options
Comments
-
Thanks.
Go here and read through the instructions for downloading and running ComboFix:
Bleeping Computer ComboFix Tutorial- Ensure you temporarily turn off your antivirus before running. Instructions here
- Double click combofix.exe & follow the prompts closely.
- When it's finished, it'll produce a log. Post the contents of that log.
- It'll be found on your C:\ drive named combofix.txt
0 -
Humm, well that was fun!
I''m sure it's not supposed to do this, but after it rebooted the system it had triggered a partial system restore to a point last week, but none of the programs on the desktop or start bar would open.
They gave an error something line 'An illega operation has been attempted on a registry item flagged for deletion' ??
I've had to restore to another point to get anything working !
Don't know if the file below is any use now?
ComboFix 12-07-25.04 - Steve 24/07/2012 17:56:46.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8053.6202 [GMT 1:00]
Running from: c:\users\Steve\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Spybot - Search and Destroy *Disabled/Updated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((( Other Deletions
.
.
Y:\Autorun.inf
.
.
(((( Files Created from 2012-06-24 to 2012-07-24
.
.
2012-07-24 09:20 . 2012-07-24 10:00
d
w- c:\programdata\Spybot - Search & Destroy
2012-07-24 07:59 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F9C9D3F7-63F3-419B-BD59-1A266851DD07}\mpengine.dll
2012-07-23 08:09 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-22 18:40 . 2012-07-22 18:40
d
w- c:\windows\system32\SPReview
2012-07-22 18:39 . 2012-07-22 18:39
d
w- c:\windows\system32\EventProviders
2012-07-22 18:16 . 2012-07-03 02:19 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-22 17:58 . 2012-07-22 17:58
d
w- c:\users\Steve\AppData\Roaming\Panda Security
2012-07-22 17:55 . 2012-07-24 17:01
d
w- c:\program files (x86)\Panda Security
2012-07-22 17:55 . 2012-07-22 17:55
d
w- c:\programdata\Panda Security
2012-07-22 17:07 . 2012-07-23 18:21
d
w- c:\program files (x86)\Google
2012-07-22 17:07 . 2012-07-23 18:21
d
w- c:\users\Steve\AppData\Local\Google
2012-07-22 17:07 . 2012-07-03 16:21 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-07-22 17:06 . 2012-07-22 17:37
d
w- c:\programdata\AVAST Software
2012-07-22 17:06 . 2012-07-22 17:06
d
w- c:\program files\AVAST Software
2012-07-20 19:12 . 2012-07-20 19:12
d
w- c:\users\Steve\AppData\Local\{E0F13756-D29E-11E1-8270-B8AC6F996F26}
2012-07-18 17:52 . 2012-07-22 11:23
d
w- c:\users\Steve\AppData\Local\IGearSettings
2012-07-11 20:56 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 19:23 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 13:35 . 2009-02-24 17:35 255552 ----a-w- c:\windows\SysWow64\drivers\mcdbus.sys
2012-07-11 13:35 . 2009-02-24 17:35 255552 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2012-07-11 13:35 . 2012-07-11 13:36
d
w- c:\program files (x86)\MagicDisc
2012-07-04 07:57 . 2012-02-09 12:17 927800
w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A0760748-2D9D-4B0D-B0C3-F48D5F47B95D}\gapaengine.dll
2012-07-01 16:29 . 2012-07-01 16:29
d
w- c:\users\Steve\AppData\Local\Gas Powered Games
2012-07-01 16:28 . 2012-07-01 16:28
d
w- c:\programdata\Media Center Programs
2012-07-01 16:13 . 2005-07-22 18:59 3807440 ----a-w- c:\windows\system32\d3dx9_27.dll
2012-07-01 16:13 . 2005-05-26 14:34 3767504 ----a-w- c:\windows\system32\d3dx9_26.dll
2012-07-01 16:13 . 2005-05-26 14:34 2297552 ----a-w- c:\windows\SysWow64\d3dx9_26.dll
2012-07-01 16:13 . 2005-03-18 16:19 3823312 ----a-w- c:\windows\system32\d3dx9_25.dll
2012-07-01 16:13 . 2005-02-05 18:45 3544272 ----a-w- c:\windows\system32\d3dx9_24.dll
2012-07-01 16:10 . 2012-07-01 16:10
d
w- c:\users\Steve\AppData\Roaming\InstallShield
2012-07-01 16:10 . 2012-07-01 16:10
d
w- c:\programdata\InstallShield
.
.
.
((((((((((((( Find3M Report
.
2012-07-22 18:56 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-07-22 18:55 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-07-11 18:34 . 2012-05-27 08:49 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 18:34 . 2012-05-27 08:49 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-03 12:46 . 2012-05-26 14:32 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-08 10:09 . 2012-06-08 10:09 476960 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-06-08 10:09 . 2010-10-14 03:24 472864 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-06-02 22:19 . 2012-06-21 08:11 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 08:12 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 08:12 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 08:12 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 08:11 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 08:12 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 08:11 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 14:19 . 2012-06-21 08:11 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 14:15 . 2012-06-21 08:11 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-27 19:37 . 2012-05-27 19:37 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-05-27 19:37 . 2012-05-27 19:37 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-05-27 19:37 . 2012-05-27 19:37 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-05-27 19:37 . 2012-05-27 19:37 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-05-27 19:37 . 2012-05-27 19:37 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-05-27 19:37 . 2012-05-27 19:37 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-05-27 19:37 . 2012-05-27 19:37 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-05-27 19:37 . 2012-05-27 19:37 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-05-27 19:37 . 2012-05-27 19:37 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-05-27 19:37 . 2012-05-27 19:37 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-05-27 19:37 . 2012-05-27 19:37 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-05-27 19:37 . 2012-05-27 19:37 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-05-27 19:37 . 2012-05-27 19:37 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-05-27 19:37 . 2012-05-27 19:37 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-05-27 19:37 . 2012-05-27 19:37 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-05-27 19:37 . 2012-05-27 19:37 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-05-27 19:37 . 2012-05-27 19:37 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-05-27 19:37 . 2012-05-27 19:37 65024 ----a-w- c:\windows\system32\pngfilt.dll
2012-05-27 19:37 . 2012-05-27 19:37 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2012-05-27 19:37 . 2012-05-27 19:37 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-05-27 19:37 . 2012-05-27 19:37 267776 ----a-w- c:\windows\system32\ieaksie.dll
2012-05-27 19:37 . 2012-05-27 19:37 222208 ----a-w- c:\windows\system32\msls31.dll
2012-05-27 19:37 . 2012-05-27 19:37 197120 ----a-w- c:\windows\system32\msrating.dll
2012-05-27 19:37 . 2012-05-27 19:37 163840 ----a-w- c:\windows\system32\ieakui.dll
2012-05-27 19:37 . 2012-05-27 19:37 149504 ----a-w- c:\windows\system32\occache.dll
2012-05-27 19:37 . 2012-05-27 19:37 145920 ----a-w- c:\windows\system32\iepeers.dll
2012-05-27 19:37 . 2012-05-27 19:37 12288 ----a-w- c:\windows\system32\mshta.exe
2012-05-27 19:37 . 2012-05-27 19:37 114176 ----a-w- c:\windows\system32\admparse.dll
2012-05-27 19:37 . 2012-05-27 19:37 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2012-05-27 19:37 . 2012-05-27 19:37 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-05-27 19:37 . 2012-05-27 19:37 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-05-27 19:37 . 2012-05-27 19:37 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2012-05-27 19:37 . 2012-05-27 19:37 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-05-27 19:37 . 2012-05-27 19:37 82432 ----a-w- c:\windows\system32\icardie.dll
2012-05-27 19:37 . 2012-05-27 19:37 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-05-27 19:37 . 2012-05-27 19:37 697344 ----a-w- c:\windows\system32\msfeeds.dll
2012-05-27 19:37 . 2012-05-27 19:37 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2012-05-27 19:37 . 2012-05-27 19:37 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-05-27 19:37 . 2012-05-27 19:37 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2012-05-27 19:37 . 2012-05-27 19:37 448512 ----a-w- c:\windows\system32\html.iec
2012-05-27 19:37 . 2012-05-27 19:37 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2012-05-27 19:37 . 2012-05-27 19:37 39936 ----a-w- c:\windows\system32\iernonce.dll
2012-05-27 19:37 . 2012-05-27 19:37 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2012-05-27 19:37 . 2012-05-27 19:37 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-27 19:37 . 2012-05-27 19:37 282112 ----a-w- c:\windows\system32\dxtrans.dll
2012-05-27 19:37 . 2012-05-27 19:37 249344 ----a-w- c:\windows\system32\webcheck.dll
2012-05-27 19:37 . 2012-05-27 19:37 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-05-27 19:37 . 2012-05-27 19:37 160256 ----a-w- c:\windows\system32\wextract.exe
2012-05-27 19:37 . 2012-05-27 19:37 160256 ----a-w- c:\windows\system32\ieakeng.dll
2012-05-27 19:37 . 2012-05-27 19:37 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-05-27 19:37 . 2012-05-27 19:37 103936 ----a-w- c:\windows\system32\inseng.dll
2012-05-27 19:37 . 2012-05-27 19:37 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-05-04 11:06 . 2012-06-14 08:25 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-14 08:25 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-14 08:25 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-14 08:25 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-14 08:25 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-14 08:25 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-14 08:25 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-14 08:25 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
(((((((((( Reg Loading Points
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"IGearSettings"="c:\users\Steve\AppData\Local\IGearSettings\oxxxmydo.dll" [2012-07-20 753664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-12-17 98304]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2010-08-11 163040]
.
c:\users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Steve\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-6-14 27595032]
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2012-7-11 576000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-11 250056]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-27 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-12-18 202752]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [2012-05-30 935480]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [2009-09-18 23912]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 O2MDGRDR;O2MDGRDR;c:\windows\system32\DRIVERS\o2mdgx64.sys [2009-11-04 74016]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-21 239616]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-27 18:34]
.
.
X64 Entries
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-21 487424]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2009-12-17 5470208]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-11-03 3168336]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
---Supplementary Scan
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://uk.yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
FF - ProfilePath - c:\users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\hde7deur.default\
FF - prefs.js: browser.search.selectedEngine - IMDB
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- ORPHANS REMOVED
.
BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files (x86)\AVG Secure Search\11.1.1.7\AVG Secure Search_toolbar.dll
Toolbar-Locked - (no file)
Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files (x86)\AVG Secure Search\11.1.1.7\AVG Secure Search_toolbar.dll
Wow6432Node-HKLM-Run-NWEReboot - (no file)
Wow6432Node-HKLM-Run-vProt - c:\program files (x86)\AVG Secure Search\vprot.exe
Wow6432Node-HKLM-Run-HF_G_Jul - c:\program files (x86)\AVG Secure Search\HF_G_Jul.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-AVG Secure Search - c:\program files (x86)\AVG Secure Search\UNINSTALL.exe
.
.
LOCKED REGISTRY KEYS
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Other Running Processes
.
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\system32\DRIVERS\o2flash.exe
c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
.
***
.
Completion time: 2012-07-24 18:06:36 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-24 17:06
.
Pre-Run: 59,880,046,592 bytes free
Post-Run: 59,877,728,256 bytes free0 -
It just needed rebooting again.An illegal operation has been attempted on a registry item flagged for deletion'
So you've done a system restore since running combofix?0 -
If you want to save time, backup data to an external drive or dvd, create W7 recovery media dvd's using Dell datasafe software, factory restore it, try avast or avira along with malwarebytes for AV, all free, put your data back
http://support.dell.com/support/topics/global.aspx/support/kcs/document?c=us&l=en&s=gen&docid=DSN_362066&isLegacy=true
make regular disk image backups.!!
> . !!!! ----> .0 -
It just needed rebooting again.
So you've done a system restore since running combofix?
I did a reboot, still nothing would work...
The only way I could get the system to load anything (as far as I could see) was to do a restore or a complete reinstall.
I couldn't even get a browser to load!
Yes, I had to do a restore, but at a point 2 days back when I was in the middle of having problems. . .
Run it again?0 -
If you want to save time, backup data to an external drive or dvd, create W7 recovery media dvd's using Dell datasafe software, factory restore it, try avast or avira along with malwarebytes for AV, all free, put your data back
http://support.dell.com/support/topics/global.aspx/support/kcs/document?c=us&l=en&s=gen&docid=DSN_362066&isLegacy=true
make regular disk image backups.
It's an option, but It's not necessarily going to save time. You'd have to back up (something that you should do anyway). You'd have the updates to reinstall, programs you've installed since buying it to reinstall. You'd lose any custom settings you've made so would have to reconfigure etc... It all takes time.0 -
Run it again?
Still having problems since restoring?
I'm sure this is part of the problem. It depends if it's still there not.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"IGearSettings"="c:\users\Steve\AppData\Local\IGearSettings\oxxxmydo.dll" [2012-07-20 753664]0 -
The date looks right. All the problems started last Friday (the 20th).
I've cut and paste that string and searched for it in the registry and deleted it...
I'll reboot and see what happens now. . .0 -
Navigate to the folder: IGearSettings
c:\ > users > Steve > AppData > Local > IGearSettings
Open the folder & rename the file with a .vir extension. oxxxmydo.dll.vir
Open regedit, expand the HKey_Current_User hive
Navigate to the run key:
SOFTWARE > Microsoft > Windows > CurrentVersion > Run
Delete the value: IGearSettings
Reboot. Go back and delete that file.0 -
Reboot. Go back and delete that file.[COLOR=Red][COLOR=Black]c:\users\Steve\AppData\Local\IGearSettings\[/COLOR]oxxxmydo.dll[/COLOR]
In fact before you delete that file, upload it to virustotal.
https://www.virustotal.com/0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 350.9K Banking & Borrowing
- 253.1K Reduce Debt & Boost Income
- 453.5K Spending & Discounts
- 243.9K Work, Benefits & Business
- 598.8K Mortgages, Homes & Bills
- 176.9K Life & Family
- 257.2K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards