MS Removal Tool

View previous topic View next topic Go down

MS Removal Tool

Post by akhavens on 11th April 2011, 2:07 am

I have ran the scan from malwarebytes 4 times in safe mode including two quick scans and two full scans. I can only get the program to run in safe mode and still no dice. Can you help. I can not get malware byte to run in normal mode.

akhavens
Beginner
Beginner

Posts Posts : 3
Joined Joined : 2011-04-11
OS OS : 7
Points Points : 20743
# Likes # Likes : 0

View user profile

Back to top Go down

Re: MS Removal Tool

Post by Crush on 11th April 2011, 7:16 pm

Hi,

Please download ComboFix from [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]


Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42148
# Likes # Likes : 0

View user profile

Back to top Go down

Combofix report

Post by akhavens on 11th April 2011, 7:46 pm

ComboFix 11-04-11.01 - Alicia 04/11/2011 12:39:29.1.4 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3957.3245 [GMT -7:00]
Running from: c:\users\Alicia\Desktop\commy.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\nMi24500nKcHd24500
c:\programdata\nMi24500nKcHd24500\nMi24500nKcHd24500
c:\programdata\nMi24500nKcHd24500\nMi24500nKcHd24500.exe
c:\programdata\PCDr\5744\Downloads\2da1393a-9d2c-436b-a660-c3dd133e9836.dll
c:\programdata\PCDr\5744\Downloads\48edbc2f-6595-43d2-a911-c3713e9b499f.dll
c:\programdata\PCDr\5744\Downloads\5275e755-7d9f-4ddb-a61e-645d687f55e1.dll
c:\programdata\PCDr\5744\Downloads\86fa80c6-799b-4d0b-a3f5-f7886c10db2c.dll
c:\programdata\PCDr\5744\Downloads\f6b10855-5837-4857-9c20-c7b6a6dc2589.dll
c:\users\Alicia\GoToAssistDownloadHelper.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-03-11 to 2011-04-11 )))))))))))))))))))))))))))))))
.
.
2011-04-11 19:44 . 2011-04-11 19:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-11 04:22 . 2011-04-11 04:22 -------- d-----w- c:\windows\LMI7F2D.tmp
2011-04-11 03:13 . 2011-04-11 03:13 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-04-11 02:59 . 2011-04-11 02:59 -------- d-----w- c:\programdata\Citrix
2011-04-11 01:10 . 2011-04-11 01:10 -------- d-----w- c:\programdata\Malwarebytes
2011-04-11 01:10 . 2010-12-21 01:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-11 00:28 . 2011-03-15 05:17 8424784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7A42D927-E3A8-470F-BFE9-0FF438B765D4}\mpengine.dll
2011-04-10 03:08 . 2011-04-10 03:08 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2011-04-10 03:08 . 2011-04-11 04:07 -------- d-----w- c:\programdata\Microsoft Help
2011-04-10 03:07 . 2011-04-10 03:07 -------- d-----r- C:\MSOCache
2011-04-07 21:40 . 2011-04-07 21:40 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-04-07 21:39 . 2011-04-07 21:39 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-04-07 21:39 . 2011-04-07 21:39 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-04-07 21:39 . 2011-04-07 21:39 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-04-06 03:18 . 2010-11-30 17:43 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A1638E08-9422-491F-8197-240199FE2BB2}\gapaengine.dll
2011-04-02 05:47 . 2011-04-02 05:47 -------- dc----w- c:\windows\system32\DRVSTORE
2011-04-02 05:47 . 2011-04-02 05:47 -------- d-----w- c:\program files\Windows Live
2011-04-02 05:47 . 2010-04-28 15:57 61288 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2011-04-02 05:45 . 2006-11-29 20:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll
2011-04-02 05:45 . 2006-11-29 20:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll
2011-04-02 05:41 . 2011-04-02 05:42 83249512 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\wlc7CDF.tmp
2011-03-29 01:59 . 2011-03-29 01:59 -------- d-----w- c:\program files (x86)\Game_Maker8
2011-03-28 04:32 . 2004-03-29 23:23 90112 ----a-w- c:\windows\unvise32.exe
2011-03-25 10:29 . 2011-03-25 10:30 -------- d-----w- c:\program files (x86)\Dying_for_Daylight
2011-03-25 10:27 . 2011-03-25 10:27 -------- d-----w- c:\program files (x86)\Hidden Object of Desire
2011-03-25 10:25 . 2011-03-25 10:26 -------- d-----w- c:\program files (x86)\Slingo Mystery 2 - The Golden Escape
2011-03-25 10:18 . 2011-03-25 10:19 -------- d-----w- c:\program files (x86)\Mystery Case Files - Ravenhearst
2011-03-25 10:16 . 2011-03-25 10:17 -------- d-----w- c:\program files (x86)\Awakening - Moonfell Wood
2011-03-25 10:12 . 2011-03-25 10:12 -------- d-----w- c:\programdata\Big Fish Games
2011-03-25 10:12 . 2011-03-25 10:12 -------- d-----w- c:\program files (x86)\bfgclient
2011-03-25 10:11 . 2011-03-27 09:22 -------- d-----w- C:\BigFishGamesCache
2011-03-25 07:57 . 2010-11-30 17:43 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-03-24 20:13 . 2011-03-24 20:13 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2011-03-24 20:13 . 2011-03-24 20:13 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2011-03-24 20:13 . 2011-03-24 20:13 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2011-03-24 20:13 . 2011-03-24 20:13 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2011-03-24 20:13 . 2011-03-24 20:13 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2011-03-24 20:13 . 2011-03-24 20:13 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2011-03-24 20:13 . 2011-03-24 20:13 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2011-03-24 20:12 . 2011-03-24 20:13 -------- d-----w- c:\program files (x86)\QuickTime
2011-03-24 20:12 . 2011-03-24 20:12 -------- d-----w- c:\programdata\Apple Computer
2011-03-24 20:10 . 2011-03-24 20:10 -------- d-----w- c:\program files (x86)\Common Files\Apple
2011-03-24 20:10 . 2011-03-24 20:10 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-03-24 20:10 . 2011-03-24 20:10 -------- d-----w- c:\programdata\Apple
2011-03-19 10:01 . 2011-04-10 03:13 -------- d-----w- c:\program files (x86)\Microsoft.NET
2011-03-18 17:55 . 2011-03-18 17:55 -------- d-----w- c:\program files (x86)\MSXML 4.0
2011-03-17 01:13 . 2011-03-17 01:13 -------- d-----w- c:\programdata\WEBREG
2011-03-17 01:06 . 2009-04-16 21:08 248320 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpfpp70v.dll
2011-03-17 01:05 . 2011-03-28 04:33 -------- d-----w- c:\programdata\Yahoo! Companion
2011-03-17 01:05 . 2011-03-17 01:05 -------- d-----w- c:\program files (x86)\Yahoo!
2011-03-17 01:05 . 2011-03-17 01:05 -------- d-----w- c:\program files (x86)\Coupons
2011-03-17 01:05 . 2011-03-17 01:05 -------- d-----w- c:\programdata\HP Photo Creations
2011-03-17 01:05 . 2011-03-17 01:05 -------- d-----w- c:\program files (x86)\HP Photo Creations
2011-03-17 01:04 . 2011-03-17 01:04 -------- d-----w- c:\programdata\HP Product Assistant
2011-03-17 01:03 . 2011-03-17 01:03 -------- d-----w- c:\program files (x86)\Common Files\HP
2011-03-17 01:03 . 2011-03-17 01:03 -------- d-----w- c:\program files (x86)\Common Files\Hewlett-Packard
2011-03-17 01:02 . 2009-04-16 21:08 136704 ----a-w- c:\windows\system32\hpf3l70v.dll
2011-03-17 01:02 . 2011-03-17 01:05 -------- d-----w- c:\program files (x86)\HP
2011-03-17 01:01 . 2011-03-17 01:01 -------- d-----w- c:\program files\HP
2011-03-17 01:01 . 2011-03-17 01:07 -------- d-----w- c:\programdata\HP
2011-03-17 01:00 . 2009-04-16 11:53 642360 ----a-w- c:\windows\system32\hpzids40.dll
2011-03-17 01:00 . 2009-02-11 11:03 880640 ----a-w- c:\windows\system32\hposwia_p02c.dll
2011-03-17 01:00 . 2009-02-11 11:03 1403904 ----a-w- c:\windows\system32\hpost_p02c.dll
2011-03-17 01:00 . 2008-10-29 00:27 551424 ----a-w- c:\windows\system32\hppldcoi.dll
2011-03-17 01:00 . 2009-02-11 11:03 515072 ----a-w- c:\windows\system32\hposc_p02a.dll
2011-03-16 10:36 . 2011-03-16 10:36 -------- d-----w- c:\windows\SysWow64\Wat
2011-03-16 10:36 . 2011-03-16 10:36 -------- d-----w- c:\windows\system32\Wat
2011-03-16 10:18 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
2011-03-16 10:18 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
2011-03-16 10:07 . 2009-11-25 19:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2011-03-16 10:07 . 2009-11-25 19:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2011-03-16 10:07 . 2009-11-25 19:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2011-03-16 10:07 . 2009-11-25 19:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2011-03-16 10:07 . 2009-11-25 19:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2011-03-16 10:07 . 2009-11-25 19:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2011-03-16 10:07 . 2009-11-25 19:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-03-16 10:07 . 2009-11-25 19:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2011-03-16 10:07 . 2009-11-25 19:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2011-03-16 10:07 . 2009-11-25 19:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2011-03-16 08:21 . 2011-03-16 08:21 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-03-16 08:21 . 2011-03-16 08:21 -------- d-----w- c:\program files (x86)\Java
2011-03-16 08:16 . 2011-03-16 08:21 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-03-16 03:32 . 2011-03-16 03:32 -------- d-----w- c:\program files\Dell Support Center
2011-03-16 03:19 . 2011-03-16 03:44 -------- d-----w- c:\program files (x86)\OverDrive Media Console
2011-03-16 02:38 . 2011-03-15 05:17 8424784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-03-15 21:26 . 2010-03-05 07:52 84992 ----a-w- c:\windows\system32\asycfilt.dll
2011-03-15 21:25 . 2011-01-26 06:53 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-03-15 21:23 . 2010-08-27 06:14 236032 ----a-w- c:\windows\system32\srvsvc.dll
2011-03-15 21:23 . 2010-08-27 05:46 9728 ----a-w- c:\windows\SysWow64\sscore.dll
2011-03-15 21:23 . 2010-08-27 03:38 463360 ----a-w- c:\windows\system32\drivers\srv.sys
2011-03-15 21:23 . 2010-08-27 03:37 402944 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-03-15 21:23 . 2010-08-27 03:37 161792 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-03-15 00:44 . 2010-10-19 20:51 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-03-15 00:36 . 2011-03-15 00:36 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2011-03-15 00:36 . 2011-03-15 00:36 -------- d-----w- c:\program files\Microsoft Security Client
2011-03-15 00:36 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys
2011-03-15 00:06 . 2011-03-15 00:07 -------- d-sh--w- C:\System Recovery
2011-03-15 00:04 . 2011-03-15 00:04 -------- d-----w- c:\users\Default\AppData\Local\SoftThinks
2011-03-15 00:01 . 2010-01-09 07:19 139264 ----a-w- c:\windows\system32\cabview.dll
2011-03-15 00:01 . 2010-01-09 06:52 132608 ----a-w- c:\windows\SysWow64\cabview.dll
2011-03-15 00:01 . 2009-12-29 08:03 220672 ----a-w- c:\windows\system32\wintrust.dll
2011-03-15 00:01 . 2009-12-29 06:55 172032 ----a-w- c:\windows\SysWow64\wintrust.dll
2011-03-14 23:59 . 2011-04-11 19:43 -------- d-----w- c:\users\Alicia
2011-03-14 23:44 . 2011-03-14 23:44 -------- d-----w- c:\program files (x86)\Common Files\Skype
2011-03-14 23:06 . 2011-04-10 03:56 -------- d-----w- c:\programdata\KingsIsle Entertainment
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-18 98304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe" [2010-02-11 165184]
.
c:\users\Alicia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2009-03-02 89600]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
R2 InstallFilterService;FF Install Filter Service;c:\program files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2009-06-23 60928]
R2 LMIRescue_f6ec88d2-9515-449c-9bd3-8ce64bfd7ed8;LogMeIn Rescue (f6ec88d2-9515-449c-9bd3-8ce64bfd7ed8);c:\windows\LMI7F2D.tmp\LMI_Rescue_srv.exe [2011-04-11 1874808]
R3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-18 169312]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2009-09-21 315664]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2010-11-18 25072]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [x]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [x]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3922307992-3253340334-673324053-1001Core.job
- c:\users\Alicia\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-14 23:00]
.
2011-04-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3922307992-3253340334-673324053-1001UA.job
- c:\users\Alicia\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-14 23:00]
.
2011-04-10 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2010-11-18 15:13]
.
2011-04-10 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\pcdrcui.exe [2010-11-18 15:13]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-20 487424]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-10-01 3189016]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe" [2009-07-22 2384896]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-09-21 1926928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"DSUpdateLauncher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" [2010-01-22 18240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Wow6432Node-HKLM-RunOnce- - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-04-11 12:45:44
ComboFix-quarantined-files.txt 2011-04-11 19:45
.
Pre-Run: 439,213,715,456 bytes free
Post-Run: 438,907,641,856 bytes free
.
- - End Of File - - 309A543CFBC13C77D3FCAC29A524FA4B

akhavens
Beginner
Beginner

Posts Posts : 3
Joined Joined : 2011-04-11
OS OS : 7
Points Points : 20743
# Likes # Likes : 0

View user profile

Back to top Go down

Re: MS Removal Tool

Post by Crush on 11th April 2011, 8:26 pm

Hi,

Please reboot and let me know how things are running

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42148
# Likes # Likes : 0

View user profile

Back to top Go down

Re: MS Removal Tool

Post by akhavens on 11th April 2011, 8:53 pm

Thank you so much
this step worked
MS Removal tool has been sucessfully removed from the computer!!!

akhavens
Beginner
Beginner

Posts Posts : 3
Joined Joined : 2011-04-11
OS OS : 7
Points Points : 20743
# Likes # Likes : 0

View user profile

Back to top Go down

Re: MS Removal Tool

Post by Crush on 11th April 2011, 9:24 pm

To uninstall ComboFix

  • Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  • In the field, type in ComboFix /uninstall


(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

  • Then, press Enter, or click OK.
  • This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

======


Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

AntiSpyware

  • [You must be registered and logged in to see this link.]
    SpywareBlaster is a program that prevents spyware from installing on your computer. A tutorial on using SpywareBlaster may be found [You must be registered and logged in to see this link.].
  • [You must be registered and logged in to see this link.].
    Spybot - Search & Destroy is a spyware and adware removal program. It also has realtime protection, TeaTimer to help safeguard your computer against spyware. (The link for Spybot - Search & Destroy contains a tutorial that will help you download, install, and begin using Spybot).


NOTE: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:
[You must be registered and logged in to see this link.]

Securing your computer

  • [You must be registered and logged in to see this link.] - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • [You must be registered and logged in to see this link.] replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.


Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:


Thank you for choosing GeekPolice. [You must be registered and logged in to see this link.]

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42148
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum