Jump to content

Uisna88

Honorary Members
  • Posts

    27
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Results of screen317's Security Check version 0.99.56 Windows XP Service Pack 3 x86 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! avast! Internet Security Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` SUPERAntiSpyware Free Edition Malwarebytes Anti-Malware version 1.65.1.1000 Java 6 Update 27 Java version out of Date! Adobe Flash Player 10 Flash Player out of Date! Adobe Flash Player 10.3.183.10 Flash Player out of Date! Adobe Reader 9 Adobe Reader out of Date! Mozilla Thunderbird (17.0.) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe AVAST Software Avast afwServ.exe AVAST Software Avast AvastSvc.exe AVAST Software Avast avastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 19% Defragment your hard drive soon! (Do NOT defrag if SSD!) ````````````````````End of Log``````````````````````
  2. AdwCleanerS1.txt Will now run the other thing you told me to do. Will report back shortly.
  3. unhide.txt We've got sound now, yay! But the folders in the Start Menu are still grayed out and empty, even after running Unhide twice and rebooting. Second time I ran it with all the virus-software disabled. Still no go. Am now printing out the instructions for restoring Start Menu Items and will try these. Do you have suggestions on how much/what kind of anti-virus software I should be running? Also, could you point me in the right direction for speeding up/spring cleaning my pc? Thanks!
  4. Still no sound. And when I look under "programs" on the start menu, most of them still read "empty." Thank you for your help.
  5. 12102012_223928.log Sorry for the delay. Thanks for hanging in there.
  6. Just learned that we have no sound, even though the mute button is off.... isn't that special? :-o
  7. OTL.Txt Extras.Txt The free version of Avast running on my pc thinks c:\windows\msisear.exe is bad and has quarantined it. Is it possible that I now have too many anti-virus/firewalls/anti-malware programs running? Malwarebytes (paid version) Windows (security & firewall) Avast (trial) Panda USB vaccine
  8. c:\windows\msisear.exe is still present. The other files are not present. The PC is running very slowly (it was doing this before the virus attack) I am about to back up my files to an external hard drive. Where shall I look now for suggestions on cleaning up the system and speeding things up? Thank you.
  9. I have sent a donation through PayPal. Thank you very much for your help. I'm sorry I can't afford to send you a larger donation. My sincerest thanks.
  10. And the F-Drive: Malwarebytes Anti-Malware (PRO) 1.65.1.1000 www.malwarebytes.org Database version: v2012.11.27.09 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 shae :: DRAGONLADY [administrator] Protection: Disabled 11/27/2012 11:10:39 PM mbam-log-2012-11-27 (23-10-39).txt Scan type: Full scan (F:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 243890 Time elapsed: 11 minute(s), 16 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  11. ComboFix 12-11-27.01 - shae 11/27/2012 22:50:30.6.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1527.1010 [GMT -8:00] Running from: c:\documents and settings\shae\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\shae\Desktop\CFScript.txt AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: avast! Internet Security *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D} . FILE :: "c:\windows\msisear.exe" "c:\windows\system32\drivers\53419241.sys" "c:\windows\system32\drivers\69148762.sys" "c:\windows\system32\drivers\78844860.sys" . . ((((((((((((((((((((((((( Files Created from 2012-10-28 to 2012-11-28 ))))))))))))))))))))))))))))))) . . 2012-11-27 05:12 . 2012-11-27 05:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Security 2012-11-27 05:12 . 2012-11-27 05:12 -------- d-----w- C:\Panda USB Vaccine 2012-11-27 05:04 . 2012-11-27 05:04 -------- d-----w- c:\windows\system32\KB905474 2012-11-24 04:27 . 2012-11-24 04:27 -------- d-----w- C:\CCE_Quarantine 2012-11-22 21:56 . 2012-11-22 21:56 307712 ----a-w- c:\windows\msisear.exe 2012-11-22 20:33 . 2012-11-22 20:33 177496 ----a-w- c:\windows\system32\drivers\53419241.sys 2012-11-22 20:21 . 2012-11-22 20:21 177496 ----a-w- c:\windows\system32\drivers\69148762.sys 2012-11-22 19:44 . 2012-11-22 19:44 177496 ----a-w- c:\windows\system32\drivers\78844860.sys 2012-11-20 16:56 . 2012-10-30 23:51 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-11-20 16:56 . 2012-10-30 23:51 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-11-20 16:56 . 2012-10-30 23:51 106560 ----a-w- c:\windows\system32\drivers\aswFW.sys 2012-11-20 16:55 . 2012-10-30 23:51 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2012-11-20 16:55 . 2012-10-30 23:51 199320 ----a-w- c:\windows\system32\drivers\aswNdis2.sys 2012-11-20 16:55 . 2012-10-30 23:51 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-11-20 16:55 . 2012-10-30 23:51 20624 ----a-w- c:\windows\system32\drivers\aswKbd.sys 2012-11-20 16:55 . 2012-10-30 23:51 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-11-20 16:55 . 2012-10-30 23:51 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2012-11-20 16:55 . 2012-10-30 23:51 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys 2012-11-20 16:55 . 2012-10-30 23:51 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2012-11-20 16:52 . 2012-09-21 09:26 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys 2012-11-20 16:52 . 2012-10-30 23:51 41224 ----a-w- c:\windows\avastSS.scr 2012-11-20 16:52 . 2012-10-30 23:50 227648 ----a-w- c:\windows\system32\aswBoot.exe 2012-11-20 16:51 . 2012-11-20 16:51 -------- d-----w- c:\program files\AVAST Software 2012-11-20 16:51 . 2012-11-20 16:51 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software 2012-11-16 08:30 . 2012-09-30 03:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-16 08:30 . 2012-11-16 08:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-11-16 06:14 . 2012-11-16 06:14 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache 2012-10-30 09:09 . 2012-11-08 00:01 -------- d-----w- c:\program files\Mozilla Thunderbird . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-16 05:14 . 2012-07-11 03:36 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-11-16 05:14 . 2011-06-05 12:19 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-10-22 08:37 . 2008-05-03 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys 2012-10-02 18:04 . 2008-05-03 12:00 58368 ----a-w- c:\windows\system32\synceng.dll 2012-06-05 06:18 . 2012-06-05 06:07 22259528 ----a-w- c:\program files\vlc-2.0.1-win32.exe 2003-08-27 14:19 . 2009-02-25 08:36 36963 ----a-r- c:\program files\Common Files\SM1updtr.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-10-30 23:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-10-19 155648] "EPSON Stylus C64 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2C1.EXE" [2003-05-27 99840] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" [2009-03-08 128512] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableCAD"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "MemCheckBoxInRunDlg"= 1 (0x1) "StartMenuFavorites"= 0 (0x0) "Start_ShowMyComputer"= 1 (0x1) "Start_ShowMyDocs"= 1 (0x1) "Start_ShowMyMusic"= 0 (0x0) "Start_ShowRun"= 1 (0x1) "Start_ShowSearch"= 0 (0x0) . [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) "NoResolveTrack"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) "MemCheckBoxInRunDlg"= 1 (0x1) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EPSON SMART PANEL for Scanner.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\EPSON SMART PANEL for Scanner.lnk backup=c:\windows\pss\EPSON SMART PANEL for Scanner.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] c:\docume~1\ADMINI~1\LOCALS~1\Temp\SSUPDATE.EXE Software\SUPERAntiSpyware.com\SUPERAntiSpyware [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-01-02 17:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2012-03-27 12:41 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C64 Series (Copy 1)] 2003-05-27 03:00 99840 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_S4I2C1.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk] 2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2005-10-19 08:59 126976 ----a-w- c:\windows\system32\hkcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstantAccess] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-12-14 01:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-11-30 01:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegisterDropHandler] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc] 2004-04-13 22:36 1470464 ----a-w- c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SM1BG] 2003-08-27 14:20 94208 ----a-r- c:\windows\SM1bg.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP] 2004-10-14 14:42 1404928 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2011-06-09 20:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Bonjour Service"=2 (0x2) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background "swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [11/20/2012 8:52 AM 12112] R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [11/20/2012 8:55 AM 199320] R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [11/20/2012 8:56 AM 106560] R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [11/20/2012 8:55 AM 20624] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [11/20/2012 8:55 AM 738504] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11/20/2012 8:56 AM 361032] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 8:27 AM 12880] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 1:55 PM 67664] R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 3:38 PM 116608] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/20/2012 8:56 AM 21256] R2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [11/20/2012 8:52 AM 133912] R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [11/16/2012 12:30 AM 399432] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/16/2012 12:30 AM 676936] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/16/2012 12:30 AM 22856] S1 MpKslb2b6002e;MpKslb2b6002e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E21659E5-641D-4A14-B42A-8F6FED3420D6}\MpKslb2b6002e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E21659E5-641D-4A14-B42A-8F6FED3420D6}\MpKslb2b6002e.sys [?] S2 WLSVC;WLSVC;c:\program files\TRENDnet\TEW-424UB\WLSVC.exe [9/27/2011 5:47 PM 167936] S3 RTL8187B;TRENDnet TEW-424UB 54M USB Dongle;c:\windows\system32\drivers\RTL8187B.sys [9/27/2011 5:47 PM 264576] S3 SASENUM;SASENUM;\??\c:\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS --> C:c:\program files\SUPERAntiSpyware\SASENUM.SYS [?] . Contents of the 'Scheduled Tasks' folder . 2012-11-12 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 11:34] . 2012-11-27 c:\windows\Tasks\avast! Emergency Update.job - c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-11-20 23:50] . 2012-11-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-220523388-1343024091-1547161642-1004Core.job - c:\documents and settings\shae\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-24 14:09] . 2012-11-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-220523388-1343024091-1547161642-1004UA.job - c:\documents and settings\shae\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-24 14:09] . 2012-11-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-220523388-1343024091-1547161642-500Core.job - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-28 06:15] . 2012-11-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-220523388-1343024091-1547161642-500UA.job - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-28 06:15] . 2012-11-27 c:\windows\Tasks\PandaUSBVaccine.job - c:\panda usb vaccine\RunInteractiveWin.exe [2012-11-27 00:45] . 2012-11-27 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2012-11-27 06:18] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-11-27 23:01 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(992) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll . - - - - - - - > 'explorer.exe'(3512) c:\windows\system32\WININET.dll c:\windows\system32\webcheck.dll c:\windows\system32\IEFRAME.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2012-11-27 23:03:49 ComboFix-quarantined-files.txt 2012-11-28 07:03 ComboFix2.txt 2012-11-27 07:03 ComboFix3.txt 2012-11-25 05:56 ComboFix4.txt 2011-10-01 23:17 . Pre-Run: 9,311,186,944 bytes free Post-Run: 9,300,705,280 bytes free . - - End Of File - - 11E2A8D803E08C949A9E7B5D73E316BC
  12. DOH! I forgot... there is a second hard drive in this computer, the F-Drive. From the logs generated concerning the threats found on this PC, can you tell whether or not the F-drive was affected? Has it been scanned and were threats contained/removed? Most programs are hidden. Right now I can access files and photos on the C-Drive (in a round-about way), but the ones on the F-Drive are still hidden. Thanks!
  13. ComboFix.txt The thumb drive is benign and has been inoculated.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.