Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ComboFix Log posting


  • This topic is locked This topic is locked
2 replies to this topic

#1 petehat

petehat

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:09 PM

Posted 21 April 2011 - 05:07 PM

This is my first post. I was directed to this site by my son-in-law who is an IT specialist and uses ComboFix. Mistakenly it appears, I ran ComboFix before I read NOT to unless told to. Sorry about that. At any rate, here is my log and I would respectfully ask for assistance. My computer randomly freezes, usually in Outlook 2010. It requires a hard reset but never displays a BSOD. I have done scans with Spybot and Malware Bytes plus have used CCleaner and cannot stop the freezes. I do not know what type of infection or problem I have but there appears to be an awful lot of stuff in the log. Thanks for any help.

Attached File  ComboFixLog.txt   19.75KB   2 downloads


ComboFix 11-04-20.04 - Cindy 04/21/2011 11:46:01.1.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3032.1804 [GMT -5:00]
Running from: d:\program updates\ComboFix\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\PC-Doctor\Downloads\194d1dc8-fbc8-481a-aa95-bf545be1d569.dll
c:\program files\PC-Doctor\Downloads\54874b0a-fb04-44ef-ad2b-c957aafea033.dll
c:\program files\PC-Doctor\Downloads\60e1ddc2-8de1-4bd0-8e65-4c3d56791c8e.dll
c:\program files\PC-Doctor\Downloads\6a673ee4-43f7-4820-9e11-38692474f211.dll
c:\program files\PC-Doctor\Downloads\999665f3-293a-4978-a3be-c0bc241fa314.dll
c:\program files\PC-Doctor\Downloads\a0a2558f-4138-433b-9e67-faad5de809f7.dll
c:\program files\PC-Doctor\Downloads\aaafe845-287d-4966-bd17-65877f9d0d2e.dll
c:\program files\PC-Doctor\Downloads\b52e5bed-821a-41fc-9d4b-24d443ee0ad9.dll
c:\program files\PC-Doctor\Downloads\d1fd1a8a-7e0b-4c1f-bb8f-4adf2081f243.dll
c:\program files\PC-Doctor\Downloads\f45a4f6c-32c1-48c0-9ee9-e840f397e395.dll
c:\text messages\SWTOOLS\APPS\CBED\CBE\ACTIVATION_104\_desktop.ini
c:\text messages\SWTOOLS\APPS\CBED\CBE\ACTIVATION_104\BIN\_desktop.ini
C:\Thumbs.db
c:\users\Administrator.000\WINDOWS
c:\users\Cindy\WINDOWS
c:\windows\system32\explorer.exe
c:\windows\system32\spool\prtprocs\w32x86\BiCProNT.dll
c:\windows\system32\spool\prtprocs\w32x86\BiMProNT.dll
c:\windows\system32\Thumbs.db
c:\windows\winhelp.ini
.
.
((((((((((((((((((((((((( Files Created from 2011-03-21 to 2011-04-21 )))))))))))))))))))))))))))))))
.
.
2011-04-18 23:56 . 2011-04-18 23:56 -------- d-----w- c:\users\Cindy\AppData\Roaming\Malwarebytes
2011-04-18 23:56 . 2011-04-18 23:56 -------- d-----w- c:\programdata\Malwarebytes
2011-04-18 23:56 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-18 23:56 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-18 23:33 . 2011-04-18 23:33 -------- d-----w- c:\users\Cindy\AppData\Roaming\Safer Networking
2011-04-18 21:27 . 2011-04-18 22:22 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-03-24 14:01 . 2011-03-24 14:01 -------- d-----w- c:\program files\Common Files\Adobe
2011-03-24 14:00 . 2011-03-24 14:00 -------- d-----w- c:\program files\Common Files\Adobe AIR
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-18 17:25 . 2011-01-01 20:38 40112 ----a-w- c:\windows\avastSS.scr
2011-04-18 17:25 . 2009-11-12 00:37 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-04-18 17:17 . 2011-01-01 20:39 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-04-18 17:17 . 2009-11-12 00:37 307288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-04-18 17:16 . 2009-11-12 00:37 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-04-18 17:13 . 2009-11-12 00:37 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-04-18 17:13 . 2009-11-12 00:37 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-04-18 17:12 . 2009-11-12 00:37 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-03-14 13:57 . 2010-06-24 17:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-24 00:13 . 2011-02-24 00:13 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2011-02-13 20:41 . 2011-02-13 20:41 3584 ----a-r- c:\users\Cindy\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2011-02-07 20:00 . 2011-02-07 20:00 0 ----a-w- c:\windows\qfe3ABF.tmp
2011-02-03 05:45 . 2011-02-09 22:38 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-04-18 17:25 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2009-09-19 02:09 574096 ------r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2009-09-19 02:09 574096 ------r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2009-09-19 02:09 574096 ------r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"gSyncit"="c:\program files\gSyncit\gsyncit.exe" [2010-10-09 27136]
"SpybotSD TeaTimer"="c:\apps\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TpShocks"="TpShocks.exe" [2010-07-02 337256]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2010-12-16 1234280]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-04-22 55824]
"IaNvSrv"="c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2009-10-06 33304]
"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2009-09-19 670864]
"AcWin7Hlpr"="c:\program files\Lenovo\Access Connections\AcTBenabler.exe" [2010-09-17 31592]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Cloudmark DesktopOne.lnk - c:\program files\Cloudmark\Desktop\Service\cdswin.exe [2010-10-29 635128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-05-26 23:47 72208 ------w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2009-03-27 22:27 79368 ------w- c:\windows\System32\UmxWNP.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun
.
R2 ccSchedulerSVC;CA Common Scheduler Service; [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-15 136176]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2010-11-24 45496]
R2 UmxAgent;HIPS Event Manager; [x]
R2 UmxCfg;HIPS Configuration Interpreter; [x]
R2 UmxPol;HIPS Policy Manager; [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 45736]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [2010-12-16 128360]
R3 DrvAgent32;DrvAgent32;c:\windows\system32\Drivers\DrvAgent32.sys [2011-02-24 23456]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-10-26 25088]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2009-07-24 25112]
R3 KmxAMVet;KmxAMVet;c:\windows\system32\Drivers\KmxAMVet.sys [2009-03-27 598656]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\apps\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 MSSQL$NR2007;SQL Server (NR2007);c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2010-12-11 29293408]
R3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2009-09-16 6114816]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-05-13 4231680]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 PCDSRVC{3037D694-FD904ACA-06020101}_0;PCDSRVC{3037D694-FD904ACA-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc.pkms [2010-12-13 21744]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2010-12-16 79208]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-08-05 1124848]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\DRIVERS\vpcuxd.sys [2009-09-23 12800]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-02 1343400]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]
S0 DozeHDD;DozeHDD;c:\windows\System32\DRIVERS\DozeHDD.sys [2010-12-16 25968]
S0 iaNvStor;Intel® Turbo Memory Controller;c:\windows\system32\DRIVERS\iaNvStor.sys [2009-08-21 232472]
S0 KmxAMRT;KmxAMRT;c:\windows\system32\DRIVERS\KmxAMRT.sys [2009-08-27 143352]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2010-06-16 20592]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 KmxAgent;KmxAgent;c:\windows\system32\DRIVERS\kmxagent.sys [2009-09-30 78840]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2010-09-07 13680]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-04-18 53592]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2010-07-27 50536]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2010-07-27 74088]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]
S2 NeatWorksDatabaseController;NeatWorks Database Controller;c:\apps\NeatWorks\exec\NeatWorksDatabaseController.exe [2009-06-10 351384]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2010-12-03 99328]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2010-12-02 64440]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2009-08-04 2058776]
S3 DKRtWrt;DKRtWrt;c:\windows\system32\DRIVERS\DKRtWrt.sys [2009-12-10 45616]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6232.sys [2009-06-13 221912]
S3 KmxCfg;KmxCfg;c:\windows\system32\DRIVERS\kmxcfg.sys [2009-09-30 239608]
S3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [2010-10-18 7122944]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2009-07-02 38336]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-15 19:04]
.
2011-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-15 19:04]
.
2011-02-10 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2010-12-13 21:55]
.
2011-04-21 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\pcdrcui.exe [2010-12-13 21:55]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.altavista.com/cgi-bin/query?pg=q&kl=XX&q={searchTerms}
uStart Page = hxxp://www.google.com/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\apps\MICROS~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\apps\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
LSP: c:\windows\system32\VetRedir.dll
Trusted Zone: honda.com
Trusted Zone: honda.com\www.in
Trusted Zone: suz.com\www.scat
Trusted Zone: suzukidcs.com\www
DPF: {C4B977A3-E8A2-37E9-ADCD-2597FAAC61F5} - hxxp://shop.lenovo.com/SEUILibrary/lenovo-portal/cab/autodetect/MachineInfo.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
HKLM_ActiveSetup-Neat ADF Scanner 2008 - reg copy HKLM\Software\The Neat Company\Neat ADF Scanner 2008 HKCU\Software\The Neat Company\Neat ADF Scanner 2008
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{3037D694-FD904ACA-06020101}_0]
"ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1531105991-2852842340-1993649368-1003\Software\SecuROM\License information*]
"datasecu"=hex:aa,a0,66,ba,eb,ef,38,bb,ff,93,6a,5e,bb,03,c3,8e,7d,4f,01,0c,5a,
08,81,93,f9,2d,88,1d,5a,49,5f,26,46,8f,4b,a2,a2,0a,58,2a,d2,2d,e5,b6,4c,34,\
"rkeysecu"=hex:b6,ff,48,af,a8,60,bc,d0,0d,19,22,31,75,82,3e,13
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3376)
c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
c:\program files\Lenovo\Access Connections\ACDeskBand.dll
c:\program files\Lenovo\Access Connections\AcLocSettings.dll
c:\program files\Lenovo\Access Connections\AcCryptHlpr.dll
c:\program files\Lenovo\Access Connections\ACHelper.dll
c:\program files\Lenovo\Access Connections\AcSvcStub.dll
c:\program files\ThinkPad\Utilities\PWMTR32V.DLL
c:\progra~1\ThinkPad\UTILIT~1\US\PWMRT32V.DLL
c:\progra~1\ThinkPad\UTILIT~1\PWMIF32V.DLL
c:\program files\ThinkPad\Bluetooth Software\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Lenovo\Access Connections\AcPrfMgrSvc.exe
c:\program files\Carbonite\Carbonite Backup\carboniteservice.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\progra~1\LENOVO\VIRTSCRL\virtscrl.exe
c:\program files\LENOVO\HOTKEY\tposdsvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Lenovo\Access Connections\AcSvc.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\vssvc.exe
c:\windows\System32\TpShocks.exe
c:\windows\System32\rundll32.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\progra~1\ThinkPad\UTILIT~1\SCHTASK.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\ThinkPad\Bluetooth Software\btwdins.exe
c:\apps\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Intel\AMT\LMS.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
.
**************************************************************************
.
Completion time: 2011-04-21 12:09:49 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-21 17:09
.
Pre-Run: 120,155,746,304 bytes free
Post-Run: 119,870,230,528 bytes free
.
- - End Of File - - 9C1D79F55D274DD16AE987363E0A8C13

Edited by SweetTech, 21 April 2011 - 06:07 PM.
expanded CF log.-ST


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:09 AM

Posted 30 April 2011 - 06:30 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:09 AM

Posted 05 May 2011 - 08:22 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users