Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

brower is redirecting me - program not working


  • This topic is locked This topic is locked
9 replies to this topic

#1 davisfoos

davisfoos

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:11:05 PM

Posted 12 October 2011 - 06:00 PM

Standing by for next steps.....

EDIT: AII Topic
http://www.bleepingcomputer.com/forums/topic423179.html/page__gopid__2439114#entry2439114

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_20
Run by davis at 11:23:46 on 2011-10-12
Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.3582.1389 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\fxssvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
C:\Windows\system32\conhost.exe
C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Hewlett-Packard\HP Wireless Elite Keyboard\HPKEYBOARDg.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\calc.exe
C:\Program Files\mIRC\mirc.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\PrintIsolationHost.exe
C:\TRapps\Dr2000\dr20000.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} -

c:\program files\yahoo!\companion\installs\cpn1\YTNavAssist.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!

\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common

files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files

\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files

\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google

\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program

files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files

\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files

\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!

\companion\installs\cpn1\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion

\installs\cpn1\yt.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe

\acrobat\activex\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google

toolbar\GoogleToolbar_32.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun: [PICPRTR.EXE]
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [<NO NAME>]
mRun: [HP KEYBOARDg] "c:\program files\hewlett-packard\hp wireless elite keyboard

\HPKEYBOARDg.EXE"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe"

/starttray
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex

\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex

\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex

\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex

\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component

\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
Trusted Zone: intuit.com\ttlc
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://www.road.com/oralmasp/download/mgaxctrl.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} -

hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-

1_6_0_20-windows-i586.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} -

hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-

1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-

1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-

1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -

hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?

lmi=100
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{31EFCC8B-62AB-41E4-808D-18FB7F849F16} : DhcpNameServer = 192.168.0.1

205.171.3.25 8.8.8.8
TCP: Interfaces\{F160A100-90FA-4153-9EF2-84969DDA63DA} : DhcpNameServer = 192.168.0.1

205.171.3.25
TCP: Interfaces\{F2F7564D-8C23-4C3C-BA3F-24D856F6E8F6} : DhcpNameServer = 192.168.0.1

205.171.3.25 8.8.8.8
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft

office\office12\GrooveSystemServices.dll
Handler: tmoutlook - {3B539A52-32CB-480F-AF9D-6A254EDA5CDC} -
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files

\microsoft office\office12\GrooveShellExtensions.dll
SEH: TMShellHook Class: {e1b51df9-6548-4673-ae63-4efa313e5907} - c:\program files\telemessage

\oe\bin\TMShell.dll
SEH: WinFax PRO IShellExecuteHook: {a213b520-c6c2-11d0-af9d-008029e1027e} - c:\program files

\winfax\WfxSeh32.Dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\davis\appdata\roaming\mozilla\firefox\profiles\1ypmp20h.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\adobe\acrobat 10.0\acrobat\browser\wcfirefoxextn\components

\WCFirefoxExtn.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\davis\appdata\roaming\mozilla\firefox\profiles\1ypmp20h.default

\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox

\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla

firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - %profile%\extensions

\LogMeInClient@logmein.com
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions

\firebug@software.joehewitt.com
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions

\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Easy Youtube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%

\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
FF - Ext: Fast Video Download (with SearchMenu): {c50ca3c4-5656-43c2-a061-13e717f73fc8} -

%profile%\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
FF - Ext: Adobe Acrobat - Create PDF: web2pdfextension@web2pdf.adobedotcom - c:\program files

\adobe\acrobat 10.0\acrobat\browser\WCFirefoxExtn
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13

48128]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe

[2009-8-18 176128]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-10-19

374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-8-

11 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys

[2010-2-13 47640]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-10

-11 366152]
R2 postgresql-8.4;postgresql-8.4 - PostgreSQL Server 8.4;C:/Program

Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Program

Files/PostgreSQL/8.4/data" -w --> C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N

postgresql-8.4 [?]
R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2010-1-25 5120]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2010-10-27 6573568]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-10-27 229888]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys

[2010-8-24 40912]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys

[2010-8-24 10448]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-17 22216]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows

\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 A_USBETHMP;USB PowerPacket Network Adapter;c:\windows\system32\drivers\usbethmp.sys [2009-7-9

14342]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers

\b57nd60x.sys [2009-7-13 229888]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-5

-10 18432]
S3 netr28u;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\drivers

\netr28u.sys [2009-9-15 807936]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted

[2009-7-13 20992]
S3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2009-7-13 266752]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe

[2010-2-25 1343400]
S3 WLRAWMp50x86;WLRAWMp50x86 NDIS Protocol Driver;c:\windows\system32\drivers\WLRAWMp50x86.sys

[2011-3-30 28312]
S3 WLRAWSp50x86;WLRAWSp50x86 NDIS Protocol Driver;c:\windows\system32\drivers\WLRAWSp50x86.sys

[2011-3-30 27032]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13

17920]
S3 XMUNIVERSAL;xmuni2.sys driver;c:\windows\system32\drivers\xmuni2.sys [2011-6-1 55080]
S4 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe

[2010-1-31 135664]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe

[2010-1-31 135664]
S4 SlingAgentService;SlingAgentService;c:\program files\sling media\slingagent

\SlingAgentService.exe [2010-11-3 94024]
S4 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe

[2010-12-10 92008]
.
=============== Created Last 30 ================
.
2011-10-11 22:22:50 -------- d-----w- c:\programdata\{027FFED9-6EAA-47D7-9DF1

-47A5D697579E}
2011-10-11 22:07:53 -------- d-----w- c:\users\davis\appdata\local\~0
2011-10-11 21:50:07 56200 ----a-w- c:\programdata\microsoft\windows defender

\definition updates\{c62ccf3a-a761-4ead-bbb7-d13be282efe9}\offreg.dll
2011-10-08 07:26:58 7269712 ----a-w- c:\programdata\microsoft\windows defender

\definition updates\{c62ccf3a-a761-4ead-bbb7-d13be282efe9}\mpengine.dll
2011-10-04 19:32:27 -------- d-----w- c:\program files\ACSPMonitor
2011-10-03 16:13:38 -------- d-----w- c:\program files\Orb Networks
2011-09-22 01:33:55 -------- d-----w- c:\users\davis\appdata\roaming\Hobbyist

Software
2011-09-22 01:32:49 -------- d-----w- c:\program files\Hobbyist Software
2011-09-20 21:38:41 1393736 ----a-w- c:\users\davis\gotomypc_626.exe
2011-09-20 20:45:35 -------- d-----w- c:\users\davis\appdata\local\Ilivid

Player
2011-09-20 20:41:17 -------- d-----w- c:\users\davis\appdata\local

\PackageAware
2011-09-20 14:37:06 1062984 ----a-w- c:\users\davis\gotomypc_540.exe
2011-09-14 15:46:09 -------- d-----w- C:\Casino
.
==================== Find3M ====================
.
2011-10-07 14:59:22 443448 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-10-06 21:33:06 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-10-06 21:33:06 52096 ----a-w- c:\windows\system32\spool\prtprocs

\w32x86\LMIproc.dll
2011-10-06 21:33:05 87424 ----a-w- c:\windows\system32\LMIinit.dll
2011-10-06 21:33:05 30592 ----a-w- c:\windows\system32\LMIport.dll
2011-09-06 17:43:35 20992 ----a-w- c:\windows\bw-uninstall.exe
2011-08-31 22:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-22 16:00:06 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2011-07-27 15:53:10 87552 ----a-w- c:\windows\system32\wudriver.dll
2011-07-27 15:53:02 33792 ----a-w- c:\windows\system32\wuapp.exe
2011-07-27 15:53:02 171608 ----a-w- c:\windows\system32\wuwebv.dll
2011-07-27 15:52:51 2421760 ----a-w- c:\windows\system32\wucltux.dll
2011-07-18 15:50:22 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2011-07-16 04:37:32 169984 ----a-w- c:\windows\system32\winsrv.dll
2011-07-16 04:34:28 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 04:31:12 271360 ----a-w- c:\windows\system32\conhost.exe
2011-07-16 02:21:47 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1

-1-0.dll
2011-07-16 02:21:47 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-

l1-1-0.dll
2011-07-16 02:21:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1

-0.dll
2011-07-16 02:21:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-

0.dll
.
============= FINISH: 11:24:56.57 ===============





____________________________________________________________________________________________________________________________

toolbox log








MiniToolBox by Farbar
Ran by davis (administrator) on 12-10-2011 at 18:02:05
Windows 7 Enterprise (X86)

***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

::1 localhost


========================= IP Configuration: ================================

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add address name="Local Area Connection 2" address=172.29.206.152
add address name="Local Area Connection 2" address=169.254.236.85


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : northrental-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.actdsltmp

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : domain.actdsltmp
Description . . . . . . . . . . . : NVIDIA nForce 10/100 Mbps Ethernet
Physical Address. . . . . . . . . : 00-21-70-6F-D8-E5
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::d89f:66f7:e4c2:72ec%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Tuesday, October 11, 2011 4:47:05 PM
Lease Expires . . . . . . . . . . : Tuesday, October 18, 2011 4:47:05 PM
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 234889584
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-EA-3D-B8-00-21-70-6F-D8-E5
DNS Servers . . . . . . . . . . . : 192.168.0.1
205.171.3.25
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 11:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:30fd:145f:51ec:b529(Preferred)
Link-local IPv6 Address . . . . . : fe80::30fd:145f:51ec:b529%12(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter 6TO4 Adapter:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.domain.actdsltmp:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : domain.actdsltmp
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: qwestmodem.domain.actdsltmp
Address: 192.168.0.1

Name: google.com
Address: 87.125.87.99


Pinging google.com [87.125.87.99] with 32 bytes of data:
Reply from 87.125.87.99: bytes=32 time=81ms TTL=54
Reply from 87.125.87.99: bytes=32 time=83ms TTL=54

Ping statistics for 87.125.87.99:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 81ms, Maximum = 83ms, Average = 82ms
Server: qwestmodem.domain.actdsltmp
Address: 192.168.0.1

Name: yahoo.com
Addresses: 98.137.149.56
98.139.180.149
209.191.122.70
67.195.160.76
72.30.2.43


Pinging yahoo.com [98.139.180.149] with 32 bytes of data:
Reply from 98.139.180.149: bytes=32 time=115ms TTL=52
Reply from 98.139.180.149: bytes=32 time=97ms TTL=52

Ping statistics for 98.139.180.149:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 97ms, Maximum = 115ms, Average = 106ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
11...00 21 70 6f d8 e5 ......NVIDIA nForce 10/100 Mbps Ethernet
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
13...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.2 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.2 276
192.168.0.2 255.255.255.255 On-link 192.168.0.2 276
192.168.0.255 255.255.255.255 On-link 192.168.0.2 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.2 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.2 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
12 58 ::/0 On-link
1 306 ::1/128 On-link
12 58 2001::/32 On-link
12 306 2001:0:4137:9e76:30fd:145f:51ec:b529/128
On-link
11 276 fe80::/64 On-link
12 306 fe80::/64 On-link
12 306 fe80::30fd:145f:51ec:b529/128
On-link
11 276 fe80::d89f:66f7:e4c2:72ec/128
On-link
1 306 ff00::/8 On-link
12 306 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [51712] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 33 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 34 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 35 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 36 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 37 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 38 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 39 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 40 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 41 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 42 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/12/2011 05:56:27 PM) (Source: ESENT) (User: )
Description: Windows (3948) Windows: Unable to write a shadowed header for file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk. Error -1011.

Error: (10/12/2011 05:56:27 PM) (Source: ESENT) (User: )
Description: Windows (3948) Windows: An attempt to write to the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk" at offset 0 (0x0000000000000000) for 4096 (0x00001000) bytes failed after Windows0 seconds with system error 8 (0x00000008): "Not enough storage is available to process this command. ". The write operation will fail with error -1011 (0xfffffc0d). If this error persists then the file may be damaged and may need to be restored from a previous backup.

Error: (10/12/2011 07:32:16 AM) (Source: Application Hang) (User: )
Description: The program IPostage.exe version 9.0.1.2201 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 16e8

Start Time: 01cc88646e82f0e0

Termination Time: 9

Application Path: C:\Program Files\Stamps.com Internet Postage\IPostage.exe

Report Id:

Error: (10/11/2011 06:29:15 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/11/2011 06:26:21 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (10/11/2011 06:25:57 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/11/2011 05:17:03 PM) (Source: Application Hang) (User: )
Description: The program IPostage.exe version 9.0.1.2201 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1334

Start Time: 01cc88624b1d4620

Termination Time: 9

Application Path: C:\Program Files\Stamps.com Internet Postage\IPostage.exe

Report Id:

Error: (10/11/2011 04:54:55 PM) (Source: Application Hang) (User: )
Description: The program ipostage.exe version 8.8.4.2081 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: e80

Start Time: 01cc885fb299b430

Termination Time: 31

Application Path: C:\Program Files\Stamps.com Internet Postage\ipostage.exe

Report Id:

Error: (10/11/2011 04:47:32 PM) (Source: Winlogon) (User: )
Description: Windows license activation failed. Error 0x00000000.

Error: (10/11/2011 04:47:32 PM) (Source: Software Protection Platform Service) (User: )
Description: License Activation (slui.exe) failed with the following error code:
0x80070005


System errors:
=============
Error: (10/12/2011 11:32:11 AM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device service failed to start due to the following error:
%%1053

Error: (10/12/2011 11:32:11 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.

Error: (10/12/2011 11:30:41 AM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device service terminated unexpectedly. It has done this 1100 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (10/12/2011 11:29:38 AM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device service terminated unexpectedly. It has done this 1099 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (10/12/2011 11:28:37 AM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device service terminated unexpectedly. It has done this 1098 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (10/12/2011 11:27:35 AM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device service terminated unexpectedly. It has done this 1097 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (10/12/2011 11:26:34 AM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device service terminated unexpectedly. It has done this 1096 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (10/12/2011 11:25:33 AM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device service terminated unexpectedly. It has done this 1095 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (10/12/2011 11:24:32 AM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device service terminated unexpectedly. It has done this 1094 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (10/12/2011 11:23:30 AM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device service terminated unexpectedly. It has done this 1093 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.


Microsoft Office Sessions:
=========================
Error: (06/25/2010 10:09:08 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 40852 seconds with 1020 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

µTorrent (Version: 2.2.0)
Acrobat.com (Version: 2.0.0)
Acrobat.com (Version: 2.0.0.0)
Actual Spy 3.0
Adobe Acrobat X Pro - English, Français, Deutsch (Version: 10.0.0)
Adobe AIR (Version: 1.5.3.9120)
Adobe Flash Player 10 ActiveX (Version: 10.1.102.64)
Adobe Flash Player 10 Plugin (Version: 10.3.181.14)
Adobe Reader X (Version: 10.0.0)
Adobe Shockwave Player (Version: 10.2.0.22)
Adobe SVG Viewer 3.0 (Version: 3.0)
Anim-FX (Version: )
Apple Application Support (Version: 2.0.0)
Apple Mobile Device Support (Version: 4.0.0.53)
Apple Software Update (Version: 2.1.3.127)
Bing Maps 3D (Version: 4.0.903.16005)
Bodog Casino (Version: )
Bodog Poker
Bonjour (Version: 2.0.5.0)
Boxee
Brother HL-3070CW (Version: 1.00)
Cake Poker 2.0 (Version: 2.0.1.3720)
CuteFTP 8 Professional (Version: 8.3.3)
CyberLink PowerDirector (Version: 8.0.2508)
DRPU PC Data Manager (Version: 5.0.1.5)
eReg (Version: 1.20.138.34)
Feedback Tool (Version: 1.2.0)
FileZilla Client 3.3.5 (Version: 3.3.5)
GIMP 2.6.8
Google Earth (Version: 5.2.1.1588)
Google Earth (Version: 6.0.3.2197)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.1.2003.1856)
Google Update Helper (Version: 1.3.21.69)
GrabIt 1.7.2 Beta 4 (build 997)
GTK+ Runtime 2.14.7 rev a (remove only)
HP Wireless Elite Keyboard (Version: 1.2.4.1)
Intertops Poker
iTunes (Version: 10.3.1.55)
Java Auto Updater (Version: 2.0.2.1)
Java™ 6 Update 20 (Version: 6.0.200)
Java™ 6 Update 7 (Version: 1.6.0.70)
Logitech Alert Commander (Version: 3.0.247)
Logitech SetPoint 6.20 (Version: 6.20.64)
LogMeIn (Version: 4.0.982)
Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6425.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Silverlight (Version: 4.0.60531.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
mIRC (Version: 6.35)
Mozilla Firefox (3.6.10) (Version: 3.6.10 (en-US))
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
No-IP.com DUC (remove only) (Version: v2.2.1)
NVIDIA Drivers (Version: 1.10.62.40)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
Online Poker Bot 3.0 (Version: 3.0)
Orb Mini Controller (Version: 2.1.6)
Pidgin (Version: 2.6.5)
PostgreSQL 8.4 (Version: 8.4)
QuickTime (Version: 7.69.80.9)
Realtek High Definition Audio Driver
Safari (Version: 5.33.19.4)
Samsung CLP-310 Series
ScanWiz (Version: 2.19)
SlingPlayer (Version: 2.0.4522)
SmartSound Quicktracks Plugin (Version: 3.0.3.0)
Stamps.com
Stamps.com (Version: 9.0.1.2201)
Symantec WinFax PRO
TomTom HOME 2.8.0.2146 (Version: 2.8.0.2146)
TomTom HOME Visual Studio Merge Modules (Version: 1.0.2)
Total Rental for Windows (Version: 15.0)
TOTAL RENTAL Workstation
Total Rental Workstation Install 2.0
Total Video Converter 3.71 100812
TurboTax 2010
TurboTax 2010 WinPerFedFormset (Version: 010.000.4227)
TurboTax 2010 WinPerReleaseEngine (Version: 010.000.0483)
TurboTax 2010 WinPerTaxSupport (Version: 010.000.0214)
TurboTax 2010 wneiper (Version: 010.000.1282)
TurboTax 2010 wrapper (Version: 010.000.0157)
VLC Streamer 1.36
VueScan
WebLog Expert 5.2 (Version: 5.2)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Movie Maker (Version: 14.0.8117.0416)
Windows Live Photo Gallery (Version: 14.0.8117.416)
Windows Live Sync (Version: 14.0.8117.416)
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series (Version: 9.00.2980)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows Movie Maker 2.6 (Version: 2.6.4038.0)
WinRAR archiver
WinZip Self-Extractor
XM Direct 2 (Version: 3.3)
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Mail Advisor
Yahoo! Messenger
Yahoo! SiteBuilder (Version: 2.4.0)
Yahoo! Software Update
Yahoo! Toolbar
You Don't Know Jack® (Version: 1.00.0000)

========================= Memory info: ===================================

Percentage of memory in use: 63%
Total physical RAM: 3582.49 MB
Available physical RAM: 1322.29 MB
Total Pagefile: 7163.26 MB
Available Pagefile: 4392.93 MB
Total Virtual: 2047.88 MB
Available Virtual: 1952.01 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:149.01 GB) (Free:4.49 GB) NTFS
2 Drive d: () (Fixed) (Total:465.76 GB) (Free:277.56 GB) NTFS

========================= Users: ========================================

User accounts for \\NORTHRENTAL-PC

Administrator davis Guest
postgres

========================= Minidump Files ==================================

No minidump file found

**** End of log ****


______________________________________________________________________________________________________
Malwarebytes Log

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7923

Windows 6.1.7600
Internet Explorer 9.0.8112.16421

10/12/2011 6:15:05 PM
mbam-log-2011-10-12 (18-15-05).txt

Scan type: Quick scan
Objects scanned: 207305
Time elapsed: 8 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Attached Files


Edited by boopme, 12 October 2011 - 08:31 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:05 AM

Posted 16 October 2011 - 07:54 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please post the logs and let me know what problem persists.

p.s.
Before you post the logs remove the Word Wrap function from NotePad.
You will find this under the Format Menu.
This will eliminate all the blank lines in your log and make is possible for me to analyse your log.

#3 davisfoos

davisfoos
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:11:05 PM

Posted 17 October 2011 - 07:21 PM

Nasdaq,

Thank you for attempting to help me. I need to let you know after I posted those logs, I ran TDSS Killer and the google redirect has stopped.

I want to know if you want any new logs before I run combo fix?

Please let me know how you would like me to proceed.

#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:05 AM

Posted 18 October 2011 - 08:45 AM

Keep the TDSSkiller log for now just in case I need to see it later.

Run ComboFix and post the log.

#5 davisfoos

davisfoos
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:11:05 PM

Posted 18 October 2011 - 11:28 AM

ComboFix 11-10-18.02 - davis 10/18/2011 10:46:20.1.1 - x86
Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.3582.2155 [GMT -5:00]
Running from: c:\users\davis\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\davis\AppData\Roaming\mIRC\logs\status.log
c:\users\davis\g2mdlhlpx.exe
c:\users\davis\gotomypc_540.exe
c:\users\davis\gotomypc_626.exe
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\system32\spool\prtprocs\w32x86\WFXPNT40.DLL
.
.
((((((((((((((((((((((((( Files Created from 2011-09-18 to 2011-10-18 )))))))))))))))))))))))))))))))
.
.
2011-10-18 16:01 . 2011-10-18 16:01 -------- d-----w- c:\users\postgres\AppData\Local\temp
2011-10-18 16:01 . 2011-10-18 16:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-14 15:08 . 2011-10-18 16:08 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C62CCF3A-A761-4EAD-BBB7-D13BE282EFE9}\offreg.dll
2011-10-14 14:55 . 2011-10-14 14:55 -------- d-----w- c:\program files\iPod
2011-10-14 14:55 . 2011-10-14 14:56 -------- d-----w- c:\program files\iTunes
2011-10-14 14:52 . 2011-10-14 14:52 -------- d-----w- c:\program files\Bonjour
2011-10-13 20:50 . 2011-10-13 20:50 -------- d-----w- c:\users\davis\AppData\Roaming\Sling Media
2011-10-11 22:22 . 2011-10-11 22:22 -------- d-----w- c:\programdata\{027FFED9-6EAA-47D7-9DF1-47A5D697579E}
2011-10-08 07:26 . 2011-09-12 23:14 7269712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C62CCF3A-A761-4EAD-BBB7-D13BE282EFE9}\mpengine.dll
2011-10-04 19:32 . 2011-10-15 17:49 -------- d-----w- c:\program files\ACSPMonitor
2011-10-03 16:13 . 2011-10-03 16:13 -------- d-----w- c:\program files\Orb Networks
2011-09-22 01:33 . 2011-09-22 01:33 -------- d-----w- c:\users\davis\AppData\Roaming\Hobbyist Software
2011-09-22 01:32 . 2011-09-22 01:32 -------- d-----w- c:\program files\Hobbyist Software
2011-09-20 20:45 . 2011-09-20 20:45 -------- d-----w- c:\users\davis\AppData\Local\Ilivid Player
2011-09-20 20:41 . 2011-09-20 20:41 -------- d-----w- c:\users\davis\AppData\Local\PackageAware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-13 15:11 . 2009-07-13 23:11 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2011-10-07 14:59 . 2010-06-25 01:18 443448 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-10-06 21:33 . 2010-02-14 01:29 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-10-06 21:33 . 2010-02-14 01:29 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2011-10-06 21:33 . 2010-02-14 01:29 30592 ----a-w- c:\windows\system32\LMIport.dll
2011-10-06 21:33 . 2010-02-14 01:29 87424 ----a-w- c:\windows\system32\LMIinit.dll
2011-09-06 17:43 . 2011-09-06 17:43 20992 ----a-w- c:\windows\bw-uninstall.exe
2011-08-31 22:00 . 2010-12-17 19:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-31 04:05 . 2011-08-31 04:05 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 04:05 . 2011-08-31 04:05 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-08-22 16:00 . 2010-12-11 23:14 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2011-08-06 17:29 . 2011-08-06 17:29 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-08-06 17:29 . 2011-08-06 17:29 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-08-06 17:29 . 2011-08-06 17:29 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-08-06 17:29 . 2011-08-06 17:29 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-08-06 17:29 . 2011-08-06 17:29 161792 ----a-w- c:\windows\system32\msls31.dll
2011-08-06 17:29 . 2011-08-06 17:29 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-08-06 17:29 . 2011-08-06 17:29 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-08-06 17:29 . 2011-08-06 17:29 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-08-06 17:29 . 2011-08-06 17:29 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-08-06 17:29 . 2011-08-06 17:29 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-08-06 17:29 . 2011-08-06 17:29 367104 ----a-w- c:\windows\system32\html.iec
2011-08-06 17:29 . 2011-08-06 17:29 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-08-06 17:29 . 2011-08-06 17:29 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-08-06 17:29 . 2011-08-06 17:29 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-06 17:29 . 2011-08-06 17:29 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-08-06 17:29 . 2011-08-06 17:29 152064 ----a-w- c:\windows\system32\wextract.exe
2011-08-06 17:29 . 2011-08-06 17:29 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-08-06 17:29 . 2011-08-06 17:29 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-08-06 17:29 . 2011-08-06 17:29 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-06 17:29 . 2011-08-06 17:29 11776 ----a-w- c:\windows\system32\mshta.exe
2011-08-06 17:29 . 2011-08-06 17:29 101888 ----a-w- c:\windows\system32\admparse.dll
2011-07-27 15:53 . 2011-07-27 15:53 87552 ----a-w- c:\windows\system32\wudriver.dll
2011-07-27 15:53 . 2011-07-27 15:53 575704 ----a-w- c:\windows\system32\wuapi.dll
2011-07-27 15:53 . 2011-07-27 15:53 35552 ----a-w- c:\windows\system32\wups.dll
2011-07-27 15:53 . 2011-07-27 15:53 33792 ----a-w- c:\windows\system32\wuapp.exe
2011-07-27 15:53 . 2011-07-27 15:53 171608 ----a-w- c:\windows\system32\wuwebv.dll
2011-07-27 15:52 . 2011-07-27 15:52 53472 ----a-w- c:\windows\system32\wuauclt.exe
2011-07-27 15:52 . 2011-07-27 15:52 44768 ----a-w- c:\windows\system32\wups2.dll
2011-07-27 15:52 . 2011-07-27 15:52 2421760 ----a-w- c:\windows\system32\wucltux.dll
2011-07-27 15:52 . 2011-07-27 15:52 1929952 ----a-w- c:\windows\system32\wuaueng.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn1\YTNavAssist.dll" [2011-01-21 213816]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1352272]
"HP KEYBOARDg"="c:\program files\Hewlett-Packard\HP Wireless Elite Keyboard\HPKEYBOARDg.EXE" [2009-07-23 701592]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{A213B520-C6C2-11d0-AF9D-008029E1027E}"= "c:\program files\WinFax\WfxSeh32.Dll" [1998-07-27 38400]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-10-28 10:13 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Activate TeleMessage Tray Application.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Activate TeleMessage Tray Application.lnk
backup=c:\windows\pss\Activate TeleMessage Tray Application.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Run TeleMessage version update.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Run TeleMessage version update.lnk
backup=c:\windows\pss\Run TeleMessage version update.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2010-10-25 21:13 821144 ----a-w- c:\program files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2010-10-25 21:13 36760 ----a-w- c:\program files\Adobe\Acrobat 10.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-11-10 18:49 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrStsWnd]
2009-08-19 20:41 3618104 ------w- c:\program files\Brownie\BrStsWnd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DRPU Pc Data manager]
2010-01-15 14:39 2465792 ----a-w- c:\program files\DRPU PC Data Manager\apcdm.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 17:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2007-08-28 23:43 73728 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-10-09 23:06 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Alert Commander]
2011-03-30 15:50 12195160 ----a-w- c:\program files\Logitech\Logitech Alert\Logitech Alert Commander.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2011-08-31 22:00 449608 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-02-17 08:30 5244216 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MRT]
2011-03-22 16:50 37943240 ----a-w- c:\windows\System32\MRT.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-17 03:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 23:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-01-17 13:22 4907008 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung PanelMgr]
2009-12-09 22:01 606208 ----a-w- c:\windows\Samsung\PanelMgr\SSMMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 16:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2010-12-10 12:28 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2011-05-31 18:19 399736 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFaxAppPortStarter]
2000-09-29 04:58 43008 ----a-w- c:\windows\System32\WFXSNT40.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YMailAdvisor]
2009-05-08 10:53 174424 ----a-w- c:\program files\Yahoo!\Common\YMailAdvisor.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 A_USBETHMP;USB PowerPacket Network Adapter;c:\windows\system32\Drivers\usbethmp.sys [2009-07-09 14342]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2011-05-10 18432]
R3 netr28u;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28u.sys [2009-09-15 807936]
R3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys [x]
R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys [x]
R3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2009-07-13 266752]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-25 1343400]
R3 WLRAWMp50x86;WLRAWMp50x86 NDIS Protocol Driver;c:\windows\system32\Drivers\WLRAWMp50x86.sys [2011-03-30 28312]
R3 WLRAWSp50x86;WLRAWSp50x86 NDIS Protocol Driver;c:\windows\system32\Drivers\WLRAWSp50x86.sys [2011-03-30 27032]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
R3 XMUNIVERSAL;xmuni2.sys driver;c:\windows\system32\Drivers\xmuni2.sys [2011-06-01 55080]
R4 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824]
R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
R4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
R4 SlingAgentService;SlingAgentService;c:\program files\Sling Media\SlingAgent\SlingAgentService.exe [2010-11-04 94024]
R4 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-12-10 92008]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-10-27 176128]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2011-10-06 374152]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2008-08-11 12856]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 postgresql-8.4;postgresql-8.4 - PostgreSQL Server 8.4;C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D C:/Program Files/PostgreSQL/8.4/data -w [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2007-08-14 5120]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-10-27 6573568]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-10-27 229888]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\Drivers\LEqdUsb.Sys [2010-08-24 40912]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\Drivers\LHidEqd.Sys [2010-08-24 10448]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 19:41]
.
2011-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 19:41]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
Handler: tmoutlook - {3B539A52-32CB-480F-AF9D-6A254EDA5CDC} -
FF - ProfilePath - c:\users\davis\AppData\Roaming\Mozilla\Firefox\Profiles\1ypmp20h.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - %profile%\extensions\LogMeInClient@logmein.com
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Easy Youtube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
FF - Ext: Fast Video Download (with SearchMenu): {c50ca3c4-5656-43c2-a061-13e717f73fc8} - %profile%\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
FF - Ext: WebSlingPlayer: {9EB34849-81D3-4841-939D-666D522B889A} - %profile%\extensions\{9EB34849-81D3-4841-939D-666D522B889A}
FF - Ext: Adobe Acrobat - Create PDF: web2pdfextension@web2pdf.adobedotcom - c:\program files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-PICPRTR.EXE - (no file)
ShellExecuteHooks-{E1B51DF9-6548-4673-AE63-4EFA313E5907} - c:\program files\TeleMessage\OE\Bin\TMShell.dll
SafeBoot-96819041.sys
MSConfigStartUp-CPN Notifier - c:\program files\Cake Poker 2.0\CakeNotifier.exe
MSConfigStartUp-DAEMON Tools Lite - c:\program files\DAEMON Tools Lite\DTLite.exe
MSConfigStartUp-DRPU PC Data Manager(Basic) - c:\program files\DRPU PC Data Manager(Basic)\pcdm.exe
MSConfigStartUp-ISUSPM Startup - c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
MSConfigStartUp-NetLimiter - c:\program files\NetLimiter 3\NLClientApp.exe
MSConfigStartUp-PICPRTR - c:\sf10\PROGRAM\PICPRTR.EXE
MSConfigStartUp-WiLife Command Center - c:\program files\WiLife Command Center\Werks.exe
AddRemove-WinFax - c:\program files\WinFax\WFXUNIST.ISU
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-8.4]
"ImagePath"="C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files/PostgreSQL/8.4/data\" -w"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-8.4]
"ImagePath"="C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files/PostgreSQL/8.4/data\" -w"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\program files\PostgreSQL\8.4\bin\pg_ctl.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\taskhost.exe
c:\program files\PostgreSQL\8.4\bin\postgres.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\fxssvc.exe
c:\program files\PostgreSQL\8.4\bin\postgres.exe
c:\program files\PostgreSQL\8.4\bin\postgres.exe
c:\program files\PostgreSQL\8.4\bin\postgres.exe
c:\program files\PostgreSQL\8.4\bin\postgres.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\LogiShrd\sp6\LU\LULnchr.exe
c:\program files\Common Files\LogiShrd\sp6\LU\LogitechUpdate.exe
c:\windows\system32\DllHost.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2011-10-18 11:26:09 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-18 16:26
.
Pre-Run: 4,735,893,504 bytes free
Post-Run: 18,693,296,128 bytes free
.
- - End Of File - - F580C518F074C309D7E1F169C010A00C

#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:05 AM

Posted 19 October 2011 - 10:27 AM

Your ComboFix is clean.

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please let me know if the problem persists.

#7 davisfoos

davisfoos
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:11:05 PM

Posted 20 October 2011 - 08:05 AM

Results of screen317's Security Check version 0.99.24
Windows 7 x86 (UAC is disabled!)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Disabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java™ 6 Update 20
Java™ 6 Update 7
Out of date Java installed!
Adobe Flash Player ( 10.3.181.14) Flash Player Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe
``````````End of Log````````````

#8 davisfoos

davisfoos
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:11:05 PM

Posted 20 October 2011 - 08:27 AM

Results of screen317's Security Check version 0.99.24
Windows 7 x86 (UAC is disabled!)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java™ 6 Update 29
Adobe Flash Player ( 10.3.181.14) Flash Player Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe
``````````End of Log````````````

#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:05 AM

Posted 20 October 2011 - 09:00 AM

Critical vulnerabilities have been identified in Adobe Flash Player 10.3.183.10 and earlier versions... being exploited in the wild in active targeted attacks... update to Adobe Adobe Flash Player 11.0.1.152

Flash Player 11.0.1.152

On the top of the page you will be given an opportunity to download the version for your operating system.
Make sure you select appropriate version.

You will also have an option to install the Free! McAfee Security Scan Plus Un-check the box if you are NOT using McAfee's virus protection software.
===

If all is well:

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

Delete the other tools we used.

Surf Safely, and Think Prevention!
===

#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:05 AM

Posted 26 October 2011 - 08:19 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users