Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE 32 Bit MBAM reports outbound ip access is blocked


  • This topic is locked This topic is locked
10 replies to this topic

#1 2k05GT

2k05GT

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:11 PM

Posted 25 September 2011 - 02:16 PM

I tried to post my Logs over in "Am I infected? What do I do?" section and the Broni
suggested I come over here for help

http://www.bleepingcomputer.com/forums/topic420320.html/page__gopid__2419401#entry2419401

So the Issue is that when I use IE version 8 32 bit; Malwarebytes reports Rundll32 is accessing an external IP address and is blocking it.
When I use IE 8 64 Bit this does not happen.

--MBAM Protection Log--

20:30:19 Scott IP-BLOCK 212.95.32.134 (Type: outgoing, Port: 50120, Process: rundll32.exe)
20:33:33 Scott IP-BLOCK 212.95.32.134 (Type: outgoing, Port: 50288, Process: rundll32.exe)
20:36:31 Scott IP-BLOCK 212.95.32.134 (Type: outgoing, Port: 50374, Process: rundll32.exe)
20:39:36 Scott IP-BLOCK 212.95.32.134 (Type: outgoing, Port: 50473, Process: rundll32.exe)
20:42:40 Scott IP-BLOCK 212.95.32.134 (Type: outgoing, Port: 50865, Process: rundll32.exe)
20:45:37 Scott IP-BLOCK 212.95.32.134 (Type: outgoing, Port: 50917, Process: rundll32.exe)
20:48:41 Scott IP-BLOCK 212.95.32.134 (Type: outgoing, Port: 50920, Process: rundll32.exe)
20:51:45 Scott IP-BLOCK 212.95.32.134 (Type: outgoing, Port: 50921, Process: rundll32.exe)
20:54:58 Scott IP-BLOCK 212.95.32.134 (Type: outgoing, Port: 50929, Process: rundll32.exe)
20:58:03 Scott IP-BLOCK 212.95.32.134 (Type: outgoing, Port: 50934, Process: rundll32.exe)
21:01:00 Scott IP-BLOCK 212.95.32.134 (Type: outgoing, Port: 50941, Process: rundll32.exe)
21:04:05 Scott IP-BLOCK 212.95.32.134 (Type: outgoing, Port: 50947, Process: rundll32.exe)
21:07:03 Scott IP-BLOCK 212.95.32.134 (Type: outgoing, Port: 50960, Process: rundll32.exe)
21:33:04 Scott IP-BLOCK 212.95.32.134 (Type: outgoing, Port: 51130, Process: rundll32.exe)
21:36:17 Scott IP-BLOCK 212.95.32.134 (Type: outgoing, Port: 51138, Process: rundll32.exe)
21:39:29 Scott IP-BLOCK 212.95.32.134 (Type: outgoing, Port: 51139, Process: rundll32.exe)
21:42:26 Scott IP-BLOCK 212.95.32.134 (Type: outgoing, Port: 51140, Process: rundll32.exe)
21:45:31 Scott IP-BLOCK 212.95.32.134 (Type: outgoing, Port: 51165, Process: rundll32.exe)
21:48:35 Scott IP-BLOCK 212.95.32.134 (Type: outgoing, Port: 51197, Process: rundll32.exe)
21:51:39 Scott IP-BLOCK 212.95.32.134 (Type: outgoing, Port: 51198, Process: rundll32.exe)
21:54:44 Scott IP-BLOCK 212.95.32.134 (Type: outgoing, Port: 51237, Process: rundll32.exe)
21:57:48 Scott IP-BLOCK 212.95.32.134 (Type: outgoing, Port: 51276, Process: rundll32.exe)
22:00:52 Scott IP-BLOCK 212.95.32.134 (Type: outgoing, Port: 51297, Process: rundll32.exe)
22:03:56 Scott IP-BLOCK 212.95.32.134 (Type: outgoing, Port: 51313, Process: rundll32.exe)
22:07:00 Scott IP-BLOCK 212.95.32.134 (Type: outgoing, Port: 51318, Process: rundll32.exe)
22:09:56 Scott IP-BLOCK 212.95.32.134 (Type: outgoing, Port: 51364, Process: rundll32.exe)
22:13:00 Scott IP-BLOCK 212.95.32.134 (Type: outgoing, Port: 51413, Process: rundll32.exe)
22:31:33 Scott IP-BLOCK 212.95.32.134 (Type: outgoing, Port: 51488, Process: rundll32.exe)
22:34:46 Scott IP-BLOCK 212.95.32.134 (Type: outgoing, Port: 51542, Process: rundll32.exe)
22:37:51 Scott IP-BLOCK 212.95.32.134 (Type: outgoing, Port: 51587, Process: rundll32.exe)
22:40:47 Scott IP-BLOCK 212.95.32.134 (Type: outgoing, Port: 51658, Process: rundll32.exe)
22:44:00 Scott IP-BLOCK 212.95.32.134 (Type: outgoing, Port: 51766, Process: rundll32.exe)
22:47:04 Scott IP-BLOCK 212.95.32.134 (Type: outgoing, Port: 51775, Process: rundll32.exe)
22:50:09 Scott IP-BLOCK 212.95.32.134 (Type: outgoing, Port: 51788, Process: rundll32.exe)
22:53:13 Scott IP-BLOCK 212.95.32.134 (Type: outgoing, Port: 51858, Process: rundll32.exe)
22:56:19 Scott IP-BLOCK 212.95.32.134 (Type: outgoing, Port: 52012, Process: rundll32.exe)
22:59:26 Scott IP-BLOCK 212.95.32.134 (Type: outgoing, Port: 52098, Process: rundll32.exe)
23:02:33 Scott IP-BLOCK 212.95.32.134 (Type: outgoing, Port: 52151, Process: rundll32.exe)



The IP is in Germany; here is the WHOIS search..

Reverse IP Lookup shows

cool-search-engines.com
filmstry.com
really-cool-search.com



I ran a WHOIS in the IP

inetnum: 212.95.32.0 - 212.95.35.255
netname: NETDIRECT-NET
descr: Leaseweb Germany GmbH (previously netdirekt e. K.)
remarks: INFRA-AW
country: DE
admin-c: WW200-RIPE
tech-c: SR614-RIPE
status: ASSIGNED PA
mnt-by: NETDIRECT-MNT
mnt-lower: NETDIRECT-MNT
mnt-routes: NETDIRECT-MNT
source: RIPE # Filtered

person: Wiethold Wagner
address: Leaseweb Germany GmbH (previously netdirekt e. K.)
address: Kleyer Strasse 79 / Tor 14
address: 60326 Frankfurt
address: DE
phone: +49 69 90556880
fax-no: +49 69 905568822
abuse-mailbox:
nic-hdl: WW200-RIPE
mnt-by: NETDIRECT-MNT
source: RIPE # Filtered

person: Simon Roehl
address: Leaseweb Germany GmbH (previously netdirekt e. K.)
address: Kleyer Strasse 79 /Tor 14
address: 60326 Frankfurt
address: DE
phone: +49 69 90556880
fax-no: +49 69 905568822
abuse-mailbox:
nic-hdl: SR614-RIPE
mnt-by: NETDIRECT-MNT
source: RIPE # Filtered

route: 212.95.32.0/20
descr: ORG-nA8-RIPE
origin: AS28753
org: ORG-nA8-RIPE
mnt-lower: NETDIRECT-MNT
mnt-routes: NETDIRECT-MNT
mnt-by: NETDIRECT-MNT
source: RIPE # Filtered

organisation: ORG-nA8-RIPE
org-name: netdirect
org-type: LIR
address: netdirekt e. K.
Kleyer Strasse 79 / Tor 14
60326 Frankfurt
Germany
phone: +49 69 90556880
fax-no: +49 69 905568822
admin-c: SR614-RIPE
admin-c: WW200-RIPE
mnt-ref: NETDIRECT-MNT
mnt-ref: RIPE-NCC-HM-MNT
mnt-by: RIPE-NCC-HM-MNT
source: RIPE # Filtered

route: 212.95.32.0/19
descr: ORG-nA8-RIPE
origin: AS28753
org: ORG-nA8-RIPE
mnt-lower: NETDIRECT-MNT
mnt-routes: NETDIRECT-MNT
mnt-by: NETDIRECT-MNT
source: RIPE # Filtered

organisation: ORG-nA8-RIPE
org-name: netdirect
org-type: LIR
address: netdirekt e. K.
Kleyer Strasse 79 / Tor 14
60326 Frankfurt
Germany
phone: +49 69 90556880
fax-no: +49 69 905568822
admin-c: SR614-RIPE
admin-c: WW200-RIPE
mnt-ref: NETDIRECT-MNT
mnt-ref: RIPE-NCC-HM-MNT
mnt-by: RIPE-NCC-HM-MNT
source: RIPE # Filtered


Any Ideas?

Edited by 2k05GT, 25 September 2011 - 02:18 PM.


BC AdBot (Login to Remove)

 


#2 2k05GT

2k05GT
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:11 PM

Posted 26 September 2011 - 08:08 PM

DDS.txt File

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Scott at 20:53:03 on 2011-09-26
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.16361.13692 [GMT -4:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
C:\Windows\System32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page =
uStart Page = hxxp://www.google.com/
uSearch Bar =
mStart Page = hxxp://www.bigseekpro.com/solidyoutube/{EFDA45BE-61C6-4E55-9183-04B3164DC528}
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [eapWIlog] rundll32.exe "C:\Users\Scott\AppData\Local\nsMapdll32\eapWIlog.dll",NativeGLARM mfcUserHelper
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
TCP: DhcpNameServer = 192.168.20.1
TCP: Interfaces\{D2ED56AF-A780-42DE-BA9A-224574A1B9D8} : DhcpNameServer = 192.168.20.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
BHO-X64: Yontoo Layers: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
BHO-X64: Yontoo Layers - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [(Default)]
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
Hosts: 74.208.10.249 gs.apple.com
.
============= SERVICES / DRIVERS ===============
.
R0 mv91cons;Marvell 91xx Config Device Driver;C:\Windows\system32\DRIVERS\mv91cons.sys --> C:\Windows\system32\DRIVERS\mv91cons.sys [?]
R0 mv91xx;mv91xx;C:\Windows\system32\DRIVERS\mv91xx.sys --> C:\Windows\system32\DRIVERS\mv91xx.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-9-8 13336]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-9-18 366152]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-9-24 1153368]
R2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2011-3-1 1831024]
R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-9-8 136824]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-09-25 14:00:36 24416 ----a-r- C:\Windows\System32\AdobePDFUI.dll
2011-09-24 20:38:47 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-09-24 20:38:47 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-09-23 00:16:55 -------- d-----w- C:\Users\Scott\AppData\Roaming\SUPERAntiSpyware.com
2011-09-23 00:16:30 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-09-23 00:16:30 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-09-23 00:09:58 -------- d-----w- C:\Windows\System32\appmgmt
2011-09-22 23:04:40 -------- d-----w- C:\Windows\en
2011-09-22 22:49:28 48488 ----a-w- C:\Windows\System32\drivers\fssfltr.sys
2011-09-22 22:46:10 -------- d-----w- C:\Program Files (x86)\Microsoft
2011-09-22 22:45:23 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll
2011-09-22 22:45:23 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll
2011-09-22 22:45:04 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll
2011-09-22 22:45:04 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
2011-09-22 22:43:17 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll
2011-09-22 22:43:17 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll
2011-09-22 22:40:40 1164800 ----a-w- C:\Windows\SysWow64\UIRibbonRes.dll
2011-09-22 22:40:39 1164800 ----a-w- C:\Windows\System32\UIRibbonRes.dll
2011-09-22 22:40:38 2983424 ----a-w- C:\Windows\SysWow64\UIRibbon.dll
2011-09-22 22:40:37 3860992 ----a-w- C:\Windows\System32\UIRibbon.dll
2011-09-22 22:38:28 7450888 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\56884f641cc79780a\bingbarsetup.exe
2011-09-22 22:37:55 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\449d53b41cc797809\MeshBetaRemover.exe
2011-09-22 22:37:51 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\4120afad1cc797808\DXSETUP.exe
2011-09-22 22:37:50 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\4120afad1cc797808\DSETUP.dll
2011-09-22 22:37:50 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\4120afad1cc797808\dsetup32.dll
2011-09-22 22:37:41 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\3bd47b8f1cc797807\DXSETUP.exe
2011-09-22 22:37:41 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\3bd47b8f1cc797807\dsetup32.dll
2011-09-22 22:37:40 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\3bd47b8f1cc797807\DSETUP.dll
2011-09-22 22:37:38 6260088 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\300a2ab41cc797806\Silverlight.4.0.exe
2011-09-22 22:34:58 -------- d-----w- C:\Users\Scott\AppData\Local\Windows Live
2011-09-22 22:34:54 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2011-09-22 01:28:20 -------- d-----w- C:\Users\Scott\AppData\Local\WMTools Downloaded Files
2011-09-21 23:33:43 -------- d-----w- C:\Users\Scott\AppData\Roaming\AnvSoft
2011-09-21 23:33:31 -------- d-----w- C:\Users\Scott\AppData\Local\OpenCandy
2011-09-21 23:33:29 -------- d-----w- C:\Users\Scott\AppData\Roaming\OpenCandy
2011-09-21 23:33:29 -------- d-----w- C:\Program Files (x86)\AnvSoft
2011-09-21 23:30:47 518064 ----a-w- C:\Windows\SysWow64\framework.ocx
2011-09-21 02:48:52 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
2011-09-21 02:48:30 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2011-09-21 00:18:24 -------- d-----w- C:\Users\Scott\AppData\Roaming\AvitoDvd
2011-09-21 00:18:24 -------- d-----w- C:\Users\Scott\AppData\Roaming\AviDvdBurner
2011-09-21 00:17:56 237568 ----a-w- C:\Windows\SysWow64\yv12vfw.dll
2011-09-21 00:17:56 232448 ----a-w- C:\Windows\SysWow64\mp3fhg.acm
2011-09-21 00:17:56 175616 ----a-w- C:\Windows\SysWow64\unrar.dll
2011-09-21 00:17:56 151552 ----a-w- C:\Windows\SysWow64\ac3acm.acm
2011-09-21 00:17:55 73216 ----a-w- C:\Windows\SysWow64\ff_vfw.dll
2011-09-21 00:17:55 644608 ----a-w- C:\Windows\SysWow64\xvidcore.dll
2011-09-21 00:17:55 243200 ----a-w- C:\Windows\SysWow64\xvidvfw.dll
2011-09-21 00:17:54 -------- d-----w- C:\Program Files (x86)\K-Lite Codec Pack
2011-09-21 00:16:48 -------- d-----w- C:\Program Files (x86)\AviToDvdFree
2011-09-19 03:29:01 -------- d-----w- C:\Users\Scott\AppData\Roaming\Malwarebytes
2011-09-19 03:28:43 -------- d-----w- C:\ProgramData\Malwarebytes
2011-09-19 03:28:40 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-09-19 03:28:40 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-09-19 03:06:02 -------- d-----w- C:\sh4ldr
2011-09-19 03:06:02 -------- d-----w- C:\Program Files\Enigma Software Group
2011-09-19 03:05:33 -------- d-----w- C:\Windows\8AE3EC14EAF84064958AC340C66EDD44.TMP
2011-09-19 03:05:33 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2011-09-19 02:04:43 -------- d-----w- C:\Users\Scott\.shsh
2011-09-19 02:03:04 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-09-18 03:37:43 -------- d-----w- C:\Program Files (x86)\Yontoo Layers Runtime
2011-09-18 03:15:57 -------- d-----w- C:\Users\Scott\AppData\Roaming\Xilisoft Corporation
2011-09-18 03:07:54 -------- d-----w- C:\Program Files (x86)\SpyRemover
2011-09-17 03:34:26 -------- d-----w- C:\Users\Scott\AppData\Roaming\WindSolutions
2011-09-17 03:34:26 -------- d-----w- C:\ProgramData\WindSolutions
2011-09-17 03:09:36 -------- d-----w- C:\Program Files\iPod
2011-09-17 03:09:34 -------- d-----w- C:\Program Files\iTunes
2011-09-17 03:09:34 -------- d-----w- C:\Program Files (x86)\iTunes
2011-09-17 03:08:19 -------- d-----w- C:\Program Files\Bonjour
2011-09-17 03:08:19 -------- d-----w- C:\Program Files (x86)\Bonjour
2011-09-17 03:06:31 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2011-09-17 03:06:31 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2011-09-17 03:06:31 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2011-09-17 03:06:31 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2011-09-17 03:06:31 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2011-09-17 03:06:31 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2011-09-17 03:06:31 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2011-09-17 03:00:53 -------- d-----w- C:\Users\Scott\AppData\Local\Apple Computer
2011-09-17 03:00:26 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2011-09-17 03:00:26 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
2011-09-17 03:00:26 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2011-09-17 02:59:55 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2011-09-17 02:58:47 -------- d-----w- C:\Users\Scott\AppData\Local\Apple
2011-09-13 02:50:55 -------- d-----w- C:\Users\Scott\AppData\Roaming\Bitstream
2011-09-11 22:32:56 -------- d-----w- C:\Users\Scott\AppData\Local\ElevatedDiagnostics
2011-09-11 21:41:21 101376 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\HPZPPWN7.DLL
2011-09-11 20:04:15 -------- d-----w- C:\Program Files (x86)\Corel
2011-09-11 05:35:00 -------- d-----w- C:\Program Files (x86)\AMP Font Viewer
2011-09-11 02:23:14 -------- d-----w- C:\Program Files (x86)\ConnectCodeTrial
2011-09-11 02:22:49 -------- d-----w- C:\Users\Scott\AppData\Local\nsMapdll32
2011-09-11 00:01:33 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe
2011-09-10 22:30:34 -------- d-----w- C:\ProgramData\ALM
2011-09-10 03:42:50 -------- d-----w- C:\Program Files (x86)\Common Files\Macrovision Shared
2011-09-10 03:42:47 -------- d-----w- C:\Users\Scott\AppData\Local\Adobe
2011-09-10 03:37:00 52568 ----a-w- C:\Windows\System32\AdobePDF.dll
2011-09-10 00:36:12 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-09 23:16:59 96768 ----a-w- C:\Windows\System32\fsutil.exe
2011-09-09 23:16:59 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2011-09-09 07:31:51 -------- d-----w- C:\Windows\SysWow64\Wat
2011-09-09 07:31:51 -------- d-----w- C:\Windows\System32\Wat
2011-09-09 07:11:19 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
2011-09-09 07:11:19 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
2011-09-09 07:08:19 311808 ----a-w- C:\Windows\System32\msv1_0.dll
2011-09-09 07:08:19 257024 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2011-09-09 07:05:06 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2011-09-09 07:05:05 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2011-09-09 07:05:05 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2011-09-09 07:05:05 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2011-09-09 07:05:04 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2011-09-09 07:05:04 444752 ----a-w- C:\Windows\System32\mscoree.dll
2011-09-09 07:05:04 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2011-09-09 07:05:04 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2011-09-09 07:05:04 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2011-09-09 07:05:04 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2011-09-09 07:00:38 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2011-09-09 04:54:57 -------- d-----w- C:\Windows\Panther
2011-09-09 04:54:45 -------- d-sh--w- C:\Boot
2011-09-09 04:48:38 -------- d-----w- C:\Windows.old
2011-09-09 03:06:37 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2011-09-09 03:06:26 -------- d-----w- C:\Windows\PCHEALTH
2011-09-09 03:06:26 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2011-09-09 03:04:21 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2011-09-09 03:03:37 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2011-09-09 03:03:08 -------- d-----w- C:\Users\Scott\AppData\Local\Microsoft Help
2011-09-09 02:43:34 -------- d-----w- C:\Users\Scott\AppData\Roaming\BPFTP
2011-09-09 02:42:50 -------- d-----w- C:\Program Files (x86)\BPFTP
2011-09-09 02:06:25 -------- d-----w- C:\Users\Scott\AppData\Local\Symantec
2011-09-09 02:06:22 225328 ----a-w- C:\Windows\System32\drivers\wpshelper.sys
2011-09-09 02:04:42 172592 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2011-09-09 02:04:42 -------- d-----w- C:\Program Files\Symantec
2011-09-09 02:04:17 503808 ----a-w- C:\Windows\SysWow64\MSVCP71.DLL
2011-09-09 02:04:17 1060864 ----a-w- C:\Windows\SysWow64\MFC71.DLL
2011-09-09 02:04:10 -------- d-----w- C:\ProgramData\Symantec
2011-09-09 02:04:10 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2011-09-09 02:04:10 -------- d-----w- C:\Program Files (x86)\Symantec
2011-09-09 01:58:59 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-09-09 01:57:56 264192 ----a-w- C:\Windows\System32\upnp.dll
2011-09-09 01:53:16 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-09-09 01:53:16 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-09-09 01:53:16 -------- d-----w- C:\Users\Scott\AppData\Roaming\Intel Corporation
2011-09-09 01:53:14 389632 ----a-w- C:\Windows\System32\winlogon.exe
2011-09-09 01:53:11 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2011-09-09 01:53:11 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
2011-09-09 01:53:11 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
2011-09-09 01:53:10 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2011-09-09 01:53:08 52224 ----a-w- C:\Windows\System32\rtutils.dll
2011-09-09 01:53:08 37376 ----a-w- C:\Windows\SysWow64\rtutils.dll
2011-09-09 01:52:59 558592 ----a-w- C:\Windows\System32\spoolsv.exe
2011-09-09 01:52:57 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2011-09-09 01:52:57 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-09-09 01:52:57 367104 ----a-w- C:\Windows\System32\atmfd.dll
2011-09-09 01:52:57 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-09-09 01:52:57 294912 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-09-09 01:52:57 100864 ----a-w- C:\Windows\System32\fontsub.dll
2011-09-09 01:52:47 395776 ----a-w- C:\Windows\System32\webio.dll
2011-09-09 01:52:47 314368 ----a-w- C:\Windows\SysWow64\webio.dll
2011-09-09 01:52:46 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2011-09-09 01:52:44 82944 ----a-w- C:\Windows\SysWow64\iccvid.dll
2011-09-09 01:52:42 223448 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2011-09-09 01:48:47 1739176 ----a-w- C:\Windows\System32\ntdll.dll
2011-09-09 01:47:58 3138048 ----a-w- C:\Windows\System32\mstscax.dll
2011-09-09 01:46:31 53248 ----a-r- C:\Windows\SysWow64\CSVer.dll
2011-09-09 01:44:55 1251944 ------r- C:\Windows\RtlExUpd.dll
2011-09-09 01:44:55 -------- d--h--w- C:\Program Files (x86)\Temp
2011-09-09 01:44:53 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2011-09-09 01:43:32 5507968 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-09-09 01:43:31 3957120 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-09-09 01:43:31 3902336 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-09-09 01:43:20 8862544 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F81B5561-D0CD-4973-96B8-BADA29B5E7B1}\mpengine.dll
2011-09-09 01:43:19 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-09-09 01:42:14 -------- d-----w- C:\Intel
2011-09-09 01:42:13 438808 ----a-w- C:\Windows\System32\drivers\iaStor.sys
2011-09-09 01:37:07 220672 ----a-w- C:\Windows\System32\wintrust.dll
2011-09-09 01:37:07 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll
2011-09-09 01:37:04 139264 ----a-w- C:\Windows\System32\cabview.dll
2011-09-09 01:37:04 132608 ----a-w- C:\Windows\SysWow64\cabview.dll
2011-09-09 01:34:58 68264 ----a-w- C:\Windows\System32\e1cmsg.dll
2011-09-09 01:34:58 36472 ----a-w- C:\Windows\System32\NicCo36.dll
2011-09-09 01:34:58 313520 ----a-w- C:\Windows\System32\drivers\e1c62x64.sys
2011-09-09 01:34:57 91840 ----a-w- C:\Windows\System32\NicInstC.dll
2011-09-09 01:32:06 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll
2011-09-09 01:32:06 428136 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
2011-09-09 01:32:06 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
2011-09-09 01:32:01 -------- d-----w- C:\Program Files (x86)\Realtek
2011-09-09 01:21:35 -------- d-sh--w- C:\Windows\Installer
2011-09-09 01:18:27 -------- d-----w- C:\Program Files (x86)\BitTorrent
2011-09-09 01:17:48 -------- d-----w- C:\Users\Scott\AppData\Roaming\BitTorrent
2011-09-09 01:05:56 -------- d-sh--w- C:\Recovery
2011-09-04 02:47:26 -------- d-----w- C:\Program Files (x86)\UltraISO
2011-09-04 02:47:26 -------- d-----w- C:\Program Files (x86)\Common Files\EZB Systems
2011-09-03 17:12:05 -------- d-----w- C:\Program Files (x86)\Common Files\Intel Corporation
2011-08-28 23:39:18 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2011-08-28 03:34:13 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2011-08-28 03:34:13 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2011-08-28 03:34:13 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2011-08-28 03:34:13 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2011-08-28 02:32:24 757760 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2011-08-28 02:32:24 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2011-08-28 02:32:24 65024 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe
2011-08-28 02:32:24 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2011-08-28 02:32:24 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2011-08-28 02:32:24 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2011-08-28 02:32:24 204800 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2011-08-28 02:32:24 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2011-08-28 02:17:36 -------- d-----w- C:\Program Files (x86)\Common Files\Atheros
.
==================== Find3M ====================
.
2011-09-09 01:47:52 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2011-09-09 01:45:48 16896 ----a-w- C:\Windows\AsTaskSched.dll
2011-07-16 05:26:54 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-07-16 05:26:53 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-07-16 05:26:53 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-07-16 05:26:18 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-07-16 05:24:09 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-07-16 05:21:32 422400 ----a-w- C:\Windows\System32\KernelBase.dll
2011-07-16 05:17:46 338432 ----a-w- C:\Windows\System32\conhost.exe
2011-07-16 04:36:09 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-07-16 04:32:14 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-07-16 04:31:50 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-07-16 04:30:29 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-07-16 04:30:27 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-07-16 02:26:12 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-07-16 02:26:11 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-07-16 02:21:47 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:21:47 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:21:47 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:21:47 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-12 15:34:00 96104 ----a-w- C:\Windows\System32\dns-sd.exe
2011-07-12 15:34:00 85864 ----a-w- C:\Windows\System32\dnssd.dll
2011-07-12 15:34:00 61288 ----a-w- C:\Windows\System32\jdns_sd.dll
2011-07-12 15:34:00 212840 ----a-w- C:\Windows\System32\dnssdX.dll
2011-07-12 15:20:54 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe
2011-07-12 15:20:54 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll
2011-07-12 15:20:54 50536 ----a-w- C:\Windows\SysWow64\jdns_sd.dll
2011-07-12 15:20:54 178536 ----a-w- C:\Windows\SysWow64\dnssdX.dll
2011-07-09 05:14:10 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-07-09 04:30:52 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-07-09 02:44:55 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-07-05 22:37:00 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2011-07-05 22:37:00 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
.
============= FINISH: 20:53:36.46 ===============



#3 2k05GT

2k05GT
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:11 PM

Posted 26 September 2011 - 08:15 PM

GMER Log file

GMER hasent found any System Modifications


I would not let me select the options in the instructions

see attached JPG



--Security Check--

Results of screen317's Security Check version 0.99.7
Windows 7 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java™ 6 Update 27
Out of date Java installed!
Adobe Flash Player
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
``````````End of Log````````````


-- MiniToolbox--

MiniToolBox by Farbar
Ran by Scott (administrator) on 25-09-2011 at 09:14:08
Windows 7 Ultimate (X64)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================

74.208.10.249 gs.apple.com


========================= IP Configuration: ================================

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration


Windows IP Configuration

Host Name . . . . . . . . . . . . : Scott-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® 82579V Gigabit Network Connection
Physical Address. . . . . . . . . : F4-6D-04-E3-3A-6C
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : F4-6D-04-E3-34-EE
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::f1b7:bdae:26d9:ea56%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.20.55(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, September 25, 2011 9:07:39 AM
Lease Expires . . . . . . . . . . : Monday, September 26, 2011 9:07:39 AM
Default Gateway . . . . . . . . . : 192.168.20.1
DHCP Server . . . . . . . . . . . : 192.168.20.1
DHCPv6 IAID . . . . . . . . . . . : 250899716
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-FB-25-22-F4-6D-04-E3-34-EE
DNS Servers . . . . . . . . . . . : 192.168.20.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{278E26AE-925E-4B42-9341-06A6B90B45B7}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:4fc:33e2:3f57:ebc8(Preferred)
Link-local IPv6 Address . . . . . : fe80::4fc:33e2:3f57:ebc8%13(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{D2ED56AF-A780-42DE-BA9A-224574A1B9D8}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 192.168.20.1

Name: google.com
Addresses: 72.14.204.103
72.14.204.147
72.14.204.105
72.14.204.104
72.14.204.99

Pinging google.com [72.14.204.99] with 32 bytes of data:
Reply from 72.14.204.99: bytes=32 time=27ms TTL=51
Reply from 72.14.204.99: bytes=32 time=28ms TTL=51

Ping statistics for 72.14.204.99:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 27ms, Maximum = 28ms, Average = 27ms
Server: UnKnown
Address: 192.168.20.1

Name: yahoo.com
Addresses: 72.30.2.43
98.137.149.56
209.191.122.70
67.195.160.76
69.147.125.65

Pinging yahoo.com [98.137.149.56] with 32 bytes of data:
Reply from 98.137.149.56: bytes=32 time=92ms TTL=47
Reply from 98.137.149.56: bytes=32 time=90ms TTL=47

Ping statistics for 98.137.149.56:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 90ms, Maximum = 92ms, Average = 91ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=1ms TTL=128
Reply from 127.0.0.1: bytes=32 time=1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 1ms, Average = 1ms
===========================================================================
Interface List
14...f4 6d 04 e3 3a 6c ......Intel® 82579V Gigabit Network Connection
11...f4 6d 04 e3 34 ee ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.20.1 192.168.20.55 10
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.20.0 255.255.255.0 On-link 192.168.20.55 266
192.168.20.55 255.255.255.255 On-link 192.168.20.55 266
192.168.20.255 255.255.255.255 On-link 192.168.20.55 266
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.20.55 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.20.55 266
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
13 58 ::/0 On-link
1 306 ::1/128 On-link
13 58 2001::/32 On-link
13 306 2001:0:4137:9e76:4fc:33e2:3f57:ebc8/128
On-link
11 266 fe80::/64 On-link
13 306 fe80::/64 On-link
13 306 fe80::4fc:33e2:3f57:ebc8/128
On-link
11 266 fe80::f1b7:bdae:26d9:ea56/128
On-link
1 306 ff00::/8 On-link
13 306 ff00::/8 On-link
11 266 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/25/2011 09:07:46 AM) (Source: Bonjour Service) (User: )
Description: mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)

Error: (09/25/2011 09:07:46 AM) (Source: Bonjour Service) (User: )
Description: mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)

Error: (09/24/2011 05:02:08 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error: (09/24/2011 05:02:08 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error: (09/24/2011 03:59:46 PM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 9.0.8112.16421 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 13dc

Start Time: 01cc7af30a30208a

Termination Time: 141

Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Report Id:

Error: (09/24/2011 03:28:48 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error: (09/24/2011 03:28:48 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error: (09/22/2011 11:31:21 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error: (09/22/2011 11:30:17 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (09/22/2011 07:09:16 PM) (Source: MsiInstaller) (User: Scott)Scott
Description: Product: Microsoft Office Outlook Connector -- Error 1921. Service 'Windows Search' (wsearch) could not be stopped. Verify that you have sufficient privileges to stop system services.


System errors:
=============
Error: (09/25/2011 09:11:05 AM) (Source: NetBT) (User: )
Description: The name "SCOTT-PC :0" could not be registered on the interface with IP address 192.168.20.55.
The computer with the IP address 192.168.20.63 did not allow the name to be claimed by
this computer.

Error: (09/25/2011 09:07:40 AM) (Source: NetBT) (User: )
Description: The name "SCOTT-PC :0" could not be registered on the interface with IP address 192.168.20.55.
The computer with the IP address 192.168.20.63 did not allow the name to be claimed by
this computer.

Error: (09/25/2011 09:07:39 AM) (Source: NetBT) (User: )
Description: The name "SCOTT-PC :20" could not be registered on the interface with IP address 192.168.20.55.
The computer with the IP address 192.168.20.63 did not allow the name to be claimed by
this computer.

Error: (09/25/2011 09:07:39 AM) (Source: Server) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{D2ED56AF-A780-42DE-BA9A-224574A1B9D8} because another computer on the network has the same name. The server could not start.

Error: (09/24/2011 04:33:54 PM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{D2ED56AF-A780-42DE-BA9A-224574A1B9D8}.
The backup browser is stopping.

Error: (09/24/2011 03:22:13 PM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{D2ED56AF-A780-42DE-BA9A-224574A1B9D8}.
The backup browser is stopping.

Error: (09/24/2011 11:15:11 AM) (Source: NetBT) (User: )
Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.20.55.
The computer with the IP address 192.168.20.53 did not allow the name to be claimed by
this computer.

Error: (09/24/2011 11:10:01 AM) (Source: NetBT) (User: )
Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.20.55.
The computer with the IP address 192.168.20.53 did not allow the name to be claimed by
this computer.

Error: (09/24/2011 11:04:51 AM) (Source: NetBT) (User: )
Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.20.55.
The computer with the IP address 192.168.20.53 did not allow the name to be claimed by
this computer.

Error: (09/24/2011 10:59:41 AM) (Source: NetBT) (User: )
Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.20.55.
The computer with the IP address 192.168.20.53 did not allow the name to be claimed by
this computer.


Microsoft Office Sessions:
=========================
Error: (09/25/2011 09:07:46 AM) (Source: Bonjour Service)(User: )
Description: mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)

Error: (09/25/2011 09:07:46 AM) (Source: Bonjour Service)(User: )
Description: mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)

Error: (09/24/2011 05:02:08 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestC:\Program Files (x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe

Error: (09/24/2011 05:02:08 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestC:\Program Files (x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe

Error: (09/24/2011 03:59:46 PM) (Source: Application Hang)(User: )
Description: iexplore.exe9.0.8112.1642113dc01cc7af30a30208a141C:\Program Files (x86)\Internet Explorer\iexplore.exe

Error: (09/24/2011 03:28:48 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestC:\Program Files (x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe

Error: (09/24/2011 03:28:48 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestC:\Program Files (x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe

Error: (09/22/2011 11:31:21 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestc:\program files (x86)\Adobe\acrobat 9.0\designer 8.2\FormDesigner.exe

Error: (09/22/2011 11:30:17 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (09/22/2011 07:09:16 PM) (Source: MsiInstaller)(User: Scott)Scott
Description: Product: Microsoft Office Outlook Connector -- Error 1921. Service 'Windows Search' (wsearch) could not be stopped. Verify that you have sufficient privileges to stop system services.(NULL)(NULL)(NULL)(NULL)(NULL)


=========================== Installed Programs ============================

Adobe Acrobat 9 Pro - English, Français, Deutsch (Version: 9.4.5)
Adobe Acrobat 9.4.5 - CPSID_83708
Adobe AIR (Version: 1.5.3.9120)
Adobe Community Help (Version: 3.0.0)
Adobe Community Help (Version: 3.0.0.400)
Adobe Creative Suite 5 Design Premium (Version: 5.0)
Adobe Flash Player 10 Plugin (Version: 10.1.52.14)
Adobe Flash Player 11 ActiveX 64-bit (Version: 11.0.1.129)
Adobe Media Player (Version: 1.8)
AMP Font Viewer
Any Video Converter 3.2.7
Apple Application Support (Version: 2.0.1)
Apple Mobile Device Support (Version: 3.4.1.2)
Apple Software Update (Version: 2.1.3.127)
Avi to Dvd Free Converter v5.7.0.196
Bonjour (Version: 3.0.0.2)
BulletProof FTP (Version: 2.40)
D3DX10 (Version: 15.4.2368.0902)
Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Intel® Rapid Storage Technology (Version: 10.1.0.1008)
iTunes (Version: 10.4.1.10)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 27 (Version: 6.0.270)
Junk Mail filter update (Version: 15.4.3502.0922)
K-Lite Mega Codec Pack 7.2.0 (Version: 7.2.0)
LiveUpdate 3.3 (Symantec Corporation) (Version: 3.3.0.96)
Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300)
marvell 91xx driver (Version: 1.0.0.1051)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4763.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Outlook Connector (Version: 14.0.5118.5000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.4763.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Visio 2010 (Version: 14.0.4763.1000)
Microsoft Office Visio MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (Version: 14.0.5120.5000)
Microsoft Silverlight (Version: 4.0.60531.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visio Premium 2010 (Version: 14.0.4763.1000)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
PDF Settings CS5 (Version: 10.0)
QuickTime (Version: 7.70.80.34)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
Realtek Ethernet Controller Driver (Version: 7.41.216.2011)
Realtek High Definition Audio Driver (Version: 6.0.1.6235)
RealUpgrade 1.1 (Version: 1.1.0)
Spybot - Search & Destroy (Version: 1.6.2)
SpyRemover 2.51 (Version: 2.51)
SUPERAntiSpyware (Version: 5.0.1118)
Symantec Endpoint Protection (Version: 11.0.6005.562)
UltraISO Premium V9.36
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2523113)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft OneNote 2010 (KB2493983)
Update for Microsoft Outlook Social Connector (KB2583935)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3538.0513)
Windows Live Family Safety (Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WinRAR 4.01 (32-bit) (Version: 4.01.0)

========================= Memory info: ===================================

Percentage of memory in use: 14%
Total physical RAM: 16360.76 MB
Available physical RAM: 13985.87 MB
Total Pagefile: 32719.67 MB
Available Pagefile: 29847.81 MB
Total Virtual: 4095.88 MB
Available Virtual: 3974.52 MB

========================= Partitions: =====================================

1 Drive c: (Backup_DATA) (Fixed) (Total:1397.26 GB) (Free:1241.62 GB) NTFS
2 Drive e: (Array_0000) (Fixed) (Total:4658.95 GB) (Free:4658.95 GB) NTFS

========================= Users: ========================================

User accounts for \\SCOTT-PC

Administrator Guest kids
Scott


**** End of log ****



--MBAM LOG--

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7792

Windows 6.1.7600
Internet Explorer 9.0.8112.16421

9/25/2011 10:02:28 AM
mbam-log-2011-09-25 (10-02-28).txt

Scan type: Full scan (C:\|)
Objects scanned: 63497
Time elapsed: 4 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




GMER did not find any System Modifications


I noticed that I only get the POPUPS from MBAM when I use Explorer 32 bit, IE64 is clean

--MBAM Protection Log--

20:30:19 Scott IP-BLOCK 212.95.32.134 (Type: outgoing, Port: 50120, Process: rundll32.exe)
20:33:33 Scott IP-BLOCK 212.95.32.134 (Type: outgoing, Port: 50288, Process: rundll32.exe)
20:36:31 Scott IP-BLOCK 212.95.32.134 (Type: outgoing, Port: 50374, Process: rundll32.exe)
20:39:36 Scott IP-BLOCK 212.95.32.134 (Type: outgoing, Port: 50473, Process: rundll32.exe)
20:42:40 Scott IP-BLOCK 212.95.32.134 (Type: outgoing, Port: 50865, Process: rundll32.exe)
20:45:37 Scott IP-BLOCK 212.95.32.134 (Type: outgoing, Port: 50917, Process: rundll32.exe)
20:48:41 Scott IP-BLOCK 212.95.32.134 (Type: outgoing, Port: 50920, Process: rundll32.exe)
20:51:45 Scott IP-BLOCK 212.95.32.134 (Type: outgoing, Port: 50921, Process: rundll32.exe)
20:54:58 Scott IP-BLOCK 212.95.32.134 (Type: outgoing, Port: 50929, Process: rundll32.exe)
20:58:03 Scott IP-BLOCK 212.95.32.134 (Type: outgoing, Port: 50934, Process: rundll32.exe)
21:01:00 Scott IP-BLOCK 212.95.32.134 (Type: outgoing, Port: 50941, Process: rundll32.exe)
21:04:05 Scott IP-BLOCK 212.95.32.134 (Type: outgoing, Port: 50947, Process: rundll32.exe)
21:07:03 Scott IP-BLOCK 212.95.32.134 (Type: outgoing, Port: 50960, Process: rundll32.exe)
21:33:04 Scott IP-BLOCK 212.95.32.134 (Type: outgoing, Port: 51130, Process: rundll32.exe)
21:36:17 Scott IP-BLOCK 212.95.32.134 (Type: outgoing, Port: 51138, Process: rundll32.exe)
21:39:29 Scott IP-BLOCK 212.95.32.134 (Type: outgoing, Port: 51139, Process: rundll32.exe)
21:42:26 Scott IP-BLOCK 212.95.32.134 (Type: outgoing, Port: 51140, Process: rundll32.exe)
21:45:31 Scott IP-BLOCK 212.95.32.134 (Type: outgoing, Port: 51165, Process: rundll32.exe)
21:48:35 Scott IP-BLOCK 212.95.32.134 (Type: outgoing, Port: 51197, Process: rundll32.exe)
21:51:39 Scott IP-BLOCK 212.95.32.134 (Type: outgoing, Port: 51198, Process: rundll32.exe)
21:54:44 Scott IP-BLOCK 212.95.32.134 (Type: outgoing, Port: 51237, Process: rundll32.exe)
21:57:48 Scott IP-BLOCK 212.95.32.134 (Type: outgoing, Port: 51276, Process: rundll32.exe)
22:00:52 Scott IP-BLOCK 212.95.32.134 (Type: outgoing, Port: 51297, Process: rundll32.exe)
22:03:56 Scott IP-BLOCK 212.95.32.134 (Type: outgoing, Port: 51313, Process: rundll32.exe)
22:07:00 Scott IP-BLOCK 212.95.32.134 (Type: outgoing, Port: 51318, Process: rundll32.exe)
22:09:56 Scott IP-BLOCK 212.95.32.134 (Type: outgoing, Port: 51364, Process: rundll32.exe)
22:13:00 Scott IP-BLOCK 212.95.32.134 (Type: outgoing, Port: 51413, Process: rundll32.exe)
22:31:33 Scott IP-BLOCK 212.95.32.134 (Type: outgoing, Port: 51488, Process: rundll32.exe)
22:34:46 Scott IP-BLOCK 212.95.32.134 (Type: outgoing, Port: 51542, Process: rundll32.exe)
22:37:51 Scott IP-BLOCK 212.95.32.134 (Type: outgoing, Port: 51587, Process: rundll32.exe)
22:40:47 Scott IP-BLOCK 212.95.32.134 (Type: outgoing, Port: 51658, Process: rundll32.exe)
22:44:00 Scott IP-BLOCK 212.95.32.134 (Type: outgoing, Port: 51766, Process: rundll32.exe)
22:47:04 Scott IP-BLOCK 212.95.32.134 (Type: outgoing, Port: 51775, Process: rundll32.exe)
22:50:09 Scott IP-BLOCK 212.95.32.134 (Type: outgoing, Port: 51788, Process: rundll32.exe)
22:53:13 Scott IP-BLOCK 212.95.32.134 (Type: outgoing, Port: 51858, Process: rundll32.exe)
22:56:19 Scott IP-BLOCK 212.95.32.134 (Type: outgoing, Port: 52012, Process: rundll32.exe)
22:59:26 Scott IP-BLOCK 212.95.32.134 (Type: outgoing, Port: 52098, Process: rundll32.exe)
23:02:33 Scott IP-BLOCK 212.95.32.134 (Type: outgoing, Port: 52151, Process: rundll32.exe)

Attached Files


Edited by 2k05GT, 26 September 2011 - 08:19 PM.


#4 2k05GT

2k05GT
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:11 PM

Posted 29 September 2011 - 06:24 PM

It's getting worse, the Popups now are on the 64 Bit IE AND I GOT THIS TODAY
C:\USERS\SCOTT\APPDATA\LOCAL\NSMAPDLL32\EAPWILOG.DLL (TROJAN.BLUEINIT.SGEN)

any headway on the logs?
I did what Orange ?? said, I have not used the computer, no changes....

Attached Files



#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:11 PM

Posted 30 September 2011 - 10:14 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===
The following item is the culprit.
uRun: [eapWIlog] rundll32.exe "C:\Users\Scott\AppData\Local\nsMapdll32\eapWIlog.dll",NativeGLARM mfcUserHelper

Start the Task Manager and disable the eapWIlog Process.

Restart the computer normally.

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html
===

Let me know if the problem persists.

#6 2k05GT

2k05GT
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:11 PM

Posted 30 September 2011 - 09:14 PM

COMBOFIX LOG

ComboFix 11-09-30.05 - Scott 09/30/2011 21:56:37.1.8 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.16361.12904 [GMT -4:00]
Running from: c:\users\Scott\Downloads\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Scott\videos\AVSVideoConverter.exe
c:\users\Scott\videos\ffdshow.exe
c:\users\Scott\videos\media.player.codec.pack.v3.9.2.setup.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-09-01 to 2011-10-01 )))))))))))))))))))))))))))))))
.
.
2011-10-01 01:59 . 2011-10-01 01:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-30 03:18 . 2011-09-30 03:18 -------- d-----w- c:\program files (x86)\Exterminate It!
2011-09-28 03:44 . 2011-09-28 03:44 -------- d-----w- c:\windows\Sun
2011-09-25 14:00 . 2009-08-20 03:50 24416 ----a-r- c:\windows\system32\AdobePDFUI.dll
2011-09-24 21:34 . 2011-09-24 21:34 -------- d-----w- c:\windows\system32\Macromed
2011-09-24 20:38 . 2011-09-24 20:57 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-09-24 20:38 . 2011-09-24 20:40 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-09-23 00:16 . 2011-09-28 23:08 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-09-23 00:16 . 2011-09-23 00:16 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-09-23 00:09 . 2011-09-24 20:28 -------- d-----w- c:\windows\system32\appmgmt
2011-09-22 23:04 . 2011-09-22 23:04 -------- d-----w- c:\windows\en
2011-09-22 22:49 . 2011-05-13 19:37 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2011-09-22 22:49 . 2011-09-22 23:04 -------- d-----w- c:\program files (x86)\Windows Live
2011-09-22 22:48 . 2011-09-22 22:49 -------- d-----w- c:\program files\Windows Live
2011-09-22 22:46 . 2011-09-24 20:27 -------- d-----w- c:\program files (x86)\Microsoft
2011-09-22 22:45 . 2009-09-04 21:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll
2011-09-22 22:45 . 2009-09-04 21:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll
2011-09-22 22:45 . 2009-09-04 21:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll
2011-09-22 22:45 . 2009-09-04 21:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-09-22 22:43 . 2006-11-29 17:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll
2011-09-22 22:43 . 2006-11-29 17:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll
2011-09-22 22:42 . 2011-09-24 19:19 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2011-09-22 22:40 . 2010-08-11 04:35 1164800 ----a-w- c:\windows\SysWow64\UIRibbonRes.dll
2011-09-22 22:40 . 2010-08-11 05:13 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2011-09-22 22:40 . 2010-08-11 04:44 2983424 ----a-w- c:\windows\SysWow64\UIRibbon.dll
2011-09-22 22:40 . 2010-08-11 05:19 3860992 ----a-w- c:\windows\system32\UIRibbon.dll
2011-09-22 22:34 . 2011-09-22 22:34 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2011-09-21 23:33 . 2011-09-21 23:33 -------- d-----w- c:\program files (x86)\AnvSoft
2011-09-21 23:30 . 2008-06-27 14:49 518064 ----a-w- c:\windows\SysWow64\framework.ocx
2011-09-21 02:48 . 2011-09-21 02:48 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2011-09-21 02:48 . 2011-09-21 02:48 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2011-09-21 02:48 . 2011-09-21 02:48 -------- d-----w- c:\program files (x86)\Real
2011-09-21 00:17 . 2011-03-19 19:00 151552 ----a-w- c:\windows\SysWow64\ac3acm.acm
2011-09-21 00:17 . 2011-03-02 10:43 175616 ----a-w- c:\windows\SysWow64\unrar.dll
2011-09-21 00:17 . 2010-11-03 18:08 237568 ----a-w- c:\windows\SysWow64\yv12vfw.dll
2011-09-21 00:17 . 2006-10-18 18:05 232448 ----a-w- c:\windows\SysWow64\mp3fhg.acm
2011-09-21 00:17 . 2011-06-16 08:00 73216 ----a-w- c:\windows\SysWow64\ff_vfw.dll
2011-09-21 00:17 . 2011-06-02 00:15 243200 ----a-w- c:\windows\SysWow64\xvidvfw.dll
2011-09-21 00:17 . 2011-06-02 00:10 644608 ----a-w- c:\windows\SysWow64\xvidcore.dll
2011-09-21 00:17 . 2011-09-21 00:18 -------- d-----w- c:\program files (x86)\K-Lite Codec Pack
2011-09-21 00:16 . 2011-09-21 00:21 -------- d-----w- c:\program files (x86)\AviToDvdFree
2011-09-19 03:28 . 2011-09-19 03:28 -------- d-----w- c:\programdata\Malwarebytes
2011-09-19 03:28 . 2011-09-19 03:28 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-09-19 03:28 . 2011-08-31 21:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-19 03:06 . 2011-09-23 00:09 -------- d-----w- C:\sh4ldr
2011-09-19 03:06 . 2011-09-19 03:06 -------- d-----w- c:\program files\Enigma Software Group
2011-09-19 03:05 . 2011-09-23 00:09 -------- d-----w- c:\windows\8AE3EC14EAF84064958AC340C66EDD44.TMP
2011-09-19 03:05 . 2011-09-19 03:05 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2011-09-19 02:04 . 2011-09-19 02:04 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-09-19 02:03 . 2011-09-19 02:02 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-09-19 02:02 . 2011-09-19 02:02 -------- d-----w- c:\program files (x86)\Java
2011-09-18 03:37 . 2011-09-18 03:37 -------- d-----w- c:\program files (x86)\Yontoo Layers Runtime
2011-09-18 03:07 . 2011-09-18 03:13 -------- d-----w- c:\program files (x86)\SpyRemover
2011-09-17 03:34 . 2011-09-17 04:55 -------- d-----w- c:\programdata\WindSolutions
2011-09-17 03:09 . 2011-09-17 03:09 -------- d-----w- c:\program files\iPod
2011-09-17 03:09 . 2011-09-17 03:09 -------- d-----w- c:\program files\iTunes
2011-09-17 03:09 . 2011-09-17 03:09 -------- d-----w- c:\program files (x86)\iTunes
2011-09-17 03:08 . 2011-09-17 03:08 -------- d-----w- c:\program files\Bonjour
2011-09-17 03:08 . 2011-09-17 03:08 -------- d-----w- c:\program files (x86)\Bonjour
2011-09-17 03:06 . 2011-09-17 03:06 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2011-09-17 03:06 . 2011-09-17 03:06 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2011-09-17 03:06 . 2011-09-17 03:06 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2011-09-17 03:06 . 2011-09-17 03:06 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2011-09-17 03:06 . 2011-09-17 03:06 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2011-09-17 03:06 . 2011-09-17 03:06 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2011-09-17 03:06 . 2011-09-17 03:06 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2011-09-17 03:06 . 2011-09-17 03:06 -------- d-----w- c:\program files (x86)\QuickTime
2011-09-17 03:00 . 2011-09-22 22:49 -------- dc----w- c:\windows\system32\DRVSTORE
2011-09-17 03:00 . 2009-05-18 17:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-09-17 03:00 . 2008-04-17 16:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2011-09-17 03:00 . 2008-04-17 16:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2011-09-17 02:59 . 2011-09-17 03:00 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2011-09-17 02:58 . 2011-09-17 02:59 -------- d-----w- c:\programdata\Apple Computer
2011-09-17 02:58 . 2011-09-17 02:58 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-09-17 02:58 . 2011-09-17 02:58 -------- d-----w- c:\program files\Common Files\Apple
2011-09-17 02:58 . 2011-09-17 03:09 -------- d-----w- c:\program files (x86)\Common Files\Apple
2011-09-17 02:58 . 2011-09-17 02:58 -------- d-----w- c:\programdata\Apple
2011-09-15 04:48 . 2011-09-15 04:48 -------- d-----w- c:\users\kids
2011-09-15 04:30 . 2011-09-15 04:31 -------- d-----w- c:\program files\Hewlett-Packard
2011-09-11 21:41 . 2009-07-14 01:41 101376 ----a-w- c:\windows\system32\Spool\prtprocs\x64\HPZPPWN7.DLL
2011-09-11 20:04 . 2011-09-11 20:04 -------- d-----w- c:\program files (x86)\Corel
2011-09-11 05:35 . 2011-09-11 20:07 -------- d-----w- c:\program files (x86)\AMP Font Viewer
2011-09-11 02:23 . 2011-09-11 02:23 -------- d-----w- c:\program files (x86)\ConnectCodeTrial
2011-09-11 00:46 . 2011-09-11 00:46 -------- d-----w- c:\users\Public\Roaming
2011-09-11 00:01 . 2011-09-11 00:01 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2011-09-10 22:30 . 2011-09-10 22:30 -------- d-----w- c:\programdata\ALM
2011-09-10 22:24 . 2011-09-10 22:32 -------- d-----w- c:\program files\Common Files\Adobe
2011-09-10 22:23 . 2011-09-10 22:23 -------- d-----w- c:\program files (x86)\Adobe Media Player
2011-09-10 22:20 . 2011-09-10 22:20 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2011-09-10 04:35 . 2011-09-10 04:35 -------- d-----w- c:\programdata\FLEXnet
2011-09-10 03:42 . 2011-09-10 03:42 -------- d-----w- c:\program files (x86)\Common Files\Macrovision Shared
2011-09-10 03:37 . 2009-08-20 03:50 52568 ----a-w- c:\windows\system32\AdobePDF.dll
2011-09-10 03:33 . 2011-09-10 22:26 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2011-09-10 00:36 . 2011-09-24 21:34 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-10 00:36 . 2011-09-10 00:36 -------- d-----w- c:\windows\SysWow64\Macromed
2011-09-09 23:16 . 2011-03-11 06:15 96768 ----a-w- c:\windows\system32\fsutil.exe
2011-09-09 23:16 . 2011-03-11 05:37 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
2011-09-09 07:31 . 2011-09-09 07:31 -------- d-----w- c:\windows\SysWow64\Wat
2011-09-09 07:31 . 2011-09-09 07:31 -------- d-----w- c:\windows\system32\Wat
2011-09-09 07:11 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
2011-09-09 07:11 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
2011-09-09 07:08 . 2009-09-10 06:28 311808 ----a-w- c:\windows\system32\msv1_0.dll
2011-09-09 07:08 . 2009-09-10 05:52 257024 ----a-w- c:\windows\SysWow64\msv1_0.dll
2011-09-09 07:05 . 2009-11-25 16:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2011-09-09 07:05 . 2009-11-25 16:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2011-09-09 07:05 . 2009-11-25 16:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2011-09-09 07:05 . 2009-11-25 16:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2011-09-09 07:05 . 2009-11-25 16:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2011-09-09 07:05 . 2009-11-25 16:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2011-09-09 07:05 . 2009-11-25 16:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-09-09 07:05 . 2009-11-25 16:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2011-09-09 07:05 . 2009-11-25 16:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2011-09-09 07:05 . 2009-11-25 16:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2011-09-09 07:00 . 2010-03-04 04:32 243712 ----a-w- c:\windows\system32\drivers\ks.sys
2011-09-09 04:54 . 2011-09-09 01:05 -------- d-----w- c:\windows\Panther
2011-09-09 04:54 . 2011-09-09 04:54 -------- d-----w- C:\Boot
2011-09-09 04:48 . 2011-09-09 04:48 -------- d-----w- C:\Windows.old
2011-09-09 03:06 . 2011-09-09 03:06 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2011-09-09 03:06 . 2011-09-22 22:54 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2011-09-09 03:06 . 2011-09-09 03:06 -------- d-----w- c:\windows\PCHEALTH
2011-09-09 03:06 . 2011-09-09 03:06 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework
2011-09-09 03:04 . 2011-09-09 03:04 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2011-09-09 03:03 . 2011-09-09 03:03 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2011-09-09 03:03 . 2011-09-16 07:04 -------- d-----w- c:\programdata\Microsoft Help
2011-09-09 03:02 . 2011-09-09 03:02 -------- d-----r- C:\MSOCache
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-22 22:48 . 2011-03-28 22:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-07-16 04:32 . 2011-09-09 01:48 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-07-12 15:34 . 2011-07-12 15:34 96104 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 15:34 . 2011-07-12 15:34 85864 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 15:34 . 2011-07-12 15:34 61288 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 15:34 . 2011-07-12 15:34 212840 ----a-w- c:\windows\system32\dnssdX.dll
2011-07-12 15:20 . 2011-07-12 15:20 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-07-12 15:20 . 2011-07-12 15:20 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-07-12 15:20 . 2011-07-12 15:20 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2011-07-12 15:20 . 2011-07-12 15:20 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll
2011-07-05 22:37 . 2011-07-05 22:37 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-07-05 22:37 . 2011-07-05 22:37 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2011-09-07 18:34 194848 ----a-w- c:\program files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-09-28 5492096]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2011-03-01 115560]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-09-07 40376]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-22 640440]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2011-09-21 273528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 mv91cons;Marvell 91xx Config Device Driver;c:\windows\system32\DRIVERS\mv91cons.sys [x]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-08-18 136824]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11545192]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.bigseekpro.com/solidyoutube/{EFDA45BE-61C6-4E55-9183-04B3164DC528}
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.20.1
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-Symantec Antvirus
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11b_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11b_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\program files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
.
**************************************************************************
.
Completion time: 2011-09-30 22:07:05 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-01 02:07
.
Pre-Run: 1,331,648,610,304 bytes free
Post-Run: 1,331,954,548,736 bytes free
.
- - End Of File - - 05116FA11EAE8E9BA35E505BB6BC1DBA



#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:11 PM

Posted 01 October 2011 - 07:00 AM

Your log is clean.

Any remaining issues?

#8 2k05GT

2k05GT
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:11 PM

Posted 02 October 2011 - 07:04 PM

I have been running it this weekend and I don't see any issues so far.
Thanks for your help.

#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:11 PM

Posted 03 October 2011 - 07:08 AM

Good news, now lets check this.

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:11 PM

Posted 08 October 2011 - 06:31 AM

Are you still with me?

#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:11 PM

Posted 13 October 2011 - 07:13 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users