Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firewall down, ran ComboFix


  • This topic is locked This topic is locked
130 replies to this topic

#1 rpbale

rpbale

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Florida
  • Local time:04:59 PM

Posted 07 February 2012 - 07:15 PM

EDIT: Moved to Virus, Trojan, Spyware, and Malware Removal Logs as a ComboFix log was posted
Hi,

A couple of days ago I started getting browser redirects badly. Then my Apache sever started erroring out on port 80, 8080, and any port I pointed it to. So I checked my firewall first. No Win 7 x64 Ultimate firewall and it wouldn't start. I searched the internet, tried all kinds of things to restore the firewall and failed. Windows restore failed. McAfee won't run even after a fresh install. All searches led me to want to run ComboFix.

I ran it and it finally hung after nearly build the log file. After 24 hours of being hung at "Preparing Log Report" I was convinced it crashed. So I did a hard reboot. Upon start up it did not resume. I figured it was okay since it finished the autoscan.

The firewall still won't start. Here is the log results. Do I need to run it again or does the log the next steps.

[code=auto:0]ComboFix 12-02-02.02 - rpbale 02/06/2012 22:52:34.1.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6134.4096 [GMT -5:00]
Running from: C:\Users\rpbale\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files (x86)\iexplorer
C:\Program Files (x86)\iexplorer\AxInterop.QTOControlLib.dll
C:\Program Files (x86)\iexplorer\ICSharpCode.SharpZipLib.dll
C:\Program Files (x86)\iexplorer\iExplorer.exe
C:\Program Files (x86)\iexplorer\Interop.QTOControlLib.dll
C:\Program Files (x86)\iexplorer\Interop.QTOLibrary.dll
C:\Program Files (x86)\iexplorer\isxdl.dll
C:\Program Files (x86)\iexplorer\MPCrashReporter.dll
C:\Program Files (x86)\iexplorer\MPUpdater.dll
C:\Program Files (x86)\iexplorer\msvcr71.dll
C:\Program Files (x86)\iexplorer\PodPhone2.dll
C:\Program Files (x86)\iexplorer\unins000.dat
C:\Program Files (x86)\iexplorer\unins000.exe
C:\Program Files (x86)\iexplorer\unins000.msg
C:\Users\rpbale\AppData\Local\assembly\tmp
C:\Users\rpbale\ResourceReader.dll
C:\Windows\system32\consrv.dll
C:\Windows\system32\drivers\etc\hosts.txt
C:\Windows\System64
C:\Windows\SysWow64\MailBee.dll
H:\install.exe


((((((((((((((((((((((((( Files Created from 2012-01-07 to 2012-02-07 )))))))))))))))))))))))))))))))


2012-02-07 02:26:27 . 2011-11-17 06:41:18 1731920 ----a-w- C:\Windows\system32\ntdll.dll
2012-02-07 02:26:27 . 2011-11-17 05:38:39 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-02-07 02:26:24 . 2011-11-19 14:58:00 77312 ----a-w- C:\Windows\system32\packager.dll
2012-02-07 02:26:24 . 2011-11-19 14:01:00 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-02-06 03:44:59 . 2012-02-07 01:39:51 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-02-06 03:44:59 . 2012-02-06 03:51:35 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-02-06 03:06:44 . 2012-02-06 03:06:50 -------- d-----w- C:\Program Files (x86)\ERUNT
2012-02-06 02:32:58 . 2012-02-06 02:32:58 -------- d-----w- C:\Users\rpbale\AppData\Roaming\Malwarebytes
2012-02-06 02:32:53 . 2012-02-06 02:32:53 -------- d-----w- C:\ProgramData\Malwarebytes
2012-02-06 02:32:52 . 2012-02-06 02:32:53 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-02-06 02:32:52 . 2011-12-10 20:24:08 23152 ----a-w- C:\Windows\system32\drivers\mbam.sys
2012-02-05 22:13:30 . 2012-02-05 22:13:30 -------- d-s---w- C:\Windows\SysWow64\Microsoft
2012-02-05 19:31:31 . 2012-02-05 19:31:31 -------- d-----r- C:\Users\rpbale\My Pictures
2012-02-05 19:30:50 . 2012-02-05 19:30:50 -------- d-----r- C:\Users\rpbale\My Video
2012-02-05 19:30:05 . 2012-02-05 19:30:05 -------- d-----r- C:\Users\rpbale\My Music
2012-02-05 17:33:10 . 2012-02-05 17:33:10 -------- d-----w- C:\Program Files (x86)\Common Files\Java
2012-02-05 16:55:11 . 2012-02-05 16:55:13 -------- d-----w- C:\Users\DefaultAppPool
2012-02-05 16:31:21 . 2012-02-06 01:59:03 0 --sha-w- C:\Windows\system32\dds_trash_log.cmd
2012-02-05 07:16:43 . 2012-02-05 07:16:43 -------- d-----w- C:\Windows\system32\MpEngineStore
2012-02-05 06:33:53 . 2012-02-05 06:33:53 -------- d-----w- C:\Users\rpbale\AppData\Roaming\McAfee
2012-02-05 06:17:32 . 2011-12-06 22:22:38 28760 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ScriptFF.dll
2012-02-05 00:02:28 . 2011-03-13 16:45:12 158832 ----a-w- C:\Windows\system32\mfevtps.exe.a138.deleteme
2012-02-04 23:57:16 . 2012-02-04 23:57:16 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-02-04 21:50:00 . 2012-02-04 14:33:56 111616 ----a-w- C:\Windows\SysWow64\t6oHq5.com_
2012-02-04 20:16:33 . 2012-02-04 20:16:33 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-02-04 20:16:33 . 2012-02-04 20:16:33 43960 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-02-04 17:48:44 . 2012-02-04 17:48:44 -------- d-----w- C:\DSlrRemote
2012-02-04 17:45:48 . 2012-02-05 02:42:00 -------- d-----w- C:\Program Files (x86)\BreezeSys
2012-01-30 12:00:34 . 2011-10-26 05:25:16 1572864 ----a-w- C:\Windows\system32\quartz.dll
2012-01-30 12:00:33 . 2011-10-26 05:25:15 366592 ----a-w- C:\Windows\system32\qdvd.dll
2012-01-30 12:00:33 . 2011-10-26 04:32:11 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-01-30 12:00:33 . 2011-10-26 04:32:11 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll
2012-01-26 00:31:43 . 2012-01-26 00:32:05 -------- d-----w- C:\Program Files\iTunes
2012-01-26 00:31:43 . 2012-01-26 00:32:05 -------- d-----w- C:\Program Files (x86)\iTunes
2012-01-26 00:31:43 . 2012-01-26 00:31:43 -------- d-----w- C:\Program Files\iPod
2012-01-25 00:24:59 . 2012-01-25 00:24:59 -------- d-----w- C:\Program Files\DIFX
2012-01-25 00:23:12 . 2012-01-21 02:05:30 85384 ----a-w- C:\Windows\system32\drivers\ftser2k.sys
2012-01-25 00:23:12 . 2012-01-21 02:05:30 74504 ----a-w- C:\Windows\system32\drivers\ftdibus.sys
2012-01-25 00:23:12 . 2012-01-21 02:05:30 65416 ----a-w- C:\Windows\system32\ftcserco.dll
2012-01-25 00:23:12 . 2012-01-21 02:05:30 55176 ----a-w- C:\Windows\system32\ftserui2.dll
2012-01-25 00:23:12 . 2012-01-21 02:05:30 237448 ----a-w- C:\Windows\system32\ftd2xx.dll
2012-01-25 00:23:12 . 2012-01-21 02:05:30 214920 ----a-w- C:\Windows\system32\FTLang.dll
2012-01-25 00:23:12 . 2012-01-21 02:05:30 203144 ----a-w- C:\Windows\SysWow64\ftd2xx.dll
2012-01-25 00:23:12 . 2012-01-21 02:05:30 108936 ----a-w- C:\Windows\system32\ftbusui.dll
2012-01-25 00:23:11 . 2012-02-05 02:59:14 -------- d-----w- C:\Program Files\FAMC
2012-01-22 04:45:11 . 2012-01-27 01:21:30 -------- d-----w- C:\Users\rpbale\AppData\Local\Eclipse
2012-01-22 04:45:02 . 2012-01-22 04:45:02 -------- d-----w- C:\Users\rpbale\eclipse
2012-01-22 04:42:36 . 2012-01-27 01:21:07 -------- d-----w- C:\Program Files (x86)\eclipse
2012-01-15 21:13:32 . 2012-01-15 21:13:32 -------- d-----w- C:\Users\rpbale\AppData\Local\Geckofx
2012-01-15 20:11:26 . 2012-01-15 20:12:53 -------- d-sh--w- C:\ProgramData\{67AB9237-55B9-46D5-A72F-EACBA312AF4D}
2012-01-15 20:11:20 . 2012-01-15 20:11:20 -------- d-----w- C:\Users\rpbale\AppData\Roaming\NuSphere
2012-01-15 20:10:36 . 2012-01-15 20:10:36 -------- d-----w- C:\ProgramData\PHP
2012-01-15 20:09:52 . 2004-04-23 23:01:00 297984 ----a-w- C:\Windows\SysWow64\midas.dll
2012-01-15 20:09:35 . 2012-01-15 20:09:35 -------- d-----w- C:\Program Files (x86)\NuSphere
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-02-07 02:39:02 . 2011-05-07 01:01:19 2479552 ----a-w- C:\ProgramData\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-01-04 02:30:13 . 2011-03-28 23:36:46 18328 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-11-30 07:21:30 . 2012-01-07 04:29:59 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4545DF22-D08E-46CC-BA50-483DFEC1051F}\mpengine.dll
2011-11-24 04:52:09 . 2012-01-04 21:47:00 3145216 ----a-w- C:\Windows\system32\win32k.sys
2011-11-18 23:20:23 . 2011-05-24 21:42:44 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-15 19:29:56 . 2010-11-21 03:27:21 270720 ------w- C:\Windows\system32\MpSigStub.exe
2011-11-10 10:54:13 . 2011-12-22 12:26:28 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

[/coe]

Edited by gringo_pr, 10 February 2012 - 08:50 PM.


BC AdBot (Login to Remove)

 


#2 rpbale

rpbale
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Florida
  • Local time:04:59 PM

Posted 08 February 2012 - 10:13 PM

Okay I'm ready to tackle this when you are.

Rick

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:59 PM

Posted 10 February 2012 - 08:50 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 rpbale

rpbale
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Florida
  • Local time:04:59 PM

Posted 10 February 2012 - 09:07 PM

Great to hear from you. I was hoping take on my case. I went to run defogger and it appears the virus has taken out my Internet connection. let me try to fix my connection real quick

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:59 PM

Posted 10 February 2012 - 09:23 PM

Hello

Lets check your internet connection

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure all the boxes are checked
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 rpbale

rpbale
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Florida
  • Local time:04:59 PM

Posted 10 February 2012 - 09:33 PM

Okay

#7 rpbale

rpbale
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Florida
  • Local time:04:59 PM

Posted 10 February 2012 - 09:43 PM

Farbar Service Scanner Version: 10-02-2012
Ran by rpbale (administrator) on 10-02-2012 at 21:39:47
Running from "C:\Users\rpbale\Desktop"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Defender:
=============
WinDefend Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open WinDefend registry key. The service key does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#8 rpbale

rpbale
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Florida
  • Local time:04:59 PM

Posted 10 February 2012 - 09:53 PM

Internet connection is back in action. Odd, I'm the only wired pc on my network. Usually its the wireless that goes down and requires the router reboot. But this time the router would not connect to my nic yet the wireless pc all were working.. I rebooted the router and I'm good.

Edited by rpbale, 10 February 2012 - 09:54 PM.


#9 rpbale

rpbale
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Florida
  • Local time:04:59 PM

Posted 10 February 2012 - 09:55 PM

This is what was reported by eset last night.

trojan: win64/Sirefef.B
TrojanDownloader: Win32/Obvod.H
trojan: win64/Sirefef.G
Win32/Adware.DWTYODG
trojan: Win32/Krytik.AADR

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:59 PM

Posted 10 February 2012 - 09:56 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 rpbale

rpbale
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Florida
  • Local time:04:59 PM

Posted 10 February 2012 - 10:01 PM

DDS logs

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_30
Run by rpbale at 21:56:29 on 2012-02-10
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6134.3867 [GMT -5:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\EVGA Precision\EVGAPrecision.exe
C:\Windows\system32\CISVC.EXE
C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\GenArts\Monsters-AE64\bin\FlowFinder3MonstersAE64.exe
C:\Program Files (x86)\SlySoft\Game Jackal v4\Server.exe
C:\Program Files (x86)\GenArts\Monsters-AE64\bin\JawsServerAE64.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Windows\SysWOW64\nlssrv32.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\GenArts\rlm\rlm.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\SysWOW64\WebUpdateSvc4.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files (x86)\Enounce\MySpeed\MySpeed.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\SysWOW64\DeltaIITray.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\lg_fwupdate\fwupdate.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\cidaemon.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>;*.local;192.168.*.*
uInternet Settings,ProxyServer = 125.20.25.658:80
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: URLHooker2 Class: {93935f7f-9c88-42f8-8445-95251d27fabc} - C:\PROGRA~2\FLASHV~1\URLHOO~1.DLL
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIC30F~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Microsoft Web Test Recorder 10.0 Helper: {dda57003-0068-4ed2-9d32-4d1ec707d94d} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: NuSphere Debugger ToolBar: {0f62d223-9206-4ea3-9ea8-d0f3c7c82aca} - C:\Program Files (x86)\NuSphere\PhpED\NuSphereIEBar.dll
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
uRun: [3xAV] C:\Program Files (x86)\Enounce\MySpeed\MySpeed.exe
mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [UpdatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\1.0"
mRun: [StereoLinksInstall] "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe" /install1
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [MDS_Menu] "C:\Program Files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\MediaShow4" UpdateWithCreateOnce "Software\CyberLink\MediaShow\4.1"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [M-Audio Taskbar Icon] C:\Windows\system32\DeltaIITray.exe
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [LGODDFU] "C:\Program Files (x86)\lg_fwupdate\fwupdate.exe" blrun
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DAEMON~1.LNK - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIC30F~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MIC30F~1\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office 2010\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office 2010\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MI068C~1\Office12\REFIEBAR.DLL
Trusted Zone: line6.net
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {62415890-4985-0825-2508-23487C2A845F} - hxxp://192.168.2.11/en/cab/ipcamera.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{3D872A81-6ADB-4573-829A-60A3876474AD} : DhcpNameServer = 192.168.2.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office 2007\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office 2007\Office12\GrooveShellExtensions.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: URLHooker2 Class: {93935F7F-9C88-42F8-8445-95251D27FABC} - C:\PROGRA~2\FLASHV~1\URLHOO~1.DLL
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIC30F~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Microsoft Web Test Recorder 10.0 Helper: {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: NuSphere Debugger ToolBar: {0F62D223-9206-4EA3-9EA8-D0F3C7C82ACA} - C:\Program Files (x86)\NuSphere\PhpED\NuSphereIEBar.dll
mRun-x64: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun-x64: [UpdatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
mRun-x64: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun-x64: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\1.0"
mRun-x64: [StereoLinksInstall] "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe" /install1
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [MDS_Menu] "C:\Program Files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\MediaShow4" UpdateWithCreateOnce "Software\CyberLink\MediaShow\4.1"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [M-Audio Taskbar Icon] C:\Windows\system32\DeltaIITray.exe
mRun-x64: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun-x64: [LGODDFU] "C:\Program Files (x86)\lg_fwupdate\fwupdate.exe" blrun
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun-x64: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
mRun-x64: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
IE-X64: {df7831dd-a048-4336-8cc8-266a03f00d63} - C:\Program Files (x86)\Flash Video Downloader\FlashRunner.exe
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office 2007\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\rpbale\AppData\Roaming\Mozilla\Firefox\Profiles\oi1qc6c7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.ftp - 125.41.52.265
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.http - 125.41.52.265
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - 125.41.52.265
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - 125.41.52.265
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MIC30F~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MIC30F~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\rpbale\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 APC Data Service;APC Data Service;C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [2011-8-24 21880]
R2 DeviceMonitorService;DeviceMonitorService;C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [2011-12-15 87368]
R2 FlowFinder3MonstersAE64;FlowFinder3MonstersAE64;C:\Program Files\GenArts\Monsters-AE64\bin\FlowFinder3MonstersAE64.exe [2011-4-27 751104]
R2 GJService;Game Jackal Server;C:\Program Files (x86)\SlySoft\Game Jackal v4\Server.exe [2011-10-8 3547648]
R2 JawsServerAE64;JawsServerAE64;C:\Program Files (x86)\GenArts\Monsters-AE64\bin\JawsServerAE64.exe [2011-4-27 393216]
R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [2010-5-7 197976]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-5 652360]
R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-12-6 214896]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\System32\nlssrv32.exe [2011-1-21 64512]
R2 RLM-GenArts;RLM-GenArts;C:\Program Files (x86)\GenArts\rlm\rlm.exe [2011-4-27 1540096]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-2-5 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-4-28 240232]
R2 WebUpdate4;Web Update Wizard Service V4;C:\Windows\SysWOW64\WebUpdateSvc4.exe [2009-10-21 262416]
R3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
R3 CompFilter64;UVCCompositeFilter;C:\Windows\system32\DRIVERS\lvbflt64.sys --> C:\Windows\system32\DRIVERS\lvbflt64.sys [?]
R3 DELTAII;Service for M-Audio Delta Driver (WDM);C:\Windows\system32\DRIVERS\MAudioDelta.sys --> C:\Windows\system32\DRIVERS\MAudioDelta.sys [?]
R3 FFUsbAudio;Focusrite USB Audio Driver;C:\Windows\system32\DRIVERS\ffusbaudio.sys --> C:\Windows\system32\DRIVERS\ffusbaudio.sys [?]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\system32\DRIVERS\LEqdUsb.Sys --> C:\Windows\system32\DRIVERS\LEqdUsb.Sys [?]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\system32\DRIVERS\LHidEqd.Sys --> C:\Windows\system32\DRIVERS\LHidEqd.Sys [?]
R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
R3 lvsels64;Logitech Selective Suspend Filter;C:\Windows\system32\DRIVERS\lvsels64.sys --> C:\Windows\system32\DRIVERS\lvsels64.sys [?]
R3 LVUVC64;Logitech HD Pro Webcam C910(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
R3 MaplomL;MaplomL;C:\Windows\system32\drivers\MaplomL.sys --> C:\Windows\system32\drivers\MaplomL.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTCore64;RTCore64;C:\Program Files (x86)\EVGA Precision\RTCore64.sys [2011-5-3 14440]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys [?]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys [?]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys [?]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys [?]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys [?]
S2 CLKMSVC10_9EC60124;CyberLink Product - 2011/07/23 22:03:32;C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-8-26 246256]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-2 136176]
S2 KMService;KMService;C:\Windows\System32\srvany.exe [2011-4-30 8192]
S2 XAMPP;XAMPP Service;N:\xampp\service.exe [2007-12-20 60928]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-4-1 183560]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;\??\C:\Windows\system32\drivers\BVRPMPR5a64.SYS --> C:\Windows\system32\drivers\BVRPMPR5a64.SYS [?]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-2 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office 2010\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys --> C:\Windows\system32\drivers\synth3dvsc.sys [?]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 VSPerfDrv100;Performance Tools Driver 10.0;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-1-18 68440]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 RsFx0105;RsFx0105 Driver;C:\Windows\system32\DRIVERS\RsFx0105.sys --> C:\Windows\system32\DRIVERS\RsFx0105.sys [?]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-9-22 431464]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-02-11 01:56:02 -------- d-s---w- C:\ComboFix
2012-02-10 11:49:10 -------- d-sh--w- C:\$RECYCLE.BIN
2012-02-10 05:33:52 98816 ----a-w- C:\Windows\sed.exe
2012-02-10 05:33:52 518144 ----a-w- C:\Windows\SWREG.exe
2012-02-10 05:33:52 256000 ----a-w- C:\Windows\PEV.exe
2012-02-10 05:33:52 208896 ----a-w- C:\Windows\MBR.exe
2012-02-10 01:29:52 -------- d-----w- C:\Program Files (x86)\ESET
2012-02-09 02:11:36 -------- d-----w- C:\Windows\pss
2012-02-08 04:42:50 -------- d-----w- C:\$WINDOWS.~LS
2012-02-08 02:30:41 -------- d-----w- C:\Users\rpbale\AppData\Local\Mozilla Firefox
2012-02-06 03:44:59 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-02-06 03:44:59 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-02-06 02:32:58 -------- d-----w- C:\Users\rpbale\AppData\Roaming\Malwarebytes
2012-02-06 02:32:53 -------- d-----w- C:\ProgramData\Malwarebytes
2012-02-06 02:32:52 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-02-06 02:32:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-02-05 22:13:30 -------- d-s---w- C:\Windows\SysWow64\Microsoft
2012-02-05 19:31:31 -------- d-----r- C:\Users\rpbale\My Pictures
2012-02-05 19:30:50 -------- d-----r- C:\Users\rpbale\My Video
2012-02-05 19:30:05 -------- d-----r- C:\Users\rpbale\My Music
2012-02-05 16:31:21 0 --sha-w- C:\Windows\System32\dds_trash_log.cmd
2012-02-05 07:16:43 -------- d-----w- C:\Windows\System32\MpEngineStore
2012-02-05 06:33:53 -------- d-----w- C:\Users\rpbale\AppData\Roaming\McAfee
2012-02-05 06:17:32 28760 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ScriptFF.dll
2012-02-05 00:02:28 158832 ----a-w- C:\Windows\System32\mfevtps.exe.a138.deleteme
2012-02-04 23:57:16 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-02-04 20:16:33 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-02-04 20:16:33 43960 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-02-04 17:45:48 -------- d-----w- C:\Program Files (x86)\BreezeSys
2012-01-26 00:31:43 -------- d-----w- C:\Program Files\iTunes
2012-01-26 00:31:43 -------- d-----w- C:\Program Files\iPod
2012-01-26 00:31:43 -------- d-----w- C:\Program Files (x86)\iTunes
2012-01-25 00:23:12 85384 ----a-w- C:\Windows\System32\drivers\ftser2k.sys
2012-01-25 00:23:12 74504 ----a-w- C:\Windows\System32\drivers\ftdibus.sys
2012-01-25 00:23:12 65416 ----a-w- C:\Windows\System32\ftcserco.dll
2012-01-25 00:23:12 55176 ----a-w- C:\Windows\System32\ftserui2.dll
2012-01-25 00:23:12 237448 ----a-w- C:\Windows\System32\ftd2xx.dll
2012-01-25 00:23:12 214920 ----a-w- C:\Windows\System32\FTLang.dll
2012-01-25 00:23:12 203144 ----a-w- C:\Windows\SysWow64\ftd2xx.dll
2012-01-25 00:23:12 108936 ----a-w- C:\Windows\System32\ftbusui.dll
2012-01-25 00:23:11 -------- d-----w- C:\Program Files\FAMC
2012-01-22 04:45:11 -------- d-----w- C:\Users\rpbale\AppData\Local\Eclipse
2012-01-22 04:45:02 -------- d-----w- C:\Users\rpbale\eclipse
2012-01-22 04:42:36 -------- d-----w- C:\Program Files (x86)\eclipse
2012-01-15 21:13:32 -------- d-----w- C:\Users\rpbale\AppData\Local\Geckofx
2012-01-15 20:11:26 -------- d-sh--w- C:\ProgramData\{67AB9237-55B9-46D5-A72F-EACBA312AF4D}
2012-01-15 20:11:20 -------- d-----w- C:\Users\rpbale\AppData\Roaming\NuSphere
2012-01-15 20:10:36 -------- d-----w- C:\ProgramData\PHP
2012-01-15 20:09:52 297984 ----a-w- C:\Windows\SysWow64\midas.dll
2012-01-15 20:09:35 -------- d-----w- C:\Program Files (x86)\NuSphere
.
==================== Find3M ====================
.
2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys
2011-11-19 14:58:00 77312 ----a-w- C:\Windows\System32\packager.dll
2011-11-19 14:01:00 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2011-11-18 23:20:23 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-17 06:49:14 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2011-11-17 06:49:14 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2011-11-17 06:44:43 459232 ----a-w- C:\Windows\System32\drivers\cng.sys
2011-11-17 06:41:18 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2011-11-17 06:35:28 395776 ----a-w- C:\Windows\System32\webio.dll
2011-11-17 06:35:26 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2011-11-17 06:35:26 136192 ----a-w- C:\Windows\System32\sspicli.dll
2011-11-17 06:35:25 340992 ----a-w- C:\Windows\System32\schannel.dll
2011-11-17 06:35:25 28160 ----a-w- C:\Windows\System32\secur32.dll
2011-11-17 06:35:19 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2011-11-17 06:33:55 31232 ----a-w- C:\Windows\System32\lsass.exe
2011-11-17 05:38:39 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2011-11-17 05:35:02 314880 ----a-w- C:\Windows\SysWow64\webio.dll
2011-11-17 05:34:52 224768 ----a-w- C:\Windows\SysWow64\schannel.dll
2011-11-17 05:34:52 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2011-11-17 05:28:48 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2011-11-15 19:29:56 270720 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 21:57:05.81 ===============



I ran ComboFix early today. Do you want to see that log?

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:59 PM

Posted 10 February 2012 - 10:06 PM

Download both the registry files

http://www.mediafire.com/?317ea53a883288d

http://www.mediafire.com/?z6aw8j7997qa7j9

Launch and import them to registry

Restart your PC

Now,open RUN and type

regedit and click ok

go to

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE

Right click on it-permissions

Click on ADD and type

Everyone and click ok

Now Click on Everyone

Below you have permission for users

Select full control and click ok

Now,open RUN and type

services.msc and click ok

start base filtering engine service and then windows firewall service
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 rpbale

rpbale
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Florida
  • Local time:04:59 PM

Posted 10 February 2012 - 10:13 PM

BFE already had Everyone with full control, and BFE service was already running. However, Windows Firewall was not running. On start it give this error "Windows could not start on the Windows Firewall service on Local Computer. Error 1068: The dependency service or group failed to start."

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:59 PM

Posted 10 February 2012 - 10:18 PM

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure all the boxes are checked
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 rpbale

rpbale
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Florida
  • Local time:04:59 PM

Posted 10 February 2012 - 10:19 PM

Farbar Service Scanner Version: 10-02-2012
Ran by rpbale (administrator) on 10-02-2012 at 22:18:29
Running from "C:\Users\rpbale\Desktop"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Defender:
=============
WinDefend Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open WinDefend registry key. The service key does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users