Inactive HDD working a lot

[bcrens7]

Hi I don't think I have any viruses because everything is acting normal but I could be wrong. my hd always seems to be working even when im not doing anything is there anything I can do to check out why.

 

[Broni]

You've been to this forum before so you should know what the drill is.

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

[bcrens7]

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16455
Run by Crenshaw at 23:09:44 on 2012-11-22
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.2078 [GMT -8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{543D4168-6CDB-4F40-BFBE-29DB1782B267} : DHCPNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\crenshaw\appdata\roaming\mozilla\firefox\profiles\54u90y8y.default\
FF - ExtSQL: 2012-11-22 09:46; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - ExtSQL: 2012-11-22 11:39; {4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}; c:\users\crenshaw\appdata\roaming\mozilla\firefox\profiles\54u90y8y.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552]
R1 MpKsl089dbe88;MpKsl089dbe88;c:\programdata\microsoft\microsoft antimalware\definition updates\{fc11c01d-c4db-4d05-a982-40b03dcca973}\MpKsl089dbe88.sys [2008-1-1 29904]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-11-10 176128]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-8-30 99272]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2011-5-13 30312]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-9-12 287824]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-5-13 121064]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-5-13 12776]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-5-13 136808]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2012-11-22 13024]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-11-23 07:01:33 -------- d-----w- c:\users\crenshaw\appdata\roaming\Malwarebytes
2012-11-23 07:01:14 -------- d-----w- c:\programdata\Malwarebytes
2012-11-23 07:01:11 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-23 07:01:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-11-22 22:21:06 60872 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{fc11c01d-c4db-4d05-a982-40b03dcca973}\offreg.dll
2012-11-22 20:51:09 -------- d-----w- c:\program files\CPUID
2012-11-22 20:45:52 -------- d-----w- C:\312c0bcb908c8f4143c8
2012-11-22 20:39:28 125952 ----a-w- c:\windows\system32\srvsvc.dll
2012-11-22 20:39:27 17920 ----a-w- c:\windows\system32\netevent.dll
2012-11-22 20:38:55 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-11-22 20:38:55 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-11-22 20:38:55 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-11-22 20:38:55 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-11-22 20:38:55 1069056 ----a-w- c:\windows\system32\DWrite.dll
2012-11-22 20:38:40 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2012-11-22 20:28:38 740784 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{4cb0ee2d-13b9-42f2-9ec1-0afd4b374764}\gapaengine.dll
2012-11-22 20:28:33 6812136 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{fc11c01d-c4db-4d05-a982-40b03dcca973}\mpengine.dll
2012-11-22 20:28:16 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-11-22 20:23:55 -------- d-----w- c:\program files\Microsoft Security Client
2012-11-22 20:23:33 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2012-11-22 20:18:16 -------- d-----w- c:\program files\uTorrent
2012-11-22 20:17:13 -------- d-----w- c:\users\crenshaw\appdata\roaming\uTorrent
2012-11-22 19:57:19 34304 ----a-w- c:\windows\system32\drivers\AmdLLD.sys
2012-11-22 19:57:18 -------- d-----w- c:\program files\AMD
2012-11-22 19:56:37 -------- d-----w- c:\users\crenshaw\appdata\local\Downloaded Installations
2012-11-22 19:01:20 -------- d-----w- c:\program files\Windows Portable Devices
2012-11-22 18:30:33 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2012-11-22 18:30:32 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2012-11-22 18:30:32 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2012-11-22 18:27:23 5120 ----a-w- c:\windows\system32\wmi.dll
2012-11-22 18:27:23 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-11-22 18:27:23 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-11-22 18:22:14 0 ----a-w- c:\windows\ativpsrm.bin
2012-11-22 18:10:42 98816 ----a-w- c:\windows\system32\mfps.dll
2012-11-22 18:01:30 485920 ----a-w- c:\windows\system32\NVUNINST.EXE
2012-11-22 17:57:06 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-11-22 17:57:06 49472 ----a-w- c:\windows\system32\netfxperf.dll
2012-11-22 17:57:06 297808 ----a-w- c:\windows\system32\mscoree.dll
2012-11-22 17:57:06 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2012-11-22 17:57:06 1130824 ----a-w- c:\windows\system32\dfshim.dll
2012-11-22 17:49:26 -------- d-----w- c:\program files\SlimCleaner
2012-11-22 17:48:36 24064 ----a-w- c:\windows\system32\nshhttp.dll
2012-11-22 17:48:35 411648 ----a-w- c:\windows\system32\drivers\http.sys
2012-11-22 17:48:35 30720 ----a-w- c:\windows\system32\httpapi.dll
2012-11-22 17:44:03 66560 ----a-w- c:\windows\system32\packager.dll
2012-11-22 17:44:02 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2012-11-22 17:44:02 518144 ----a-w- c:\windows\system32\RMActivate.exe
2012-11-22 17:44:02 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2012-11-22 17:44:02 471552 ----a-w- c:\windows\system32\secproc.dll
2012-11-22 17:44:02 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2012-11-22 17:44:02 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2012-11-22 17:44:02 332288 ----a-w- c:\windows\system32\msdrm.dll
2012-11-22 17:44:02 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2012-11-22 17:44:02 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2012-11-22 17:42:34 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2012-11-22 17:42:34 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2012-11-22 17:42:34 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2012-11-22 17:42:34 19968 ----a-w- c:\windows\system32\ARP.EXE
2012-11-22 17:42:34 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2012-11-22 17:42:34 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2012-11-22 17:42:34 105984 ----a-w- c:\windows\system32\netiohlp.dll
2012-11-22 17:42:34 10240 ----a-w- c:\windows\system32\finger.exe
2012-11-22 17:38:32 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2012-11-22 17:38:32 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2012-11-22 17:38:32 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2012-11-22 17:38:32 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2012-11-22 17:38:31 1136640 ----a-w- c:\windows\system32\mfc42.dll
2012-11-22 17:38:26 623616 ----a-w- c:\windows\system32\localspl.dll
2012-11-22 17:38:06 72704 ----a-w- c:\windows\system32\fontsub.dll
2012-11-22 17:38:06 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-11-22 17:38:06 292864 ----a-w- c:\windows\system32\atmfd.dll
2012-11-22 17:38:06 23552 ----a-w- c:\windows\system32\lpk.dll
2012-11-22 17:38:06 10240 ----a-w- c:\windows\system32\dciman32.dll
2012-11-22 17:36:31 60928 ----a-w- c:\windows\system32\msasn1.dll
2012-11-22 17:31:35 677888 ----a-w- c:\windows\system32\mstsc.exe
2012-11-22 17:31:35 2067968 ----a-w- c:\windows\system32\mstscax.dll
2012-11-22 17:31:28 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2012-11-22 17:31:27 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-11-22 17:27:30 98304 ----a-w- c:\windows\system32\cabview.dll
2012-11-22 17:26:31 13024 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2012-11-22 17:26:30 -------- d-----w- c:\users\crenshaw\appdata\local\SlimWare Utilities Inc
2012-11-22 17:26:28 -------- d--h--w- c:\programdata\Common Files
2012-11-22 17:26:26 -------- d-----w- c:\program files\SlimDrivers
2012-11-22 17:26:23 -------- d-sh--w- c:\windows\Installer
2012-11-22 17:26:19 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-11-22 17:21:10 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-11-22 17:21:01 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-11-22 17:20:55 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-11-22 17:20:55 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-11-22 16:54:08 -------- d-----w- c:\windows\Panther
.
==================== Find3M ====================
.
2012-11-22 18:10:42 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2012-11-22 17:43:28 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-22 17:43:28 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-12 14:29:30 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-09-25 16:19:41 75776 ----a-w- c:\windows\system32\synceng.dll
2012-09-13 13:28:08 2048 ----a-w- c:\windows\system32\tzres.dll
2012-08-31 06:03:50 99272 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-31 06:03:50 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-29 11:27:41 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-29 11:27:41 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
.
============= FINISH: 23:10:49.87 ===============

 

[bcrens7]

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 11/22/2012 8:58:40 AM
System Uptime: 11/22/2012 10:56:50 PM (1 hours ago)
.
Motherboard: NF-M2S | | www.abit.com.tw
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4800+ | Socket M2 | 2200/227mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 372 GiB total, 329.473 GiB free.
D: is FIXED (NTFS) - 0 GiB total, 0.139 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable
K: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: PS/2 Compatible Mouse
Device ID: ACPI\PNP0F13\4&27F2A7C&0
Manufacturer: Microsoft
Name: PS/2 Compatible Mouse
PNP Device ID: ACPI\PNP0F13\4&27F2A7C&0
Service: i8042prt
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
µTorrent
Adobe Flash Player 11 ActiveX
CPUID CPU-Z 1.62
Dual-Core Optimizer
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Malwarebytes Anti-Malware version 1.65.1.1000
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Security Client
Microsoft Security Essentials
Mozilla Firefox 17.0 (x86 en-US)
Mozilla Maintenance Service
NVIDIA Drivers
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
SlimCleaner
SlimDrivers
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
.
==== End Of File ===========================

 

[bcrens7]

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.23.02

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Crenshaw :: PC-PC [administrator]

11/22/2012 11:03:12 PM
mbam-log-2012-11-22 (23-03-12).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 181687
Time elapsed: 5 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

[Broni]

• Download RogueKiller on the desktop
• Close all the running programs
• Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
• Otherwise just double-click on RogueKiller.exe
• Pre-scan will start. Let it finish.
• Click on SCAN button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

==============================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

 

[bcrens7]

RogueKiller V8.3.1 [Nov 23 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Crenshaw [Admin rights]
Mode : Remove -- Date : 11/23/2012 09:42:32

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 8 ¤¤¤
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowHelp (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRun (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HDT725040VLA SCSI Disk Device +++++
--- User ---
[MBR] e286893e6db48d5389362e9ad864d965
[BSP] d094f317668d7c98ca371afa947f3f2c : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 350 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 718848 | Size: 381202 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2]_D_11232012_02d0942.txt >>
RKreport[1]_S_11232012_02d0942.txt ; RKreport[2]_D_11232012_02d0942.txt

 

[bcrens7]

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-23 09:43:22
-----------------------------
09:43:22.656 OS Version: Windows 6.0.6002 Service Pack 2
09:43:22.656 Number of processors: 2 586 0x6B01
09:43:22.656 ComputerName: PC-PC UserName:
09:43:23.781 Initialize success
09:44:59.411 AVAST engine defs: 12112301
09:45:11.928 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000052
09:45:11.936 Disk 0 Vendor: Hitachi_ V5CO Size: 381554MB BusType: 3
09:45:11.951 Disk 0 MBR read successfully
09:45:11.959 Disk 0 MBR scan
09:45:11.975 Disk 0 Windows VISTA default MBR code
09:45:11.998 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 350 MB offset 2048
09:45:12.022 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 381202 MB offset 718848
09:45:12.045 Disk 0 scanning sectors +781420544
09:45:12.123 Disk 0 scanning C:\Windows\system32\drivers
09:45:29.287 Service scanning
09:45:43.756 Service MpKsl5ecfa794 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FC11C01D-C4DB-4D05-A982-40B03DCCA973}\MpKsl5ecfa794.sys **LOCKED** 32
09:46:05.240 Modules scanning
09:46:13.318 Disk 0 trace - called modules:
09:46:13.342 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
09:46:13.350 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85f76ac8]
09:46:13.358 3 CLASSPNP.SYS[8a3a48b3] -> nt!IofCallDriver -> [0x84358da8]
09:46:13.365 5 acpi.sys[8080f6bc] -> nt!IofCallDriver -> \Device\00000052[0x85158030]
09:46:14.412 AVAST engine scan C:\Windows
09:46:17.428 AVAST engine scan C:\Windows\system32
09:50:21.389 AVAST engine scan C:\Windows\system32\drivers
09:50:44.998 AVAST engine scan C:\Users\Crenshaw
09:53:52.943 AVAST engine scan C:\ProgramData
09:54:12.467 Scan finished successfully
09:54:58.565 Disk 0 MBR has been saved successfully to "C:\Users\Crenshaw\Desktop\MBR.dat"
09:54:58.589 The log file has been saved successfully to "C:\Users\Crenshaw\Desktop\aswMBR.txt"

 

[Broni]

Create new restore point before proceeding with the next step....
How to:
- Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

===================================

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  If the connection is not there use restore point you created prior to running Combofix.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

 

[bcrens7]

ComboFix 12-11-23.02 - Crenshaw 11/23/2012 11:01:28.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.2205 [GMT -8:00]
Running from: c:\users\Crenshaw\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-10-23 to 2012-11-23 )))))))))))))))))))))))))))))))
.
.
2012-11-23 18:00 . 2012-11-23 18:00 -------- d-----w- c:\windows\system32\sda
2012-11-23 17:59 . 2012-11-23 17:59 -------- d--h--w- c:\program files\InstallShield Installation Information
2012-11-23 17:58 . 2000-01-01 00:00 9112168 ----a-w- c:\windows\system32\RtsUStoricon.dll
2012-11-23 17:58 . 2000-01-01 00:00 193640 ----a-w- c:\windows\system32\drivers\RtsUStor.sys
2012-11-23 17:58 . 2012-11-23 17:58 -------- d-----w- c:\program files\Realtek
2012-11-23 17:58 . 2000-01-01 00:00 313960 ----a-w- c:\windows\system32\RtsUStor.dll
2012-11-23 07:01 . 2012-11-23 07:01 -------- d-----w- c:\programdata\Malwarebytes
2012-11-23 07:01 . 2012-11-23 07:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-11-23 07:01 . 2012-09-30 03:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-22 22:21 . 2012-11-22 22:21 60872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FC11C01D-C4DB-4D05-A982-40B03DCCA973}\offreg.dll
2012-11-22 20:51 . 2012-11-22 20:51 -------- d-----w- c:\program files\CPUID
2012-11-22 20:45 . 2012-11-22 20:45 -------- d-----w- C:\312c0bcb908c8f4143c8
2012-11-22 20:39 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
2012-11-22 20:39 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
2012-11-22 20:38 . 2012-03-01 14:46 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-11-22 20:38 . 2012-03-01 14:46 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-11-22 20:38 . 2012-02-29 14:08 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-11-22 20:38 . 2012-02-29 13:44 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-11-22 20:38 . 2012-02-29 13:41 1069056 ----a-w- c:\windows\system32\DWrite.dll
2012-11-22 20:38 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2012-11-22 20:28 . 2012-11-22 20:28 740784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4CB0EE2D-13B9-42F2-9EC1-0AFD4B374764}\gapaengine.dll
2012-11-22 20:28 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FC11C01D-C4DB-4D05-A982-40B03DCCA973}\mpengine.dll
2012-11-22 20:28 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-11-22 20:23 . 2012-11-22 20:24 -------- d-----w- c:\program files\Microsoft Security Client
2012-11-22 20:23 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2012-11-22 20:18 . 2012-11-22 20:18 -------- d-----w- c:\program files\uTorrent
2012-11-22 19:57 . 2007-06-29 22:47 34304 ----a-w- c:\windows\system32\drivers\AmdLLD.sys
2012-11-22 19:57 . 2012-11-22 19:57 -------- d-----w- c:\program files\AMD
2012-11-22 19:34 . 2012-11-22 19:34 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-11-22 19:01 . 2012-11-22 19:01 -------- d-----w- c:\program files\Windows Portable Devices
2012-11-22 18:30 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2012-11-22 18:30 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2012-11-22 18:30 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2012-11-22 18:29 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2012-11-22 18:29 . 2009-10-01 01:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2012-11-22 18:29 . 2009-10-01 01:01 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2012-11-22 18:29 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2012-11-22 18:29 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2012-11-22 18:29 . 2009-10-01 01:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2012-11-22 18:29 . 2009-10-01 01:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2012-11-22 18:29 . 2009-10-01 01:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2012-11-22 18:29 . 2009-10-01 01:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2012-11-22 18:29 . 2009-10-01 01:01 350208 ----a-w- c:\windows\system32\WPDSp.dll
2012-11-22 18:29 . 2009-10-01 01:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2012-11-22 18:29 . 2009-10-01 01:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2012-11-22 18:27 . 2012-02-29 15:11 5120 ----a-w- c:\windows\system32\wmi.dll
2012-11-22 18:27 . 2012-02-29 15:09 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-11-22 18:27 . 2012-02-29 13:32 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-11-22 18:22 . 2012-11-22 18:22 0 ----a-w- c:\windows\ativpsrm.bin
2012-11-22 18:10 . 2012-11-22 18:10 98816 ----a-w- c:\windows\system32\mfps.dll
2012-11-22 18:01 . 2009-07-30 10:36 485920 ----a-w- c:\windows\system32\NVUNINST.EXE
2012-11-22 17:59 . 2012-11-22 17:59 -------- d-----w- c:\program files\Microsoft.NET
2012-11-22 17:57 . 2009-11-08 18:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-11-22 17:57 . 2009-11-08 18:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2012-11-22 17:57 . 2009-11-08 18:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2012-11-22 17:57 . 2009-11-08 18:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2012-11-22 17:57 . 2009-11-08 18:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2012-11-22 17:49 . 2012-11-22 17:49 -------- d-----w- c:\program files\SlimCleaner
2012-11-22 17:48 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll
2012-11-22 17:48 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll
2012-11-22 17:48 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys
2012-11-22 17:44 . 2011-11-18 17:47 66560 ----a-w- c:\windows\system32\packager.dll
2012-11-22 17:44 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2012-11-22 17:44 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2012-11-22 17:44 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2012-11-22 17:44 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll
2012-11-22 17:44 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll
2012-11-22 17:44 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2012-11-22 17:44 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2012-11-22 17:44 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
2012-11-22 17:44 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2012-11-22 17:42 . 2009-08-14 13:49 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2012-11-22 17:42 . 2009-08-14 13:49 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2012-11-22 17:42 . 2009-08-14 13:49 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2012-11-22 17:42 . 2009-08-14 13:49 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2012-11-22 17:42 . 2009-08-14 13:49 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2012-11-22 17:42 . 2009-08-14 13:49 19968 ----a-w- c:\windows\system32\ARP.EXE
2012-11-22 17:42 . 2009-08-14 13:49 10240 ----a-w- c:\windows\system32\finger.exe
2012-11-22 17:42 . 2009-08-14 13:48 105984 ----a-w- c:\windows\system32\netiohlp.dll
2012-11-22 17:38 . 2011-07-06 15:31 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2012-11-22 17:38 . 2011-04-29 13:24 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2012-11-22 17:38 . 2011-04-29 13:24 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2012-11-22 17:38 . 2011-03-10 17:03 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2012-11-22 17:38 . 2011-03-10 17:03 1136640 ----a-w- c:\windows\system32\mfc42.dll
2012-11-22 17:38 . 2012-05-11 15:57 623616 ----a-w- c:\windows\system32\localspl.dll
2012-11-22 17:38 . 2011-02-16 16:16 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-11-22 17:38 . 2011-02-16 14:02 292864 ----a-w- c:\windows\system32\atmfd.dll
2012-11-22 17:38 . 2010-06-16 15:30 72704 ----a-w- c:\windows\system32\fontsub.dll
2012-11-22 17:38 . 2009-06-15 14:52 23552 ----a-w- c:\windows\system32\lpk.dll
2012-11-22 17:38 . 2009-06-15 14:51 10240 ----a-w- c:\windows\system32\dciman32.dll
2012-11-22 17:36 . 2009-09-04 11:41 60928 ----a-w- c:\windows\system32\msasn1.dll
2012-11-22 17:31 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll
2012-11-22 17:31 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe
2012-11-22 17:31 . 2009-04-23 12:15 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2012-11-22 17:31 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-11-22 17:27 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll
2012-11-22 17:26 . 2012-11-22 17:26 -------- d--h--w- c:\programdata\Common Files
2012-11-22 17:26 . 2012-11-22 17:26 -------- d-----w- c:\program files\SlimDrivers
2012-11-22 17:26 . 2012-11-22 09:44 -------- d-sh--w- c:\windows\Installer
2012-11-22 17:26 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-11-22 17:21 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-11-22 17:21 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-11-22 17:21 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-11-22 17:21 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-11-22 17:21 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-11-22 17:21 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-11-22 17:21 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-11-22 17:20 . 2012-06-02 23:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-11-22 17:20 . 2012-06-02 23:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-11-22 17:18 . 2012-11-23 18:00 -------- d-----w- c:\users\Crenshaw
2012-11-22 17:06 . 2012-11-22 18:18 -------- d-----w- c:\windows\Debug
2012-11-22 16:54 . 2012-11-22 16:58 -------- d-----w- c:\windows\Panther
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-22 18:10 . 2012-11-22 18:10 4096 ----a-w- c:\windows\system32\drivers\en-US\dxgkrnl.sys.mui
2012-08-31 06:03 . 2012-08-31 06:03 99272 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-31 06:03 . 2012-08-31 06:03 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-11-20 06:17 . 2012-11-22 19:34 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 947176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2905338454-1592271558-3262912420-1000]
"EnableNotificationsRef"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-22 08:13]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
FF - ProfilePath - c:\users\Crenshaw\AppData\Roaming\Mozilla\Firefox\Profiles\54u90y8y.default\
FF - ExtSQL: 2012-11-22 09:46; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - ExtSQL: 2012-11-22 11:39; {4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}; c:\users\Crenshaw\AppData\Roaming\Mozilla\Firefox\Profiles\54u90y8y.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-23 11:07
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\atiesrxx.exe
c:\windows\system32\atieclxx.exe
.
**************************************************************************
.
Completion time: 2012-11-23 11:10:05 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-23 19:10
.
Pre-Run: 358,268,788,736 bytes free
Post-Run: 358,434,029,568 bytes free
.
- - End Of File - - E7EA7A81BB7A08F6E65FAB62EF6CD9BC

 

[bcrens7]

When I try to open my browser it says illegal operation attempted on registry key that has been marked for deletion. if I right click n it and run as administrator it opens fine.

 

[bcrens7]

Never mind everything is ok now after a rest

 

[Broni]

Nothing malicious there.

In this forum, we make sure, your computer is free of malware and your computer is clean
Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
You'll get more attention.

 

[bcrens7]

Ok thank you for all your help

 

[Broni]