Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with text enhance and crossrider


  • This topic is locked This topic is locked
12 replies to this topic

#1 worksmurf

worksmurf

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:14 AM

Posted 10 September 2012 - 12:12 PM

Originally posted as 283516. Closed and moved to MRL...

Ran spybot and defender but nothing found. Ran combofix, rebooted and they appear to be gone. However cannot open firefox or IE (do not use IE) . Error - illegal operation attemted on a registry key thats been marked for delation. Ran a windows restore - no change. Reinstalldfirefox - error now - program already running but when I check task manager it is not. Combofix report kept and combofix still installed . Am sorting problem out on phone ;-(

DDS text below and zipped file attached.

Combofix report below.

Minitoolbox report below.

DDS (Ver_2011-08-26.01) -NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by ADMIN at 16:57:15 on 2012-09-10 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3071.1647 [GMT 1:00] . AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\WUDFHost.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\splwow64.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Microsoft Office\Office14\MSPUB.EXE C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Program Files (x86)\Microsoft Office\Office14\MSPUB.EXE C:\Windows\System32\svchost.exe -k swprv C:\Windows\SysWOW64\NOTEPAD.EXE C:\Windows\SysWOW64\NOTEPAD.EXE C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\vssvc.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report ===============
uSearch Bar = Preserve uStart Page = hxxp://www.google.co.uk/mWinlogon: Userinit=userinit.exe BHO: Software Assist: {11111111-1111-1111-1111-110011301126} - C:\Program Files (x86)\Software Assist\Software Assist.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} -C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} -C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL BHO: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" mRun: [<NO NAME>] mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" mRun: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF -C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF -C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel -C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote -C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} -{48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -{FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll TCP: DhcpNameServer = 192.168.100.1 87.194.255.154 87.194.255.155 TCP: Interfaces\{9F2D5630-F14D-4A5F-8B6D-544DD52FBE14} : DhcpNameServer = 192.168.100.1 87.194.255.154 87.194.255.155 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} -C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL BHO-X64: Software Assist: {11111111-1111-1111-1111-110011301126} - C:\Program Files (x86)\Software Assist\Software Assist.dll BHO-X64: CrossriderApp0003026 - No File BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} -C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Nero Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll BHO-X64: Ask Toolbar BHO - No File BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO-X64: SmartSelect - No File TB-X64: Nero Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun-x64: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" mRun-x64: [(Default)] mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" mRun-x64: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} -C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath -C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\tdjckn2q.default\FF - prefs.js: browser.startup.homepage -hxxps://mail.google.com/mail/u/0/?tab=wm#inbox/13953ea4ee9a6b26|https://www.flyerlink.com/logged_in.php FF - prefs.js: keyword.URL -hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q= . ============= SERVICES /DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?] R1 WMDrive;WMDrive;C:\Windows\SysWOW64\drivers\WMDrive.sys [2012-8-22 92536] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-2-7 822624] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776] R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2011-4-5 4925184] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfswin7.sys --> C:\Windows\system32\DRIVERS\Sftfswin7.sys [?] R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaywin7.sys --> C:\Windows\system32\DRIVERS\Sftplaywin7.sys [?] R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirwin7.sys --> C:\Windows\system32\DRIVERS\Sftredirwin7.sys [?] R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvolwin7.sys --> C:\Windows\system32\DRIVERS\Sftvolwin7.sys [?] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 Adobe Version Cue CS4;Adobe Version Cue CS4;C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-8-15 284016] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-7-28 250568] S3 etdrv;etdrv;C:\Windows\etdrv.sys [2012-8-22 25640] S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-8-23 1038088] S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2012-8-22 30528] S3 ICCS;Intel® Integrated Clock Controller Service -Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2012-8-22 160256] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-9-10 114144] S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?] S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696] S3 OSFMount;OSFMount;C:\Program Files\OSFMount\OSFMount.sys [2012-8-22 540224] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2012-09-10 08:26:48 9310152 ----a-w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{30A5B965-6CF7-43D1-AF24-3B77B697696A}\mpengine.dll 2012-09-10 08:13:44 9310152 ----a-w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-09-10 08:11:40 9310152 ----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{180803C2-1D71-45A0-874C-49717BDB14B5}\mpengine.dll 2012-09-08 10:46:58 --------d-s---w- C:\ComboFix 2012-09-08 08:45:28 --------d-----w-C:\ProgramData\Spybot -Search & Destroy 2012-09-08 08:45:28 --------d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2012-09-05 17:37:38 101376 ----a-w-C:\Windows\System32\Spool\prtprocs\x64\HPZPPWN7.DLL 2012-09-05 10:40:51 40960 ----a-r-C:\Users\ADMIN\AppData\Roaming\Microsoft\Installer\{FF1C72E2-203C-4E95-8D24-735196D29E04}\NewShortcut1_DC5EDBF7D08241849400BC64FF8DD4BE.exe 2012-09-01 17:48:19 --------d-----w-C:\ProgramData\abelhadigital.com 2012-08-31 10:18:08 --------d--h--w-C:\Users\ADMIN\AppData\Local\Apps 2012-08-28 11:48:48 42496 ----a-w-C:\Windows\System32\Spool\prtprocs\x64\x5pp.dll 2012-08-28 11:48:48 11264 ----a-w-C:\Windows\System32\Spool\prtprocs\x64\x5print.dll 2012-08-24 16:51:14 --------d-----w-C:\Users\ADMIN\AppData\Roaming\Xerox 2012-08-24 16:43:37 --------d-----w-C:\ProgramData\Xerox 2012-08-24 16:36:58 41472 ----a-w-C:\Windows\System32\Spool\prtprocs\x64\Xrpp_b.dll 2012-08-24 16:36:58 12288 ----a-w-C:\Windows\System32\Spool\prtprocs\x64\Xrprt_b.dll 2012-08-24 14:50:37 --------d-----w-C:\ProgramData\WinMount 2012-08-23 16:01:42 --------d--h--w-C:\Users\ADMIN\AppData\Local\ElevatedDiagnostics 2012-08-23 13:39:13 --------d-----w-C:\Users\ADMIN\AppData\Local\AskToolbar 2012-08-23 09:59:15 --------d-----w-C:\ProgramData\ALM 2012-08-23 09:53:32 24416 ----a-r-C:\Windows\System32\AdobePDFUI.dll 2012-08-23 09:40:47 --------d-----w- C:\Program Files\Common Files\Macrovision Shared 2012-08-23 09:38:49 --------d-----w- C:\Program Files (x86)\Common Files\Macrovision Shared 2012-08-23 08:19:14 --------d-----w-C:\Windows\SysWow64\spool 2012-08-23 08:13:57 --------d-----w-C:\Users\ADMIN\AppData\Local\Adobe 2012-08-22 20:17:32 710992 ----a-w-C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2012-08-22 19:50:59 25640 ----a-w-C:\Windows\etdrv.sys 2012-08-22 19:44:06 30528 ----a-w-C:\Windows\GVTDrv64.sys 2012-08-22 19:41:17 --------d-----w- C:\Intel 2012-08-22 19:41:05 --------d-----w- C:\Program Files (x86)\AMD 2012-08-22 18:33:09 --------d--h--w-C:\Users\ADMIN\AppData\Local\Macromedia 2012-08-22 18:26:21 --------d-----w-C:\ProgramData\VirtualizedApplications 2012-08-22 18:15:07 --------d-----w- C:\Program Files (x86)\FileZilla Client 2012-08-22 18:13:32 --------d--h--w-C:\Users\ADMIN\AppData\Local\Google 2012-08-22 18:13:31 --------d--h--w-C:\Users\ADMIN\AppData\Local\Software Assist 2012-08-22 18:13:29 --------d-----w- C:\Program Files (x86)\Software Assist 2012-08-22 18:13:22 --------d-----w- C:\Program Files (x86)\Un-Rar for Windows 2012-08-22 18:08:54 --------d-----w- C:\Program Files (x86)\Microsoft Synchronization Services 2012-08-22 18:08:28 --------d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition 2012-08-22 18:06:39 --------d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8 2012-08-22 18:05:33 --------d-----w- C:\Program Files (x86)\Microsoft Analysis Services 2012-08-22 18:05:09 --------d--h--w-C:\Users\ADMIN\AppData\Local\Microsoft Help 2012-08-22 17:58:43 --------d-----w- C:\Program Files\OSFMount 2012-08-22 17:41:11 --------d-----w-C:\Users\ADMIN\AppData\Roaming\WinMount 2012-08-22 17:40:25 92536 ----a-w-C:\Windows\SysWow64\drivers\WMDrive.sys 2012-08-22 17:40:25 --------d-----w- C:\Program Files\WinMount 2012-08-22 17:10:18 9232584 ----a-w-C:\Windows\SysWow64\FlashPlayerInstaller.exe 2012-08-22 16:50:08 --------d-----w- C:\Program Files (x86)\BitTorrent 2012-08-22 16:48:26 --------d-----w-C:\Users\ADMIN\AppData\Roaming\BitTorrent 2012-08-22 16:25:04 --------d-----w-C:\Users\ADMIN\AppData\Local\Mozilla 2012-08-22 16:21:25 --------d--h--w-C:\Users\ADMIN\AppData\Local\Diagnostics . ==================== Find3M ==================== . 2012-08-22 19:43:58 25640 ----a-w-C:\Windows\gdrv.sys 2012-08-22 18:35:03 73416 ----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-08-22 18:35:03 696520 ----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe 2012-07-18 18:15:06 3148800 ----a-w-C:\Windows\System32\win32k.sys 2012-07-04 22:13:27 59392 ----a-w-C:\Windows\System32\browcli.dll 2012-07-04 22:13:27 136704 ----a-w-C:\Windows\System32\browser.dll 2012-07-04 21:14:34 41984 ----a-w-C:\Windows\SysWow64\browcli.dll 2012-06-29 03:56:34 2312704 ----a-w-C:\Windows\System32\jscript9.dll 2012-06-29 03:49:11 1392128 ----a-w-C:\Windows\System32\wininet.dll 2012-06-29 03:48:07 1494528 ----a-w-C:\Windows\System32\inetcpl.cpl 2012-06-29 03:43:49 173056 ----a-w-C:\Windows\System32\ieUnatt.exe 2012-06-29 03:39:48 2382848 ----a-w-C:\Windows\System32\mshtml.tlb 2012-06-29 00:16:58 1800704 ----a-w-C:\Windows\SysWow64\jscript9.dll 2012-06-29 00:09:01 1129472 ----a-w-C:\Windows\SysWow64\wininet.dll 2012-06-29 00:08:59 1427968 ----a-w-C:\Windows\SysWow64\inetcpl.cpl 2012-06-29 00:04:43 142848 ----a-w-C:\Windows\SysWow64\ieUnatt.exe 2012-06-29 00:00:45 2382848 ----a-w-C:\Windows\SysWow64\mshtml.tlb . ============= FINISH: 16:57:30.55 ===========


COMBOFIX 2 REPORT ---------


ComboFix 12-09-07.03 - ADMIN 08/09/2012 10:20:42.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3071.1411 [GMT 1:00]
Running from: c:\users\ADMIN\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Software Assist\SoFTware assist.dll
c:\users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\tdjckn2q.default\extensions\crossriderapp3026@crossrider.com
c:\users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\tdjckn2q.default\extensions\crossriderapp3026@crossrider.com\chrome.manifest
c:\users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\tdjckn2q.default\extensions\crossriderapp3026@crossrider.com\chrome\content\background.html
c:\users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\tdjckn2q.default\extensions\crossriderapp3026@crossrider.com\chrome\content\browser.xul
c:\users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\tdjckn2q.default\extensions\crossriderapp3026@crossrider.com\chrome\content\crossrider.js
c:\users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\tdjckn2q.default\extensions\crossriderapp3026@crossrider.com\chrome\content\crossriderapi.js
c:\users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\tdjckn2q.default\extensions\crossriderapp3026@crossrider.com\chrome\content\dialog.js
c:\users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\tdjckn2q.default\extensions\crossriderapp3026@crossrider.com\chrome\content\options.js
c:\users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\tdjckn2q.default\extensions\crossriderapp3026@crossrider.com\chrome\content\options.xul
c:\users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\tdjckn2q.default\extensions\crossriderapp3026@crossrider.com\chrome\content\search_dialog.xul
c:\users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\tdjckn2q.default\extensions\crossriderapp3026@crossrider.com\chrome\content\update.html
c:\users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\tdjckn2q.default\extensions\crossriderapp3026@crossrider.com\defaults\preferences\prefs.js
c:\users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\tdjckn2q.default\extensions\crossriderapp3026@crossrider.com\install.rdf
c:\users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\tdjckn2q.default\extensions\crossriderapp3026@crossrider.com\locale\en-US\translations.dtd
c:\users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\tdjckn2q.default\extensions\crossriderapp3026@crossrider.com\skin\button1.png
c:\users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\tdjckn2q.default\extensions\crossriderapp3026@crossrider.com\skin\button2.png
c:\users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\tdjckn2q.default\extensions\crossriderapp3026@crossrider.com\skin\button3.png
c:\users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\tdjckn2q.default\extensions\crossriderapp3026@crossrider.com\skin\button4.png
c:\users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\tdjckn2q.default\extensions\crossriderapp3026@crossrider.com\skin\button5.png
c:\users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\tdjckn2q.default\extensions\crossriderapp3026@crossrider.com\skin\crossrider_statusbar.png
c:\users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\tdjckn2q.default\extensions\crossriderapp3026@crossrider.com\skin\icon128.png
c:\users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\tdjckn2q.default\extensions\crossriderapp3026@crossrider.com\skin\icon16.png
c:\users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\tdjckn2q.default\extensions\crossriderapp3026@crossrider.com\skin\icon24.png
c:\users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\tdjckn2q.default\extensions\crossriderapp3026@crossrider.com\skin\icon48.png
c:\users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\tdjckn2q.default\extensions\crossriderapp3026@crossrider.com\skin\panelarrow-up.png
c:\users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\tdjckn2q.default\extensions\crossriderapp3026@crossrider.com\skin\popup.css
c:\users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\tdjckn2q.default\extensions\crossriderapp3026@crossrider.com\skin\popup.html
c:\users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\tdjckn2q.default\extensions\crossriderapp3026@crossrider.com\skin\popup_binding.xml
c:\users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\tdjckn2q.default\extensions\crossriderapp3026@crossrider.com\skin\skin.css
c:\users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\tdjckn2q.default\extensions\crossriderapp3026@crossrider.com\skin\update.css
c:\users\ADMIN\Documents\~WRL0001.tmp
c:\windows\SysWow64\FlashPlayerInstaller.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-08-08 to 2012-09-08 )))))))))))))))))))))))))))))))
.
.
2012-09-08 09:26 . 2012-09-08 09:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-08 08:45 . 2012-09-08 09:18 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-09-08 08:45 . 2012-09-08 08:55 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-09-08 08:39 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7325F91B-EF19-42C2-976C-D99B536C43A7}\mpengine.dll
2012-09-07 17:56 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-05 17:37 . 2009-07-14 01:41 101376 ----a-w- c:\windows\system32\Spool\prtprocs\x64\HPZPPWN7.DLL
2012-09-05 10:40 . 2012-09-05 10:40 40960 ----a-r- c:\users\ADMIN\AppData\Roaming\Microsoft\Installer\{FF1C72E2-203C-4E95-8D24-735196D29E04}\NewShortcut1_DC5EDBF7D08241849400BC64FF8DD4BE.exe
2012-09-05 10:40 . 2012-09-05 10:40 -------- d-----w- c:\program files (x86)\Hewlett-Packard
2012-09-01 17:48 . 2012-09-06 19:54 -------- d-----w- c:\programdata\abelhadigital.com
2012-08-31 10:18 . 2012-08-31 10:18 -------- d-----w- c:\users\ADMIN\AppData\Local\Apps
2012-08-28 11:48 . 2012-08-13 09:44 42496 ----a-w- c:\windows\system32\Spool\prtprocs\x64\x5pp.dll
2012-08-28 11:48 . 2012-08-13 09:44 11264 ----a-w- c:\windows\system32\Spool\prtprocs\x64\x5print.dll
2012-08-24 16:51 . 2012-08-24 16:51 -------- d-----w- c:\users\ADMIN\AppData\Roaming\Xerox
2012-08-24 16:50 . 2012-08-24 16:50 -------- d-----w- c:\users\ADMIN\AppData\Roaming\Leadertech
2012-08-24 16:43 . 2012-08-24 16:43 -------- d-----w- c:\programdata\Xerox
2012-08-24 16:36 . 2009-07-17 05:06 41472 ----a-w- c:\windows\system32\Spool\prtprocs\x64\Xrpp_b.dll
2012-08-24 16:36 . 2009-07-17 05:06 12288 ----a-w- c:\windows\system32\Spool\prtprocs\x64\Xrprt_b.dll
2012-08-24 14:50 . 2012-08-24 14:50 -------- d-----w- c:\programdata\WinMount
2012-08-23 16:01 . 2012-09-05 17:39 -------- d-----w- c:\users\ADMIN\AppData\Local\ElevatedDiagnostics
2012-08-23 13:39 . 2012-08-23 13:39 -------- d-----w- c:\users\ADMIN\AppData\Local\AskToolbar
2012-08-23 10:01 . 2012-08-23 10:01 -------- d-----w- c:\program files\Adobe
2012-08-23 09:59 . 2012-08-23 09:59 -------- d-----w- c:\programdata\ALM
2012-08-23 09:53 . 2008-04-07 04:38 24416 ----a-r- c:\windows\system32\AdobePDFUI.dll
2012-08-23 09:40 . 2012-08-23 09:40 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2012-08-23 09:38 . 2012-08-23 09:38 -------- d-----w- c:\program files (x86)\Common Files\Macrovision Shared
2012-08-23 09:03 . 2012-08-23 13:31 -------- d-----w- c:\programdata\FLEXnet
2012-08-23 08:19 . 2012-08-23 08:19 -------- d-----w- c:\windows\SysWow64\spool
2012-08-23 08:18 . 2012-08-23 08:18 -------- d-----w- c:\program files (x86)\Adobe Media Player
2012-08-23 08:17 . 2012-08-23 08:17 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2012-08-23 08:15 . 2012-08-23 10:02 -------- d-----w- c:\program files\Common Files\Adobe
2012-08-23 08:13 . 2012-08-23 13:24 -------- d-----w- c:\users\ADMIN\AppData\Local\Adobe
2012-08-22 20:17 . 2012-08-22 20:17 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-08-22 19:50 . 2012-08-22 19:50 25640 ----a-w- c:\windows\etdrv.sys
2012-08-22 19:44 . 2012-08-22 19:44 30528 ----a-w- c:\windows\GVTDrv64.sys
2012-08-22 19:41 . 2012-08-22 19:41 -------- d-----w- c:\program files (x86)\Intel
2012-08-22 19:41 . 2012-08-22 19:41 -------- d-----w- C:\Intel
2012-08-22 19:41 . 2012-08-22 19:41 -------- d-----w- c:\program files (x86)\AMD
2012-08-22 18:33 . 2012-08-22 18:33 -------- d-----w- c:\users\ADMIN\AppData\Local\Macromedia
2012-08-22 18:26 . 2012-08-30 09:53 -------- d-----w- c:\programdata\VirtualizedApplications
2012-08-22 18:15 . 2012-08-24 15:17 -------- d-----w- c:\users\ADMIN\AppData\Roaming\FileZilla
2012-08-22 18:15 . 2012-08-22 18:16 -------- d-----w- c:\program files (x86)\FileZilla Client
2012-08-22 18:13 . 2012-08-22 18:13 -------- d-----w- c:\users\ADMIN\AppData\Local\Google
2012-08-22 18:13 . 2012-08-22 18:13 -------- d-----w- c:\users\ADMIN\AppData\Local\Software Assist
2012-08-22 18:13 . 2012-09-08 09:25 -------- d-----w- c:\program files (x86)\Software Assist
2012-08-22 18:13 . 2012-08-22 18:13 -------- d-----w- c:\program files (x86)\Un-Rar for Windows
2012-08-22 18:08 . 2012-08-22 18:08 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2012-08-22 18:08 . 2012-08-22 18:08 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework
2012-08-22 18:08 . 2012-08-22 18:08 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2012-08-22 18:06 . 2012-08-22 18:06 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2012-08-22 18:05 . 2012-08-22 18:05 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2012-08-22 18:05 . 2012-08-22 18:05 -------- d-----w- c:\users\ADMIN\AppData\Local\Microsoft Help
2012-08-22 18:05 . 2012-08-23 15:01 -------- d-----w- c:\programdata\Microsoft Help
2012-08-22 18:04 . 2012-08-22 18:04 -------- d-----r- C:\MSOCache
2012-08-22 17:58 . 2012-08-22 17:58 -------- d-----w- c:\program files\OSFMount
2012-08-22 17:41 . 2012-08-22 17:42 -------- d-----w- c:\users\ADMIN\AppData\Roaming\WinMount
2012-08-22 17:40 . 2012-08-22 17:40 -------- d-----w- c:\program files\WinMount
2012-08-22 17:40 . 2012-08-22 17:40 92536 ----a-w- c:\windows\SysWow64\drivers\WMDrive.sys
2012-08-22 16:50 . 2012-08-22 16:50 -------- d-----w- c:\program files (x86)\BitTorrent
2012-08-22 16:48 . 2012-08-23 15:00 -------- d-----w- c:\users\ADMIN\AppData\Roaming\BitTorrent
2012-08-22 16:25 . 2012-08-22 16:25 -------- d-----w- c:\users\ADMIN\AppData\Local\Mozilla
2012-08-22 16:24 . 2012-08-31 16:47 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-08-22 16:21 . 2012-08-22 16:21 -------- d-----w- c:\users\ADMIN\AppData\Local\Diagnostics
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-22 20:12 . 2012-07-26 13:01 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-08-22 19:43 . 2012-07-26 12:32 25640 ----a-w- c:\windows\gdrv.sys
2012-08-22 18:35 . 2012-07-28 09:58 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-22 18:35 . 2012-07-28 09:58 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-28 11:07 . 2012-07-28 11:07 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9382F274-8E2A-4210-BEBD-E75A3FE24E57}\gapaengine.dll
2012-07-26 13:04 . 2012-07-26 13:04 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-07-26 13:04 . 2012-07-26 13:04 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2012-07-26 13:04 . 2012-07-26 13:04 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-07-26 13:04 . 2012-07-26 13:04 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-07-26 13:04 . 2012-07-26 13:04 82432 ----a-w- c:\windows\system32\icardie.dll
2012-07-26 13:04 . 2012-07-26 13:04 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-07-26 13:04 . 2012-07-26 13:04 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-07-26 13:04 . 2012-07-26 13:04 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-07-26 13:04 . 2012-07-26 13:04 697344 ----a-w- c:\windows\system32\msfeeds.dll
2012-07-26 13:04 . 2012-07-26 13:04 65024 ----a-w- c:\windows\system32\pngfilt.dll
2012-07-26 13:04 . 2012-07-26 13:04 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-07-26 13:04 . 2012-07-26 13:04 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-07-26 13:04 . 2012-07-26 13:04 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2012-07-26 13:04 . 2012-07-26 13:04 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2012-07-26 13:04 . 2012-07-26 13:04 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-07-26 13:04 . 2012-07-26 13:04 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-07-26 13:04 . 2012-07-26 13:04 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-07-26 13:04 . 2012-07-26 13:04 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2012-07-26 13:04 . 2012-07-26 13:04 448512 ----a-w- c:\windows\system32\html.iec
2012-07-26 13:04 . 2012-07-26 13:04 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-07-26 13:04 . 2012-07-26 13:04 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2012-07-26 13:04 . 2012-07-26 13:04 39936 ----a-w- c:\windows\system32\iernonce.dll
2012-07-26 13:04 . 2012-07-26 13:04 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2012-07-26 13:04 . 2012-07-26 13:04 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-07-26 13:04 . 2012-07-26 13:04 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-07-26 13:04 . 2012-07-26 13:04 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-26 13:04 . 2012-07-26 13:04 282112 ----a-w- c:\windows\system32\dxtrans.dll
2012-07-26 13:04 . 2012-07-26 13:04 267776 ----a-w- c:\windows\system32\ieaksie.dll
2012-07-26 13:04 . 2012-07-26 13:04 249344 ----a-w- c:\windows\system32\webcheck.dll
2012-07-26 13:04 . 2012-07-26 13:04 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-07-26 13:04 . 2012-07-26 13:04 222208 ----a-w- c:\windows\system32\msls31.dll
2012-07-26 13:04 . 2012-07-26 13:04 197120 ----a-w- c:\windows\system32\msrating.dll
2012-07-26 13:04 . 2012-07-26 13:04 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-07-26 13:04 . 2012-07-26 13:04 163840 ----a-w- c:\windows\system32\ieakui.dll
2012-07-26 13:04 . 2012-07-26 13:04 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-07-26 13:04 . 2012-07-26 13:04 160256 ----a-w- c:\windows\system32\wextract.exe
2012-07-26 13:04 . 2012-07-26 13:04 160256 ----a-w- c:\windows\system32\ieakeng.dll
2012-07-26 13:04 . 2012-07-26 13:04 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-07-26 13:04 . 2012-07-26 13:04 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-07-26 13:04 . 2012-07-26 13:04 149504 ----a-w- c:\windows\system32\occache.dll
2012-07-26 13:04 . 2012-07-26 13:04 145920 ----a-w- c:\windows\system32\iepeers.dll
2012-07-26 13:04 . 2012-07-26 13:04 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-07-26 13:04 . 2012-07-26 13:04 12288 ----a-w- c:\windows\system32\mshta.exe
2012-07-26 13:04 . 2012-07-26 13:04 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-07-26 13:04 . 2012-07-26 13:04 114176 ----a-w- c:\windows\system32\admparse.dll
2012-07-26 13:04 . 2012-07-26 13:04 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-07-26 13:04 . 2012-07-26 13:04 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-07-26 13:04 . 2012-07-26 13:04 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2012-07-26 13:04 . 2012-07-26 13:04 103936 ----a-w- c:\windows\system32\inseng.dll
2012-07-26 13:04 . 2012-07-26 13:04 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-07-16 01:40 . 2012-07-28 08:20 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{91283DD4-C795-4D6B-A1D2-DE55E2E50E6F}\mpengine.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-21 11:17 1233288 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-05-21 1233288]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-22 250568]
R3 etdrv;etdrv;c:\windows\etdrv.sys [2012-08-22 25640]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-08-23 1038088]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2012-08-22 30528]
R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2011-08-30 160256]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-31 114144]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 OSFMount;OSFMount;c:\program files\OSFMount\OSFMount.sys [2012-05-09 540224]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2011-04-05 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-26 1255736]
S1 WMDrive;WMDrive;c:\windows\SysWOW64\drivers\WMDrive.sys [2012-08-22 92536]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-02-07 822624]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfswin7.sys [2011-10-01 765288]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaywin7.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirwin7.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvolwin7.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-28 18:35]
.
2012-09-08 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files (x86)\Spybot - Search & Destroy\SpybotSD.exe [2012-09-08 14:31]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MountOverlayIcon]
@="{0F49CF41-FD97-4942-9F2A-35E8B489E7FB}"
[HKEY_CLASSES_ROOT\CLSID\{0F49CF41-FD97-4942-9F2A-35E8B489E7FB}]
2010-10-21 09:41 308736 ----a-w- c:\program files\WinMount\WinMTExt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 363544]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.co.uk/
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.100.1 87.194.255.154 87.194.255.155
FF - ProfilePath - c:\users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\tdjckn2q.default\
FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/u/0/?tab=wm#inbox/13953ea4ee9a6b26|https://www.flyerlink.com/logged_in.php
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-09-08 11:04:33 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-08 10:04
.
Pre-Run: 74,070,450,176 bytes free
Post-Run: 73,699,667,968 bytes free
.
- - End Of File - - 9487B6D29E420C1E7836CEF5A3632FA7


MINITOOLBOX REPORT ---------

MiniToolBox by Farbar Version: 23-07-2012
Ran by ADMIN (administrator) on 10-09-2012 at 18:38:27
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
========================= IP Configuration: ================================

Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.20) = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : ADMIN-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : config

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : config
Description . . . . . . . . . . . : Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
Physical Address. . . . . . . . . : 00-1D-7D-72-5D-5E
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.100.3(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 10 September 2012 09:54:19
Lease Expires . . . . . . . . . . : 18 October 2148 01:06:47
Default Gateway . . . . . . . . . : 192.168.100.1
DHCP Server . . . . . . . . . . . : 192.168.100.1
DNS Servers . . . . . . . . . . . : 192.168.100.1
87.194.255.154
87.194.255.155
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.config:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : config
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:73b8:e2:3922:3f57:9bfc(Preferred)
Link-local IPv6 Address . . . . . : fe80::e2:3922:3f57:9bfc%12(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: dsldevice.config
Address: 192.168.100.1

Name: google.com
Addresses: 2a00:1450:4009:808::1005
173.194.34.161
173.194.34.162
173.194.34.167
173.194.34.164
173.194.34.174
173.194.34.166
173.194.34.168
173.194.34.160
173.194.34.169
173.194.34.163
173.194.34.165


Pinging google.com [173.194.41.67] with 32 bytes of data:
Reply from 173.194.41.67: bytes=32 time=34ms TTL=56
Reply from 173.194.41.67: bytes=32 time=28ms TTL=56

Ping statistics for 173.194.41.67:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 28ms, Maximum = 34ms, Average = 31ms
Server: dsldevice.config
Address: 192.168.100.1

Name: yahoo.com
Addresses: 72.30.38.140
98.138.253.109
98.139.183.24


Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=178ms TTL=49
Reply from 98.138.253.109: bytes=32 time=180ms TTL=49

Ping statistics for 98.138.253.109:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 178ms, Maximum = 180ms, Average = 179ms
Server: dsldevice.config
Address: 192.168.100.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
11...00 1d 7d 72 5d 5e ......Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
1...........................Software Loopback Interface 1
13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.100.1 192.168.100.3 21
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.100.0 255.255.255.0 On-link 192.168.100.3 276
192.168.100.3 255.255.255.255 On-link 192.168.100.3 276
192.168.100.255 255.255.255.255 On-link 192.168.100.3 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.100.3 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.100.3 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
12 58 ::/0 On-link
1 306 ::1/128 On-link
12 58 2001::/32 On-link
12 306 2001:0:5ef5:73b8:e2:3922:3f57:9bfc/128
On-link
12 306 fe80::/64 On-link
12 306 fe80::e2:3922:3f57:9bfc/128
On-link
1 306 ff00::/8 On-link
12 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/10/2012 03:45:20 PM) (Source: Application Error) (User: )
Description: Faulting application name: MSPUB.EXE, version: 14.0.4734.1000, time stamp: 0x4b58fb7b
Faulting module name: PTXT9.DLL, version: 14.0.4734.1000, time stamp: 0x4b58fbc8
Exception code: 0xc0000005
Fault offset: 0x0003fd44
Faulting process id: 0x8f8
Faulting application start time: 0xMSPUB.EXE0
Faulting application path: MSPUB.EXE1
Faulting module path: MSPUB.EXE2
Report Id: MSPUB.EXE3

Error: (09/10/2012 03:39:02 PM) (Source: Application Error) (User: )
Description: Faulting application name: MSPUB.EXE, version: 14.0.4734.1000, time stamp: 0x4b58fb7b
Faulting module name: mso.dll, version: 14.0.4734.1000, time stamp: 0x4b58ffba
Exception code: 0xc0000005
Fault offset: 0x001151de
Faulting process id: 0xf0c
Faulting application start time: 0xMSPUB.EXE0
Faulting application path: MSPUB.EXE1
Faulting module path: MSPUB.EXE2
Report Id: MSPUB.EXE3

Error: (09/10/2012 01:54:38 PM) (Source: Application Error) (User: )
Description: Faulting application name: WinMount.exe, version: 3.4.0.1, time stamp: 0x4cbfda59
Faulting module name: ole32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c92c
Exception code: 0xc0000005
Fault offset: 0x0000000000029fa9
Faulting process id: 0xc20
Faulting application start time: 0xWinMount.exe0
Faulting application path: WinMount.exe1
Faulting module path: WinMount.exe2
Report Id: WinMount.exe3

Error: (09/10/2012 01:37:39 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (09/10/2012 00:36:06 PM) (Source: Application Error) (User: )
Description: Faulting application name: MSPUB.EXE, version: 14.0.4734.1000, time stamp: 0x4b58fb7b
Faulting module name: mso.dll, version: 14.0.4734.1000, time stamp: 0x4b58ffba
Exception code: 0xc0000005
Fault offset: 0x004a784b
Faulting process id: 0xa00
Faulting application start time: 0xMSPUB.EXE0
Faulting application path: MSPUB.EXE1
Faulting module path: MSPUB.EXE2
Report Id: MSPUB.EXE3

Error: (09/10/2012 09:55:45 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/10/2012 09:41:20 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/10/2012 09:17:27 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/10/2012 08:55:16 AM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed:

Error: (09/10/2012 08:46:15 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (09/10/2012 09:55:11 AM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80004005

Error: (09/10/2012 09:40:13 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (09/10/2012 09:40:13 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (09/10/2012 09:40:13 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (09/10/2012 09:40:13 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (09/10/2012 09:40:13 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (09/10/2012 09:40:13 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (09/10/2012 09:40:13 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (09/10/2012 09:40:13 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (09/10/2012 09:40:13 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (09/10/2012 03:45:20 PM) (Source: Application Error)(User: )
Description: MSPUB.EXE14.0.4734.10004b58fb7bPTXT9.DLL14.0.4734.10004b58fbc8c00000050003fd448f801cd8f62d283fa4bC:\Program Files (x86)\Microsoft Office\Office14\MSPUB.EXEC:\Program Files (x86)\Microsoft Office\Office14\PTXT9.DLL2481a3e2-fb56-11e1-8250-001d7d725d5e

Error: (09/10/2012 03:39:02 PM) (Source: Application Error)(User: )
Description: MSPUB.EXE14.0.4734.10004b58fb7bmso.dll14.0.4734.10004b58ffbac0000005001151def0c01cd8f53bfd64405C:\Program Files (x86)\Microsoft Office\Office14\MSPUB.EXEC:\Program Files (x86)\Common Files\Microsoft Shared\office14\mso.dll42ff8eeb-fb55-11e1-8250-001d7d725d5e

Error: (09/10/2012 01:54:38 PM) (Source: Application Error)(User: )
Description: WinMount.exe3.4.0.14cbfda59ole32.dll6.1.7601.175144ce7c92cc00000050000000000029fa9c2001cd8f5278aaafcfC:\Program Files\WinMount\WinMount.exeC:\Windows\system32\ole32.dllad68bac3-fb46-11e1-8250-001d7d725d5e

Error: (09/10/2012 01:37:39 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (09/10/2012 00:36:06 PM) (Source: Application Error)(User: )
Description: MSPUB.EXE14.0.4734.10004b58fb7bmso.dll14.0.4734.10004b58ffbac0000005004a784ba0001cd8f3dbf1bb07dC:\Program Files (x86)\Microsoft Office\Office14\MSPUB.EXEC:\Program Files (x86)\Common Files\Microsoft Shared\office14\mso.dllb4ebc1b3-fb3b-11e1-8250-001d7d725d5e

Error: (09/10/2012 09:55:45 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/10/2012 09:41:20 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/10/2012 09:17:27 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/10/2012 08:55:16 AM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed:

Error: (09/10/2012 08:46:15 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


========================= Memory info: ===================================

Percentage of memory in use: 45%
Total physical RAM: 3070.55 MB
Available physical RAM: 1679.38 MB
Total Pagefile: 6139.3 MB
Available Pagefile: 4730.01 MB
Total Virtual: 4095.88 MB
Available Virtual: 3955.79 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:111.69 GB) (Free:67.39 GB) NTFS
3 Drive e: (Data Drive) (Fixed) (Total:149.05 GB) (Free:148.95 GB) NTFS
4 Drive f: () (Fixed) (Total:17.73 GB) (Free:9.27 GB) NTFS
5 Drive g: () (Fixed) (Total:19.53 GB) (Free:5.91 GB) NTFS
6 Drive h: () (Removable) (Total:0.96 GB) (Free:0.2 GB) FAT
7 Drive i: () (Removable) (Total:7.4 GB) (Free:0.72 GB) FAT32

========================= Users: ========================================

User accounts for \\ADMIN-PC

ADMIN Administrator Guest


**** End of log ****

Attached Files


Edited by worksmurf, 10 September 2012 - 01:10 PM.


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:14 AM

Posted 12 September 2012 - 06:28 AM

Hi,

how is Internet Explorer doing now? Are you also still having trouble with it? Is firefox still saying it is running? Have you rebooted since you ran Combofix?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 worksmurf

worksmurf
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:14 AM

Posted 13 September 2012 - 08:46 AM

Hi Myrti

Neither IE or Firefox will start. Firefox gives "already running error" and yep multiple reboots.
Am using different machine at the mo .......
Regards
Howard

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:14 AM

Posted 13 September 2012 - 09:28 AM

Hi,

when you open up your task-manager do you see firefox running? What error do you get when using internet explorer?

Could you try to launch Firefox in its safe-mode to see if you can start it then:http://support.mozilla.org/en-US/kb/troubleshoot-firefox-issues-using-safe-mode

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 worksmurf

worksmurf
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:14 AM

Posted 13 September 2012 - 09:51 AM

Firefox is not running in task manager. IE no error message. In safe mode no change.
Regards
H

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:14 AM

Posted 13 September 2012 - 10:08 AM

So IE is working? Could you please try to create a new user profile as shown here: http://support.mozilla.org/en-US/kb/profile-manager-create-and-remove-firefox-profiles

Let me know if you can get online with that.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 worksmurf

worksmurf
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:14 AM

Posted 13 September 2012 - 11:18 AM

Sorry Myrti

No browser is working. Firefox throws an error but IE doesn't. Am trying your suggestion now.

Regards
H

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:14 AM

Posted 13 September 2012 - 12:39 PM

Hi,

what happens when you try to go online with IE?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 worksmurf

worksmurf
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:14 AM

Posted 13 September 2012 - 03:31 PM

Nothing ... No error, no timer, no nothing.... Firefox does react, as in circle comes up, think its the win7 equivilant of eggtimer, for about 2 seconds then " already running error" ... Cant do firefox check tii tomorrow .....

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:14 AM

Posted 13 September 2012 - 05:53 PM

Hi,

so does IE not open? Or does it open and close? http://support.microsoft.com/kb/923737 Try these please for itnernet explorer and let me know if it's working afterwards.

Have you since uninstalled and reinstall Firefox?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 worksmurf

worksmurf
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:14 AM

Posted 18 September 2012 - 05:44 AM

Hi Myrti

Hooray for Myrti...! ;-)

Took some time but created new profiles, copied data folders across and Firefox came back in all its glory!
One of the data files contained the problem so just had to reduce what I copied... took 4 attempts but hey it worked.
Of course backed up old profile and then deleted it.
Thankyou very much for your help

Best Regards
Howard

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:14 AM

Posted 18 September 2012 - 05:50 AM

Hi,

I'm glad this worked! :) For the record I strongly discourage using ComboFix unsupervised as things can turn south and you won't have the necessary to undo them. But if you ignore this advice and choose to run CF on your own again. The "Error - illegal operation attemted on a registry key thats been marked for delation."-message can be fixed by a simple reboot. No restore necessary. I also suspect that the firefox issues arose from the system restore rather than the CF run, but there's no way to know.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:14 AM

Posted 08 October 2012 - 06:00 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users