Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Globalroot\Device causing empty device manager? No audio and print?


  • This topic is locked This topic is locked
2 replies to this topic

#1 polarsnowfall

polarsnowfall

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 19 November 2011 - 12:02 PM

Hi Malware Specialist!

I started out in the "Am I infected?" Forum and a junior specialist sent me here to get further help, here is the link to the 4 logs I ran for him:
http://www.bleepingcomputer.com/forums/topic428124.html/page__p__2477667__hl__polarsnowfall__fromsearch__1#entry2477667

For several days I have been trying to complete the preliminary steps required by this forum, I can not back up to windows/microsoft program (Backup Configuration not valid 0X8100029), but hopefully the two other programs I used were successful, namely cobaine and driveimage. At the end of the driveimage session, it frozen and there was "Globalroot\device" followed by various endings. Then it completed and said finished. Also it went to blue screen the firsttime I tried to run GMER and rebooted.

The main problems of slow programs from startup, no devices in device manager, no audio device and no printing capability began after I ran some kids software games that kinda of frozen the computer, although I believe whatever is making my computer upset has been there for awhile and may have something to do with remnants of roxio 2009 and other shared folders. In services it says "Configuration Manager machine selected for remote communication is not available at this time."

Yesterday:
Reliablity Performance Monitor stated failed system services: audio srv, EMDMGmt, Mccicm service, Shared Access ICS, SysMain, Tapisrv, Wudfsvc and LanmanWorkstation and Printing Device Status Failed, Security center has not recorded an antivirus product.

Ok, so back to the logs:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_01
Run by member at 8:40:49 on 2011-11-19
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2047.397 [GMT -5:00]
.
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\system32\schtasks.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hewlett-Packard\HP Advisor\SSDK04.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Athan\Athan.exe
C:\Program Files\Cobian Backup 10\cbVSCService.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASC.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\Explorer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\member\Desktop\Defogger.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\consent.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = hxxp://www.google.com/
BHO: 1 (0x1): {02478d38-c3f9-4efb-9b51-7695eca05670} - &Yahoo! Toolbar Helper
BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - c:\program files\keyscrambler\KeyScramblerIE.dll
BHO: {5b0a01d2-b8a0-4e56-9e6b-cba0ef4b4eb5} - Constant Guard Protection Suite
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\5.1.0.29\coIEPlg.dll
BHO: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - avast! WebRep
BHO: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - SingleInstance Class
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\5.1.0.29\coIEPlg.dll
TB: {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [CCUTRAYICON] FactoryMode
mRun: [<NO NAME>]
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\snapfi~1.lnk - c:\program files\snapfish picture mover\SnapfishMediaDetector.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: LocalaccountTokenFilterPolicy = 1 (0x1)
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\npjpi160_01.dll
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{143CE527-4382-4EFC-8499-5EEB1F70437A} : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\member\appdata\roaming\mozilla\firefox\profiles\q90goi5e.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
.
---- FIREFOX POLICIES ----
# Mozilla User Preferences
/* Do not edit this file.
*
* If you make changes to this file while the application is running,
* the changes will be overwritten when the application exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see hxxp://www.mozilla.org/unix/customizing.html#prefs
*/
FF - user.js: accessibility.typeaheadfind.flashBar - 0
FF - user.js: app.update.lastUpdateTime.addon-background-update-timer - 1305906264
FF - user.js: app.update.lastUpdateTime.background-update-timer - 1305906384
FF - user.js: app.update.lastUpdateTime.blocklist-background-update-timer - 1305906144
FF - user.js: app.update.lastUpdateTime.microsummary-generator-update-timer - 1305907107
FF - user.js: app.update.lastUpdateTime.places-maintenance-timer - 1257585075
FF - user.js: app.update.lastUpdateTime.search-engine-update-timer - 1305906024
FF - user.js: browser.bookmarks.restore_default_bookmarks - false
FF - user.js: browser.cache.disk.capacity - 1048576
FF - user.js: browser.cache.disk.smart_size.first_run - false
FF - user.js: browser.cache.disk.smart_size_cached_value - 1048576
FF - user.js: browser.download.dir - c:\\users\\member\\Downloads
FF - user.js: browser.download.manager.retention - 0
FF - user.js: browser.download.useDownloadDir - false
FF - user.js: browser.formfill.enable - false
FF - user.js: browser.history_expire_days.mirror - 180
FF - user.js: browser.history_expire_days_min - 3
FF - user.js: browser.migration.version - 5
FF - user.js: browser.places.importBookmarksHTML - false
FF - user.js: browser.places.smartBookmarksVersion - 2
FF - user.js: browser.privatebrowsing.autostart - true
FF - user.js: browser.rights.3.shown - true
FF - user.js: browser.sessionstore.resume_session_once - true
FF - user.js: browser.startup.homepage_override.buildID - 20110413222027
FF - user.js: browser.startup.homepage_override.mstone - rv:2.0.1
FF - user.js: dom.event.contextmenu.enabled - false
FF - user.js: extensions.blocklist.pingCountTotal - 2
FF - user.js: extensions.blocklist.pingCountVersion - 2
FF - user.js: extensions.bootstrappedAddons - {}
FF - user.js: extensions.databaseSchema - 3
FF - user.js: extensions.enabledAddons - {20a82645-c095-46ed-80e3-08825760534b}:0.0.0,{BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0,{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.6,{972ce4c6-7e08-4474-a285-3208198ce6fd}:4.0.1
FF - user.js: extensions.enabledItems - {20a82645-c095-46ed-80e3-08825760534b}:1.1,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5
FF - user.js: extensions.installCache - [{\name\:\winreg-app-global\,\addons\:{\{20a82645-c095-46ed-80e3-08825760534b}\:{\descriptor\:\c:\\\\windows\\\\microsoft.net\\\\framework\\\\v3.5\\\\windows presentation foundation\\\\dotnetassistantextension\,\mtime\:1251889257277},\{bbda0591-3099-440a-aa10-41764d9db4db}\:{\descriptor\:\c:\\\\programdata\\\\norton\\\\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\\\\n360_5.0.0.125\\\\ipsffplgn\,\mtime\:1305806057106},\{2d3f3651-74b9-4795-bdec-6da2f431cb62}\:{\descriptor\:\c:\\\\programdata\\\\norton\\\\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\\\\n360_5.0.0.125\\\\coffplgn\,\mtime\:1305806044360}}},{\name\:\app-global\,\addons\:{\{972ce4c6-7e08-4474-a285-3208198ce6fd}\:{\descriptor\:\c:\\\\program files\\\\mozilla firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\,\mtime\:1305905888136}}}]
FF - user.js: extensions.lastAppVersion - 4.0.1
FF - user.js: extensions.pendingOperations - false
FF - user.js: extensions.update.notifyUser - false
FF - user.js: idle.lastDailyNotification - 1305907301
FF - user.js: intl.charsetmenu.browser.cache - windows-1252, ISO-8859-1, UTF-8
FF - user.js: microsoft.CLR.auto_install - false
FF - user.js: network.cookie.prefsMigrated - true
FF - user.js: places.database.lastMaintenance - 1305907302
FF - user.js: places.history.expiration.transient_current_max_pages - 64379
FF - user.js: pref.advanced.javascript.disable_button.advanced - false
FF - user.js: pref.privacy.disable_button.cookie_exceptions - false
FF - user.js: pref.privacy.disable_button.view_cookies - false
FF - user.js: pref.privacy.disable_button.view_passwords_exceptions - false
FF - user.js: print.print_printer - EPSON Stylus Photo RX595 Series
FF - user.js: print.printer_EPSON_Stylus_Photo_RX595_Series.print_bgcolor - false
FF - user.js: print.printer_EPSON_Stylus_Photo_RX595_Series.print_bgimages - false
FF - user.js: print.printer_EPSON_Stylus_Photo_RX595_Series.print_command -
FF - user.js: print.printer_EPSON_Stylus_Photo_RX595_Series.print_downloadfonts - false
FF - user.js: print.printer_EPSON_Stylus_Photo_RX595_Series.print_edge_bottom - 0
FF - user.js: print.printer_EPSON_Stylus_Photo_RX595_Series.print_edge_left - 0
FF - user.js: print.printer_EPSON_Stylus_Photo_RX595_Series.print_edge_right - 0
FF - user.js: print.printer_EPSON_Stylus_Photo_RX595_Series.print_edge_top - 0
FF - user.js: print.printer_EPSON_Stylus_Photo_RX595_Series.print_evenpages - true
FF - user.js: print.printer_EPSON_Stylus_Photo_RX595_Series.print_footercenter -
FF - user.js: print.printer_EPSON_Stylus_Photo_RX595_Series.print_footerleft - &PT
FF - user.js: print.printer_EPSON_Stylus_Photo_RX595_Series.print_footerright - &D
FF - user.js: print.printer_EPSON_Stylus_Photo_RX595_Series.print_headercenter -
FF - user.js: print.printer_EPSON_Stylus_Photo_RX595_Series.print_headerleft - &T
FF - user.js: print.printer_EPSON_Stylus_Photo_RX595_Series.print_headerright - &U
FF - user.js: print.printer_EPSON_Stylus_Photo_RX595_Series.print_in_color - true
FF - user.js: print.printer_EPSON_Stylus_Photo_RX595_Series.print_margin_bottom - 0.5
FF - user.js: print.printer_EPSON_Stylus_Photo_RX595_Series.print_margin_left - 0.5
FF - user.js: print.printer_EPSON_Stylus_Photo_RX595_Series.print_margin_right - 0.5
FF - user.js: print.printer_EPSON_Stylus_Photo_RX595_Series.print_margin_top - 0.5
FF - user.js: print.printer_EPSON_Stylus_Photo_RX595_Series.print_oddpages - true
FF - user.js: print.printer_EPSON_Stylus_Photo_RX595_Series.print_orientation - 0
FF - user.js: print.printer_EPSON_Stylus_Photo_RX595_Series.print_pagedelay - 500
FF - user.js: print.printer_EPSON_Stylus_Photo_RX595_Series.print_paper_data - 1
FF - user.js: print.printer_EPSON_Stylus_Photo_RX595_Series.print_paper_height - 11.00
FF - user.js: print.printer_EPSON_Stylus_Photo_RX595_Series.print_paper_size_type - 0
FF - user.js: print.printer_EPSON_Stylus_Photo_RX595_Series.print_paper_size_unit - 0
FF - user.js: print.printer_EPSON_Stylus_Photo_RX595_Series.print_paper_width - 8.50
FF - user.js: print.printer_EPSON_Stylus_Photo_RX595_Series.print_reversed - false
FF - user.js: print.printer_EPSON_Stylus_Photo_RX595_Series.print_scaling - 1.00
FF - user.js: print.printer_EPSON_Stylus_Photo_RX595_Series.print_shrink_to_fit - true
FF - user.js: print.printer_EPSON_Stylus_Photo_RX595_Series.print_to_file - false
FF - user.js: print.printer_EPSON_Stylus_Photo_RX595_Series.print_to_filename -
FF - user.js: print.printer_EPSON_Stylus_Photo_RX595_Series.print_unwriteable_margin_bottom - 0
FF - user.js: print.printer_EPSON_Stylus_Photo_RX595_Series.print_unwriteable_margin_left - 0
FF - user.js: print.printer_EPSON_Stylus_Photo_RX595_Series.print_unwriteable_margin_right - 0
FF - user.js: print.printer_EPSON_Stylus_Photo_RX595_Series.print_unwriteable_margin_top - 0
FF - user.js: privacy.item.cache - true
FF - user.js: privacy.item.downloads - false
FF - user.js: privacy.item.formdata - false
FF - user.js: privacy.item.history - false
FF - user.js: privacy.item.passwords - false
FF - user.js: privacy.sanitize.didShutdownSanitize - true
FF - user.js: privacy.sanitize.migrateFx3Prefs - true
FF - user.js: privacy.sanitize.promptOnSanitize - false
FF - user.js: privacy.sanitize.sanitizeOnShutdown - true
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: signon.rememberSignons - false
FF - user.js: spellchecker.dictionary - en-US
FF - user.js: storage.vacuum.last.index - 0
FF - user.js: storage.vacuum.last.places.sqlite - 1305907302
FF - user.js: symantec.browser.sessionstore.resume_from_crash.toggle - false
FF - user.js: urlclassifier.keyupdatetime.hxxps://sb-ssl.google.com/safebrowsing/newkey - 1308515492
FF - user.js: xpinstall.whitelist.add -
FF - user.js: xpinstall.whitelist.add.36 -
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0501000.01d\symds.sys [2011-5-18 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0501000.01d\symefa.sys [2011-5-18 744568]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\bashdefs\20111027.001\BHDrvx86.sys [2011-11-1 818808]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\ipsdefs\20111109.030\IDSvix86.sys [2011-11-9 368248]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0501000.01d\ironx86.sys [2011-5-18 136312]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0501000.01d\symtdiv.sys [2011-5-18 331384]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\iobit\advanced systemcare 4\ASCService.exe [2011-5-5 328536]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\cobian backup 10\cbVSCService.exe [2011-11-18 67584]
R2 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2006-9-3 208896]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-11-4 21504]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\5.1.0.29\ccsvchst.exe [2011-5-18 130008]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-11-9 106104]
R3 HSXHWBS3;HSXHWBS3;c:\windows\system32\drivers\HSXHWBS3.sys [2007-8-23 206336]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2011-3-14 114952]
R3 xcbdaNtsc;ViXS Tuner Card (NTSC);c:\windows\system32\drivers\xcbda.sys [2007-9-7 156928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 IntelDHSvcConf;Intel DH Service;c:\program files\intel\inteldh\intel media server\tools\IntelDHSvcConf.exe [2006-5-10 29696]
S3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfxfax.sys [2010-8-24 20504]
S3 MCLServiceATL;Intel® Application Tracker;c:\program files\intel\inteldh\intel media server\shells\MCLServiceATL.exe [2006-9-11 167936]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-11-19 04:05:04 -------- d-----w- c:\users\member\appdata\local\Safe mirror
2011-11-19 04:04:39 -------- d-----w- c:\program files\Cobian Backup 10
2011-11-19 04:01:14 -------- d-----w- c:\program files\Runtime Software
2011-11-19 03:10:17 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{2cb5ecec-5642-458d-a82a-f7fc4b0c5b4d}\offreg.dll
2011-11-19 02:52:22 -------- d-----w- C:\perflogs
2011-11-19 00:02:32 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{2cb5ecec-5642-458d-a82a-f7fc4b0c5b4d}\mpengine.dll
2011-11-18 23:39:56 -------- d-----w- c:\users\member\appdata\roaming\HpUpdate
2011-11-18 23:39:55 -------- d-----w- c:\windows\Hewlett-Packard
2011-11-17 05:20:05 -------- d-----w- c:\users\member\appdata\roaming\Malwarebytes
2011-11-17 05:19:57 -------- d-----w- c:\programdata\Malwarebytes
2011-11-15 06:35:06 -------- d-sh--w- C:\$RECYCLE.BIN
2011-11-15 06:34:31 -------- d-----w- c:\users\member\appdata\local\temp
2011-11-15 06:26:47 98816 ----a-w- c:\windows\sed.exe
2011-11-15 06:26:47 518144 ----a-w- c:\windows\SWREG.exe
2011-11-15 06:26:47 256000 ----a-w- c:\windows\PEV.exe
2011-11-15 06:26:47 208896 ----a-w- c:\windows\MBR.exe
2011-11-15 06:26:40 -------- d-----w- C:\ComboFix
2011-11-15 04:32:06 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-11-14 23:15:44 -------- d-----w- c:\users\member\appdata\local\ElevatedDiagnostics
2011-11-14 15:48:49 -------- d-----w- c:\program files\Startup Optimizer
2011-11-14 15:25:04 -------- d-----w- c:\program files\WinASO
2011-11-14 15:19:48 -------- d-----w- c:\users\member\appdata\roaming\RegGenie
2011-11-09 21:45:52 -------- d-----w- c:\program files\common files\Knowledge Adventure
2011-11-09 21:45:51 -------- d-----w- c:\programdata\Knowledge Adventure
.
==================== Find3M ====================
.
2011-10-19 17:20:01 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-30 12:56:32 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
============= FINISH: 8:42:09.51 ===============


Let me know if you can help,
Thanks for your precious time,

Polarsnowfall

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:40 PM

Posted 23 November 2011 - 09:19 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:40 PM

Posted 29 November 2011 - 08:40 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users