Davec433
Members-
Posts
8 -
Joined
-
Last visited
Reputation
0 Neutral-
Program won't let me start any programs
Davec433 replied to Davec433's topic in Resolved Malware Removal Logs
no issues -
Program won't let me start any programs
Davec433 replied to Davec433's topic in Resolved Malware Removal Logs
Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Database version: v2012.03.19.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Dave :: DAVE-PC [administrator] 3/20/2012 4:41:30 PM mbam-log-2012-03-20 (16-41-30).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 324945 Time elapsed: 31 minute(s), 6 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) -
Program won't let me start any programs
Davec433 replied to Davec433's topic in Resolved Malware Removal Logs
Ok, AVG is gone. -
Program won't let me start any programs
Davec433 replied to Davec433's topic in Resolved Malware Removal Logs
C:\Windows\SysWOW64\webcheck.dll keeps poping up? -
Program won't let me start any programs
Davec433 replied to Davec433's topic in Resolved Malware Removal Logs
NO current issues with my computer except that "Scotty" keeps catching programs that are trying to add themselves to the start up menu ComboFix 12-03-18.04 - Dave 03/19/2012 20:56:19.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2935.1094 [GMT -4:00] Running from: c:\users\Dave\Downloads\ComboFix.exe AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} AV: Trend Micro Client/Server Security Agent Antivirus *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92} FW: Trend Micro Personal Firewall *Disabled* {50C2E989-60CF-0845-AFD3-290B7D301E79} SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Trend Micro Client/Server Security Agent Anti-spyware *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\RPSETUP.EXE.LOG . . ((((((((((((((((((((((((( Files Created from 2012-02-20 to 2012-03-20 ))))))))))))))))))))))))))))))) . . 2012-03-20 01:01 . 2012-03-20 01:01 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-03-19 21:51 . 2012-03-19 21:51 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE 2012-03-19 21:51 . 2011-12-10 19:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-18 16:40 . 2012-03-18 16:40 -------- d-----w- c:\users\Dave\AppData\Roaming\AdobeUM 2012-03-18 16:40 . 2012-03-18 16:40 -------- d-----w- c:\users\Dave\AppData\Local\Adobe 2012-03-18 16:39 . 2012-03-18 16:39 -------- d-----w- c:\program files (x86)\Common Files\Adobe 2012-03-18 14:40 . 2012-03-18 14:40 -------- d-----w- c:\users\Dave\AppData\Roaming\AVG2012 2012-03-18 14:29 . 2012-03-18 14:29 -------- d--h--w- c:\programdata\Common Files 2012-03-18 14:29 . 2012-03-18 14:29 -------- d-----w- c:\windows\SysWow64\drivers\AVG 2012-03-18 14:29 . 2012-03-19 19:22 -------- d-----w- c:\windows\system32\drivers\AVG 2012-03-18 14:29 . 2012-03-18 14:41 -------- d-----w- c:\programdata\AVG2012 2012-03-18 14:28 . 2012-03-18 14:28 -------- d-----w- c:\program files (x86)\AVG 2012-03-18 14:25 . 2012-03-19 19:22 -------- d-----w- c:\programdata\MFAData 2012-03-18 14:04 . 2012-03-18 14:04 -------- d-----w- c:\program files\Dell Support Center 2012-03-18 13:30 . 2012-03-18 13:30 -------- d-----w- c:\program files\Microsoft Silverlight 2012-03-18 13:30 . 2012-03-18 13:30 -------- d-----w- c:\program files (x86)\Microsoft Silverlight 2012-03-16 23:27 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CC72AD9F-2040-4C54-AEF1-ABC7F652ECD0}\mpengine.dll 2012-03-14 22:09 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys 2012-03-14 22:09 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll 2012-03-14 22:09 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-03-14 22:09 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll 2012-03-14 22:09 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll 2012-03-14 22:09 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-03-14 22:09 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-03-14 22:09 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-03-14 22:09 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-03-14 22:09 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-03-14 00:51 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys 2012-03-14 00:51 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll 2012-03-14 00:51 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-02-23 14:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe 2012-02-01 21:09 . 2010-06-24 17:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-13 283160] "RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112] "Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544] "Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528] "OfficeScanNT Monitor"="c:\program files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe" [2011-02-27 1708048] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016] "WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2008-04-25 333120] "AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files (x86)\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696] Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-1-13 1138464] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer2"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [2011-03-24 148360] R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632] R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [x] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x] R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x] S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x] S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x] S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x] S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-13 13336] S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-07-08 1692480] S2 svcGenericHost;Trend Micro Client/Server Security Agent;c:\program files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [2011-04-07 50704] S2 TmFilter;Trend Micro Filter;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys [2011-03-24 310032] S2 TmPreFilter;Trend Micro PreFilter;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys [2011-03-24 42768] S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys [x] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-07-02 2533400] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 TmPfw;Trend Micro Client/Server Security Agent Personal Firewall;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmPfw.exe [2010-07-21 596032] S3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe [2010-07-21 917840] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - AVGIDSEH . Contents of the 'Scheduled Tasks' folder . 2012-03-19 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - c:\program files\Dell Support Center\uaclauncher.exe [2012-02-07 23:32] . 2012-03-19 c:\windows\Tasks\SystemToolsDailyTest.job - c:\program files\Dell Support Center\uaclauncher.exe [2012-02-07 23:32] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-03-29 608112] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-05-27 1128448] "QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2011-03-24 3668336] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 FF - ProfilePath - c:\users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\dmkyzl7m.default\ . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-Internet Security - c:\users\Dave\AppData\Roaming\isecurity.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-03-19 21:03:42 ComboFix-quarantined-files.txt 2012-03-20 01:03 . Pre-Run: 34,192,465,920 bytes free Post-Run: 34,661,490,688 bytes free . - - End Of File - - 03DA3FFA3F1FC2B11F83AC207DF8047A -
Program won't let me start any programs
Davec433 replied to Davec433's topic in Resolved Malware Removal Logs
I'm not having any issues with my computer as of now. Just wanted to anything brewing before it became an issue after my last infection. Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Database version: v2012.03.19.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Dave :: DAVE-PC [administrator] 3/19/2012 5:52:39 PM mbam-log-2012-03-19 (17-52-39).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 332602 Time elapsed: 43 minute(s), 33 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 5 C:\Users\Dave\AppData\Local\Temp\5966.tmp (Rogue.InternetSecurity) -> Quarantined and deleted successfully. C:\Users\Dave\AppData\Local\Temp\5DF8.tmp (Rogue.InternetSecurity) -> Quarantined and deleted successfully. C:\Users\Dave\AppData\Local\Temp\5FFC.tmp (Rogue.InternetSecurity) -> Quarantined and deleted successfully. C:\Users\Dave\AppData\Local\Temp\650A.tmp (Rogue.InternetSecurity) -> Quarantined and deleted successfully. C:\Users\Dave\AppData\Roaming\5E07.tmp (Rogue.InternetSecurity) -> Quarantined and deleted successfully. (end) -
Program won't let me start any programs
Davec433 replied to Davec433's topic in Resolved Malware Removal Logs
bump . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by Dave at 18:43:22 on 2012-03-13 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2935.1625 [GMT -4:00] . AV: Trend Micro Client/Server Security Agent Antivirus *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92} SP: Trend Micro Client/Server Security Agent Anti-spyware *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Trend Micro Personal Firewall *Disabled* {50C2E989-60CF-0845-AFD3-290B7D301E79} . ============== Running Processes =============== . C:\windows\system32\wininit.exe C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\Program Files\IDT\WDM\STacSV64.exe C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k NetworkService C:\windows\system32\WLANExt.exe C:\windows\system32\conhost.exe C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\IDT\WDM\AESTSr64.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\windows\system32\taskhost.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\DellTPad\Apoint.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe C:\Program Files (x86)\Trend Micro\Client Server Security Agent\ntrtscan.exe C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe C:\Program Files (x86)\Trend Micro\Client Server Security Agent\PccNtMon.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE C:\windows\SysWOW64\RunDll32.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmlisten.exe C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe C:\windows\system32\conhost.exe C:\Program Files\iPod\bin\iPodService.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\system32\SearchIndexer.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\Program Files\DellTPad\Apntex.exe C:\windows\system32\conhost.exe C:\Program Files\DellTPad\HidFind.exe C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe C:\windows\system32\SearchProtocolHost.exe C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPfw.exe C:\windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe C:\windows\system32\conhost.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\windows\system32\sppsvc.exe C:\windows\System32\svchost.exe -k secsvcs C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\windows\system32\DllHost.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\windows\system32\SearchFilterHost.exe \\?\C:\windows\system32\wbem\WMIADAP.EXE C:\windows\system32\DllHost.exe C:\windows\system32\DllHost.exe C:\windows\SysWOW64\cmd.exe C:\windows\system32\conhost.exe C:\windows\SysWOW64\cscript.exe C:\windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uInternet Settings,ProxyOverride = *.local mWinlogon: Userinit=userinit.exe BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll uRun: [internet Security] C:\Users\Dave\AppData\Roaming\isecurity.exe mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [<NO NAME>] mRun: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe mRun: [OfficeScanNT Monitor] "C:\Program Files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{1CAE81A9-80C2-40A5-A4FC-A3727A198FC2} : DhcpNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{1CAE81A9-80C2-40A5-A4FC-A3727A198FC2}\4516C6C644F66756D27657563747 : DhcpNameServer = 207.69.188.186 207.69.188.187 TCP: Interfaces\{1CAE81A9-80C2-40A5-A4FC-A3727A198FC2}\46C696E6B6 : DhcpNameServer = 192.168.0.1 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL BHO-X64: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll BHO-X64: Trend Micro NSC BHO - No File BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun-x64: [(Default)] mRun-x64: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" mRun-x64: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" mRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe mRun-x64: [OfficeScanNT Monitor] "C:\Program Files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun-x64: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\dmkyzl7m.default\ FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\windows\system32\Drivers\PxHlpa64.sys --> C:\windows\system32\Drivers\PxHlpa64.sys [?] R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;C:\windows\system32\DRIVERS\tmlwf.sys --> C:\windows\system32\DRIVERS\tmlwf.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?] R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-11-6 89600] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-6 13336] R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000] R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-11-6 1692480] R2 svcGenericHost;Trend Micro Client/Server Security Agent;C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [2011-4-7 50704] R2 TmFilter;Trend Micro Filter;C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys [2011-3-24 310032] R2 TmPreFilter;Trend Micro PreFilter;C:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmpreflt.sys [2011-3-24 42768] R2 tmwfp;Trend Micro WFP Callout Driver;C:\windows\system32\DRIVERS\tmwfp.sys --> C:\windows\system32\DRIVERS\tmwfp.sys [?] R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-11-6 2533400] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\windows\system32\DRIVERS\CtClsFlt.sys --> C:\windows\system32\DRIVERS\CtClsFlt.sys [?] R3 HECIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?] R3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?] R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?] R3 TmPfw;Trend Micro Client/Server Security Agent Personal Firewall;C:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmPfw.exe [2010-7-21 596032] R3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe [2010-7-21 917840] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2011-3-24 148360] S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632] S3 BTWAMPFL;BTWAMPFL;C:\windows\system32\DRIVERS\btwampfl.sys --> C:\windows\system32\DRIVERS\btwampfl.sys [?] S3 btwl2cap;Bluetooth L2CAP Service;C:\windows\system32\DRIVERS\btwl2cap.sys --> C:\windows\system32\DRIVERS\btwl2cap.sys [?] S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-02-16 02:26:24 -------- d-----w- C:\Program Files (x86)\SpywareGuard 2012-02-16 02:15:19 -------- d-----w- C:\Users\Dave\AppData\Roaming\WinPatrol 2012-02-16 02:15:15 -------- d-----w- C:\Program Files (x86)\BillP Studios 2012-02-15 22:35:50 -------- d-----w- C:\Users\Dave\AppData\Roaming\Malwarebytes 2012-02-15 22:35:48 34296 ----a-w- C:\windows\SysWow64\drivers\mbamcatchme.sys 2012-02-15 22:35:48 15864 ----a-w- C:\windows\SysWow64\drivers\mbam.sys 2012-02-15 22:35:48 -------- d-----w- C:\ProgramData\Malwarebytes 2012-02-15 22:35:47 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-02-15 00:55:16 855552 ----a-w- C:\Users\Dave\AppData\Roaming\5E07.tmp 2012-02-14 23:57:03 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4E15EA28-468B-47C9-935E-1FB11FB72E70}\offreg.dll 2012-02-14 00:51:13 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4E15EA28-468B-47C9-935E-1FB11FB72E70}\mpengine.dll 2012-02-13 02:18:43 -------- d-----w- C:\Users\Dave\AppData\Local\ElevatedDiagnostics . ==================== Find3M ==================== . 2012-01-27 05:52:58 279656 ------w- C:\windows\System32\MpSigStub.exe . ============= FINISH: 18:44:02.66 =============== -
I started up my computer in safe mode and deleted it. My computer now works fine but I'm afraid that it may have left something behind. DDS.txt Attach.txt