Buy Malwarebytes antimalware











This site is hosted at Hostgator.com




Sponsored Adverts

Sponsored Ads

These adverts come direct from Google adsense



  • This is just a place to upload files that have been asked for from other forums.
  • Please start a new post and Just give a link to your posts on the other forum & then press attach and upload the files.
  • Files can be uploaded by anybody but not seen or downloaded by anybody except for those users that have been given special permissions
  • DO NOT post Hijackthis logs in this forum as they will NOT be dealt with, Please post in the Help & advice forum

    Only Authorised users can see the files once they have been uploaded You WILL NOT see them

« previous next »
Pages: [1]   Go Down

Author Topic: s.m.a.r.t. hdd  (Read 442 times)

Offline cgolf1

  • *
  • Posts: 1
s.m.a.r.t. hdd
« on: April 21, 2012, 19:07:35 »
Here are the combofix log and the Qoobox quarentine file. continuing the posts that we started at the cexx site:



ComboFix 12-04-20.03 - chris 04/21/2012  12:53:18.6.3 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3838.1995 [GMT -4:00]
Running from: c:\users\chris\Desktop\username123.exe
Command switches used :: c:\users\chris\Desktop\CFScript.txt
AV: Trend Micro AntiVirus *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro AntiVirus *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\chris\AppData\Local\temp\ppcrlui_4488_2
.
.
(((((((((((((((((((((((((   Files Created from 2012-03-21 to 2012-04-21  )))))))))))))))))))))))))))))))
.
.
2012-04-21 17:00 . 2012-04-21 17:24   --------   d-----w-   c:\users\chris\AppData\Local\temp
2012-04-21 17:00 . 2012-04-21 17:00   --------   d-----w-   c:\users\ReleaseEngineer.MACROVISION\AppData\Local\temp
2012-04-21 17:00 . 2012-04-21 17:00   --------   d-----w-   c:\users\Public\AppData\Local\temp
2012-04-21 17:00 . 2012-04-21 17:00   --------   d-----w-   c:\users\Default\AppData\Local\temp
2012-04-21 17:00 . 2012-04-21 17:00   --------   d-----w-   c:\users\AppData\AppData\Local\temp
2012-04-21 13:23 . 2012-04-21 13:24   129024   ----a-w-   c:\windows\RegBootClean64.exe
2012-04-19 11:58 . 2012-04-19 11:58   --------   d-----w-   c:\users\chris\AppData\Local\AMD
2012-04-18 22:33 . 2012-04-18 22:33   --------   d-----w-   c:\users\chris\AppData\Local\WinZip
2012-04-18 20:23 . 2012-04-18 20:24   288   ------w-   c:\users\chris\AppData\Roaming\7DDAFF1D.reg
2012-04-18 20:23 . 2012-04-18 20:24   --------   d-sh--w-   c:\users\chris\AppData\Roaming\Total Anti Malware Protection
2012-04-17 00:10 . 2012-04-17 00:11   --------   d-----w-   C:\thumb drive
2012-04-16 01:36 . 2012-04-16 01:36   --------   d-----w-   c:\program files (x86)\Photo Story 3 for Windows
2012-04-16 01:12 . 2012-04-16 01:12   --------   d-----w-   c:\windows\en
2012-04-16 01:10 . 2012-04-16 01:10   --------   d-----w-   c:\program files (x86)\Microsoft SQL Server Compact Edition
2012-04-16 01:06 . 2012-03-08 22:40   48488   ----a-w-   c:\windows\system32\drivers\fssfltr.sys
2012-04-16 01:06 . 2012-04-16 01:12   --------   d-----w-   c:\program files (x86)\Windows Live
2012-04-16 01:05 . 2012-04-16 01:06   --------   d-----w-   c:\program files\Windows Live
2012-04-16 01:01 . 2009-09-04 21:29   453456   ----a-w-   c:\windows\SysWow64\d3dx10_42.dll
2012-04-16 01:01 . 2009-09-04 21:29   523088   ----a-w-   c:\windows\system32\d3dx10_42.dll
2012-04-16 01:00 . 2006-11-29 17:06   4398360   ----a-w-   c:\windows\system32\d3dx9_32.dll
2012-04-16 01:00 . 2006-11-29 17:06   3426072   ----a-w-   c:\windows\SysWow64\d3dx9_32.dll
2012-04-16 00:58 . 2009-08-04 08:12   1103872   ----a-w-   c:\windows\system32\webservices.dll
2012-04-16 00:58 . 2009-08-04 08:02   754688   ----a-w-   c:\windows\SysWow64\webservices.dll
2012-04-16 00:57 . 2012-04-16 00:57   7450888   ----a-w-   c:\program files (x86)\Common Files\Windows Live\.cache\d772ff881cd1b6b06\bingbarsetup.exe
2012-04-16 00:56 . 2012-04-16 00:56   15712   ----a-w-   c:\program files (x86)\Common Files\Windows Live\.cache\cfd579681cd1b6b05\MeshBetaRemover.exe
2012-04-16 00:56 . 2012-04-16 00:56   89944   ----a-w-   c:\program files (x86)\Common Files\Windows Live\.cache\cd3897081cd1b6b04\DSETUP.dll
2012-04-16 00:56 . 2012-04-16 00:56   537432   ----a-w-   c:\program files (x86)\Common Files\Windows Live\.cache\cd3897081cd1b6b04\DXSETUP.exe
2012-04-16 00:56 . 2012-04-16 00:56   1801048   ----a-w-   c:\program files (x86)\Common Files\Windows Live\.cache\cd3897081cd1b6b04\dsetup32.dll
2012-04-16 00:56 . 2012-04-16 00:56   94040   ----a-w-   c:\program files (x86)\Common Files\Windows Live\.cache\c9367f581cd1b6b03\DSETUP.dll
2012-04-16 00:56 . 2012-04-16 00:56   525656   ----a-w-   c:\program files (x86)\Common Files\Windows Live\.cache\c9367f581cd1b6b03\DXSETUP.exe
2012-04-16 00:56 . 2012-04-16 00:56   1691480   ----a-w-   c:\program files (x86)\Common Files\Windows Live\.cache\c9367f581cd1b6b03\dsetup32.dll
2012-04-16 00:56 . 2012-04-19 19:15   --------   d-----w-   c:\users\chris\AppData\Local\Windows Live
2012-04-14 04:00 . 2012-04-14 04:00   8766112   ----a-w-   c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-12 02:19 . 2012-03-06 06:44   4699520   ----a-w-   c:\windows\system32\ntoskrnl.exe
2012-04-12 02:19 . 2012-02-29 15:37   5632   ----a-w-   c:\windows\system32\wmi.dll
2012-04-12 02:19 . 2012-02-29 15:37   219136   ----a-w-   c:\windows\system32\wintrust.dll
2012-04-12 02:19 . 2012-02-29 15:35   78848   ----a-w-   c:\windows\system32\imagehlp.dll
2012-04-12 02:19 . 2012-02-29 15:11   5120   ----a-w-   c:\windows\SysWow64\wmi.dll
2012-04-12 02:19 . 2012-02-29 15:11   172032   ----a-w-   c:\windows\SysWow64\wintrust.dll
2012-04-12 02:19 . 2012-02-29 15:09   157696   ----a-w-   c:\windows\SysWow64\imagehlp.dll
2012-04-12 02:19 . 2012-02-29 13:52   16384   ----a-w-   c:\windows\system32\drivers\fs_rec.sys
2012-04-11 23:52 . 2012-03-01 11:01   2409784   ----a-w-   c:\program files (x86)\Windows Mail\OESpamFilter.dat
2012-04-11 23:52 . 2012-03-01 11:01   2409784   ----a-w-   c:\program files\Windows Mail\OESpamFilter.dat
2012-04-06 20:46 . 2012-04-06 20:46   --------   d-----w-   c:\program files\iPod
2012-04-06 20:46 . 2012-04-06 20:47   --------   d-----w-   c:\program files\iTunes
2012-04-04 05:53 . 2012-04-04 05:53   182160   ----a-w-   c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-03-30 19:36 . 2012-04-14 04:01   418464   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-16 01:05 . 2011-03-28 22:36   19352   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig600.dll   ERROR(0x00000005)
2012-04-14 04:01 . 2011-06-12 14:08   70304   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-04 19:56 . 2009-05-27 23:31   24904   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-03-14 03:27 . 2012-03-30 19:11   8669240   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{75E481B6-0167-4697-B8ED-DF89BE5621A2}\mpengine.dll   ERROR(0x00000005)
2012-03-14 03:27 . 2008-07-08 04:13   8669240   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll   ERROR(0x00000005)
2012-03-08 22:50 . 2012-03-08 22:50   49016   ----a-w-   c:\windows\SysWow64\sirenacm.dll
2012-03-08 22:37 . 2012-03-08 22:37   302448   ------w-   c:\windows\WLXPGSS.SCR
2012-02-23 13:18 . 2009-10-03 12:08   279656   ------w-   c:\windows\system32\MpSigStub.exe
2012-02-15 15:01 . 2012-02-15 15:01   52736   ----a-w-   c:\windows\system32\drivers\usbaapl64.sys
2012-02-15 15:01 . 2012-02-15 15:01   4547944   ----a-w-   c:\windows\system32\usbaaplrc.dll
2012-02-14 16:49 . 2012-03-14 19:50   327680   ----a-w-   c:\windows\system32\d3d10_1core.dll
2012-02-14 16:49 . 2012-03-14 19:50   196096   ----a-w-   c:\windows\system32\d3d10_1.dll
2012-02-14 15:45 . 2012-03-14 19:50   219648   ----a-w-   c:\windows\SysWow64\d3d10_1core.dll
2012-02-14 15:45 . 2012-03-14 19:50   160768   ----a-w-   c:\windows\SysWow64\d3d10_1.dll
2012-02-13 14:38 . 2012-03-14 19:50   2002944   ----a-w-   c:\windows\system32\d3d10warp.dll
2012-02-13 14:12 . 2012-03-14 19:50   1172480   ----a-w-   c:\windows\SysWow64\d3d10warp.dll
2012-02-13 14:06 . 2012-03-14 19:50   834048   ----a-w-   c:\windows\system32\d2d1.dll
2012-02-13 14:03 . 2012-03-14 19:50   1555968   ----a-w-   c:\windows\system32\DWrite.dll
2012-02-13 13:47 . 2012-03-14 19:50   683008   ----a-w-   c:\windows\SysWow64\d2d1.dll
2012-02-13 13:44 . 2012-03-14 19:50   1068544   ----a-w-   c:\windows\SysWow64\DWrite.dll
2012-02-07 15:02 . 2012-02-07 15:02   1070352   ----a-w-   c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-02 15:34 . 2012-03-14 19:50   2765824   ----a-w-   c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((((((((((   Look   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\programdata\TAYDPMP ----
.
2012-04-18 20:23 . 2012-04-21 00:11   64288   --sha-w-   c:\programdata\TAYDPMP\TAXEMP.cfg
.
---- Directory of c:\users\chris\AppData\Roaming\Total Anti Malware Protection ----
.
2012-04-18 20:23 . 2012-04-18 20:24   51   ----a-w-   c:\users\chris\AppData\Roaming\Total Anti Malware Protection\Instructions.ini
.
.
(((((((((((((((((((((((((((((   SnapShot@2012-04-21_00.41.21   )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 02:23 . 2012-04-21 13:27   83386              c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2006-11-02 15:45 . 2012-04-21 00:42   90138              c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 15:45 . 2012-04-21 17:25   90138              c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-07-07 22:36 . 2012-04-20 23:51   17480              c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3968901160-2759726070-778273491-1000_UserData.bin
+ 2008-07-07 22:36 . 2012-04-21 17:25   17480              c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3968901160-2759726070-778273491-1000_UserData.bin
+ 2012-04-21 17:23 . 2012-04-21 17:23   2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-21 00:40 . 2012-04-21 00:40   2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-21 17:23 . 2012-04-21 17:23   2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-21 00:40 . 2012-04-21 00:40   2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-07-09 16:28 . 2012-04-21 16:17   305772              c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2011-02-09 11:52 . 2012-04-18 20:37   341928              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-02-09 11:52 . 2012-04-21 17:02   341928              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2010-08-14 05:57 . 2012-04-21 00:39   1645360              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2010-08-14 05:57 . 2012-04-21 17:02   1645360              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-05-08 04:36 . 2012-04-21 17:02   7455176              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3968901160-2759726070-778273491-1000-8192.dat
- 2011-05-08 04:36 . 2012-04-18 20:37   7455176              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3968901160-2759726070-778273491-1000-8192.dat
+ 2011-05-08 04:36 . 2012-04-21 17:02   57876101              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3968901160-2759726070-778273491-1000-4096.dat
- 2011-05-08 04:36 . 2012-04-18 20:37   57876101              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3968901160-2759726070-778273491-1000-4096.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54   175912   ----a-w-   c:\program files (x86)\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{f999a48b-1950-4d81-9971-79018f807b4b}]
2011-01-17 14:54   175912   ----a-w-   c:\program files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{f999a48b-1950-4d81-9971-79018f807b4b}"= "c:\program files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{f999a48b-1950-4d81-9971-79018f807b4b}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-10-22 2363392]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-16 39408]
"ISUSPM"="c:\program files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2010-08-24 247144]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-02-23 59240]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-02-24 59240]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ButtonMonitor"="c:\program files (x86)\IOI\ButtonMonitor.exe" [2007-05-11 53248]
"RoxioDragToDisc"="c:\program files (x86)\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-11-15 1121016]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-10-24 273528]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-26 343168]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-27 648032]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
c:\users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK32.EXE [2012-4-4 603536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 2 (0x2)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-10-22 23:55   451872   ----a-w-   c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 04:01]
.
2012-04-21 c:\windows\Tasks\Final Media Player Update Checker.job
- c:\program files (x86)\FinalMediaPlayer\FMPCheckForUpdates.exe [2011-07-03 20:50]
.
2012-04-21 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-16 00:46]
.
2012-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-02-16 16:24]
.
2012-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-02-16 16:24]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2007-12-17 5453824]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"LXBXCATS"="c:\windows\system32\spool\DRIVERS\x64\3\LXBXtime.dll" [2007-03-22 28672]
"lxbxmon.exe"="c:\program files (x86)\Lexmark 7100 Series\lxbxmon.exe" [2007-05-11 205744]
"EzPrint"="c:\program files (x86)\Lexmark 7100 Series\ezprint.exe" [2007-05-11 103344]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2010-01-26 1023416]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://espn.com/
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5692
mLocal Page = c:\windows\SYSTEM32\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.6.3/GarminAxControl.CAB
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{F999A48B-1950-4D81-9971-79018F807B4B} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
c:\program files (x86)\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe
.
**************************************************************************
.
Completion time: 2012-04-21  13:31:32 - machine was rebooted
ComboFix-quarantined-files.txt  2012-04-21 17:31
ComboFix2.txt  2012-04-21 00:50
.
Pre-Run: 148,030,025,728 bytes free
Post-Run: 147,996,209,152 bytes free
.
- - End Of File - - FD3C983DE68F186A471032D84EA7D0A3
Report to moderator   Logged

Offline Derek

  • Administrator
  • *****
  • Posts: 11929
Re: s.m.a.r.t. hdd
« Reply #1 on: April 21, 2012, 19:55:31 »
replied to cexx.org topic
Report to moderator   Logged
Derek
Microsoft MVP  Windows - Security
Modern Malware is so involved and difficult to fix that it takes a very long time and a lot of hard work and research to prepare the fixes for you. A large part of my time is spent helping you
Would you do all this for nothing?
 I run this site to raise funds for Hedgehog Rescue
Please donate if I have helped you or you have found this site useful.
Pages: [1]   Go Up
« previous next »
 

Donations

You have come to The Spykiller for help because your Antivirus or Antispyware hasn't been able to fix your problem.

Modern Malware has become so involved and difficult to fix that it takes a very long time and a lot of hard work to read all the logs posted here and research and prepare the fixes for you. In many cases each part of the fix takes about 30 minutes to prepare, so a large part of my time is spent helping you

Would you do all this for nothing?

The reason I run this site is to raise funds for Hedgehog Rescue

Please donate if I have helped you or you have found this site useful.

You can donate safely and securely by using the paypal service, just click on one of the buttons below.

To donate in UK £

To donate in US$

To donate in Euro €

Any amount no matter how small is gratefully accepted and needed to ensure we keep the Rescue Centre running

To donate via paypal when the button doesn't appear or the link doesn't work: just go to www.paypal.com or your country's paypal log in page and chose send money and use help@thehedgehog.co.uk as recipient email address and select other service as the option. then follow prompts


Useful Advice and Programs

Stop killing hedgehogs with strimmers

User

Welcome, Guest. Please login or register.
Did you miss your activation email?
June 18, 2013, 07:31:49

Login with username, password and session length

secunia Software inspector


RoboForm: Learn more...

You have come to The Spykiller for help because your Antivirus or Antispyware hasn't been able to fix your problem.

Modern Malware is so involved and difficult to fix that it takes a very long time and a lot of hard work to read all the logs posted here and research and prepare the fixes for you.
In many cases each part of the fix takes about 30 minutes to prepare, so a large part of my time is spent helping you

Would you do all this for nothing?

I run this site to help raise funds for Hedgehog Rescue

Please donate if I have helped you or you have found this site useful.

You can donate safely and securely by using the PayPal service, just click on one of the buttons below.

To donate in UK £

To donate in US$

To donate in Euro €

Any amount no matter how small is gratefully accepted and needed to ensure we keep the Rescue Centre running