Solve : FireFox hanging +?

1.	Solve : FireFox hanging +?
Answer» Firefox 15 is hanging and unresponsive. Tried re-installing etc. MB says it is clean and dds and adwcleaner say ok. IExplorer seems to be ok. Below is combo fix. ComboFix 12-08-31.08 - Cesare 01/09/2012 12:52:46.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2815.1325 [GMT 1:00] Running from: c:\users\Cesare\Downloads\ComboFix.exe AV: Lavasoft Ad-Aware Enabled/Updated {445B48C3-0FA4-6B16-8F07-6506F305D800} AV: Microsoft Security Essentials Disabled/Updated {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} FW: Lavasoft Ad-Aware Disabled {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B} SP: Lavasoft Ad-Aware Enabled/Updated {FF3AA927-299E-6498-B5B7-5E74888292BD} SP: Microsoft Security Essentials Disabled/Updated {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Windows Defender Disabled/Outdated {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\Common Files\packardbell.ico c:\programdata\FullRemove.exe . . ((((((((((((((((((((((((( Files Created from 2012-08-01 to 2012-09-01 ))))))))))))))))))))))))))))))) . . 2012-09-01 12:03 . 2012-09-01 12:03--------d-----w-c:\users\LogMeInRemoteUser\AppData\Local\temp 2012-09-01 12:03 . 2012-09-01 12:03--------d-----w-c:\users\Default\AppData\Local\temp 2012-09-01 08:11 . 2012-09-01 08:11--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware 2012-09-01 08:11 . 2012-07-03 12:4624904----a-w-c:\windows\system32\drivers\mbam.sys 2012-09-01 07:15 . 2012-07-13 13:08504136----a-w-c:\windows\system32\EasyRedirect64.dll 2012-09-01 07:15 . 2012-07-13 13:08364360----a-w-c:\windows\SysWow64\EasyRedirect.dll 2012-09-01 07:14 . 2012-09-01 07:14--------d-----w-c:\program files\Easy-Hide-IP 2012-08-31 17:52 . 2012-08-23 08:269310152----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FBA07272-DF88-43EC-9087-B27B39FA6B1B}\mpengine.dll 2012-08-31 16:40 . 2012-08-31 16:40--------d-----w-c:\users\Cesare\AppData\Local\adaware 2012-08-31 16:40 . 2012-09-01 08:03--------d-----w-c:\programdata\Ad-Aware Browsing Protection 2012-08-31 16:40 . 2011-12-19 11:4460536----a-w-c:\windows\system32\drivers\sbhips.sys 2012-08-31 16:40 . 2011-12-19 12:2145936----a-w-c:\windows\system32\sbbd.exe 2012-08-31 16:40 . 2011-10-26 13:2357976----a-w-c:\windows\system32\drivers\sbredrv.sys 2012-08-31 16:40 . 2012-08-31 16:40--------d-----w-c:\programdata\Lavasoft 2012-08-31 16:40 . 2012-08-31 17:17--------d-----w-c:\program files (x86)\Ad-Aware Antivirus 2012-08-31 16:39 . 2012-08-31 16:39--------d-----w-c:\users\Cesare\AppData\Local\Downloaded Installations 2012-08-31 16:38 . 2012-08-31 18:25--------d-----w-c:\users\Cesare\AppData\Roaming\Ad-Aware Antivirus 2012-08-31 09:06 . 2012-06-26 10:25773968----a-w-c:\windows\system32\msvcr100.dll 2012-08-31 03:59 . 2009-05-18 12:1734152----a-w-c:\windows\system32\drivers\GEARAspiWDM.sys 2012-08-31 03:59 . 2008-04-17 11:12126312----a-w-c:\windows\system32\GEARAspi64.dll 2012-08-31 03:59 . 2008-04-17 11:12107368----a-w-c:\windows\SysWow64\GEARAspi.dll 2012-08-31 03:58 . 2012-08-31 03:58--------d-----w-c:\program files\iPod 2012-08-31 03:58 . 2012-08-31 03:59--------d-----w-c:\program files\iTunes 2012-08-31 03:58 . 2012-08-31 03:59--------d-----w-c:\program files (x86)\iTunes 2012-08-31 03:18 . 2012-08-31 03:18--------d-----w-c:\program files\Bonjour 2012-08-30 17:56 . 2012-08-30 17:56--------d-----w-c:\programdata\Okidata 2012-08-30 17:53 . 2012-08-23 08:269310152----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-08-30 17:48 . 2010-09-10 04:4967584----a-w-c:\windows\system32\okis2lna64.dll 2012-08-30 17:48 . 2010-01-27 05:05105984----a-w-c:\windows\system32\okscllna64.dll 2012-08-29 07:24 . 2012-08-29 07:24--------d-----w-c:\users\Cesare\AppData\Roaming\iFunbox_UserCache 2012-08-29 07:24 . 2012-08-29 07:24--------d-----w-c:\program files (x86)\i-Funbox DevTeam 2012-08-28 18:19 . 2012-08-28 18:19--------d-----w-c:\users\Cesare\AppData\Local\Macromedia 2012-08-28 18:04 . 2012-08-28 18:04--------d-----w-c:\program files (x86)\Common Files\IVA 2012-08-28 18:04 . 2012-08-28 18:04--------d-----w-c:\program files (x86)\Common Files\Nuance 2012-08-28 18:02 . 2012-08-28 18:02--------d-----w-c:\programdata\Macrovision 2012-08-28 17:35 . 2012-08-28 17:35--------d-----w-c:\program files (x86)\Creative 2012-08-28 12:29 . 2012-08-28 12:29--------d-----w-c:\users\Default\AppData\Local\Microsoft Help 2012-08-28 12:26 . 2012-08-28 12:26--------d-----w-c:\program files (x86)\Microsoft Security Client 2012-08-28 12:00 . 2003-11-10 17:14729088----a-w-c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll 2012-08-28 12:00 . 2003-11-10 17:1369715----a-w-c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll 2012-08-28 12:00 . 2003-11-10 17:12266240----a-w-c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll 2012-08-28 12:00 . 2003-11-10 17:12192512----a-w-c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll 2012-08-28 12:00 . 2003-11-10 17:115632----a-w-c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe 2012-08-28 12:00 . 2012-08-28 12:00311428----a-w-c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll 2012-08-28 12:00 . 2012-08-28 12:00188548----a-w-c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll 2012-08-28 11:59 . 2012-08-28 11:59--------d-----w-C:\Live! Cam 2012-08-28 11:59 . 2007-06-14 08:5499328----a-w-c:\windows\CtDrvIns.exe 2012-08-28 11:59 . 2007-02-15 12:26811008----a-w-c:\windows\SysWow64\cximage.dll 2012-08-28 11:59 . 2005-07-07 00:0725088----a-w-c:\windows\system32\CtCamMgr.dll 2012-08-28 10:33 . 2012-08-28 10:33--------d-----w-c:\program files (x86)\Enigma Software Group 2012-08-28 10:31 . 2012-08-31 15:50--------d-----w-c:\windows\CC1F6DA021D2425AB1B65B164A598450.TMP 2012-08-28 10:31 . 2012-08-28 10:31--------d-----w-c:\program files (x86)\Common Files\Wise Installation Wizard 2012-08-28 10:26 . 2012-08-28 12:17426184----a-w-c:\windows\SysWow64\FlashPlayerApp.exe 2012-08-28 10:24 . 2012-08-28 10:24--------d-----w-c:\users\Cesare\AppData\Local\Scansoft 2012-08-28 10:17 . 2012-02-09 13:17927800------w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2012-08-28 10:17 . 2012-02-09 13:17927800------w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E6383379-76B9-4ABD-AAAB-7777CCF30B6D}\gapaengine.dll 2012-08-28 10:05 . 2012-08-28 10:05--------d-----w-c:\windows\Temp250F8E53-DD37-B6DA-3FAD-F7846A9417EE-Signatures 2012-08-28 10:00 . 2012-03-01 06:4623408----a-w-c:\windows\system32\drivers\fs_rec.sys 2012-08-28 10:00 . 2012-03-01 06:3381408----a-w-c:\windows\system32\imagehlp.dll 2012-08-28 10:00 . 2012-03-01 05:33159232----a-w-c:\windows\SysWow64\imagehlp.dll 2012-08-28 10:00 . 2012-03-01 06:38220672----a-w-c:\windows\system32\wintrust.dll 2012-08-28 10:00 . 2012-03-01 06:285120----a-w-c:\windows\system32\wmi.dll 2012-08-28 10:00 . 2012-03-01 05:37172544----a-w-c:\windows\SysWow64\wintrust.dll 2012-08-28 10:00 . 2012-03-01 05:295120----a-w-c:\windows\SysWow64\wmi.dll 2012-08-28 09:30 . 2012-05-04 09:59514560----a-w-c:\windows\SysWow64\qdvd.dll 2012-08-28 09:30 . 2012-05-04 11:00366592----a-w-c:\windows\system32\qdvd.dll 2012-08-28 09:09 . 2012-08-28 09:09--------d-----w-c:\program files (x86)\Common Files\Skype 2012-08-28 09:04 . 2012-03-03 06:351544704----a-w-c:\windows\system32\DWrite.dll 2012-08-28 09:04 . 2012-03-03 05:311077248----a-w-c:\windows\SysWow64\DWrite.dll 2012-08-28 09:04 . 2012-05-05 08:36503808----a-w-c:\windows\system32\srcore.dll 2012-08-28 09:04 . 2012-05-05 07:4643008----a-w-c:\windows\SysWow64\srclient.dll 2012-08-28 09:03 . 2011-10-01 05:45886784----a-w-c:\program files\Common Files\System\wab32.dll 2012-08-28 09:03 . 2011-10-01 04:37708608----a-w-c:\program files (x86)\Common Files\System\wab32.dll 2012-08-28 09:03 . 2011-10-26 05:251572864----a-w-c:\windows\system32\quartz.dll 2012-08-28 09:03 . 2011-10-26 04:321328128----a-w-c:\windows\SysWow64\quartz.dll 2012-08-28 09:02 . 2012-01-04 10:44509952----a-w-c:\windows\system32\ntshrui.dll 2012-08-28 09:02 . 2012-01-04 08:58442880----a-w-c:\windows\SysWow64\ntshrui.dll 2012-08-28 09:01 . 2011-11-17 06:35395776----a-w-c:\windows\system32\webio.dll 2012-08-28 09:01 . 2011-11-17 05:35314880----a-w-c:\windows\SysWow64\webio.dll 2012-08-28 09:01 . 2012-06-06 06:062004480----a-w-c:\windows\system32\msxml6.dll 2012-08-28 09:01 . 2012-06-06 06:061881600----a-w-c:\windows\system32\msxml3.dll 2012-08-28 09:01 . 2012-06-06 05:051390080----a-w-c:\windows\SysWow64\msxml6.dll 2012-08-28 09:01 . 2012-06-06 05:051236992----a-w-c:\windows\SysWow64\msxml3.dll 2012-08-28 09:01 . 2010-06-26 03:552048----a-w-c:\windows\system32\msxml3r.dll 2012-08-28 09:01 . 2010-06-26 03:242048----a-w-c:\windows\SysWow64\msxml3r.dll 2012-08-28 09:00 . 2011-10-26 05:2143520----a-w-c:\windows\system32\csrsrv.dll 2012-08-28 09:00 . 2011-12-30 06:26515584----a-w-c:\windows\system32\timedate.cpl 2012-08-28 09:00 . 2011-12-30 05:27478720----a-w-c:\windows\SysWow64\timedate.cpl 2012-08-28 09:00 . 2012-02-11 06:43751104----a-w-c:\windows\system32\win32spl.dll 2012-08-28 08:59 . 2012-02-11 06:36559104----a-w-c:\windows\system32\spoolsv.exe 2012-08-28 08:59 . 2012-02-11 06:3667072----a-w-c:\windows\splwow64.exe 2012-08-28 08:59 . 2012-02-11 05:43492032----a-w-c:\windows\SysWow64\win32spl.dll 2012-08-28 08:58 . 2012-08-28 08:58--------d-----w-c:\programdata\InstallShield 2012-08-28 08:58 . 2012-08-28 08:58--------d-----w-c:\users\Cesare\AppData\Roaming\ScanSoft 2012-08-28 08:58 . 2012-06-09 05:4314172672----a-w-c:\windows\system32\shell32.dll 2012-08-28 08:58 . 2012-08-28 08:58--------d-----w-c:\program files (x86)\ScanSoft 2012-08-28 08:56 . 2012-05-01 05:40209920----a-w-c:\windows\system32\profsvc.dll 2012-08-28 08:55 . 2012-05-04 11:065559664----a-w-c:\windows\system32\ntoskrnl.exe 2012-08-28 08:55 . 2012-05-04 10:033968368----a-w-c:\windows\SysWow64\ntkrnlpa.exe 2012-08-28 08:55 . 2012-05-04 10:033913072----a-w-c:\windows\SysWow64\ntoskrnl.exe 2012-08-28 08:54 . 2011-08-17 05:26613888----a-w-c:\windows\system32\psisdecd.dll 2012-08-28 08:54 . 2011-08-17 04:24465408----a-w-c:\windows\SysWow64\psisdecd.dll 2012-08-28 08:54 . 2011-08-17 04:1975776----a-w-c:\windows\SysWow64\psisrndr.ax 2012-08-28 08:54 . 2011-08-17 05:25108032----a-w-c:\windows\system32\psisrndr.ax 2012-08-28 08:53 . 2012-04-28 03:55210944----a-w-c:\windows\system32\drivers\rdpwd.sys 2012-08-28 08:53 . 2011-12-28 03:59498688----a-w-c:\windows\system32\drivers\afd.sys 2012-08-28 08:52 . 2012-03-17 07:5875120----a-w-c:\windows\system32\drivers\partmgr.sys 2012-08-28 08:52 . 2012-04-07 12:313216384----a-w-c:\windows\system32\msi.dll 2012-08-28 08:52 . 2012-04-07 11:262342400----a-w-c:\windows\SysWow64\msi.dll 2012-08-28 08:52 . 2012-04-24 05:371462272----a-w-c:\windows\system32\crypt32.dll 2012-08-28 08:52 . 2012-04-24 05:37184320----a-w-c:\windows\system32\cryptsvc.dll 2012-08-28 08:52 . 2012-04-24 05:37140288----a-w-c:\windows\system32\cryptnet.dll 2012-08-28 08:52 . 2012-04-24 04:36140288----a-w-c:\windows\SysWow64\cryptsvc.dll 2012-08-28 08:52 . 2012-04-24 04:361158656----a-w-c:\windows\SysWow64\crypt32.dll 2012-08-28 08:52 . 2012-04-24 04:36103936----a-w-c:\windows\SysWow64\cryptnet.dll 2012-08-28 08:51 . 2012-07-04 22:1359392----a-w-c:\windows\system32\browcli.dll 2012-08-28 08:51 . 2012-07-04 22:13136704----a-w-c:\windows\system32\browser.dll 2012-08-28 08:51 . 2012-07-04 22:1673216----a-w-c:\windows\system32\netapi32.dll 2012-08-28 08:51 . 2012-07-04 21:1441984----a-w-c:\windows\SysWow64\browcli.dll 2012-08-28 08:50 . 2011-12-16 08:46634880----a-w-c:\windows\system32\msvcrt.dll 2012-08-28 08:50 . 2011-12-16 07:52690688----a-w-c:\windows\SysWow64\msvcrt.dll 2012-08-28 08:49 . 2012-07-18 18:153148800----a-w-c:\windows\system32\win32k.sys 2012-08-28 08:48 . 2012-05-14 05:26956928----a-w-c:\windows\system32\localspl.dll 2012-08-28 08:48 . 2011-08-27 05:37861696----a-w-c:\windows\system32\oleaut32.dll 2012-08-28 08:48 . 2011-08-27 05:37331776----a-w-c:\windows\system32\oleacc.dll . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-28 12:17 . 2011-06-15 13:2570344----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-08-03 03:27 . 2011-06-15 08:0262134624----a-w-c:\windows\system32\MRT.exe 2012-06-25 15:04 . 2012-06-25 15:041394248----a-w-c:\windows\SysWow64\msxml4.dll 2012-06-06 07:49 . 2012-06-06 07:491070152----a-w-c:\windows\SysWow64\MSCOMCTL.OCX . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty ENTRIES & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{73A89C60-CF59-4EC7-9215-9B7EF05ECEA4}] 2012-07-18 18:26195448----a-w-c:\program files (x86)\Nuance\NaturallySpeaking12\Program\ieshim.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:3694208----a-w-c:\users\Cesare\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:3694208----a-w-c:\users\Cesare\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:3694208----a-w-c:\users\Cesare\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:3694208----a-w-c:\users\Cesare\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-28 39408] "Easy-Hide-IP"="c:\program files\Easy-Hide-IP\easy-hide-ip.exe" [2012-07-13 4612424] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X] "Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "Malwarebytes Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] . c:\users\Cesare\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Cesare\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840] OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Stickies.lnk - c:\program files (x86)\Stickies\stickies.exe [2008-1-16 1122304] Wi-Fire Connection Manager.lnk - c:\program files (x86)\hField Technologies, Inc\Wi-Fire Connection Manager\Wi-Fire Connection Manager.exe [2011-8-25 417792] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service] @="Ad-Aware Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc] @="Service" . R2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-07-12 1239952] R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-28 135664] R2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2011-12-19 3289032] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-28 250056] R3 esgiguard;esgiguard;c:\program files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-28 135664] R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2010-04-19 22528] R3 netr28ux;Belkin N+ Wireless USB Adapter Driver;c:\windows\system32\DRIVERS\netr28ux.sys [2011-06-14 1061888] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2011-12-19 60536] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736] R3 VF0350Afx;VF0350 Audio FX;c:\windows\system32\Drivers\V0350Afx.sys [2007-06-11 214240] R3 VF0350Vfx;VF0350 Video FX;c:\windows\system32\DRIVERS\V0350VFx.sys [2007-03-05 12288] R3 VF0350Vid;Live! Cam Video IM (VF0350);c:\windows\system32\DRIVERS\V0350Vid.sys [2007-08-29 214976] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-06-14 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2008-06-16 55024] S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-10-26 57976] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-12-08 169312] S2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [2012-07-18 310232] S2 EasyRedirect;EasyRedirect;c:\program files\Easy-Hide-IP\rdr\EasyRedirect.exe [2012-07-13 3542856] S2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files (x86)\Packard Bell GameZone\GameConsole\OberonGameConsoleService.exe [2009-08-29 44312] S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-02-10 144672] S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2011-11-29 74872] S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2009-07-04 240160] S3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrxusb.sys [2008-07-28 1075712] S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2009-08-21 84512] . . Contents of the 'Scheduled Tasks' folder . 2012-08-31 c:\windows\Tasks\0.job - c:\program files (x86)\internet explorer\iexplore.exe [2012-08-28 01:00] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:3697792----a-w-c:\users\Cesare\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:3697792----a-w-c:\users\Cesare\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:3697792----a-w-c:\users\Cesare\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:3697792----a-w-c:\users\Cesare\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uStart Page = hxxp://www.bbc.co.uk/ uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=imedia_s3720&r=173606119306p03f5v1k5y4721031q mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = .local IE: Append to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Free YouTube Download - c:\users\Cesare\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm IE: Free YouTube to MP3 Converter - c:\users\Cesare\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm IE: OPEN with PDF Viewer Plus - c:\program files (x86)\Nuance\PDFViewerPlus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 LSP: c:\windows\system32\EasyRedirect.dll TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Cesare\AppData\Roaming\Mozilla\Firefox\Profiles\sdbtzu4f.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/ FF - prefs.js: network.proxy.type - 0 . . ------- File Associations ------- . JSEFile=NOTEPAD.EXE %1 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Toolbar-Locked - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-09-01 13:20:52 ComboFix-quarantined-files.txt 2012-09-01 12:20 . Pre-Run: 36,748,992,512 bytes free Post-Run: 36,613,259,264 bytes free . - - End Of File - - 5FBC790BC3BB303F89368B4FD269C0CB [year+ old attachment deleted by admin]Hi there. Please download aswMBR* from here Save aswMBR.exe to your Desktop Double click aswMBR.exe to run it Click the Scan button to start the scan as illustrated below Note: Do not take action against any Rootkit entries until I have reviewed the log. Often there are false positives Once the scan finishes click Save log to save the log to your Desktop Copy and paste the contents of aswMBR.txt back here for review Thanks DMJ aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software Run date: 2012-09-01 19:46:42 ----------------------------- 19:46:42.604 OS Version: Windows x64 6.1.7601 Service Pack 1 19:46:42.604 Number of processors: 4 586 0x170A 19:46:42.605 ComputerName: CESARE-PC UserName: Cesare 19:46:43.393 Initialize success 19:48:40.504 AVAST engine defs: 12090100 19:48:54.964 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005c 19:48:54.968 Disk 0 Vendor: Hitachi_ ST2O Size: 305245MB BusType: 3 19:48:55.021 Disk 0 MBR read successfully 19:48:55.027 Disk 0 MBR scan 19:48:55.037 Disk 0 Windows 7 default MBR code 19:48:55.045 Disk 0 Partition 1 00 42 SFS 0 MB offset 63 19:48:55.072 Disk 0 Partition 2 00 27 Hidden NTFS WinRE NTFS 15360 MB offset 2048 19:48:55.087 Disk 0 Partition 3 80 (A) 42 SFS NTFS 100 MB offset 31459328 19:48:55.103 Disk 0 Partition 4 00 42 SFS NTFS 144846 MB offset 31664128 19:48:55.111 Disk 0 scanning C:\Windows\system32\drivers 19:48:55.119 Service scanning 19:49:23.738 Modules scanning 19:49:23.750 Disk 0 trace - called modules: 19:49:23.770 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys 19:49:24.011 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800334b060] 19:49:24.019 3 CLASSPNP.SYS[fffff88001bbd43f] -> nt!IofCallDriver -> [0xfffffa8002fc2e40] 19:49:24.031 5 ACPI.sys[fffff88000f877a1] -> nt!IofCallDriver -> \Device\0000005c[0xfffffa8002fb66f0] 19:49:25.130 AVAST engine scan C:\Windows 19:49:25.139 AVAST engine scan C:\Windows\system32 19:49:25.152 AVAST engine scan C:\Windows\system32\drivers 19:49:25.162 AVAST engine scan C:\Users\Cesare 19:49:25.173 AVAST engine scan C:\ProgramData 19:49:25.183 Scan finished successfully 19:49:58.375 Disk 0 MBR has been saved successfully to "C:\Users\Cesare\Desktop\MBR.dat" 19:49:58.389 The log file has been saved successfully to "C:\Users\Cesare\Desktop\aswMBR001.txt" Please download AdwCleaner by Xplode onto your Desktop. Double click on AdwCleaner.exe to run the tool. Click on Search. A logfile will automatically open after the scan has finished. Please post the content of that logfile in your reply. You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number. # AdwCleaner v2.000 - Logfile created 09/02/2012 at 23:16:08 # Updated 30/08/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Cesare - CESARE-PC # Boot Mode : Normal # Running from : C:\Users\Cesare\Downloads\adwcleaner.exe # Option [Search] *** [Services] * * [Files / Folders] * * [Registry] * * [Internet Browsers] * -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. -\\ Mozilla Firefox v15.0 (en-US) Profile name : default File : C:\Users\Cesare\AppData\Roaming\Mozilla\Firefox\Profiles\sdbtzu4f.default\prefs.js [OK] File is clean. -\\ Google Chrome v [Unable to get version] File : C:\Users\Cesare\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. -\\ Opera v11.11.2109.0 File : C:\Users\Cesare\AppData\Roaming\Opera\Opera\operaprefs.ini [OK] File is clean. ********************* AdwCleaner[S1].txt - [5842 octets] - [01/09/2012 09:01:21] AdwCleaner[R1].txt - [1179 octets] - [02/09/2012 12:22:01] AdwCleaner[S2].txt - [1390 octets] - [02/09/2012 12:22:21] AdwCleaner[R2].txt - [1151 octets] - [02/09/2012 23:16:08] ########## EOF - C:\AdwCleaner[R2].txt - [1211 octets] ########## Cheers altvicRogueKiller log: RogueKiller V8.0.2 [08/31/2012] by Tigzy mail: tigzyRKgmailcom Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Cesare [Admin rights] Mode : Scan -- Date : 09/02/2012 23:20:52 ¤¤¤ Bad processes : 3 ¤¤¤ [RESIDUE] iexplore.exe -- C:\Program Files (x86)\Internet Explorer\iexplore.exe -> KILLED [TermProc] [RESIDUE] iexplore.exe -- C:\Program Files (x86)\Internet Explorer\iexplore.exe -> KILLED [TermProc] [RESIDUE] iexplore.exe -- C:\Program Files (x86)\Internet Explorer\iexplore.exe -> KILLED [TermThr] ¤¤¤ Registry Entries : 11 ¤¤¤ [TASK][ROGUE ST] 0.job : c:\program files (x86)\internet explorer\iexplore.exe -> FOUND [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND [HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [FILEASSO] HKLM\[...]\command : ("C:\Program Files (x86)\Internet Explorer\iexplore.exe") -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Hitachi HDT721032SLA SCSI Disk Device +++++ --- User --- [MBR] b6fca15b00ab5cfcd59958d591ebc78d [BSP] 018e58c0f60582cf2d35679dcc2f8b1b : Windows 7 MBR Code Partition table: 0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 \| Size: 0 Mo 1 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 \| Size: 15360 Mo 2 - [ACTIVE] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 31459328 \| Size: 100 Mo 3 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 31664128 \| Size: 144846 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[1].txt >> RKreport[1].txt Please download and run TDSSKiller to your desktop as outlined below: Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters. For Windows XP, double-click to start. For Vista or Windows 7, do a right-click on the program, select Run as ADMINISTRATOR to start, & when PROMPTED Allow to run. ------------------------- Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK. ------------------------ Click the Start Scan button. ----------------------- If a suspicious object is detected, the default action will be Skip, click on Continue If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose Skip and click on Continue ---------------------- If malicious objects are found, they will show in the Scan results and offer three (3) options. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed. -------------------- A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply. Sometimes these logs can be very large, in that case please attach it or zip it up and attach it. ------------------- Here's a summary of what to do if you would like to print it out: If a suspicious object is detected, the default action will be Skip, click on Continue If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose Skip and click on Continue If malicious objects are found, they will show in the Scan results and offer three (3) options. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.**

Answer»

Firefox 15 is hanging and unresponsive. Tried re-installing etc. MB says it is clean and dds and adwcleaner say ok. IExplorer seems to be ok. Below is combo fix.
ComboFix 12-08-31.08 - Cesare 01/09/2012 12:52:46.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2815.1325 [GMT 1:00]
Running from: c:\users\Cesare\Downloads\ComboFix.exe
AV: Lavasoft Ad-Aware *Enabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
SP: Lavasoft Ad-Aware *Enabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\packardbell.ico
c:\programdata\FullRemove.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-08-01 to 2012-09-01 )))))))))))))))))))))))))))))))
.
.
2012-09-01 12:03 . 2012-09-01 12:03--------d-----w-c:\users\LogMeInRemoteUser\AppData\Local\temp
2012-09-01 12:03 . 2012-09-01 12:03--------d-----w-c:\users\Default\AppData\Local\temp
2012-09-01 08:11 . 2012-09-01 08:11--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-01 08:11 . 2012-07-03 12:4624904----a-w-c:\windows\system32\drivers\mbam.sys
2012-09-01 07:15 . 2012-07-13 13:08504136----a-w-c:\windows\system32\EasyRedirect64.dll
2012-09-01 07:15 . 2012-07-13 13:08364360----a-w-c:\windows\SysWow64\EasyRedirect.dll
2012-09-01 07:14 . 2012-09-01 07:14--------d-----w-c:\program files\Easy-Hide-IP
2012-08-31 17:52 . 2012-08-23 08:269310152----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FBA07272-DF88-43EC-9087-B27B39FA6B1B}\mpengine.dll
2012-08-31 16:40 . 2012-08-31 16:40--------d-----w-c:\users\Cesare\AppData\Local\adaware
2012-08-31 16:40 . 2012-09-01 08:03--------d-----w-c:\programdata\Ad-Aware Browsing Protection
2012-08-31 16:40 . 2011-12-19 11:4460536----a-w-c:\windows\system32\drivers\sbhips.sys
2012-08-31 16:40 . 2011-12-19 12:2145936----a-w-c:\windows\system32\sbbd.exe
2012-08-31 16:40 . 2011-10-26 13:2357976----a-w-c:\windows\system32\drivers\sbredrv.sys
2012-08-31 16:40 . 2012-08-31 16:40--------d-----w-c:\programdata\Lavasoft
2012-08-31 16:40 . 2012-08-31 17:17--------d-----w-c:\program files (x86)\Ad-Aware Antivirus
2012-08-31 16:39 . 2012-08-31 16:39--------d-----w-c:\users\Cesare\AppData\Local\Downloaded Installations
2012-08-31 16:38 . 2012-08-31 18:25--------d-----w-c:\users\Cesare\AppData\Roaming\Ad-Aware Antivirus
2012-08-31 09:06 . 2012-06-26 10:25773968----a-w-c:\windows\system32\msvcr100.dll
2012-08-31 03:59 . 2009-05-18 12:1734152----a-w-c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-31 03:59 . 2008-04-17 11:12126312----a-w-c:\windows\system32\GEARAspi64.dll
2012-08-31 03:59 . 2008-04-17 11:12107368----a-w-c:\windows\SysWow64\GEARAspi.dll
2012-08-31 03:58 . 2012-08-31 03:58--------d-----w-c:\program files\iPod
2012-08-31 03:58 . 2012-08-31 03:59--------d-----w-c:\program files\iTunes
2012-08-31 03:58 . 2012-08-31 03:59--------d-----w-c:\program files (x86)\iTunes
2012-08-31 03:18 . 2012-08-31 03:18--------d-----w-c:\program files\Bonjour
2012-08-30 17:56 . 2012-08-30 17:56--------d-----w-c:\programdata\Okidata
2012-08-30 17:53 . 2012-08-23 08:269310152----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-30 17:48 . 2010-09-10 04:4967584----a-w-c:\windows\system32\okis2lna64.dll
2012-08-30 17:48 . 2010-01-27 05:05105984----a-w-c:\windows\system32\okscllna64.dll
2012-08-29 07:24 . 2012-08-29 07:24--------d-----w-c:\users\Cesare\AppData\Roaming\iFunbox_UserCache
2012-08-29 07:24 . 2012-08-29 07:24--------d-----w-c:\program files (x86)\i-Funbox DevTeam
2012-08-28 18:19 . 2012-08-28 18:19--------d-----w-c:\users\Cesare\AppData\Local\Macromedia
2012-08-28 18:04 . 2012-08-28 18:04--------d-----w-c:\program files (x86)\Common Files\IVA
2012-08-28 18:04 . 2012-08-28 18:04--------d-----w-c:\program files (x86)\Common Files\Nuance
2012-08-28 18:02 . 2012-08-28 18:02--------d-----w-c:\programdata\Macrovision
2012-08-28 17:35 . 2012-08-28 17:35--------d-----w-c:\program files (x86)\Creative
2012-08-28 12:29 . 2012-08-28 12:29--------d-----w-c:\users\Default\AppData\Local\Microsoft Help
2012-08-28 12:26 . 2012-08-28 12:26--------d-----w-c:\program files (x86)\Microsoft Security Client
2012-08-28 12:00 . 2003-11-10 17:14729088----a-w-c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2012-08-28 12:00 . 2003-11-10 17:1369715----a-w-c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2012-08-28 12:00 . 2003-11-10 17:12266240----a-w-c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2012-08-28 12:00 . 2003-11-10 17:12192512----a-w-c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2012-08-28 12:00 . 2003-11-10 17:115632----a-w-c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2012-08-28 12:00 . 2012-08-28 12:00311428----a-w-c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2012-08-28 12:00 . 2012-08-28 12:00188548----a-w-c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2012-08-28 11:59 . 2012-08-28 11:59--------d-----w-C:\Live! Cam
2012-08-28 11:59 . 2007-06-14 08:5499328----a-w-c:\windows\CtDrvIns.exe
2012-08-28 11:59 . 2007-02-15 12:26811008----a-w-c:\windows\SysWow64\cximage.dll
2012-08-28 11:59 . 2005-07-07 00:0725088----a-w-c:\windows\system32\CtCamMgr.dll
2012-08-28 10:33 . 2012-08-28 10:33--------d-----w-c:\program files (x86)\Enigma Software Group
2012-08-28 10:31 . 2012-08-31 15:50--------d-----w-c:\windows\CC1F6DA021D2425AB1B65B164A598450.TMP
2012-08-28 10:31 . 2012-08-28 10:31--------d-----w-c:\program files (x86)\Common Files\Wise Installation Wizard
2012-08-28 10:26 . 2012-08-28 12:17426184----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-28 10:24 . 2012-08-28 10:24--------d-----w-c:\users\Cesare\AppData\Local\Scansoft
2012-08-28 10:17 . 2012-02-09 13:17927800------w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-08-28 10:17 . 2012-02-09 13:17927800------w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E6383379-76B9-4ABD-AAAB-7777CCF30B6D}\gapaengine.dll
2012-08-28 10:05 . 2012-08-28 10:05--------d-----w-c:\windows\Temp250F8E53-DD37-B6DA-3FAD-F7846A9417EE-Signatures
2012-08-28 10:00 . 2012-03-01 06:4623408----a-w-c:\windows\system32\drivers\fs_rec.sys
2012-08-28 10:00 . 2012-03-01 06:3381408----a-w-c:\windows\system32\imagehlp.dll
2012-08-28 10:00 . 2012-03-01 05:33159232----a-w-c:\windows\SysWow64\imagehlp.dll
2012-08-28 10:00 . 2012-03-01 06:38220672----a-w-c:\windows\system32\wintrust.dll
2012-08-28 10:00 . 2012-03-01 06:285120----a-w-c:\windows\system32\wmi.dll
2012-08-28 10:00 . 2012-03-01 05:37172544----a-w-c:\windows\SysWow64\wintrust.dll
2012-08-28 10:00 . 2012-03-01 05:295120----a-w-c:\windows\SysWow64\wmi.dll
2012-08-28 09:30 . 2012-05-04 09:59514560----a-w-c:\windows\SysWow64\qdvd.dll
2012-08-28 09:30 . 2012-05-04 11:00366592----a-w-c:\windows\system32\qdvd.dll
2012-08-28 09:09 . 2012-08-28 09:09--------d-----w-c:\program files (x86)\Common Files\Skype
2012-08-28 09:04 . 2012-03-03 06:351544704----a-w-c:\windows\system32\DWrite.dll
2012-08-28 09:04 . 2012-03-03 05:311077248----a-w-c:\windows\SysWow64\DWrite.dll
2012-08-28 09:04 . 2012-05-05 08:36503808----a-w-c:\windows\system32\srcore.dll
2012-08-28 09:04 . 2012-05-05 07:4643008----a-w-c:\windows\SysWow64\srclient.dll
2012-08-28 09:03 . 2011-10-01 05:45886784----a-w-c:\program files\Common Files\System\wab32.dll
2012-08-28 09:03 . 2011-10-01 04:37708608----a-w-c:\program files (x86)\Common Files\System\wab32.dll
2012-08-28 09:03 . 2011-10-26 05:251572864----a-w-c:\windows\system32\quartz.dll
2012-08-28 09:03 . 2011-10-26 04:321328128----a-w-c:\windows\SysWow64\quartz.dll
2012-08-28 09:02 . 2012-01-04 10:44509952----a-w-c:\windows\system32\ntshrui.dll
2012-08-28 09:02 . 2012-01-04 08:58442880----a-w-c:\windows\SysWow64\ntshrui.dll
2012-08-28 09:01 . 2011-11-17 06:35395776----a-w-c:\windows\system32\webio.dll
2012-08-28 09:01 . 2011-11-17 05:35314880----a-w-c:\windows\SysWow64\webio.dll
2012-08-28 09:01 . 2012-06-06 06:062004480----a-w-c:\windows\system32\msxml6.dll
2012-08-28 09:01 . 2012-06-06 06:061881600----a-w-c:\windows\system32\msxml3.dll
2012-08-28 09:01 . 2012-06-06 05:051390080----a-w-c:\windows\SysWow64\msxml6.dll
2012-08-28 09:01 . 2012-06-06 05:051236992----a-w-c:\windows\SysWow64\msxml3.dll
2012-08-28 09:01 . 2010-06-26 03:552048----a-w-c:\windows\system32\msxml3r.dll
2012-08-28 09:01 . 2010-06-26 03:242048----a-w-c:\windows\SysWow64\msxml3r.dll
2012-08-28 09:00 . 2011-10-26 05:2143520----a-w-c:\windows\system32\csrsrv.dll
2012-08-28 09:00 . 2011-12-30 06:26515584----a-w-c:\windows\system32\timedate.cpl
2012-08-28 09:00 . 2011-12-30 05:27478720----a-w-c:\windows\SysWow64\timedate.cpl
2012-08-28 09:00 . 2012-02-11 06:43751104----a-w-c:\windows\system32\win32spl.dll
2012-08-28 08:59 . 2012-02-11 06:36559104----a-w-c:\windows\system32\spoolsv.exe
2012-08-28 08:59 . 2012-02-11 06:3667072----a-w-c:\windows\splwow64.exe
2012-08-28 08:59 . 2012-02-11 05:43492032----a-w-c:\windows\SysWow64\win32spl.dll
2012-08-28 08:58 . 2012-08-28 08:58--------d-----w-c:\programdata\InstallShield
2012-08-28 08:58 . 2012-08-28 08:58--------d-----w-c:\users\Cesare\AppData\Roaming\ScanSoft
2012-08-28 08:58 . 2012-06-09 05:4314172672----a-w-c:\windows\system32\shell32.dll
2012-08-28 08:58 . 2012-08-28 08:58--------d-----w-c:\program files (x86)\ScanSoft
2012-08-28 08:56 . 2012-05-01 05:40209920----a-w-c:\windows\system32\profsvc.dll
2012-08-28 08:55 . 2012-05-04 11:065559664----a-w-c:\windows\system32\ntoskrnl.exe
2012-08-28 08:55 . 2012-05-04 10:033968368----a-w-c:\windows\SysWow64\ntkrnlpa.exe
2012-08-28 08:55 . 2012-05-04 10:033913072----a-w-c:\windows\SysWow64\ntoskrnl.exe
2012-08-28 08:54 . 2011-08-17 05:26613888----a-w-c:\windows\system32\psisdecd.dll
2012-08-28 08:54 . 2011-08-17 04:24465408----a-w-c:\windows\SysWow64\psisdecd.dll
2012-08-28 08:54 . 2011-08-17 04:1975776----a-w-c:\windows\SysWow64\psisrndr.ax
2012-08-28 08:54 . 2011-08-17 05:25108032----a-w-c:\windows\system32\psisrndr.ax
2012-08-28 08:53 . 2012-04-28 03:55210944----a-w-c:\windows\system32\drivers\rdpwd.sys
2012-08-28 08:53 . 2011-12-28 03:59498688----a-w-c:\windows\system32\drivers\afd.sys
2012-08-28 08:52 . 2012-03-17 07:5875120----a-w-c:\windows\system32\drivers\partmgr.sys
2012-08-28 08:52 . 2012-04-07 12:313216384----a-w-c:\windows\system32\msi.dll
2012-08-28 08:52 . 2012-04-07 11:262342400----a-w-c:\windows\SysWow64\msi.dll
2012-08-28 08:52 . 2012-04-24 05:371462272----a-w-c:\windows\system32\crypt32.dll
2012-08-28 08:52 . 2012-04-24 05:37184320----a-w-c:\windows\system32\cryptsvc.dll
2012-08-28 08:52 . 2012-04-24 05:37140288----a-w-c:\windows\system32\cryptnet.dll
2012-08-28 08:52 . 2012-04-24 04:36140288----a-w-c:\windows\SysWow64\cryptsvc.dll
2012-08-28 08:52 . 2012-04-24 04:361158656----a-w-c:\windows\SysWow64\crypt32.dll
2012-08-28 08:52 . 2012-04-24 04:36103936----a-w-c:\windows\SysWow64\cryptnet.dll
2012-08-28 08:51 . 2012-07-04 22:1359392----a-w-c:\windows\system32\browcli.dll
2012-08-28 08:51 . 2012-07-04 22:13136704----a-w-c:\windows\system32\browser.dll
2012-08-28 08:51 . 2012-07-04 22:1673216----a-w-c:\windows\system32\netapi32.dll
2012-08-28 08:51 . 2012-07-04 21:1441984----a-w-c:\windows\SysWow64\browcli.dll
2012-08-28 08:50 . 2011-12-16 08:46634880----a-w-c:\windows\system32\msvcrt.dll
2012-08-28 08:50 . 2011-12-16 07:52690688----a-w-c:\windows\SysWow64\msvcrt.dll
2012-08-28 08:49 . 2012-07-18 18:153148800----a-w-c:\windows\system32\win32k.sys
2012-08-28 08:48 . 2012-05-14 05:26956928----a-w-c:\windows\system32\localspl.dll
2012-08-28 08:48 . 2011-08-27 05:37861696----a-w-c:\windows\system32\oleaut32.dll
2012-08-28 08:48 . 2011-08-27 05:37331776----a-w-c:\windows\system32\oleacc.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-28 12:17 . 2011-06-15 13:2570344----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-03 03:27 . 2011-06-15 08:0262134624----a-w-c:\windows\system32\MRT.exe
2012-06-25 15:04 . 2012-06-25 15:041394248----a-w-c:\windows\SysWow64\msxml4.dll
2012-06-06 07:49 . 2012-06-06 07:491070152----a-w-c:\windows\SysWow64\MSCOMCTL.OCX
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty ENTRIES & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{73A89C60-CF59-4EC7-9215-9B7EF05ECEA4}]
2012-07-18 18:26195448----a-w-c:\program files (x86)\Nuance\NaturallySpeaking12\Program\ieshim.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:3694208----a-w-c:\users\Cesare\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:3694208----a-w-c:\users\Cesare\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:3694208----a-w-c:\users\Cesare\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:3694208----a-w-c:\users\Cesare\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-28 39408]
"Easy-Hide-IP"="c:\program files\Easy-Hide-IP\easy-hide-ip.exe" [2012-07-13 4612424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\users\Cesare\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Cesare\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Stickies.lnk - c:\program files (x86)\Stickies\stickies.exe [2008-1-16 1122304]
Wi-Fire Connection Manager.lnk - c:\program files (x86)\hField Technologies, Inc\Wi-Fire Connection Manager\Wi-Fire Connection Manager.exe [2011-8-25 417792]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
R2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-07-12 1239952]
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-28 135664]
R2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2011-12-19 3289032]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-28 250056]
R3 esgiguard;esgiguard;c:\program files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-28 135664]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2010-04-19 22528]
R3 netr28ux;Belkin N+ Wireless USB Adapter Driver;c:\windows\system32\DRIVERS\netr28ux.sys [2011-06-14 1061888]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe

R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2011-12-19 60536]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
R3 VF0350Afx;VF0350 Audio FX;c:\windows\system32\Drivers\V0350Afx.sys [2007-06-11 214240]
R3 VF0350Vfx;VF0350 Video FX;c:\windows\system32\DRIVERS\V0350VFx.sys [2007-03-05 12288]
R3 VF0350Vid;Live! Cam Video IM (VF0350);c:\windows\system32\DRIVERS\V0350Vid.sys [2007-08-29 214976]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-06-14 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2008-06-16 55024]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-10-26 57976]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-12-08 169312]
S2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [2012-07-18 310232]
S2 EasyRedirect;EasyRedirect;c:\program files\Easy-Hide-IP\rdr\EasyRedirect.exe [2012-07-13 3542856]
S2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files (x86)\Packard Bell GameZone\GameConsole\OberonGameConsoleService.exe [2009-08-29 44312]
S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-02-10 144672]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2011-11-29 74872]
S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2009-07-04 240160]
S3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrxusb.sys [2008-07-28 1075712]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2009-08-21 84512]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-31 c:\windows\Tasks\0.job
- c:\program files (x86)\internet explorer\iexplore.exe [2012-08-28 01:00]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:3697792----a-w-c:\users\Cesare\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:3697792----a-w-c:\users\Cesare\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:3697792----a-w-c:\users\Cesare\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:3697792----a-w-c:\users\Cesare\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bbc.co.uk/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=imedia_s3720&r=173606119306p03f5v1k5y4721031q
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Cesare\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Cesare\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: OPEN with PDF Viewer Plus - c:\program files (x86)\Nuance\PDFViewerPlus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
LSP: c:\windows\system32\EasyRedirect.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Cesare\AppData\Roaming\Mozilla\Firefox\Profiles\sdbtzu4f.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/
FF - prefs.js: network.proxy.type - 0
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-09-01 13:20:52
ComboFix-quarantined-files.txt 2012-09-01 12:20
.
Pre-Run: 36,748,992,512 bytes free
Post-Run: 36,613,259,264 bytes free
.
- - End Of File - - 5FBC790BC3BB303F89368B4FD269C0CB

[year+ old attachment deleted by admin]Hi there.

Please download aswMBR from here

Save aswMBR.exe to your Desktop
Double click aswMBR.exe to run it
Click the Scan button to start the scan as illustrated below

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

Once the scan finishes click Save log to save the log to your Desktop
Copy and paste the contents of aswMBR.txt back here for review

Thanks DMJ
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-01 19:46:42
-----------------------------
19:46:42.604 OS Version: Windows x64 6.1.7601 Service Pack 1
19:46:42.604 Number of processors: 4 586 0x170A
19:46:42.605 ComputerName: CESARE-PC UserName: Cesare
19:46:43.393 Initialize success
19:48:40.504 AVAST engine defs: 12090100
19:48:54.964 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005c
19:48:54.968 Disk 0 Vendor: Hitachi_ ST2O Size: 305245MB BusType: 3
19:48:55.021 Disk 0 MBR read successfully
19:48:55.027 Disk 0 MBR scan
19:48:55.037 Disk 0 Windows 7 default MBR code
19:48:55.045 Disk 0 Partition 1 00 42 SFS 0 MB offset 63
19:48:55.072 Disk 0 Partition 2 00 27 Hidden NTFS WinRE NTFS 15360 MB offset 2048
19:48:55.087 Disk 0 Partition 3 80 (A) 42 SFS NTFS 100 MB offset 31459328
19:48:55.103 Disk 0 Partition 4 00 42 SFS NTFS 144846 MB offset 31664128
19:48:55.111 Disk 0 scanning C:\Windows\system32\drivers
19:48:55.119 Service scanning
19:49:23.738 Modules scanning
19:49:23.750 Disk 0 trace - called modules:
19:49:23.770 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys
19:49:24.011 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800334b060]
19:49:24.019 3 CLASSPNP.SYS[fffff88001bbd43f] -> nt!IofCallDriver -> [0xfffffa8002fc2e40]
19:49:24.031 5 ACPI.sys[fffff88000f877a1] -> nt!IofCallDriver -> \Device\0000005c[0xfffffa8002fb66f0]
19:49:25.130 AVAST engine scan C:\Windows
19:49:25.139 AVAST engine scan C:\Windows\system32
19:49:25.152 AVAST engine scan C:\Windows\system32\drivers
19:49:25.162 AVAST engine scan C:\Users\Cesare
19:49:25.173 AVAST engine scan C:\ProgramData
19:49:25.183 Scan finished successfully
19:49:58.375 Disk 0 MBR has been saved successfully to "C:\Users\Cesare\Desktop\MBR.dat"
19:49:58.389 The log file has been saved successfully to "C:\Users\Cesare\Desktop\aswMBR001.txt"

Please download AdwCleaner by Xplode onto your Desktop.

Double click on AdwCleaner.exe to run the tool.
Click on Search.
A logfile will automatically open after the scan has finished.
Please post the content of that logfile in your reply.
You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

# AdwCleaner v2.000 - Logfile created 09/02/2012 at 23:16:08
# Updated 30/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Cesare - CESARE-PC
# Boot Mode : Normal
# Running from : C:\Users\Cesare\Downloads\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0 (en-US)

Profile name : default
File : C:\Users\Cesare\AppData\Roaming\Mozilla\Firefox\Profiles\sdbtzu4f.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Cesare\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v11.11.2109.0

File : C:\Users\Cesare\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [5842 octets] - [01/09/2012 09:01:21]
AdwCleaner[R1].txt - [1179 octets] - [02/09/2012 12:22:01]
AdwCleaner[S2].txt - [1390 octets] - [02/09/2012 12:22:21]
AdwCleaner[R2].txt - [1151 octets] - [02/09/2012 23:16:08]

########## EOF - C:\AdwCleaner[R2].txt - [1211 octets] ##########

Cheers
altvicRogueKiller log:
RogueKiller V8.0.2 [08/31/2012] by Tigzy
mail: tigzyRKgmailcom
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Cesare [Admin rights]
Mode : Scan -- Date : 09/02/2012 23:20:52

¤¤¤ Bad processes : 3 ¤¤¤
[RESIDUE] iexplore.exe -- C:\Program Files (x86)\Internet Explorer\iexplore.exe -> KILLED [TermProc]
[RESIDUE] iexplore.exe -- C:\Program Files (x86)\Internet Explorer\iexplore.exe -> KILLED [TermProc]
[RESIDUE] iexplore.exe -- C:\Program Files (x86)\Internet Explorer\iexplore.exe -> KILLED [TermThr]

¤¤¤ Registry Entries : 11 ¤¤¤
[TASK][ROGUE ST] 0.job : c:\program files (x86)\internet explorer\iexplore.exe -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[FILEASSO] HKLM\[...]\command : ("C:\Program Files (x86)\Internet Explorer\iexplore.exe") -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HDT721032SLA SCSI Disk Device +++++
--- User ---
[MBR] b6fca15b00ab5cfcd59958d591ebc78d
[BSP] 018e58c0f60582cf2d35679dcc2f8b1b : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 0 Mo
1 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15360 Mo
2 - [ACTIVE] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 31459328 | Size: 100 Mo
3 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 31664128 | Size: 144846 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as ADMINISTRATOR to start, & when PROMPTED Allow to run.

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

------------------------

Click the Start Scan button.

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Solve : FireFox hanging +?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment