TechSpot

Random restarts on Dell with Windows 7, no BSOD

Inactive
By Enuff
Oct 18, 2011
  1. I have bought a Dell and it has happens to restart at random times. It can restart while surfing the web or the kids playing a web based game.It will also restart when it is idle with the monitor off. This is my wife and kids' PC, I have one right next to it. I can hear it restart when it hasn't been in use at all.

    I have ran Malwarebytes and all it found was a few registry errors I will post at the end but they were caused by Pup.LivingPlay. I have also ran GMER and it didn't find anything.

    here are the specs for the PC

    Dell: Inspiron 580S
    Intel 5i 650@3.2 GHz
    8.00 GB Ram
    Win 7 Home Premium 64-bit

    Malwarebytes log: (run on 10-10-2011)


    Database version: 7912

    Windows 6.1.7601 Service Pack 1
    Internet Explorer 9.0.8112.16421

    10/10/2011 12:13:18 AM
    mbam-log-2011-10-10 (00-13-18).txt

    Scan type: Full scan (C:\|D:\|)
    Objects scanned: 380305
    Time elapsed: 46 minute(s), 59 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 8
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\CLSID\{D9291F9E-7010-4D7A-8DF6-455DEEF8EF51} (PUP.LivingPlay) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{8006F89E-63A1-402A-8DB7-08A4C58F95AA} (PUP.LivingPlay) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{D4256C66-8177-4E19-8A13-2D43B2282D0D} (PUP.LivingPlay) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\lptlIE.TextLinks.1 (PUP.LivingPlay) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\lptlIE.TextLinks (PUP.LivingPlay) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{D9291F9E-7010-4D7A-8DF6-455DEEF8EF51} (PUP.LivingPlay) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{D 9291F9E-7010-4D7A-8DF6-455DEEF8EF51} (PUP.LivingPlay) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D929 1F9E-7010-4D7A-8DF6-455DEEF8EF51} (PUP.LivingPlay) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    Malwarebytes (Ran on 10-18-2011)
    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 7973

    Windows 6.1.7601 Service Pack 1
    Internet Explorer 9.0.8112.16421

    10/18/2011 2:25:34 PM
    mbam-log-2011-10-18 (14-25-34).txt

    Scan type: Quick scan
    Objects scanned: 205453
    Time elapsed: 1 minute(s), 16 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    Gmer Log

    No log created

    DDS File 1

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421
    Run by Carolyn at 14:26:43 on 2011-10-18
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7991.5964 [GMT -7:00]
    .
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
    AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
    FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
    C:\Program Files\Microsoft LifeCam\MSCamS64.exe
    C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\svchost.exe -k HPService
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\igfxpers.exe
    C:\Users\Carolyn\AppData\Local\Google\Update\GoogleUpdate.exe
    C:\Program Files (x86)\Iomega\Home Storage Manager\Iomega Discovery.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Users\Carolyn\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Carolyn\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Carolyn\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Carolyn\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Carolyn\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Users\Carolyn\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Carolyn\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\mmc.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:blank
    uDefault_Page_URL = about:blank
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    mWinlogon: Userinit=userinit.exe,
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\IPS\IPSBHO.DLL
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    uRun: [Google Update] "C:\Users\Carolyn\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    mRun: [<NO NAME>]
    mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    mRun: [Iomega Home Storage Manager] C:\Program Files (x86)\Iomega\Home Storage Manager\Iomega Discovery.exe
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    TCP: DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{6F7D9FDC-D43C-44D3-9282-48F0E57F7ADC} : DhcpNameServer = 192.168.0.1
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    BHO-X64: 0x1 - No File
    BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO-X64: HP Print Enhancer - No File
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll
    BHO-X64: Symantec NCO BHO - No File
    BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\IPS\IPSBHO.DLL
    BHO-X64: Symantec Intrusion Prevention - No File
    BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    BHO-X64: Search Helper - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO-X64: SkypeIEPluginBHO - No File
    BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    BHO-X64: HP Smart BHO Class - No File
    TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll
    TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
    mRun-x64: [(Default)]
    mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    mRun-x64: [Iomega Home Storage Manager] C:\Program Files (x86)\Iomega\Home Storage Manager\Iomega Discovery.exe
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
    R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS [?]
    R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS [?]
    R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111014.001\BHDrvx64.sys [2011-10-14 1155704]
    R1 ComcastSecureBackupShareFilter;ComcastSecureBackupShareFilter;C:\Windows\system32\DRIVERS\ComcastSecureBackupShare.sys --> C:\Windows\system32\DRIVERS\ComcastSecureBackupShare.sys [?]
    R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20111015.030\IDSviA64.sys [2011-10-17 488568]
    R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS [?]
    R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\N360x64\0501000.01D\SYMNETS.SYS --> C:\Windows\system32\Drivers\N360x64\0501000.01D\SYMNETS.SYS [?]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-10-9 366152]
    R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\ccsvchst.exe [2011-5-20 130008]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-7-27 136824]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\system32\Drivers\nx6000.sys --> C:\Windows\system32\Drivers\nx6000.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-8-18 2151640]
    S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
    S3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
    S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S4 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-5-13 92160]
    S4 ComcastSecureBackupSharebackup;Comcast Secure Backup & Share Backup Service;C:\Program Files\SecureBackupShare\ComcastSecureBackupSharebackup.exe [2010-12-14 16104]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2011-10-18 21:24:10 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2011-10-18 04:15:59 -------- d-----w- C:\Users\Carolyn\AppData\Local\{8DB9C759-6736-415F-AD90-8C03C1A654CB}
    2011-10-18 04:15:49 -------- d-----w- C:\Users\Carolyn\AppData\Local\{EC128CFD-C68E-4E2F-9367-E36C2881112B}
    2011-10-18 04:15:01 -------- d-----w- C:\Users\Carolyn\AppData\Local\{A7A2DEFC-A05D-4FA2-817E-8F600B752CBD}
    2011-10-18 04:14:50 -------- d-----w- C:\Users\Carolyn\AppData\Local\{3A7BF8DC-8059-49DF-A21A-A19903FB06AB}
    2011-10-18 03:44:03 -------- d-----w- C:\Users\Carolyn\AppData\Local\{7D5C0181-5697-4942-A996-DF54DE584F0C}
    2011-10-18 03:43:52 -------- d-----w- C:\Users\Carolyn\AppData\Local\{01D8C723-E6EB-48D4-9CAD-FF648F227E5D}
    2011-10-17 23:46:57 -------- d-----w- C:\Users\Carolyn\AppData\Local\LEGO Software
    2011-10-17 23:43:17 -------- d-----w- C:\Program Files (x86)\LEGO Software
    2011-10-14 04:12:27 -------- d-----w- C:\Program Files\iTunes
    2011-10-14 04:12:27 -------- d-----w- C:\Program Files\iPod
    2011-10-14 04:12:27 -------- d-----w- C:\Program Files (x86)\iTunes
    2011-10-14 04:10:24 -------- d-----w- C:\Program Files\Bonjour
    2011-10-14 04:10:24 -------- d-----w- C:\Program Files (x86)\Bonjour
    2011-10-12 11:39:22 3138048 ----a-w- C:\Windows\System32\win32k.sys
    2011-10-12 11:39:18 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
    2011-10-12 11:39:18 613888 ----a-w- C:\Windows\System32\psisdecd.dll
    2011-10-12 11:39:18 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
    2011-10-12 11:39:18 108032 ----a-w- C:\Windows\System32\psisrndr.ax
    2011-10-12 11:39:11 861696 ----a-w- C:\Windows\System32\oleaut32.dll
    2011-10-12 11:39:11 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
    2011-10-12 11:39:11 331776 ----a-w- C:\Windows\System32\oleacc.dll
    2011-10-12 11:39:11 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
    2011-10-10 06:29:54 16432 ----a-w- C:\Windows\System32\lsdelete.exe
    2011-10-10 06:23:50 -------- d-----w- C:\Users\Carolyn\AppData\Roaming\Malwarebytes
    2011-10-10 06:23:41 -------- d-----w- C:\ProgramData\Malwarebytes
    2011-10-10 06:23:38 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-10-10 06:23:38 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-10-10 06:22:49 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
    2011-10-10 06:21:09 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys
    2011-10-10 06:21:04 -------- d-----w- C:\Program Files (x86)\Lavasoft
    2011-10-09 03:20:51 -------- d-----w- C:\Users\Carolyn\AppData\Local\{7C4DC936-3B33-41E2-A4EF-32B830836457}
    2011-10-09 03:20:39 -------- d-----w- C:\Users\Carolyn\AppData\Local\{B99403CF-A3A3-4E9F-BA78-4017B8A2BC52}
    2011-10-09 03:20:30 -------- d-----w- C:\Users\Carolyn\AppData\Local\{279FB56C-3859-4C7F-A63D-E9C62E3ABD06}
    2011-10-09 03:20:19 -------- d-----w- C:\Users\Carolyn\AppData\Local\{C8DBBB59-DFEB-4A8C-83A0-500776BF5E66}
    2011-10-06 00:10:52 -------- d-----w- C:\Users\Carolyn\AppData\Local\{B2856487-9F1D-4DEB-AB51-3A349CBABEF2}
    2011-10-06 00:10:42 -------- d-----w- C:\Users\Carolyn\AppData\Local\{8C2D5E45-06A0-41DD-9C3D-0E57487E6EEA}
    2011-10-06 00:05:21 -------- d-----w- C:\Users\Carolyn\AppData\Local\{FD163E15-23F2-475E-BA10-0A109B9CE1A0}
    2011-10-06 00:05:10 -------- d-----w- C:\Users\Carolyn\AppData\Local\{E024327C-43CD-4B56-B5C6-49ABFF60DC43}
    2011-10-04 14:14:22 -------- d-----w- C:\Users\Carolyn\AppData\Local\{637BF3D1-CABA-44C4-A75D-12639E1CBCED}
    2011-10-04 14:14:12 -------- d-----w- C:\Users\Carolyn\AppData\Local\{EE932F01-9A43-4EAF-8AE0-8771B87A7677}
    2011-10-02 03:09:37 -------- d-----w- C:\Users\Carolyn\AppData\Local\{16B39072-C9EE-4CE1-BD3A-C4CB44F69998}
    2011-10-02 03:09:26 -------- d-----w- C:\Users\Carolyn\AppData\Local\{FC3493E0-F016-4DEA-B45F-86C2DBB4FD43}
    2011-10-02 03:09:14 -------- d-----w- C:\Users\Carolyn\AppData\Local\{10F72686-A554-40D1-A81E-15C340EB4105}
    2011-10-02 03:09:04 -------- d-----w- C:\Users\Carolyn\AppData\Local\{26ECD222-11A0-4962-990F-E0DFFEB3025D}
    2011-10-01 04:09:36 -------- d-----w- C:\Users\Carolyn\AppData\Local\{8864F4D1-565B-4390-9951-270192F950BD}
    2011-10-01 04:09:26 -------- d-----w- C:\Users\Carolyn\AppData\Local\{6A2DA8B3-DD80-4353-845D-40334816C047}
    2011-09-23 03:51:17 -------- d-----w- C:\Users\Carolyn\AppData\Local\{011B6625-8300-4827-8240-45DEB9EEB625}
    2011-09-23 03:51:07 -------- d-----w- C:\Users\Carolyn\AppData\Local\{5A9FE0B9-6C5B-44EA-9F32-D4C12467B3EC}
    2011-09-23 03:50:58 -------- d-----w- C:\Users\Carolyn\AppData\Local\{1643CDBB-9734-4DFF-B86E-A287AD1AD28E}
    2011-09-23 03:50:48 -------- d-----w- C:\Users\Carolyn\AppData\Local\{68CFFD90-588D-4F69-9968-0E4A2E214F81}
    .
    ==================== Find3M ====================
    .
    2011-09-01 05:24:07 2309120 ----a-w- C:\Windows\System32\jscript9.dll
    2011-09-01 05:17:57 1389056 ----a-w- C:\Windows\System32\wininet.dll
    2011-09-01 05:12:04 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2011-09-01 02:35:59 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2011-09-01 02:28:15 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
    2011-09-01 02:22:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2011-08-31 14:30:24 1060864 ----a-w- C:\Windows\SysWow64\mfc71.dll
    2011-08-31 06:05:32 96104 ----a-w- C:\Windows\System32\dns-sd.exe
    2011-08-31 06:05:32 85864 ----a-w- C:\Windows\System32\dnssd.dll
    2011-08-31 06:05:32 61288 ----a-w- C:\Windows\System32\jdns_sd.dll
    2011-08-31 06:05:32 212840 ----a-w- C:\Windows\System32\dnssdX.dll
    2011-08-31 06:05:04 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe
    2011-08-31 06:05:04 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll
    2011-08-31 06:05:04 50536 ----a-w- C:\Windows\SysWow64\jdns_sd.dll
    2011-08-31 06:05:04 178536 ----a-w- C:\Windows\SysWow64\dnssdX.dll
    2011-07-21 22:56:41 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    .
    ============= FINISH: 14:27:01.09 ===============
     
  2. Enuff

    Enuff TS Rookie Topic Starter Posts: 16

    cont

    DDS Log #2


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 5/20/2011 2:31:48 PM
    System Uptime: 10/18/2011 11:56:21 AM (3 hours ago)
    .
    Motherboard: Dell Inc. | | 0C2KJT
    Processor: Intel(R) Core(TM) i5 CPU 650 @ 3.20GHz | CPU 1 | 3201/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 918 GiB total, 666.495 GiB free.
    D: is FIXED (NTFS) - 14 GiB total, 7.607 GiB free.
    E: is CDROM (CDFS)
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Broadcom NetLink (TM) Gigabit Ethernet
    Device ID: PCI\VEN_14E4&DEV_1691&SUBSYS_04381028&REV_01\4&3699D3AB&0&00E5
    Manufacturer: Broadcom
    Name: Broadcom NetLink (TM) Gigabit Ethernet
    PNP Device ID: PCI\VEN_14E4&DEV_1691&SUBSYS_04381028&REV_01\4&3699D3AB&0&00E5
    Service: k57nd60a
    .
    Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
    Description: Photosmart Premium C309g-m
    Device ID: ROOT\IMAGE\0000
    Manufacturer: HP
    Name: Photosmart Premium C309g-m
    PNP Device ID: ROOT\IMAGE\0000
    Service: StillCam
    .
    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
    Description: Photosmart Premium C309g-m
    Device ID: ROOT\MULTIFUNCTION\0000
    Manufacturer: HP
    Name: Photosmart Premium C309g-m
    PNP Device ID: ROOT\MULTIFUNCTION\0000
    Service:
    .
    ==== System Restore Points ===================
    .
    RP17: 10/9/2011 9:01:27 AM - Scheduled Checkpoint
    RP18: 10/9/2011 11:20:22 PM - Installed Ad-Aware
    RP19: 10/9/2011 11:20:46 PM - Installed Ad-Aware
    RP20: 10/16/2011 3:00:14 AM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    Ad-Aware
    Adobe Flash Player 10 ActiveX
    Adobe Reader 9.1
    Apple Application Support
    Apple Software Update
    Berlitz Before You Know It Flash Cards
    Berlitz Learning System - Spanish
    BufferChm
    C309g-m
    Coupon Printer for Windows
    CyberLink PowerDVD 9.5
    D3DX10
    Destinations
    DeviceDiscovery
    Google Chrome
    GPBaseService2
    HP Photo Creations
    HP Update
    HPPhotoGadget
    HPProductAssistant
    HPSSupply
    Intel(R) Graphics Media Accelerator Driver
    Iomega Home Storage Manager
    Junk Mail filter update
    LEGO Universe
    Malwarebytes' Anti-Malware version 1.51.2.1300
    MarketResearch
    Mesh Runtime
    Messenger Companion
    Microsoft Corporation
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2010
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Norton Security Suite
    PS_AIO_06_C309g-m_SW_Min
    QuickTime
    QuickTransfer
    Realtek High Definition Audio Driver
    Roxio Burn
    Safari
    Scan
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2553074)
    Security Update for 2007 Microsoft Office System (KB2553089)
    Security Update for 2007 Microsoft Office System (KB2553090)
    Security Update for 2007 Microsoft Office System (KB2584063)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft Office Excel 2007 (KB2553073)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Skype Toolbars
    Skype™ 5.3
    SmartWebPrinting
    SolutionCenter
    Spotify
    Status
    Toolbox
    TrayApp
    Unity Web Player
    Update for 2007 Microsoft Office System (KB2284654)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    WebReg
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Player Firefox Plugin
    Yahoo! Toolbar
    .
    ==== Event Viewer Messages From Past Week ========
    .
    10/17/2011 9:15:05 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {10DA4F3C-CC99-4190-BE4D-58330754E882} and APPID {7DDEFEA6-98EE-4F13-A25B-EC83D9BC5541} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    10/16/2011 3:00:14 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OSDisk.
    10/13/2011 9:11:12 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    .
    ==== End Of File ===========================
     
  3. Broni

    Broni Malware Annihilator Posts: 47,684   +268

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ====================================================================

    Are you doing anything in particular when your computer restarts?

    You're running two AV programs, Lavasoft Ad-Watch Live! Anti-Virus and Norton.
    One of them has to go.
    I suggest Lavasoft goes.

    When done...

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    =================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  4. Enuff

    Enuff TS Rookie Topic Starter Posts: 16

    aswMBR log and ComboFix

    aswMBR log

    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-10-18 19:54:13
    -----------------------------
    19:54:13.352 OS Version: Windows x64 6.1.7601 Service Pack 1
    19:54:13.352 Number of processors: 4 586 0x2505
    19:54:13.353 ComputerName: MININT-L2SPURV UserName: Carolyn
    19:54:15.714 Initialize success
    20:05:11.581 AVAST engine defs: 11101801
    20:06:45.221 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    20:06:45.223 Disk 0 Vendor: ST31000528AS CC46 Size: 953869MB BusType: 3
    20:06:45.235 Disk 0 MBR read successfully
    20:06:45.237 Disk 0 MBR scan
    20:06:45.241 Disk 0 Windows 7 default MBR code
    20:06:45.243 Service scanning
    20:06:46.399 Modules scanning
    20:06:46.402 Disk 0 trace - called modules:
    20:06:46.425 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
    20:06:46.429 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007ce7790]
    20:06:46.431 3 CLASSPNP.SYS[fffff88001ba443f] -> nt!IofCallDriver -> [0xfffffa80079e3e40]
    20:06:46.433 5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80079ee060]
    20:06:49.627 AVAST engine scan C:\Windows
    20:06:52.047 AVAST engine scan C:\Windows\system32
    20:08:17.296 AVAST engine scan C:\Windows\system32\drivers
    20:08:28.059 AVAST engine scan C:\Users\Carolyn
    20:10:56.440 AVAST engine scan C:\ProgramData
    20:12:05.032 Scan finished successfully
    20:24:08.745 Disk 0 MBR has been saved successfully to "C:\Users\Carolyn\Desktop\MBR.dat"
    20:24:08.749 The log file has been saved successfully to "C:\Users\Carolyn\Desktop\aswMBR_10_18_2011.txt"


    ComboFix


    ComboFix 11-10-18.04 - Carolyn 10/18/2011 21:18:21.2.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7991.6355 [GMT -7:00]
    Running from: c:\users\Carolyn\Downloads\ComboFix.exe
    AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    SP: Norton Security Suite *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-09-19 to 2011-10-19 )))))))))))))))))))))))))))))))
    .
    .
    2011-10-17 23:46 . 2011-10-17 23:46 -------- d-----w- c:\users\Carolyn\AppData\Local\LEGO Software
    2011-10-17 23:43 . 2011-10-17 23:43 -------- d-----w- c:\program files (x86)\LEGO Software
    2011-10-14 04:12 . 2011-10-14 04:12 -------- d-----w- c:\program files\iTunes
    2011-10-14 04:12 . 2011-10-14 04:12 -------- d-----w- c:\program files (x86)\iTunes
    2011-10-14 04:12 . 2011-10-14 04:12 -------- d-----w- c:\program files\iPod
    2011-10-14 04:10 . 2011-10-14 04:10 -------- d-----w- c:\program files\Bonjour
    2011-10-14 04:10 . 2011-10-14 04:10 -------- d-----w- c:\program files (x86)\Bonjour
    2011-10-12 11:39 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys
    2011-10-12 11:39 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
    2011-10-12 11:39 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
    2011-10-12 11:39 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
    2011-10-12 11:39 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
    2011-10-12 11:39 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
    2011-10-12 11:39 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
    2011-10-12 11:39 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
    2011-10-12 11:39 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
    2011-10-10 06:23 . 2011-10-10 06:23 -------- d-----w- c:\users\Carolyn\AppData\Roaming\Malwarebytes
    2011-10-10 06:23 . 2011-10-10 06:23 -------- d-----w- c:\programdata\Malwarebytes
    2011-10-10 06:23 . 2011-10-10 06:23 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2011-10-10 06:23 . 2011-09-01 00:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-10-10 06:22 . 2011-10-10 06:22 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2011-10-10 06:21 . 2011-10-19 02:52 -------- d-----w- c:\programdata\Lavasoft
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-08-31 14:30 . 2011-08-31 14:30 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll
    2011-08-31 06:05 . 2011-08-31 06:05 96104 ----a-w- c:\windows\system32\dns-sd.exe
    2011-08-31 06:05 . 2011-08-31 06:05 85864 ----a-w- c:\windows\system32\dnssd.dll
    2011-08-31 06:05 . 2011-08-31 06:05 61288 ----a-w- c:\windows\system32\jdns_sd.dll
    2011-08-31 06:05 . 2011-08-31 06:05 212840 ----a-w- c:\windows\system32\dnssdX.dll
    2011-08-31 06:05 . 2011-08-31 06:05 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
    2011-08-31 06:05 . 2011-08-31 06:05 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
    2011-08-31 06:05 . 2011-08-31 06:05 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll
    2011-08-31 06:05 . 2011-08-31 06:05 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll
    2011-07-21 22:56 . 2011-07-21 22:53 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-07-21 19:45 . 2011-07-21 19:45 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2011-07-21 19:45 . 2011-07-21 19:45 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2011-07-21 19:45 . 2011-07-21 19:45 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
    2011-07-21 19:45 . 2011-07-21 19:45 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
    2011-07-21 19:45 . 2011-07-21 19:45 76800 ----a-w- c:\windows\system32\tdc.ocx
    2011-07-21 19:45 . 2011-07-21 19:45 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
    2011-07-21 19:45 . 2011-07-21 19:45 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
    2011-07-21 19:45 . 2011-07-21 19:45 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
    2011-07-21 19:45 . 2011-07-21 19:45 49664 ----a-w- c:\windows\system32\imgutil.dll
    2011-07-21 19:45 . 2011-07-21 19:45 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
    2011-07-21 19:45 . 2011-07-21 19:45 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2011-07-21 19:45 . 2011-07-21 19:45 448512 ----a-w- c:\windows\system32\html.iec
    2011-07-21 19:45 . 2011-07-21 19:45 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
    2011-07-21 19:45 . 2011-07-21 19:45 367104 ----a-w- c:\windows\SysWow64\html.iec
    2011-07-21 19:45 . 2011-07-21 19:45 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
    2011-07-21 19:45 . 2011-07-21 19:45 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
    2011-07-21 19:45 . 2011-07-21 19:45 222208 ----a-w- c:\windows\system32\msls31.dll
    2011-07-21 19:45 . 2011-07-21 19:45 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2011-07-21 19:45 . 2011-07-21 19:45 161792 ----a-w- c:\windows\SysWow64\msls31.dll
    2011-07-21 19:45 . 2011-07-21 19:45 152064 ----a-w- c:\windows\SysWow64\wextract.exe
    2011-07-21 19:45 . 2011-07-21 19:45 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
    2011-07-21 19:45 . 2011-07-21 19:45 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2011-07-21 19:45 . 2011-07-21 19:45 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2011-07-21 19:45 . 2011-07-21 19:45 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
    2011-07-21 19:45 . 2011-07-21 19:45 12288 ----a-w- c:\windows\system32\mshta.exe
    2011-07-21 19:45 . 2011-07-21 19:45 11776 ----a-w- c:\windows\SysWow64\mshta.exe
    2011-07-21 19:45 . 2011-07-21 19:45 114176 ----a-w- c:\windows\system32\admparse.dll
    2011-07-21 19:45 . 2011-07-21 19:45 111616 ----a-w- c:\windows\system32\iesysprep.dll
    2011-07-21 19:45 . 2011-07-21 19:45 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
    2011-07-21 19:45 . 2011-07-21 19:45 101888 ----a-w- c:\windows\SysWow64\admparse.dll
    2011-07-21 19:45 . 2011-07-21 19:45 85504 ----a-w- c:\windows\system32\iesetup.dll
    2011-07-21 19:45 . 2011-07-21 19:45 603648 ----a-w- c:\windows\system32\vbscript.dll
    2011-07-21 19:45 . 2011-07-21 19:45 30720 ----a-w- c:\windows\system32\licmgr10.dll
    2011-07-21 19:45 . 2011-07-21 19:45 165888 ----a-w- c:\windows\system32\iexpress.exe
    2011-07-21 19:45 . 2011-07-21 19:45 160256 ----a-w- c:\windows\system32\wextract.exe
    2011-07-21 19:45 . 2011-07-21 19:45 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
    "Iomega Home Storage Manager"="c:\program files (x86)\Iomega\Home Storage Manager\Iomega Discovery.exe" [2009-10-27 152936]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-06 421888]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-10 421736]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
    R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    R3 PCDSRVC{67F2314B-25F2B3C0-06020101}_0;PCDSRVC{67F2314B-25F2B3C0-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\gencotst\pcdsrvc_x64.pkms [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R4 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-03-31 92160]
    R4 ComcastSecureBackupSharebackup;Comcast Secure Backup & Share Backup Service;c:\program files\SecureBackupShare\ComcastSecureBackupSharebackup.exe [2010-12-14 16104]
    R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-09-01 366152]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS [x]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS [x]
    S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111014.001\BHDrvx64.sys [2011-10-14 1155704]
    S1 ComcastSecureBackupShareFilter;ComcastSecureBackupShareFilter;c:\windows\system32\DRIVERS\ComcastSecureBackupShare.sys [x]
    S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20111018.030\IDSvia64.sys [2011-08-23 488568]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS [x]
    S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0501000.01D\SYMNETS.SYS [x]
    S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe [2011-04-17 130008]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-07-27 136824]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
    S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-10-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2819792181-1437418591-3702638766-1002Core.job
    - c:\users\Carolyn\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-20 19:38]
    .
    2011-10-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2819792181-1437418591-3702638766-1002UA.job
    - c:\users\Carolyn\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-20 19:38]
    .
    2011-10-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2819792181-1437418591-3702638766-1003Core.job
    - c:\users\Alex\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-21 23:02]
    .
    2011-10-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2819792181-1437418591-3702638766-1003UA.job
    - c:\users\Alex\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-21 23:02]
    .
    2011-10-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2819792181-1437418591-3702638766-1004Core.job
    - c:\users\Anna\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-04 22:29]
    .
    2011-10-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2819792181-1437418591-3702638766-1004UA.job
    - c:\users\Anna\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-04 22:29]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ComcastSecureBackupShare]
    @="{72bcb80d-7778-eb4a-ec51-22340ad33e07}"
    [HKEY_CLASSES_ROOT\CLSID\{72bcb80d-7778-eb4a-ec51-22340ad33e07}]
    2010-12-14 19:06 4345576 ----a-w- c:\program files\SecureBackupShare\ComcastSecureBackupShareshell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ComcastSecureBackupShare2]
    @="{b723586e-9ca0-5b27-341a-4990a8c342cf}"
    [HKEY_CLASSES_ROOT\CLSID\{b723586e-9ca0-5b27-341a-4990a8c342cf}]
    2010-12-14 19:06 4345576 ----a-w- c:\program files\SecureBackupShare\ComcastSecureBackupShareshell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ComcastSecureBackupShare3]
    @="{f614e4c4-b3fa-5249-b9ea-4fe7d38b8cd0}"
    [HKEY_CLASSES_ROOT\CLSID\{f614e4c4-b3fa-5249-b9ea-4fe7d38b8cd0}]
    2010-12-14 19:06 4345576 ----a-w- c:\program files\SecureBackupShare\ComcastSecureBackupShareshell.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-19 8067616]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = about:blank
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.0.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Toolbar-Locked - (no file)
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
    "ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{67F2314B-25F2B3C0-06020101}_0]
    "ImagePath"="\??\c:\gencotst\pcdsrvc_x64.pkms"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-2819792181-1437418591-3702638766-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.Email.1"
    .
    [HKEY_USERS\S-1-5-21-2819792181-1437418591-3702638766-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.VCard.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    .
    **************************************************************************
    .
    Completion time: 2011-10-18 21:28:42 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-10-19 04:28
    .
    Pre-Run: 722,093,613,056 bytes free
    Post-Run: 722,051,252,224 bytes free
    .
    - - End Of File - - B7740075A7920F09D8E57C5B107406D3
     
  5. Broni

    Broni Malware Annihilator Posts: 47,684   +268

    All looks clean.

    In this forum, we make sure, your computer is free of malware and your computer is clean :)
    Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
    You'll get more attention.
     
  6. Enuff

    Enuff TS Rookie Topic Starter Posts: 16

    They were the ones who asked me to post here. I guess I will just have to do the recovery of Windows. When I called Dell this is what they recommended. The PC is only 3 months old.
     
  7. Broni

    Broni Malware Annihilator Posts: 47,684   +268

    If so, I'd take advantage of your warranty.
    Things like this shouldn't be happening to 3 months old machine.
     
  8. Enuff

    Enuff TS Rookie Topic Starter Posts: 16

    Thank you very much sir
     
  9. Broni

    Broni Malware Annihilator Posts: 47,684   +268

    You're very welcome [​IMG]
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.