BullGuard
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
Virus Scan Failing
   
BullGuard Antivirus Forum > Virus Removal > Removal Help > Virus Scan Failing  
Forum Quick Jump
 
New Topic Post reply to : Virus Scan Failing Printable version of : Virus Scan Failing
[ << Previous Thread | Next Thread >> ]

tcbull812
New Member


Date Joined May 2012
Total Posts : 4
 
   Posted 5/17/2012 7:53 PM (GMT +3)    Quote: Virus Scan FailingAlert an admin about: Virus Scan Failing
Hello,

I have had some problems recently with my system. Now on startup, everything seems to be operational for about 15-30 seconds but then explorer.exe seems to slow way down to the point where it is virtually frozen. It will usually pull out of this "frozen" state after about 30 minutes or so, but needless to say it renders the system unusable. Also, when I pull up Chrome I can use the internet for about 30 minutes until it will no longer load webpages. It doesn't become unresponsive, but it just seems like the internet is disconnected when it is not.

Within the last week, I have installed a large program, MATLAB. I have since uninstalled MATLAB with no changes to system performance. My next step was then to see what MalwareBytes could find. After running the full scan, MB would freeze exactly 68 seconds in after multiple tries. I then saw that it was stuck on a file from Program Files\Firefox (which I never use). I then tried to uninstall Firefox from my system via Control Panel. From the Programs and Features menu, the Uninstall button had no effect for some reason. I then looked at how to manually uninstall Firefox on Mozilla's website. They suggested just deleting the whole Program Files\Firefox folder, so I did. I then ran MB again to see if it would get any further. Now it is getting stuck on a Windows Media Player file in Program Files.

This makes me think that there may be a larger issue besides just MATLAB or Firefox, but I'm not sure how to pinpoint it if MB or Windows Virus Scan (which also froze) can't do their jobs.

Does anyone have any suggestions?

Thanks!

TC
Back to Top
 

Robert Mateescu
Forum Moderator




Date Joined Sep 2011
Total Posts : 313
 
   Posted 5/17/2012 10:52 PM (GMT +3)    Quote: Virus Scan FailingAlert an admin about: Virus Scan Failing
Hi TC,


Here is what you need to:

1. Reboot your computer in Safe Mode with Networking by pressing F8 (or F5 on some computers) before Windows starts (before the Windows logo appears) and choosing Safe Mode with Networking from the following screen.
You can read more about how to start Windows in Safe Mode here.

2. Download the Combofix tool from here.
When finished, it will produce a log for you. The log is automatically saved on C:\ and is named Combofix.txt.

3. Restart in Normal Mode and post the log.

Cheers!


Robert Mateescu
Support Technician EN
support@bullguard.com
www.bullguard.com

Download the Free Trial version of BullGuard Internet Security 12

You have a BullGuard related problem? Contact our Support team directly: www.bullguard.com/support.aspx!

Back to Top
 

tcbull812
New Member


Date Joined May 2012
Total Posts : 4
 
   Posted 5/18/2012 12:52 AM (GMT +3)    Quote: Virus Scan FailingAlert an admin about: Virus Scan Failing
Thanks for your response Robert,

To be clear, I forgot to mention that I have been booting in safe mode. After running ComboFix, my suspicions of a virus are heightened. I am running ComboFix as Administrator from the only account on the computer (which is obviously an Admin account) and I get the message:

"Please wait
ComboFix is preparing to run.
Access Denied. Administrator permissions are needed to use the selected options.
Use an administrator command prompt to complete these tasks. (Isn't "a command window at C:\_ called Administrator:." this?)

Attempting to create a new System Restore point."

I was convinced that it was hung up on the "System Restore point" part, until it seemed to kick on and clear that stage. It says that it should take about 10 minutes unless the machine is badly infected, but it has been running for 30 minutes and just cleared stage 5. I've heard that ComboFix has about 50 stages, so this could take a while. I will update this as soon as it is finished and a logfile is created.

UPDATE

After about 2 hours of running ComboFix seems to have stalled. It has stopped after completing Stage 24 for about 45 minutes. If anything else happens I will update this post, but I don't anticipate seeing any further changes.

What should I do now? Might this stall be attributed to the "Access Denied" message and if so what steps should I take to ensure that ComboFix will run properly?

Thanks again!

TC

Post Edited (tcbull812) : 17-05-2012 23:29:11 GMT

Back to Top
 

Robert Mateescu
Forum Moderator




Date Joined Sep 2011
Total Posts : 313
 
   Posted 5/18/2012 3:59 PM (GMT +3)    Quote: Virus Scan FailingAlert an admin about: Virus Scan Failing
Hi TC,

Download a fresh copy of Combofix.
Right click on the tool ->Properties ->unblock and check the "read only" box, then press the "Apply" and "OK" buttons.
Cut the file and paste it in your C:\ drive.
Go to Start ->type cmd ->Right click on cmd.exe ->Run as administrator (if your using XP skip those steps).
In the Command Prompt window type:
cd C:\ [Enter]
combofix.exe

Let me know if combofix is able to complete the scan.

Cheers!


Robert Mateescu
Support Technician EN
support@bullguard.com
www.bullguard.com

Download the Free Trial version of BullGuard Internet Security 12

You have a BullGuard related problem? Contact our Support team directly: www.bullguard.com/support.aspx!

Back to Top
 

tcbull812
New Member


Date Joined May 2012
Total Posts : 4
 
   Posted 5/18/2012 8:26 PM (GMT +3)    Quote: Virus Scan FailingAlert an admin about: Virus Scan Failing
Robert,

It still gave me the same message when I started ComboFix about the "Administrator permissions are needed". I am going to let it keep running and we'll see what happens.

Also, I accidentally started my computer in normal mode because I wasn't paying attention on startup and I was given an error message from Windows Defender saying:

"Application failed to initialize: 0x800106ba. A problem caused this program's service to stop. To start the service, restart your computer or search Help and Support for how to start a service manually."

I then restarted my computer so I could get into Safe Mode and run ComboFix, but that was the first time I had seen that message so I thought it may be important.

ComboFix seems to be running a bit faster and I will update when it is finished or stalled.

Thanks again!

TC
Back to Top
 

tcbull812
New Member


Date Joined May 2012
Total Posts : 4
 
   Posted 5/18/2012 9:01 PM (GMT +3)    Quote: Virus Scan FailingAlert an admin about: Virus Scan Failing
Robert,

It finished running much faster this time. Only about 20 minutes. The logfile is below. I hate posting the logs on the forum, but it wouldn't allow me to upload a .txt file. If there's a different format I should use, let me know!

Thanks!

TC

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

ComboFix 12-05-18.02 - TC 05/18/2012 12:23:55.1.2 - x64 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3837.3071 [GMT -5:00]
Running from: C:\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Install.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
c:\programdata\SPL13A3.tmp
c:\programdata\SPLE14.tmp
c:\programdata\SPLF4A7.tmp
c:\users\TC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor
c:\users\TC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Antimalware Doctor.lnk
c:\users\TC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Uninstall.lnk
c:\users\TC\AppData\Roaming\scdata
c:\users\TC\AppData\Roaming\skynet.dat
c:\users\TC\AppData\Roaming\wp3.dat
c:\users\TC\AppData\Roaming\wp4.dat
c:\users\TC\Documents\~WRL0917.tmp
c:\users\TC\Documents\~WRL1507.tmp
C:\zip.exe
D:\AUTORUN.INF
.
.
((((((((((((((((((((((((( Files Created from 2012-04-18 to 2012-05-18 )))))))))))))))))))))))))))))))
.
.
2012-05-18 17:42 . 2012-05-18 17:42 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-05-18 17:42 . 2012-05-18 17:42 -------- d-----w- c:\users\RA Media Server\AppData\Local\temp
2012-05-18 17:42 . 2012-05-18 17:42 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2012-05-18 17:42 . 2012-05-18 17:42 -------- d-----w- c:\users\kodak\AppData\Local\temp
2012-05-18 17:42 . 2012-05-18 17:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-18 17:42 . 2012-05-18 17:42 -------- d-----w- c:\users\TC\AppData\Local\temp
2012-05-18 17:42 . 2012-05-18 17:42 -------- d-----w- c:\users\Admin\AppData\Local\temp
2012-05-15 15:11 . 2012-04-13 08:46 8917360 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8F4B3EB5-50F0-459A-8478-E8AC09E2B2D7}\mpengine.dll
2012-05-11 01:58 . 2012-05-11 01:58 -------- d-----w- c:\users\TC\AppData\Roaming\MathWorks
2012-05-01 21:59 . 2012-05-01 21:59 677136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-18 17:15 . 2009-09-23 16:22 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2012-05-18 17:15 . 2009-09-23 16:25 58288 ----a-w- c:\windows\SysWow64\rpcnet.dll
2012-03-06 09:18 . 2012-03-06 09:18 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-03-06 09:18 . 2012-03-06 09:18 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-03-06 09:18 . 2012-03-06 09:18 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-03-06 09:18 . 2012-03-06 09:18 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-03-06 09:18 . 2012-03-06 09:18 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-03-06 09:18 . 2012-03-06 09:18 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-03-06 09:18 . 2012-03-06 09:18 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-03-06 09:18 . 2012-03-06 09:18 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-03-06 09:18 . 2012-03-06 09:18 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-03-06 09:18 . 2012-03-06 09:18 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-03-06 09:18 . 2012-03-06 09:18 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-03-06 09:18 . 2012-03-06 09:18 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-03-06 09:18 . 2012-03-06 09:18 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-03-06 09:18 . 2012-03-06 09:18 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-03-06 09:18 . 2012-03-06 09:18 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-03-06 09:18 . 2012-03-06 09:18 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-03-06 09:18 . 2012-03-06 09:18 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-03-06 09:18 . 2012-03-06 09:18 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-03-06 09:18 . 2012-03-06 09:18 222208 ----a-w- c:\windows\system32\msls31.dll
2012-03-06 09:18 . 2012-03-06 09:18 12288 ----a-w- c:\windows\system32\mshta.exe
2012-03-06 09:18 . 2012-03-06 09:18 114176 ----a-w- c:\windows\system32\admparse.dll
2012-03-06 09:18 . 2012-03-06 09:18 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-03-06 09:18 . 2012-03-06 09:18 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-03-06 09:18 . 2012-03-06 09:18 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-03-06 09:18 . 2012-03-06 09:18 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-03-06 09:18 . 2012-03-06 09:18 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-03-06 09:18 . 2012-03-06 09:18 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-03-06 09:18 . 2012-03-06 09:18 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-03-06 09:18 . 2012-03-06 09:18 448512 ----a-w- c:\windows\system32\html.iec
2012-03-06 09:18 . 2012-03-06 09:18 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-03-06 09:18 . 2012-03-06 09:18 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-06 09:18 . 2012-03-06 09:18 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-03-06 09:18 . 2012-03-06 09:18 160256 ----a-w- c:\windows\system32\wextract.exe
2012-03-06 09:18 . 2012-03-06 09:18 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-02-29 15:37 . 2012-04-11 08:01 5632 ----a-w- c:\windows\system32\wmi.dll
2012-02-29 15:37 . 2012-04-11 08:01 219136 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 15:35 . 2012-04-11 08:01 78848 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 15:11 . 2012-04-11 08:01 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-02-29 15:11 . 2012-04-11 08:01 172032 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-02-29 15:09 . 2012-04-11 08:01 157696 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-02-29 13:52 . 2012-04-11 08:01 16384 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-02-28 06:56 . 2012-04-11 08:05 2311168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 06:49 . 2012-04-11 08:05 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 06:48 . 2012-04-11 08:05 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 06:42 . 2012-04-11 08:05 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-28 01:18 . 2012-04-11 08:05 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-02-28 01:11 . 2012-04-11 08:05 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11 . 2012-04-11 08:05 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-02-28 01:03 . 2012-04-11 08:05 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-02-23 15:18 . 2010-09-15 06:56 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\TC\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\TC\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\TC\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-03-29 39408]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-08-07 1242448]
"DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2011-08-17 4527424]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2011-10-12 643856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-10-03 38768]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-10-03 640376]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2009-06-24 95496]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"NI Background Service"="c:\program files (x86)\National Instruments\Shared\Update Service\niupdate.exe" [2010-05-28 77824]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe" [2009-04-17 165104]
.
c:\users\TC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\TC\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2011-8-8 977408]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
2009-06-24 21:31 140552 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli FAPassSync
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rpcnet]
@="Service"
.
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ECACHE
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-29 15:05]
.
2012-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-29 15:05]
.
2012-05-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2616114129-3826307178-347014154-1000Core.job
- c:\users\TC\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-23 02:05]
.
2012-05-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2616114129-3826307178-347014154-1000UA.job
- c:\users\TC\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-23 02:05]
.
2012-05-18 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2010-12-03 21:08]
.
2012-05-18 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\pcdrcui.exe [2010-12-03 21:08]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\TC\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\TC\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\TC\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-11-11 1657128]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2008-09-26 2041112]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-21 4119552]
"lxdqmon.exe"="c:\program files (x86)\Lexmark Z2400 Series\lxdqmon.exe" [2009-05-19 656040]
"EzPrint"="c:\program files (x86)\Lexmark Z2400 Series\ezprint.exe" [2009-05-19 107176]
"M-Audio Taskbar Icon"="c:\windows\System32\M-AudioTaskBarIcon64.exe" [2008-07-29 511488]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:55374
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
LSP: c:\windows\system32\wpclsp.dll
TCP: DhcpNameServer = 10.0.0.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-Akamai NetSession Interface - c:\users\TC\AppData\Local\Akamai\netsession_win.exe
Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe
Wow6432Node-HKLM-Run-FAStartup - (no file)
Wow6432Node-HKLM-Run-DellSupportCenter - c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
HKLM-Run-SysTrayApp - c:\program files (x86)\IDT\WDM\sttray64.exe
AddRemove-Mozilla Firefox 9.0.1 (x86 en-US) - c:\program files (x86)\Mozilla Firefox\uninstall\helper.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCD5SRVC{048DBD20-445E8C82-05040104}]
"ImagePath"="\??\c:\progra~2\DELLSU~1\HWDiag\bin\PCD5SRVC_x64.pkms"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-05-18 12:53:13
ComboFix-quarantined-files.txt 2012-05-18 17:53
.
Pre-Run: 165,321,351,168 bytes free
Post-Run: 164,406,939,648 bytes free
.
- - End Of File - - B0E959531062F078B98923EDA395091C
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Back to Top
 
New Topic Post reply to : Virus Scan Failing Printable version of : Virus Scan Failing
 
Forum Information
Currently it is Monday, October 20, 2014 12:41 PM (GMT +3)
There are a total of 60,670 posts in 13,334 threads.
In the last 3 days there were 0 new threads and 1 reply posts. View Active Threads
Who's Online
This forum has 36537 registered members. Please welcome our newest member, ericbana14.
3 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
My computer started running slow AFTER I installed bullguard (2)10/20/2014 1:21:09 AM (John_Don)