Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ComboFix file from Vista with Google redirect issue


  • This topic is locked This topic is locked
2 replies to this topic

#1 squishy

squishy

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:58 AM

Posted 02 February 2011 - 09:27 PM

Here is the combofix dds log file as requested from the thread at http://www.bleepingcomputer.com/forums/topic377241.html.



DDS (Ver_10-12-12.01) - NTFS_AMD64
Run by LES at 19:49:38.56 on Wed 02/02/2011
Internet Explorer: 8.0.6001.18999 BrowserJavaVersion: 1.6.0_23
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4060.1782 [GMT -5:00]

SP: Spybot - Search and Destroy *Disabled/Updated* {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\AEADISRV.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\SysWOW64\atashost.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
c:\Program Files (x86)\Hewlett-Packard\HP Touch Screen Enhance Service\HPTSEnSrv.EXE
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Prevx\prevx.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe
C:\Program Files (x86)\Hewlett-Packard\HP KEYBOARD\HPKEYBOARD.EXE
C:\Program Files (x86)\Hewlett Packard\Buttons & OSDs control application gen2\FastUserSwitching.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Windows\ehome\ehmsas.exe
c:\Program Files (x86)\Hewlett-Packard\HP Touch Screen Enhance Service\HPTSEnProxy.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files (x86)\Hewlett Packard\Buttons & OSDs control application gen2\OSDForm.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\WerCon.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWow64\Macromed\Flash\FlashUtil10d.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\LES\Desktop\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uLocal Page = about:blank
mStart Page = hxxp://search.myheritage.com
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
uURLSearchHooks: Media Star Toolbar: {dfabc5b5-039b-4865-979a-de31cdf3e351} - C:\Program Files (x86)\Media_Star\tbMedi.dll
uURLSearchHooks: Brothersoft Toolbar: {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - C:\Program Files (x86)\Brothersoft\tbBro1.dll
mURLSearchHooks: Brothersoft Toolbar: {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - C:\Program Files (x86)\Brothersoft\tbBro1.dll
mURLSearchHooks: Media Star Toolbar: {dfabc5b5-039b-4865-979a-de31cdf3e351} - C:\Program Files (x86)\Media_Star\tbMedi.dll
mURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mURLSearchHooks: MHURLSearchHook Class: {1c4ab6a5-595f-4e86-b15f-f93cce2bbd48} - C:\Program Files (x86)\Family Toolbar\tbhelper.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: MHTBPos00 Class: {0c37b053-fd68-456a-82e1-d788ee342e6f} - C:\Program Files (x86)\Family Toolbar\tbcore3.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: {99E00A4C-D35E-11DD-BA95-9B6A56D89593} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Media Star Toolbar: {dfabc5b5-039b-4865-979a-de31cdf3e351} - C:\Program Files (x86)\Media_Star\tbMedi.dll
BHO: Brothersoft Toolbar: {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - C:\Program Files (x86)\Brothersoft\tbBro1.dll
BHO: SMTTB2009 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: Brothersoft Toolbar: {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - C:\Program Files (x86)\Brothersoft\tbBro1.dll
TB: Media Star Toolbar: {dfabc5b5-039b-4865-979a-de31cdf3e351} - C:\Program Files (x86)\Media_Star\tbMedi.dll
TB: Family Toolbar: {fd2fd708-1f6f-4b68-b141-c5778f0c19bb} - C:\Program Files (x86)\Family Toolbar\tbcore3.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
uRun: [HPAdvisor] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [OsdMaestro] c:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe
mRun: [HP KEYBOARD] "C:\Program Files (x86)\Hewlett-Packard\HP KEYBOARD\HPKEYBOARD.EXE"
mRun: [Buttons & OSDs control application gen2] "C:\Program Files (x86)\Hewlett Packard\Buttons & OSDs control application gen2\FastUserSwitching.exe"
mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [UpdateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [UpdatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
mRun: [UpdatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [UCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"
mRun: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
mRun: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
mRun: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
mRun: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
mRun: [UnlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
mRun: [Autorun Eater] "C:\Program Files (x86)\Autorun Eater\oldmcdonald.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: mswsock.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} - hxxp://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} - hxxps://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller64.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: {E8DE9422-3B2C-4243-BF6F-235DA84D8EF8} - No File
TB-X64: {DFABC5B5-039B-4865-979A-DE31CDF3E351} - No File
TB-X64: {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No File
TB-X64: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
mRun-x64: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
mRun-x64: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
mRun-x64: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IFEO-X64: ehshell.exe - "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" -MceShellRedirect
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - C:\Users\LES\AppData\Roaming\Mozilla\Firefox\Profiles\tt55hh9z.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar&search=
FF - prefs.js: network.proxy.type - 0
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - C:\Users\LES\AppData\Roaming\Mozilla\Firefox\Profiles\tt55hh9z.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - C:\Users\LES\AppData\Roaming\Mozilla\Firefox\Profiles\tt55hh9z.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;C:\Windows\System32\drivers\pavboot64.sys [2011-2-2 33800]
R0 pxscan;pxscan;C:\Windows\System32\drivers\pxscan.sys [2011-2-2 36384]
R1 ehdrv;ehdrv;C:\Windows\System32\drivers\ehdrv.sys [2010-12-21 141264]
R1 pxrts;pxrts;C:\Windows\System32\drivers\pxrts.sys [2011-2-2 65736]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/04/17 09:52:49];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-10-21 146928]
R2 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2010-4-21 20376]
R2 bibpvphk;TeamViewer;C:\Windows\system32\svchost.exe -k netsvcs [2008-1-20 27648]
R2 CalendarSynchService;CalendarSynchService;C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2008-12-12 21296]
R2 CSIScanner;CSIScanner;C:\Program Files\Prevx\prevx.exe [2011-2-2 6724632]
R2 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2010-12-21 170640]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-1-12 810144]
R2 epfwwfpr;epfwwfpr;C:\Windows\System32\drivers\epfwwfpr.sys [2010-12-21 125296]
R2 HP Touch Screen Enhance;HP Touch Screen Enhance;C:\Program Files (x86)\Hewlett-Packard\HP Touch Screen Enhance Service\HPTSEnSrv.EXE [2008-7-10 100864]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2010-12-8 373640]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2010-9-17 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2010-12-21 72216]
R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2011-1-19 517632]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-12-21 1153368]
R3 ACPIService;Buttons and OSDs ACPI driver gen2;C:\Windows\System32\drivers\OSDACPI.SYS [2009-6-17 17992]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2008-12-12 36392]
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\System32\drivers\netr28x.sys [2009-1-19 609280]
R3 pxkbf;pxkbf;C:\Windows\System32\drivers\pxkbf.sys [2011-2-2 24024]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-30 135664]
S3 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
S3 PCD5SRVC{8AAF211B-043E02A9-05040000};PCD5SRVC{8AAF211B-043E02A9-05040000} - PCDR Kernel Mode Service Helper Driver;C:\PROGRA~1\PC-DOC~1\PCD5SRVC_x64.pkms [2008-9-9 25888]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2009-8-28 49152]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-12-3 89920]
S4 lxdx_device;lxdx_device;C:\Windows\system32\lxdxcoms.exe -service --> C:\Windows\system32\lxdxcoms.exe -service [?]
S4 PMP;Password Manager Pro;C:\Program Files (x86)\PMP\bin\wrapper.exe [2010-6-16 204800]

=============== File Associations ===============

JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

=============== Created Last 30 ================

2011-02-03 00:24:53 98816 ----a-w- C:\Windows\sed.exe
2011-02-03 00:24:53 89088 ----a-w- C:\Windows\MBR.exe
2011-02-03 00:24:53 256512 ----a-w- C:\Windows\PEV.exe
2011-02-03 00:24:53 161792 ----a-w- C:\Windows\SWREG.exe
2011-02-03 00:10:56 -------- d-----w- C:\PROGRA~3\Autorun Eater
2011-02-03 00:10:50 -------- d-----w- C:\Program Files (x86)\Autorun Eater
2011-02-03 00:00:06 388096 ----a-r- C:\Users\LES\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-02-03 00:00:06 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-02-02 23:48:59 12872 ----a-w- C:\Windows\System32\bootdelete.exe
2011-02-02 23:46:15 -------- d-----w- C:\Program Files (x86)\Unlocker
2011-02-02 23:42:52 19528 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys
2011-02-02 23:42:34 -------- d-----w- C:\PROGRA~3\Hitman Pro
2011-02-02 23:15:47 -------- d-----w- C:\Program Files\CCleaner
2011-02-02 22:31:24 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-02-02 22:31:24 472808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-02-02 22:05:29 1071088 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2011-02-02 22:05:29 -------- d-----w- C:\Program Files (x86)\SpywareBlaster
2011-02-02 21:57:46 65736 ----a-w- C:\Windows\System32\drivers\pxrts.sys
2011-02-02 21:57:46 62976 ----a-w- C:\Windows\SysWow64\PxSecure.dll
2011-02-02 21:57:46 36384 ----a-w- C:\Windows\System32\drivers\pxscan.sys
2011-02-02 21:57:46 24024 ----a-w- C:\Windows\System32\drivers\pxkbf.sys
2011-02-02 21:57:46 -------- d-----w- C:\Program Files\Prevx
2011-02-02 21:57:21 -------- d-----w- C:\PROGRA~3\PrevxCSI
2011-02-02 21:53:38 33800 ----a-w- C:\Windows\System32\drivers\pavboot64.sys
2011-02-02 21:53:34 -------- d-----w- C:\Program Files (x86)\Panda Security
2011-02-01 16:39:05 7844688 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{09BF2B41-A41A-4618-B00A-DBC7865A2AB2}\mpengine.dll
2011-01-24 21:21:32 -------- d-----w- C:\PROGRA~3\lx_Cats
2011-01-24 21:21:25 177664 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\lxdxdrpp.dll
2011-01-24 21:16:24 81920 ----a-w- C:\Windows\SysWow64\lxdxcaps.dll
2011-01-24 21:16:24 782336 ----a-w- C:\Windows\SysWow64\lxdxdrs.dll
2011-01-24 21:16:24 77906 ----a-w- C:\Windows\SysWow64\lxdxcfg.dll
2011-01-24 21:16:24 69632 ----a-w- C:\Windows\SysWow64\lxdxcnv4.dll
2011-01-24 21:16:24 65536 ----a-w- C:\Windows\System32\lxdxcfg64.dll
2011-01-24 21:16:24 54784 ----a-w- C:\Windows\System32\lxdxcnv464.dll
2011-01-24 21:16:24 25600 ----a-w- C:\Windows\System32\lxdxcaps64.dll
2011-01-24 21:16:24 1024512 ----a-w- C:\Windows\System32\lxdxdrs64.dll
2011-01-19 17:43:31 -------- d-----w- C:\Program Files\ATT-HSI
2011-01-19 17:43:13 -------- d-----w- C:\Program Files (x86)\ATT-HSI
2011-01-19 17:43:03 -------- d-----w- C:\Program Files (x86)\Common Files\Motive
2011-01-19 17:43:00 -------- d-----w- C:\Program Files\Common Files\Motive
2011-01-12 03:36:24 974848 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2011-01-12 03:36:24 466944 ----a-w- C:\Windows\System32\odbc32.dll
2011-01-12 03:36:24 413696 ----a-w- C:\Windows\SysWow64\odbc32.dll
2011-01-12 03:36:23 708608 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
2011-01-12 03:36:23 286720 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll
2011-01-12 03:36:23 278528 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll
2011-01-12 03:36:23 253952 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll
2011-01-12 03:36:23 241664 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll
2011-01-12 03:36:22 69632 ----a-w- C:\Program Files\Common Files\System\msadc\msadcs.dll
2011-01-12 03:36:22 57344 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadcs.dll
2011-01-12 03:36:22 208896 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll
2011-01-12 03:36:22 180224 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll
2011-01-12 03:35:53 1251840 ----a-w- C:\Windows\System32\sdclt.exe

==================== Find3M ====================

2010-12-21 20:04:06 170640 ----a-w- C:\Windows\System32\drivers\eamonm.sys
2010-12-21 20:04:06 141264 ----a-w- C:\Windows\System32\drivers\ehdrv.sys
2010-12-21 18:47:38 125296 ----a-w- C:\Windows\System32\drivers\epfwwfpr.sys
2010-12-21 06:37:30 1376832 ----a-w- C:\g5fefgerbgvsdf_15_sfx.exe
2010-12-21 06:33:52 16409960 ----a-w- C:\spybotsd162.exe
2010-12-21 06:33:45 6384528 ----a-w- C:\spybotsd_includes.exe
2010-12-21 06:32:15 296448 ----a-w- C:\g5s1ob44.exe
2010-12-20 23:08:40 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-12-08 18:12:30 87456 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll
2010-12-08 18:12:18 33152 ----a-w- C:\Windows\System32\LMIport.dll
2010-12-08 18:12:16 80768 ----a-w- C:\Windows\System32\LMIinit.dll
2010-11-06 11:18:48 500224 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2010-11-06 11:18:27 655872 ----a-w- C:\Windows\System32\taskschd.dll
2010-11-06 11:18:27 410112 ----a-w- C:\Windows\System32\taskcomp.dll
2010-11-06 11:18:13 855040 ----a-w- C:\Windows\System32\schedsvc.dll

============= FINISH: 19:51:08.91 ===============

EDIT: Please be patient. There are over 150 unanswered topics in this forum at present and the current average wait time to receive help is 5 days. ~BP

Edited by Budapest, 03 February 2011 - 04:30 PM.


BC AdBot (Login to Remove)

 


#2 squishy

squishy
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:58 AM

Posted 05 February 2011 - 02:43 AM

Please remove this thread. I just re-imaged the machine. It seemed faster and it fixed the issue.

NOTHING that I tried (Eset, Hitman Pro, Spybot S&D, Malwarebytes, Prevx, Panda online scan, Trend Micro Housecall, TSS Killer, Kapersky, Avast, GMER & Microsoft Essentials) could find the root cause of this problem though - that's scary.

Edited by squishy, 05 February 2011 - 02:43 AM.


#3 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:08:58 AM

Posted 05 February 2011 - 10:41 AM

Hello squishy,

We appreciate you taking the time to let us know that your issue is resolved. If another issue should arise, please feel free to create a new thread.

Per request this thread will now be closed.


Kindest Regards,
SweetTech.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users