Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Random Firefox redirects


  • This topic is locked This topic is locked
19 replies to this topic

#1 JimsInTucson

JimsInTucson

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 09 March 2012 - 02:37 PM

branch from this topic: http://www.bleepingcomputer.com/forums/topic445356.html

GMER
didn't run GMER.. I have Vista 64-bit OS

DDS.txt
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Jim at 12:26:28 on 2012-03-09
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.8190.5611 [GMT -7:00]
.
AV: System Shield *Disabled/Updated* {C132074B-BF68-2E15-D4FD-E242EED15F18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: System Shield *Disabled/Updated* {7A53E6AF-9952-219B-EE4D-D930955615A5}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\AEADISRV.EXE
d:\Program Files (x86)\DirecTV\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
D:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\alg.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Windows\system32\taskeng.exe
d:\Program Files (x86)\iolo\System Mechanic Professional\System Shield\ioloSSTray.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
D:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
d:\Program Files (x86)\ASUS\Six Engine\SixEngine.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\SysWOW64\HsMgr.exe
C:\Windows\system\HsMgr64.exe
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
D:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe
C:\Windows\system32\taskeng.exe
D:\Program Files (x86)\Steam\steam.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
D:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
D:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-8.12.072\Applets\x64\LCDPop3.exe
C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-8.12.072\Applets\x86\LCDMedia.exe
C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-8.12.072\Applets\x64\LCDRSS.exe
C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-8.12.072\Applets\x64\LCDClock.exe
C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-8.12.072\Applets\x64\LCDCountdown.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ASUS Xonar DX Audio\Customapp\ASUSAUDIOCENTER.EXE
D:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Windows\system32\wbem\wmiprvse.exe
D:\Program Files (x86)\Mozilla Firefox\firefox.exe
d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
D:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
D:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.intellicast.com/Local/Weather.aspx?location=USAZ0247
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [PowerPanel Personal Edition User Interaction] "D:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe"
uRun: [Steam] "D:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
mRun: [iolo Startup] "C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe"
mRun: [SoundTray] "C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe"
mRun: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
mRun: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
mRun: [LWS] D:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [Malwarebytes' Anti-Malware] "d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - D:\Program Files\Logitech\SetPoint\SetPoint.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - D:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: SmarThru4 Capture Selection - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll2.htm
IE: SmarThru4 Save as HTML - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll1.htm
IE: SmarThru4 Save Selected Text - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll.htm
IE: SmarThru4 Web Capture - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - D:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
LSP: C:\Windows\system32\wpclsp.dll
LSP: C:\Windows\system32\iavlsp.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{A97EACFD-78AF-4B3A-8BB5-16811982BAC3} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{FC7DD9BA-E32C-489F-86A9-3319BB4B5E6C} : DhcpNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Notify: cryptnet32 - cryptnet32.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
TB-X64: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [iolo Startup] "C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe"
mRun-x64: [SoundTray] "C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe"
mRun-x64: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
mRun-x64: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
mRun-x64: [LWS] D:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun-x64: [Malwarebytes' Anti-Malware] "d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
Hosts: 93.115.241.28 www.google-analytics.com.
Hosts: 93.115.241.28 ad-emea.doubleclick.net.
Hosts: 93.115.241.28 www.statcounter.com.
Hosts: 69.72.252.254 www.google-analytics.com.
Hosts: 69.72.252.254 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\xjqm3hl7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.intellicast.com/Local/Weather.aspx?location=USAZ0247
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mv61xx;mv61xx;C:\Windows\system32\DRIVERS\mv61xx.sys --> C:\Windows\system32\DRIVERS\mv61xx.sys [?]
R1 ElRawDisk;ElRawDisk;\??\C:\Windows\system32\drivers\ElRawDsk.sys --> C:\Windows\system32\drivers\ElRawDsk.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AMP;AMP;C:\Windows\system32\DRIVERS\amp.sys --> C:\Windows\system32\DRIVERS\amp.sys [?]
R2 AMPSE;AMPSE;C:\Windows\system32\DRIVERS\ampse.sys --> C:\Windows\system32\DRIVERS\ampse.sys [?]
R2 CLDTVHNService;CLDTVHNService;D:\Program Files (x86)\DirecTV\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe [2009-9-17 75048]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 ioloSystemService;iolo System Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2010-1-24 722616]
R2 MBAMService;MBAMService;D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-3-6 652360]
R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-12-6 214896]
R2 ntk_dtv;ntk_dtv;D:\Program Files (x86)\DirecTV\DirecTV\DirecTV\Kernel\DMP\ntk_dtv_64.sys [2009-9-17 82416]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-6 2253120]
R2 SSPORT;SSPORT;\??\C:\Windows\system32\Drivers\SSPORT.sys --> C:\Windows\system32\Drivers\SSPORT.sys [?]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2011-3-31 450848]
R2 vseamps;vseamps;C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe [2011-1-21 121152]
R2 vsedsps;vsedsps;C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe [2011-1-21 119104]
R3 cmudaxp;ASUS Xonar DX Audio Interface;C:\Windows\system32\drivers\cmudaxp.sys --> C:\Windows\system32\drivers\cmudaxp.sys [?]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys --> C:\Windows\system32\drivers\LGBusEnum.sys [?]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\system32\drivers\LGVirHid.sys --> C:\Windows\system32\drivers\LGVirHid.sys [?]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\drivers\LVUSBS64.sys --> C:\Windows\system32\drivers\LVUSBS64.sys [?]
R3 LVUVC64;Logitech QuickCam Pro 9000(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RTCore64;RTCore64;D:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2010-5-26 14648]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x64.sys --> C:\Windows\system32\DRIVERS\yk60x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-7 136176]
S2 ioloFileInfoList;iolo FileInfoList Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2010-1-24 722616]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;\??\C:\Windows\system32\drivers\BVRPMPR5a64.SYS --> C:\Windows\system32\drivers\BVRPMPR5a64.SYS [?]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;D:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-7 136176]
S3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 rt61x64;RT61 Wireless Driver for Windows Vista;C:\Windows\system32\DRIVERS\netr6164.sys --> C:\Windows\system32\DRIVERS\netr6164.sys [?]
S3 vseqrts;vseqrts;C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe [2011-1-21 179008]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2010-2-11 89920]
.
=============== File Associations ===============
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2012-03-08 02:47:14 -------- d-----w- C:\Program Files (x86)\ESET
2012-03-07 02:29:51 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-06 16:10:19 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9101212C-5CF6-4F57-AE9D-105EEEF2E3C5}\mpengine.dll
2012-02-25 21:29:55 -------- d-----w- C:\Users\Jim\AppData\Local\SWTOR
2012-02-25 20:36:55 -------- d-----w- C:\Users\Jim\AppData\Roaming\Origin
2012-02-25 20:33:57 -------- d-----w- C:\Users\Jim\AppData\Local\Origin
2012-02-25 20:33:30 -------- d-----w- C:\ProgramData\Origin
2012-02-25 20:33:30 -------- d-----w- C:\Program Files (x86)\Origin Games
2012-02-18 02:40:35 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment
2012-02-18 02:40:01 -------- d-----w- C:\ProgramData\Blizzard Entertainment
2012-02-15 04:04:43 680448 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-02-15 04:04:43 621056 ----a-w- C:\Windows\System32\msvcrt.dll
2012-02-15 04:04:42 2765824 ----a-w- C:\Windows\System32\win32k.sys
2012-02-15 04:04:41 404992 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-02-15 04:04:39 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2012-02-15 04:04:39 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
.
==================== Find3M ====================
.
2012-02-23 16:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-01-06 18:51:30 45568 ----a-w- C:\Windows\System32\iolobtdfg.exe
2012-01-06 18:51:20 14848 ----a-w- C:\Windows\System32\smrgdf.exe
2012-01-06 18:29:08 2141832 ----a-w- C:\Windows\System32\Incinerator64.dll
2012-01-06 18:29:06 2083464 ----a-w- C:\Windows\SysWow64\Incinerator32.dll
2011-12-14 07:11:03 2308096 ----a-w- C:\Windows\System32\jscript9.dll
2011-12-14 07:04:30 1390080 ----a-w- C:\Windows\System32\wininet.dll
2011-12-14 07:03:38 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-12-14 06:57:28 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-12-14 03:04:54 1798656 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-12-14 02:57:18 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-12-14 02:56:58 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-12-14 02:50:04 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-03-04 07:52:06 695642 ----a-w- C:\Program Files (x86)\unins000.exe
.
============= FINISH: 12:27:47.25 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 JimsInTucson

JimsInTucson
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 09 March 2012 - 02:42 PM

with MBAM currently installed, i wonder if it is interfering with SystemShield... I see in the DDS.txt log that SystemShield is disabled, but i can "see" that it is running.

when this is all over with, as much as i have enjoyed using Iolo system mechanic (utilities) and thus bought Systemshield to go with it... maybe you can make a recommendation for preferred/better virus protection SW... Is SystemShield not as good as i was lead to believe? Maybe It didn't matter, and any AV would have had this issue(?)

ok, talk to you soon...

#3 JimsInTucson

JimsInTucson
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 09 March 2012 - 03:10 PM

fwiw.. i just got a redirect when i was trying to navigate to change my notification options on your site... took me to this address:

http://click.get-answers-fast.com/ads-clicktrack/click/jump2.do?affiliate=46831&subid=7_f8&terms=bleepingcomputer.com%20user%20cp

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:44 PM

Posted 09 March 2012 - 03:11 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 JimsInTucson

JimsInTucson
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 09 March 2012 - 06:51 PM

ComboFix.txt file
ComboFix 12-03-09.05 - Jim 03/09/2012 16:38:55.1.2 - x64
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.8190.6049 [GMT -7:00]
Running from: c:\users\Jim\Desktop\ComboFix.exe
AV: System Shield *Disabled/Updated* {C132074B-BF68-2E15-D4FD-E242EED15F18}
SP: System Shield *Disabled/Updated* {7A53E6AF-9952-219B-EE4D-D930955615A5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\SysWow64\shimg.dll
c:\windows\SysWow64\tmp956B.tmp
c:\windows\SysWow64\tmp956C.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-02-09 to 2012-03-09 )))))))))))))))))))))))))))))))
.
.
2012-03-09 23:44 . 2012-03-09 23:44 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-03-09 23:44 . 2012-03-09 23:44 -------- d-----w- c:\users\Michelle\AppData\Local\temp
2012-03-09 23:44 . 2012-03-09 23:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-08 02:47 . 2012-03-08 02:47 -------- d-----w- c:\program files (x86)\ESET
2012-03-06 16:10 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9101212C-5CF6-4F57-AE9D-105EEEF2E3C5}\mpengine.dll
2012-03-04 09:56 . 2012-03-04 09:56 -------- d-----w- c:\users\Michelle\AppData\Roaming\NVIDIA
2012-03-04 09:55 . 2012-03-04 09:55 -------- d-----w- c:\users\Michelle\AppData\Local\VirtualStore
2012-02-25 21:29 . 2012-02-25 21:29 -------- d-----w- c:\users\Jim\AppData\Local\SWTOR
2012-02-25 20:36 . 2012-02-25 20:39 -------- d-----w- c:\users\Jim\AppData\Roaming\Origin
2012-02-25 20:33 . 2012-02-25 20:33 -------- d-----w- c:\users\Jim\AppData\Local\Origin
2012-02-25 20:33 . 2012-03-09 05:54 -------- d-----w- c:\programdata\Origin
2012-02-25 20:33 . 2012-02-25 20:33 -------- d-----w- c:\program files (x86)\Origin Games
2012-02-18 02:40 . 2012-02-18 02:41 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2012-02-18 02:40 . 2012-02-18 06:05 -------- d-----w- c:\programdata\Blizzard Entertainment
2012-02-15 04:04 . 2011-12-14 16:38 621056 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 04:04 . 2011-12-14 16:17 680448 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-15 04:04 . 2012-01-12 20:16 2765824 ----a-w- c:\windows\system32\win32k.sys
2012-02-15 04:04 . 2012-01-03 14:25 404992 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-15 04:04 . 2011-12-20 10:56 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2012-02-15 04:04 . 2011-12-20 10:56 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 16:18 . 2010-01-25 08:35 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-27 22:49 . 2011-12-05 00:28 205984 ----a-w- c:\programdata\Microsoft\VBExpress\10.0\1033\ResourceCache.dll
2012-01-06 18:51 . 2010-01-24 21:40 45568 ----a-w- c:\windows\system32\iolobtdfg.exe
2012-01-06 18:51 . 2010-01-24 21:40 14848 ----a-w- c:\windows\system32\smrgdf.exe
2012-01-06 18:29 . 2011-06-28 04:53 2141832 ----a-w- c:\windows\system32\Incinerator64.dll
2012-01-06 18:29 . 2011-06-28 04:53 2083464 ----a-w- c:\windows\SysWow64\Incinerator32.dll
2011-12-25 22:36 . 2011-12-25 22:36 53248 ----a-r- c:\users\Jim\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2010-03-04 07:52 . 2010-03-04 07:52 695642 ----a-w- c:\program files (x86)\unins000.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"PowerPanel Personal Edition User Interaction"="d:\program files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe" [2007-01-11 262144]
"Steam"="d:\program files (x86)\Steam\steam.exe" [2011-08-28 1242448]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-07 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"iolo Startup"="c:\program files (x86)\iolo\Common\Lib\ioloLManager.exe" [2012-01-06 606904]
"SoundTray"="c:\program files (x86)\Analog Devices\SoundMAX\SoundTray.exe" [2008-03-26 143360]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2008-03-16 1302528]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-02-27 552960]
"LWS"="d:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - d:\program files\Logitech\SetPoint\SetPoint.exe [2010-1-24 1207312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventSystem]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vseamps]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vsedsps]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vseqrts]
@="Service"
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-07 21:15]
.
2012-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-07 21:15]
.
2010-12-18 c:\windows\Tasks\User_Feed_Synchronization-{C549B5E6-620F-4C13-916C-1882EF328CEE}.job
- c:\windows\system32\msfeedssync.exe [2011-04-09 09:30]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio8788"="c:\windows\Syswow64\cmicnfgp.dll" [2009-12-09 8151040]
"Cmaudio8788GX"="c:\windows\syswow64\HsMgr.exe" [2008-07-11 200704]
"Cmaudio8788GX64"="c:\windows\system\HsMgr64.exe" [2008-07-11 282112]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-09-29 110360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.intellicast.com/Local/Weather.aspx?location=USAZ0247
IE: E&xport to Microsoft Excel - d:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: SmarThru4 Capture Selection - c:\program files (x86)\SmarThru 4\x64\WebCapture.dll2.htm
IE: SmarThru4 Save as HTML - c:\program files (x86)\SmarThru 4\x64\WebCapture.dll1.htm
IE: SmarThru4 Save Selected Text - c:\program files (x86)\SmarThru 4\x64\WebCapture.dll.htm
IE: SmarThru4 Web Capture - c:\program files (x86)\SmarThru 4\x64\WebCapture.dll
LSP: c:\windows\system32\wpclsp.dll
LSP: c:\windows\system32\iavlsp.dll
TCP: DhcpNameServer = 192.168.1.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\xjqm3hl7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.intellicast.com/Local/Weather.aspx?location=USAZ0247
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
SafeBoot-AMP
SafeBoot-AMPSE
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1617948013-1971804372-1645784530-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:18,a6,0e,19,ba,3c,29,ef,e1,41,07,55,e4,73,e7,2b,31,48,55,8d,75,
09,ef,e8,fa,24,cf,1d,e0,72,a8,20,1c,81,23,6a,b1,5a,54,8a,85,85,de,90,89,37,\
"rkeysecu"=hex:4e,24,25,05,6b,18,9f,d4,89,5d,34,2a,86,a8,d3,0c
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-03-09 16:46:40
ComboFix-quarantined-files.txt 2012-03-09 23:46
.
Pre-Run: 45,176,823,808 bytes free
Post-Run: 45,069,107,200 bytes free
.
- - End Of File - - 537A2585CA8C8301C41B667D1C8C4F0A

#6 JimsInTucson

JimsInTucson
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 09 March 2012 - 07:01 PM

Oh... your questions... The ComboFix task went smoothly. Re-directs are so random in terms of when they happen... may take a while to determine if running ok.

See anything tell-tale in the report? I noticed c:\windows\SysWow64\shimg.dll and looked it up... apparently a trojan that was deleted by comboFix. If it is related to these types of issues, maybe we "pause" while i click-around(?)

Just let me know :)

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:44 PM

Posted 09 March 2012 - 08:39 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 JimsInTucson

JimsInTucson
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 09 March 2012 - 09:51 PM

* No reboot required by TDDSKiller

TDSSKiller.2.7.19.0_09.03.2012_19.34.33_log.txt
19:34:33.0523 1800 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39
19:34:33.0908 1800 ============================================================
19:34:33.0908 1800 Current date / time: 2012/03/09 19:34:33.0908
19:34:33.0908 1800 SystemInfo:
19:34:33.0908 1800
19:34:33.0908 1800 OS Version: 6.0.6002 ServicePack: 2.0
19:34:33.0908 1800 Product type: Workstation
19:34:33.0908 1800 ComputerName: OFFICE-PC
19:34:33.0908 1800 UserName: Jim
19:34:33.0908 1800 Windows directory: C:\Windows
19:34:33.0908 1800 System windows directory: C:\Windows
19:34:33.0908 1800 Running under WOW64
19:34:33.0908 1800 Processor architecture: Intel x64
19:34:33.0908 1800 Number of processors: 2
19:34:33.0908 1800 Page size: 0x1000
19:34:33.0908 1800 Boot type: Normal boot
19:34:33.0908 1800 ============================================================
19:34:34.0840 1800 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:34:34.0844 1800 \Device\Harddisk0\DR0:
19:34:34.0844 1800 MBR used
19:34:34.0844 1800 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xF712000
19:34:34.0844 1800 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xF712800, BlocksNum 0x3B144FF8
19:34:34.0990 1800 Initialize success
19:34:34.0990 1800 ============================================================
19:34:36.0515 5804 ============================================================
19:34:36.0515 5804 Scan started
19:34:36.0515 5804 Mode: Manual;
19:34:36.0515 5804 ============================================================
19:34:38.0228 5804 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
19:34:38.0261 5804 ACPI - ok
19:34:38.0315 5804 ADIHdAudAddService (4a30fa79f8253134d398251db614e3c9) C:\Windows\system32\drivers\ADIHdAud.sys
19:34:38.0317 5804 ADIHdAudAddService - ok
19:34:38.0548 5804 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
19:34:38.0569 5804 adp94xx - ok
19:34:38.0608 5804 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
19:34:38.0610 5804 adpahci - ok
19:34:38.0635 5804 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
19:34:38.0636 5804 adpu160m - ok
19:34:38.0728 5804 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
19:34:38.0755 5804 adpu320 - ok
19:34:38.0799 5804 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
19:34:38.0804 5804 AFD - ok
19:34:38.0811 5804 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
19:34:38.0812 5804 agp440 - ok
19:34:38.0847 5804 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
19:34:38.0848 5804 aic78xx - ok
19:34:38.0863 5804 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
19:34:38.0863 5804 aliide - ok
19:34:38.0879 5804 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
19:34:38.0879 5804 amdide - ok
19:34:38.0911 5804 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
19:34:38.0942 5804 AmdK8 - ok
19:34:38.0989 5804 AMP (6035bf320fd4537912ade40f319ef1b1) C:\Windows\system32\DRIVERS\amp.sys
19:34:38.0990 5804 AMP - ok
19:34:39.0321 5804 AMPSE (5f3c572851c0896b0ee1325832139a15) C:\Windows\system32\DRIVERS\ampse.sys
19:34:39.0327 5804 AMPSE - ok
19:34:39.0358 5804 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
19:34:39.0359 5804 arc - ok
19:34:39.0370 5804 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
19:34:39.0371 5804 arcsas - ok
19:34:39.0373 5804 AsIO - ok
19:34:39.0434 5804 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
19:34:39.0435 5804 AsyncMac - ok
19:34:39.0471 5804 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
19:34:39.0471 5804 atapi - ok
19:34:39.0487 5804 Beep - ok
19:34:39.0499 5804 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
19:34:39.0499 5804 blbdrive - ok
19:34:39.0576 5804 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
19:34:39.0602 5804 bowser - ok
19:34:39.0644 5804 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
19:34:39.0644 5804 BrFiltLo - ok
19:34:39.0703 5804 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
19:34:39.0704 5804 BrFiltUp - ok
19:34:39.0721 5804 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
19:34:39.0721 5804 Brserid - ok
19:34:39.0733 5804 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
19:34:39.0733 5804 BrSerWdm - ok
19:34:39.0744 5804 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
19:34:39.0744 5804 BrUsbMdm - ok
19:34:39.0757 5804 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
19:34:39.0757 5804 BrUsbSer - ok
19:34:39.0764 5804 BTCFilterService - ok
19:34:39.0782 5804 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
19:34:39.0782 5804 BTHMODEM - ok
19:34:39.0868 5804 BVRPMPR5a64 (9887ca12f407d7fbc7f48f3678f5f0b6) C:\Windows\system32\drivers\BVRPMPR5a64.SYS
19:34:39.0868 5804 BVRPMPR5a64 - ok
19:34:39.0914 5804 catchme - ok
19:34:39.0930 5804 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
19:34:39.0931 5804 cdfs - ok
19:34:39.0970 5804 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
19:34:39.0995 5804 cdrom - ok
19:34:40.0024 5804 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
19:34:40.0025 5804 circlass - ok
19:34:40.0060 5804 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
19:34:40.0065 5804 CLFS - ok
19:34:40.0086 5804 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
19:34:40.0086 5804 cmdide - ok
19:34:40.0134 5804 cmudaxp (62b8ec0cb4c2e4afb2207e5a8dde48dc) C:\Windows\system32\drivers\cmudaxp.sys
19:34:40.0151 5804 cmudaxp - ok
19:34:40.0163 5804 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
19:34:40.0163 5804 Compbatt - ok
19:34:40.0172 5804 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
19:34:40.0173 5804 crcdisk - ok
19:34:40.0208 5804 CSC (f60f50c8ed3fcbe358430b95fe27d09c) C:\Windows\system32\drivers\csc.sys
19:34:40.0213 5804 CSC - ok
19:34:40.0258 5804 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
19:34:40.0291 5804 DfsC - ok
19:34:40.0335 5804 DgiVecp (cfbb4907c7542180b5e0282301240006) C:\Windows\system32\Drivers\DgiVecp.sys
19:34:40.0335 5804 DgiVecp - ok
19:34:40.0370 5804 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
19:34:40.0372 5804 disk - ok
19:34:40.0409 5804 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
19:34:40.0410 5804 drmkaud - ok
19:34:40.0451 5804 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
19:34:40.0468 5804 DXGKrnl - ok
19:34:40.0604 5804 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
19:34:40.0604 5804 E1G60 - ok
19:34:40.0753 5804 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
19:34:40.0756 5804 Ecache - ok
19:34:40.0828 5804 ElRawDisk (d38a883309e04b9fbffe1aca60ea3bbf) C:\Windows\system32\drivers\ElRawDsk.sys
19:34:40.0828 5804 ElRawDisk - ok
19:34:41.0097 5804 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
19:34:41.0119 5804 elxstor - ok
19:34:41.0166 5804 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
19:34:41.0167 5804 ErrDev - ok
19:34:41.0209 5804 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
19:34:41.0212 5804 exfat - ok
19:34:41.0247 5804 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
19:34:41.0249 5804 fastfat - ok
19:34:41.0265 5804 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
19:34:41.0266 5804 fdc - ok
19:34:41.0277 5804 FileDisk - ok
19:34:41.0300 5804 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
19:34:41.0302 5804 FileInfo - ok
19:34:41.0318 5804 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
19:34:41.0319 5804 Filetrace - ok
19:34:41.0335 5804 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
19:34:41.0336 5804 flpydisk - ok
19:34:41.0378 5804 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
19:34:41.0382 5804 FltMgr - ok
19:34:41.0394 5804 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
19:34:41.0395 5804 Fs_Rec - ok
19:34:41.0429 5804 fvevol (849e38db7d829962d0233a0a252b60c3) C:\Windows\system32\DRIVERS\fvevol.sys
19:34:41.0431 5804 fvevol - ok
19:34:41.0454 5804 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
19:34:41.0455 5804 gagp30kx - ok
19:34:41.0509 5804 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
19:34:41.0513 5804 HdAudAddService - ok
19:34:41.0552 5804 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:34:41.0569 5804 HDAudBus - ok
19:34:41.0605 5804 HidBatt (68214c82fa6222591873677a72df2a66) C:\Windows\system32\DRIVERS\HidBatt.sys
19:34:41.0606 5804 HidBatt - ok
19:34:41.0639 5804 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
19:34:41.0640 5804 HidBth - ok
19:34:41.0657 5804 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
19:34:41.0657 5804 HidIr - ok
19:34:41.0714 5804 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
19:34:41.0715 5804 HidUsb - ok
19:34:41.0732 5804 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
19:34:41.0733 5804 HpCISSs - ok
19:34:41.0771 5804 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
19:34:41.0787 5804 HTTP - ok
19:34:41.0804 5804 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
19:34:41.0804 5804 i2omp - ok
19:34:41.0815 5804 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
19:34:41.0816 5804 i8042prt - ok
19:34:41.0835 5804 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
19:34:41.0837 5804 iaStorV - ok
19:34:41.0856 5804 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
19:34:41.0857 5804 iirsp - ok
19:34:41.0871 5804 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
19:34:41.0871 5804 intelide - ok
19:34:41.0887 5804 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
19:34:41.0888 5804 intelppm - ok
19:34:41.0922 5804 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:34:41.0930 5804 IpFilterDriver - ok
19:34:41.0938 5804 IpInIp - ok
19:34:41.0958 5804 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
19:34:41.0959 5804 IPMIDRV - ok
19:34:41.0971 5804 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
19:34:41.0972 5804 IPNAT - ok
19:34:41.0987 5804 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
19:34:41.0988 5804 IRENUM - ok
19:34:41.0997 5804 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
19:34:41.0998 5804 isapnp - ok
19:34:42.0017 5804 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
19:34:42.0020 5804 iScsiPrt - ok
19:34:42.0031 5804 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
19:34:42.0032 5804 iteatapi - ok
19:34:42.0046 5804 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
19:34:42.0046 5804 iteraid - ok
19:34:42.0074 5804 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
19:34:42.0074 5804 kbdclass - ok
19:34:42.0085 5804 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
19:34:42.0086 5804 kbdhid - ok
19:34:42.0117 5804 KSecDD (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys
19:34:42.0125 5804 KSecDD - ok
19:34:42.0134 5804 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
19:34:42.0134 5804 ksthunk - ok
19:34:42.0148 5804 LGBusEnum (fa529fb35694c24bf98a9ef67c1cd9d0) C:\Windows\system32\drivers\LGBusEnum.sys
19:34:42.0149 5804 LGBusEnum - ok
19:34:42.0163 5804 LGVirHid (94b29ce153765e768f004fb3440be2b0) C:\Windows\system32\drivers\LGVirHid.sys
19:34:42.0164 5804 LGVirHid - ok
19:34:42.0212 5804 LHidFilt (b6552d382ff070b4ed34cbd6737277c0) C:\Windows\system32\DRIVERS\LHidFilt.Sys
19:34:42.0212 5804 LHidFilt - ok
19:34:42.0225 5804 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
19:34:42.0227 5804 lltdio - ok
19:34:42.0239 5804 LMouFilt (73c1f563ab73d459dffe682d66476558) C:\Windows\system32\DRIVERS\LMouFilt.Sys
19:34:42.0239 5804 LMouFilt - ok
19:34:42.0254 5804 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
19:34:42.0256 5804 LSI_FC - ok
19:34:42.0269 5804 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
19:34:42.0269 5804 LSI_SAS - ok
19:34:42.0282 5804 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
19:34:42.0283 5804 LSI_SCSI - ok
19:34:42.0318 5804 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
19:34:42.0320 5804 luafv - ok
19:34:42.0355 5804 LVPr2M64 (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys
19:34:42.0356 5804 LVPr2M64 - ok
19:34:42.0393 5804 LVRS64 (ef2be2f45d4f06410a3bd2a3467325b0) C:\Windows\system32\DRIVERS\lvrs64.sys
19:34:42.0394 5804 LVRS64 - ok
19:34:42.0424 5804 LVUSBS64 (5c3ff68267a5d242ee79ee01b993d6ce) C:\Windows\system32\drivers\LVUSBS64.sys
19:34:42.0424 5804 LVUSBS64 - ok
19:34:43.0323 5804 LVUVC64 (ac22f92c6078640fe8a70d662a2f3ad5) C:\Windows\system32\DRIVERS\lvuvc64.sys
19:34:43.0342 5804 LVUVC64 - ok
19:34:43.0517 5804 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
19:34:43.0525 5804 megasas - ok
19:34:43.0547 5804 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
19:34:43.0550 5804 MegaSR - ok
19:34:43.0570 5804 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
19:34:43.0571 5804 Modem - ok
19:34:43.0594 5804 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
19:34:43.0595 5804 monitor - ok
19:34:43.0601 5804 motccgp - ok
19:34:43.0608 5804 motccgpfl - ok
19:34:43.0615 5804 motmodem - ok
19:34:43.0625 5804 MotoSwitchService - ok
19:34:43.0631 5804 Motousbnet - ok
19:34:43.0638 5804 motusbdevice - ok
19:34:43.0676 5804 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
19:34:43.0677 5804 mouclass - ok
19:34:43.0687 5804 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
19:34:43.0688 5804 mouhid - ok
19:34:43.0703 5804 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
19:34:43.0704 5804 MountMgr - ok
19:34:43.0729 5804 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
19:34:43.0730 5804 mpio - ok
19:34:43.0746 5804 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
19:34:43.0747 5804 mpsdrv - ok
19:34:43.0781 5804 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
19:34:43.0781 5804 Mraid35x - ok
19:34:43.0926 5804 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
19:34:43.0955 5804 MRxDAV - ok
19:34:43.0998 5804 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:34:44.0000 5804 mrxsmb - ok
19:34:44.0040 5804 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:34:44.0043 5804 mrxsmb10 - ok
19:34:44.0056 5804 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:34:44.0058 5804 mrxsmb20 - ok
19:34:44.0076 5804 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
19:34:44.0076 5804 msahci - ok
19:34:44.0094 5804 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
19:34:44.0105 5804 msdsm - ok
19:34:44.0128 5804 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
19:34:44.0129 5804 Msfs - ok
19:34:44.0137 5804 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
19:34:44.0138 5804 msisadrv - ok
19:34:44.0152 5804 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
19:34:44.0153 5804 MSKSSRV - ok
19:34:44.0174 5804 msloop (612c71f212c632046c2ac8d558496fee) C:\Windows\system32\DRIVERS\loop.sys
19:34:44.0174 5804 msloop - ok
19:34:44.0184 5804 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
19:34:44.0185 5804 MSPCLOCK - ok
19:34:44.0204 5804 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
19:34:44.0205 5804 MSPQM - ok
19:34:44.0273 5804 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
19:34:44.0295 5804 MsRPC - ok
19:34:44.0325 5804 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
19:34:44.0326 5804 mssmbios - ok
19:34:44.0334 5804 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
19:34:44.0335 5804 MSTEE - ok
19:34:44.0364 5804 MTsensor (6936198f2cc25b39cf5262436c80df46) C:\Windows\system32\DRIVERS\ASACPI.sys
19:34:44.0364 5804 MTsensor - ok
19:34:44.0418 5804 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
19:34:44.0420 5804 Mup - ok
19:34:44.0466 5804 mv61xx (792ca0761a6ff267fb271fa4dbe8cd84) C:\Windows\system32\DRIVERS\mv61xx.sys
19:34:44.0467 5804 mv61xx - ok
19:34:44.0506 5804 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
19:34:44.0508 5804 NativeWifiP - ok
19:34:44.0741 5804 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
19:34:44.0744 5804 NDIS - ok
19:34:44.0970 5804 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
19:34:44.0998 5804 NdisTapi - ok
19:34:45.0026 5804 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
19:34:45.0027 5804 Ndisuio - ok
19:34:45.0062 5804 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
19:34:45.0064 5804 NdisWan - ok
19:34:45.0077 5804 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
19:34:45.0078 5804 NDProxy - ok
19:34:45.0089 5804 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
19:34:45.0090 5804 NetBIOS - ok
19:34:45.0126 5804 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
19:34:45.0145 5804 netbt - ok
19:34:45.0189 5804 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
19:34:45.0190 5804 nfrd960 - ok
19:34:45.0309 5804 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
19:34:45.0310 5804 Npfs - ok
19:34:45.0333 5804 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
19:34:45.0334 5804 nsiproxy - ok
19:34:45.0426 5804 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
19:34:45.0451 5804 Ntfs - ok
19:34:45.0842 5804 ntk_dtv (10694a19236a6355741914c3737cf3a5) d:\Program Files (x86)\DirecTV\DirecTV\DirecTV\Kernel\DMP\ntk_dtv_64.sys
19:34:45.0842 5804 ntk_dtv - ok
19:34:45.0981 5804 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
19:34:45.0981 5804 Null - ok
19:34:47.0391 5804 nvlddmkm (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:34:47.0486 5804 nvlddmkm - ok
19:34:47.0622 5804 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
19:34:47.0623 5804 nvraid - ok
19:34:47.0641 5804 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
19:34:47.0642 5804 nvstor - ok
19:34:47.0659 5804 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
19:34:47.0661 5804 nv_agp - ok
19:34:47.0667 5804 NwlnkFlt - ok
19:34:47.0674 5804 NwlnkFwd - ok
19:34:47.0710 5804 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
19:34:47.0712 5804 ohci1394 - ok
19:34:47.0740 5804 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
19:34:47.0740 5804 Parport - ok
19:34:47.0778 5804 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
19:34:47.0780 5804 partmgr - ok
19:34:47.0796 5804 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
19:34:47.0799 5804 pci - ok
19:34:47.0811 5804 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
19:34:47.0812 5804 pciide - ok
19:34:47.0830 5804 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
19:34:47.0831 5804 pcmcia - ok
19:34:47.0858 5804 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
19:34:47.0876 5804 PEAUTH - ok
19:34:47.0922 5804 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
19:34:47.0924 5804 PptpMiniport - ok
19:34:47.0940 5804 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
19:34:47.0941 5804 Processor - ok
19:34:47.0976 5804 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
19:34:47.0991 5804 PSched - ok
19:34:48.0030 5804 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
19:34:48.0043 5804 ql2300 - ok
19:34:48.0067 5804 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
19:34:48.0082 5804 ql40xx - ok
19:34:48.0109 5804 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
19:34:48.0110 5804 QWAVEdrv - ok
19:34:48.0135 5804 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
19:34:48.0135 5804 RasAcd - ok
19:34:48.0149 5804 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:34:48.0151 5804 Rasl2tp - ok
19:34:48.0183 5804 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
19:34:48.0184 5804 RasPppoe - ok
19:34:48.0221 5804 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
19:34:48.0237 5804 RasSstp - ok
19:34:48.0276 5804 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
19:34:48.0280 5804 rdbss - ok
19:34:48.0289 5804 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:34:48.0290 5804 RDPCDD - ok
19:34:48.0332 5804 rdpdr (ae23e79b13feb62939e2ca1189e71735) C:\Windows\system32\DRIVERS\rdpdr.sys
19:34:48.0336 5804 rdpdr - ok
19:34:48.0343 5804 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
19:34:48.0343 5804 RDPENCDD - ok
19:34:48.0365 5804 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
19:34:48.0368 5804 RDPWD - ok
19:34:48.0400 5804 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
19:34:48.0401 5804 rspndr - ok
19:34:48.0434 5804 rt61x64 (0de3a20c7dbc58fcf8587045b25379a0) C:\Windows\system32\DRIVERS\netr6164.sys
19:34:48.0436 5804 rt61x64 - ok
19:34:48.0669 5804 RTCore64 (2e887e52e45bba3c47ccd0e75fc5266f) D:\Program Files (x86)\MSI Afterburner\RTCore64.sys
19:34:48.0669 5804 RTCore64 - ok
19:34:48.0865 5804 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
19:34:48.0866 5804 sbp2port - ok
19:34:48.0994 5804 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:34:48.0995 5804 secdrv - ok
19:34:49.0027 5804 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys
19:34:49.0028 5804 Serenum - ok
19:34:49.0048 5804 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys
19:34:49.0050 5804 Serial - ok
19:34:49.0067 5804 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
19:34:49.0068 5804 sermouse - ok
19:34:49.0092 5804 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
19:34:49.0093 5804 sffdisk - ok
19:34:49.0106 5804 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
19:34:49.0107 5804 sffp_mmc - ok
19:34:49.0119 5804 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
19:34:49.0119 5804 sffp_sd - ok
19:34:49.0135 5804 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
19:34:49.0135 5804 sfloppy - ok
19:34:49.0174 5804 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
19:34:49.0175 5804 SiSRaid2 - ok
19:34:49.0190 5804 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
19:34:49.0191 5804 SiSRaid4 - ok
19:34:49.0230 5804 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
19:34:49.0232 5804 Smb - ok
19:34:49.0280 5804 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
19:34:49.0281 5804 spldr - ok
19:34:49.0320 5804 sptd (602884696850c86434530790b110e8eb) C:\Windows\System32\Drivers\sptd.sys
19:34:49.0335 5804 sptd - ok
19:34:49.0377 5804 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
19:34:49.0382 5804 srv - ok
19:34:49.0432 5804 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
19:34:49.0435 5804 srv2 - ok
19:34:49.0469 5804 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
19:34:49.0471 5804 srvnet - ok
19:34:49.0507 5804 SSPORT (0211ab46b73a2623b86c1cfcb30579ab) C:\Windows\system32\Drivers\SSPORT.sys
19:34:49.0508 5804 SSPORT - ok
19:34:49.0530 5804 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
19:34:49.0531 5804 swenum - ok
19:34:49.0549 5804 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
19:34:49.0549 5804 Symc8xx - ok
19:34:49.0579 5804 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
19:34:49.0580 5804 Sym_hi - ok
19:34:49.0610 5804 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
19:34:49.0611 5804 Sym_u3 - ok
19:34:49.0671 5804 Tcpip (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\drivers\tcpip.sys
19:34:49.0696 5804 Tcpip - ok
19:34:49.0752 5804 Tcpip6 (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\DRIVERS\tcpip.sys
19:34:49.0757 5804 Tcpip6 - ok
19:34:49.0785 5804 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
19:34:49.0786 5804 tcpipreg - ok
19:34:49.0796 5804 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
19:34:49.0797 5804 TDPIPE - ok
19:34:49.0810 5804 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
19:34:49.0811 5804 TDTCP - ok
19:34:49.0829 5804 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
19:34:49.0830 5804 tdx - ok
19:34:49.0860 5804 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
19:34:49.0861 5804 TermDD - ok
19:34:49.0898 5804 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:34:49.0899 5804 tssecsrv - ok
19:34:49.0911 5804 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
19:34:49.0912 5804 tunmp - ok
19:34:49.0947 5804 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
19:34:49.0948 5804 tunnel - ok
19:34:49.0967 5804 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
19:34:49.0968 5804 uagp35 - ok
19:34:49.0999 5804 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
19:34:50.0002 5804 udfs - ok
19:34:50.0016 5804 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
19:34:50.0017 5804 uliagpkx - ok
19:34:50.0030 5804 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
19:34:50.0032 5804 uliahci - ok
19:34:50.0048 5804 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
19:34:50.0048 5804 UlSata - ok
19:34:50.0122 5804 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
19:34:50.0146 5804 ulsata2 - ok
19:34:50.0181 5804 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
19:34:50.0182 5804 umbus - ok
19:34:50.0218 5804 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
19:34:50.0219 5804 usbaudio - ok
19:34:50.0251 5804 usbbus (e493a1ab49cec05e48828cf949a5a2c3) C:\Windows\system32\DRIVERS\lgx64bus.sys
19:34:50.0252 5804 usbbus - ok
19:34:50.0291 5804 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
19:34:50.0293 5804 usbccgp - ok
19:34:50.0314 5804 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
19:34:50.0314 5804 usbcir - ok
19:34:50.0345 5804 UsbDiag (0614c32187d0d12ad971d83df2eb9b53) C:\Windows\system32\DRIVERS\lgx64diag.sys
19:34:50.0346 5804 UsbDiag - ok
19:34:50.0360 5804 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
19:34:50.0361 5804 usbehci - ok
19:34:50.0401 5804 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
19:34:50.0404 5804 usbhub - ok
19:34:50.0430 5804 USBModem (ecc1f29b4d25ef757bd0986c6a0518d6) C:\Windows\system32\DRIVERS\lgx64modem.sys
19:34:50.0430 5804 USBModem - ok
19:34:50.0445 5804 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
19:34:50.0446 5804 usbohci - ok
19:34:50.0454 5804 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
19:34:50.0455 5804 usbprint - ok
19:34:50.0473 5804 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
19:34:50.0474 5804 usbscan - ok
19:34:50.0506 5804 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:34:50.0507 5804 USBSTOR - ok
19:34:50.0518 5804 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
19:34:50.0519 5804 usbuhci - ok
19:34:50.0534 5804 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
19:34:50.0536 5804 usbvideo - ok
19:34:50.0555 5804 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
19:34:50.0556 5804 vga - ok
19:34:50.0591 5804 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
19:34:50.0621 5804 VgaSave - ok
19:34:50.0662 5804 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
19:34:50.0662 5804 viaide - ok
19:34:50.0777 5804 vmm (091e009ef749c9d65cf9adfad316d251) C:\Windows\system32\Drivers\vmm.sys
19:34:50.0779 5804 vmm - ok
19:34:50.0848 5804 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
19:34:50.0871 5804 volmgr - ok
19:34:50.0919 5804 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
19:34:50.0945 5804 volmgrx - ok
19:34:51.0153 5804 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
19:34:51.0163 5804 volsnap - ok
19:34:51.0205 5804 VPCNetS2 (bc2ea40b98b5e866d9a4f98afb66b682) C:\Windows\system32\DRIVERS\VMNetSrv.sys
19:34:51.0206 5804 VPCNetS2 - ok
19:34:51.0313 5804 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
19:34:51.0315 5804 vsmraid - ok
19:34:51.0377 5804 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
19:34:51.0377 5804 WacomPen - ok
19:34:51.0412 5804 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
19:34:51.0414 5804 Wanarp - ok
19:34:51.0417 5804 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
19:34:51.0417 5804 Wanarpv6 - ok
19:34:51.0441 5804 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
19:34:51.0464 5804 Wd - ok
19:34:51.0503 5804 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
19:34:51.0519 5804 Wdf01000 - ok
19:34:51.0591 5804 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
19:34:51.0592 5804 WmiAcpi - ok
19:34:51.0639 5804 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
19:34:51.0640 5804 WpdUsb - ok
19:34:51.0658 5804 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
19:34:51.0659 5804 ws2ifsl - ok
19:34:51.0676 5804 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:34:51.0677 5804 WUDFRd - ok
19:34:51.0831 5804 yukonx64 (2ae06b41b36549fabf0886b2af89a599) C:\Windows\system32\DRIVERS\yk60x64.sys
19:34:51.0832 5804 yukonx64 - ok
19:34:51.0880 5804 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
19:34:51.0981 5804 \Device\Harddisk0\DR0 - ok
19:34:52.0006 5804 Boot (0x1200) (d9182f47eae37f2b5e83505fb6654496) \Device\Harddisk0\DR0\Partition0
19:34:52.0016 5804 \Device\Harddisk0\DR0\Partition0 - ok
19:34:52.0041 5804 Boot (0x1200) (2dfe04d43169006612ffa059c89bffbd) \Device\Harddisk0\DR0\Partition1
19:34:52.0073 5804 \Device\Harddisk0\DR0\Partition1 - ok
19:34:52.0074 5804 ============================================================
19:34:52.0074 5804 Scan finished
19:34:52.0074 5804 ============================================================
19:34:52.0080 4376 Detected object count: 0
19:34:52.0080 4376 Actual detected object count: 0
19:35:23.0492 5964 Deinitialize success

aswMBR.txt
aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-03-09 19:38:27
-----------------------------
19:38:27.754 OS Version: Windows x64 6.0.6002 Service Pack 2
19:38:27.754 Number of processors: 2 586 0x1706
19:38:27.755 ComputerName: OFFICE-PC UserName: Jim
19:38:28.386 Initialize success
19:39:38.111 AVAST engine defs: 12030900
19:39:42.377 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:39:42.379 Disk 0 Vendor: WDC_WD6400AAKS-75A7B0 01.03B01 Size: 610480MB BusType: 3
19:39:42.394 Disk 0 MBR read successfully
19:39:42.396 Disk 0 MBR scan
19:39:42.398 Disk 0 Windows VISTA default MBR code
19:39:42.404 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 126500 MB offset 2048
19:39:42.421 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 483977 MB offset 259074048
19:39:42.424 Service scanning
19:39:45.077 Modules scanning
19:39:45.079 Disk 0 trace - called modules:
19:39:45.110 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys ataport.SYS pciide.sys
19:39:45.113 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008c4f790]
19:39:45.115 3 CLASSPNP.SYS[fffffa6001249c33] -> nt!IofCallDriver -> [0xfffffa80078d2820]
19:39:45.118 5 acpi.sys[fffffa60008f6fde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80078df060]
19:39:46.425 AVAST engine scan C:\Windows
19:40:00.923 AVAST engine scan C:\Windows\system32
19:44:51.151 AVAST engine scan C:\Windows\system32\drivers
19:45:12.239 AVAST engine scan C:\Users\Jim
19:49:37.591 Disk 0 MBR has been saved successfully to "C:\Users\Jim\Desktop\MBR.dat"
19:49:37.620 The log file has been saved successfully to "C:\Users\Jim\Desktop\aswMBR.txt"
19:50:45.042 Disk 0 MBR has been saved successfully to "C:\Users\Jim\Desktop\MBR.dat"
19:50:45.238 The log file has been saved successfully to "C:\Users\Jim\Desktop\aswMBR.txt"

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:44 PM

Posted 09 March 2012 - 10:03 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 JimsInTucson

JimsInTucson
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 09 March 2012 - 11:51 PM

No problems running ComboFix.

No redirects for some time now... but, usually, when i least expect it...

ComboFix.txt
ComboFix 12-03-09.05 - Jim 03/09/2012 21:41:15.2.2 - x64
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.8190.5457 [GMT -7:00]
Running from: c:\users\Jim\Desktop\ComboFix.exe
Command switches used :: c:\users\Jim\Desktop\CFScript.txt
AV: System Shield *Disabled/Updated* {C132074B-BF68-2E15-D4FD-E242EED15F18}
SP: System Shield *Disabled/Updated* {7A53E6AF-9952-219B-EE4D-D930955615A5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-02-10 to 2012-03-10 )))))))))))))))))))))))))))))))
.
.
2012-03-10 04:46 . 2012-03-10 04:46 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-03-10 04:46 . 2012-03-10 04:46 -------- d-----w- c:\users\Michelle\AppData\Local\temp
2012-03-10 04:46 . 2012-03-10 04:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-08 02:47 . 2012-03-08 02:47 -------- d-----w- c:\program files (x86)\ESET
2012-03-06 16:10 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9101212C-5CF6-4F57-AE9D-105EEEF2E3C5}\mpengine.dll
2012-03-04 09:56 . 2012-03-04 09:56 -------- d-----w- c:\users\Michelle\AppData\Roaming\NVIDIA
2012-03-04 09:55 . 2012-03-04 09:55 -------- d-----w- c:\users\Michelle\AppData\Local\VirtualStore
2012-02-25 21:29 . 2012-02-25 21:29 -------- d-----w- c:\users\Jim\AppData\Local\SWTOR
2012-02-25 20:36 . 2012-02-25 20:39 -------- d-----w- c:\users\Jim\AppData\Roaming\Origin
2012-02-25 20:33 . 2012-02-25 20:33 -------- d-----w- c:\users\Jim\AppData\Local\Origin
2012-02-25 20:33 . 2012-03-09 05:54 -------- d-----w- c:\programdata\Origin
2012-02-25 20:33 . 2012-02-25 20:33 -------- d-----w- c:\program files (x86)\Origin Games
2012-02-18 02:40 . 2012-02-18 02:41 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2012-02-18 02:40 . 2012-02-18 06:05 -------- d-----w- c:\programdata\Blizzard Entertainment
2012-02-15 04:04 . 2011-12-14 16:38 621056 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 04:04 . 2011-12-14 16:17 680448 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-15 04:04 . 2012-01-12 20:16 2765824 ----a-w- c:\windows\system32\win32k.sys
2012-02-15 04:04 . 2012-01-03 14:25 404992 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-15 04:04 . 2011-12-20 10:56 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2012-02-15 04:04 . 2011-12-20 10:56 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 16:18 . 2010-01-25 08:35 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-27 22:49 . 2011-12-05 00:28 205984 ----a-w- c:\programdata\Microsoft\VBExpress\10.0\1033\ResourceCache.dll
2012-01-06 18:51 . 2010-01-24 21:40 45568 ----a-w- c:\windows\system32\iolobtdfg.exe
2012-01-06 18:51 . 2010-01-24 21:40 14848 ----a-w- c:\windows\system32\smrgdf.exe
2012-01-06 18:29 . 2011-06-28 04:53 2141832 ----a-w- c:\windows\system32\Incinerator64.dll
2012-01-06 18:29 . 2011-06-28 04:53 2083464 ----a-w- c:\windows\SysWow64\Incinerator32.dll
2011-12-25 22:36 . 2011-12-25 22:36 53248 ----a-r- c:\users\Jim\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2010-03-04 07:52 . 2010-03-04 07:52 695642 ----a-w- c:\program files (x86)\unins000.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"PowerPanel Personal Edition User Interaction"="d:\program files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe" [2007-01-11 262144]
"Steam"="d:\program files (x86)\Steam\steam.exe" [2011-08-28 1242448]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-07 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"iolo Startup"="c:\program files (x86)\iolo\Common\Lib\ioloLManager.exe" [2012-01-06 606904]
"SoundTray"="c:\program files (x86)\Analog Devices\SoundMAX\SoundTray.exe" [2008-03-26 143360]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2008-03-16 1302528]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-02-27 552960]
"LWS"="d:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - d:\program files\Logitech\SetPoint\SetPoint.exe [2010-1-24 1207312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventSystem]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vseamps]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vsedsps]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vseqrts]
@="Service"
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 57447283
*NewlyCreated* - 74409934
*Deregistered* - 57447283
*Deregistered* - 74409934
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-07 21:15]
.
2012-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-07 21:15]
.
2010-12-18 c:\windows\Tasks\User_Feed_Synchronization-{C549B5E6-620F-4C13-916C-1882EF328CEE}.job
- c:\windows\system32\msfeedssync.exe [2011-04-09 09:30]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio8788"="c:\windows\Syswow64\cmicnfgp.dll" [2009-12-09 8151040]
"Cmaudio8788GX"="c:\windows\syswow64\HsMgr.exe" [2008-07-11 200704]
"Cmaudio8788GX64"="c:\windows\system\HsMgr64.exe" [2008-07-11 282112]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-09-29 110360]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.intellicast.com/Local/Weather.aspx?location=USAZ0247
IE: E&xport to Microsoft Excel - d:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: SmarThru4 Capture Selection - c:\program files (x86)\SmarThru 4\x64\WebCapture.dll2.htm
IE: SmarThru4 Save as HTML - c:\program files (x86)\SmarThru 4\x64\WebCapture.dll1.htm
IE: SmarThru4 Save Selected Text - c:\program files (x86)\SmarThru 4\x64\WebCapture.dll.htm
IE: SmarThru4 Web Capture - c:\program files (x86)\SmarThru 4\x64\WebCapture.dll
LSP: c:\windows\system32\wpclsp.dll
LSP: c:\windows\system32\iavlsp.dll
TCP: DhcpNameServer = 192.168.1.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\xjqm3hl7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.intellicast.com/Local/Weather.aspx?location=USAZ0247
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1617948013-1971804372-1645784530-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:18,a6,0e,19,ba,3c,29,ef,e1,41,07,55,e4,73,e7,2b,31,48,55,8d,75,
09,ef,e8,fa,24,cf,1d,e0,72,a8,20,1c,81,23,6a,b1,5a,54,8a,85,85,de,90,89,37,\
"rkeysecu"=hex:4e,24,25,05,6b,18,9f,d4,89,5d,34,2a,86,a8,d3,0c
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-03-09 21:48:14
ComboFix-quarantined-files.txt 2012-03-10 04:48
ComboFix2.txt 2012-03-09 23:46
.
Pre-Run: 45,007,196,160 bytes free
Post-Run: 45,097,275,392 bytes free
.
- - End Of File - - A52331586179A4964FBC1A7D995300BC

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:44 PM

Posted 10 March 2012 - 12:06 AM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

µTorrent
Adobe Reader 9.3.4
DAEMON Tools Toolbar
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 JimsInTucson

JimsInTucson
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 10 March 2012 - 12:40 AM

Ran Revo, uninstalled the 3 you listed.
Installed Java
I am currently stopped at TFC.... Crashes.

details of why it stopped working:
Problem signature:
Problem Event Name: APPCRASH
Application Name: TFC.exe
Application Version: 3.1.7.0
Application Timestamp: 2a425e19
Fault Module Name: RPCRT4.dll
Fault Module Version: 6.0.6002.18024
Fault Module Timestamp: 49f05beb
Exception Code: c0000005
Exception Offset: 0003633b
OS Version: 6.0.6002.2.2.0.256.1
Locale ID: 1033
Additional Information 1: 7379
Additional Information 2: 9f13c5a18e4409e2e73016d720f27f78
Additional Information 3: 7379
Additional Information 4: 9f13c5a18e4409e2e73016d720f27f78

Then, when i restarted Firefox... got a message on a browser tab that states "another program on your computer wants to modify Firefox with the following add-on:" Java Console 6.0.31 ... points to a Firefox extension folder with this name: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}

so... stuck at TFC... didn't move forward yet

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:44 PM

Posted 10 March 2012 - 12:51 AM

skip tfc and allow the change to firefox


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 JimsInTucson

JimsInTucson
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 10 March 2012 - 01:13 AM

MBAM log
Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.10.02

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Jim :: OFFICE-PC [administrator]

Protection: Disabled

3/9/2012 10:57:53 PM
mbam-log-2012-03-09 (22-57-53).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 236643
Time elapsed: 2 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

HiJackThis log
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:09:54 PM, on 3/9/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
D:\Program Files (x86)\Mozilla Firefox\firefox.exe
D:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
D:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.intellicast.com/Local/Weather.aspx?location=USAZ0247
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [iolo Startup] "C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe"
O4 - HKLM\..\Run: [SoundTray] "C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [LWS] D:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] "d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] "d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [PowerPanel Personal Edition User Interaction] "D:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe"
O4 - HKCU\..\Run: [Steam] "D:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-21-1617948013-1971804372-1645784530-1002\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1617948013-1971804372-1645784530-1002\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'UpdatusUser')
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll2.htm
O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll1.htm
O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll.htm
O8 - Extra context menu item: SmarThru4 Web Capture - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: SmarThru4 Web Capture - {5941A0E4-56C1-4a49-9B18-05762CAC5F9B} - C:\Program Files (x86)\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Web Capture - {5941A0E4-56C1-4a49-9B18-05762CAC5F9B} - C:\Program Files (x86)\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra button: SmarThru4 Capture Selection - {A07BFEF7-DD11-4937-B23B-E70C11D2EDF4} - C:\Program Files (x86)\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Capture Selection - {A07BFEF7-DD11-4937-B23B-E70C11D2EDF4} - C:\Program Files (x86)\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra button: SmarThru4 Save as HTML - {E753A93F-2367-4978-BFA0-83048C1E61CB} - C:\Program Files (x86)\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Save as HTML - {E753A93F-2367-4978-BFA0-83048C1E61CB} - C:\Program Files (x86)\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra button: SmarThru4 Save Selected Text - {F1F53366-3E11-47ab-BF84-580C94F9C9AD} - C:\Program Files (x86)\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Save Selected Text - {F1F53366-3E11-47ab-BF84-580C94F9C9AD} - C:\Program Files (x86)\SmarThru 4\WebCapture.dll (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: CLDTVHNService - Unknown owner - d:\Program Files (x86)\DirecTV\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - d:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - iolo technologies, LLC - C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - iolo technologies, LLC - C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: MotoHelper Service (MotoHelper) - Unknown owner - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PowerPanel Personal Edition Service (ppped) - Unknown owner - D:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: vseamps - Authentium, Inc - C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
O23 - Service: vsedsps - Authentium, Inc - C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
O23 - Service: vseqrts - Authentium, Inc - C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 11574 bytes

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:44 PM

Posted 10 March 2012 - 01:58 AM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKCU\..\Run: [PowerPanel Personal Edition User Interaction] "D:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe"
      O4 - HKCU\..\Run: [Steam] "D:\Program Files (x86)\Steam\steam.exe" -silent
      O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
      O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
      O4 - HKUS\S-1-5-21-1617948013-1971804372-1645784530-1002\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'UpdatusUser')
      O4 - HKUS\S-1-5-21-1617948013-1971804372-1645784530-1002\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'UpdatusUser')
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users