Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ran ComboFix Tool, need help intrepreting log report


  • This topic is locked This topic is locked
2 replies to this topic

#1 directbluejim

directbluejim

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:12 AM

Posted 12 September 2012 - 03:45 PM

Hi,I ran the ComboFix Tool yesterday and while it appears to have fixed several problems, my laptop still hangs after reboot. More specifically, about 20-30 post re-start I will click on a browser window, email, etc and the system will just hang. Upon pressing CTRL+ALT+DELETE, I get an error message stating "failure to display security and shut down options". The logon process was unable to display..

Background: I have worked with an engineer on this problem, one who is very well versed with malware,viruses,etc. I have run all the following scans on my Win 7 system:

Spybot (clean)
Malwarebytes (clean)
Symantec Endpoint Deep Scan (hangs about midway in the scan)

As a last resort I was told to try Combofix. Here is the log report. Any help interpreting the results would be much appreciated:

ComboFix 12-09-11.02 - Jim Nesbitt 09/11/2012 19:45:28.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8106.5723 [GMT -7:00]
Running from: c:\users\Jim Nesbitt\Downloads\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\$recycle.bin\S-1-5-21-4206330556-359487663-2516327556-1000\$85972754dc0988334f918fcc5218ff28\@
c:\$recycle.bin\S-1-5-21-4206330556-359487663-2516327556-1000\$85972754dc0988334f918fcc5218ff28\U\00000001.@
c:\$recycle.bin\S-1-5-21-4206330556-359487663-2516327556-1000\$85972754dc0988334f918fcc5218ff28\U\80000000.@
c:\$recycle.bin\S-1-5-21-4206330556-359487663-2516327556-1000\$85972754dc0988334f918fcc5218ff28\U\800000cb.@
c:\programdata\Roaming
c:\users\Jim Nesbitt\Desktop\Internet Explorer.lnk
c:\windows\SysWow64\muzapp.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-08-12 to 2012-09-12 )))))))))))))))))))))))))))))))
.
.
2012-09-12 02:51 . 2012-09-12 02:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-12 02:41 . 2012-09-12 02:41 -------- d-----w- c:\users\Jim Nesbitt\AppData\Local\CrashDumps
2012-09-11 00:37 . 2012-09-11 00:50 -------- d-----w- c:\users\Jim Nesbitt\AppData\Local\NPE
2012-09-11 00:37 . 2012-09-11 00:37 -------- d-----w- c:\programdata\Norton
2012-09-11 00:29 . 2012-09-11 00:29 27256 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys
2012-09-09 19:23 . 2012-09-09 19:23 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2012-09-07 21:52 . 2012-06-05 07:37 256904 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys
2012-09-07 16:39 . 2012-09-07 16:39 73696 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-08-30 20:24 . 2012-08-30 20:24 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-08-30 20:24 . 2012-08-30 20:24 67072 ----a-w- c:\windows\splwow64.exe
2012-08-30 20:24 . 2012-08-30 20:24 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-30 20:24 . 2012-08-30 20:24 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2012-08-30 20:23 . 2012-08-30 20:23 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-08-30 20:23 . 2012-08-30 20:23 59392 ----a-w- c:\windows\system32\browcli.dll
2012-08-30 20:23 . 2012-08-30 20:23 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-08-30 20:23 . 2012-08-30 20:23 136704 ----a-w- c:\windows\system32\browser.dll
2012-08-30 20:22 . 2012-08-30 20:22 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-08-30 20:21 . 2012-08-30 20:21 503808 ----a-w- c:\windows\system32\srcore.dll
2012-08-30 20:21 . 2012-08-30 20:21 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-08-30 20:20 . 2012-08-30 20:20 956928 ----a-w- c:\windows\system32\localspl.dll
2012-08-30 20:18 . 2012-08-30 20:18 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-08-30 20:18 . 2012-08-30 20:18 -------- d-----r- c:\program files (x86)\Skype
2012-08-30 20:17 . 2012-08-30 20:17 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2012-08-30 20:17 . 2012-08-30 20:17 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-08-30 20:17 . 2012-08-30 20:17 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-08-30 20:17 . 2012-08-30 20:17 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-08-30 20:17 . 2012-08-30 20:17 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-08-30 20:17 . 2012-08-30 20:17 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-08-30 20:16 . 2012-08-30 20:16 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-08-30 20:16 . 2012-08-30 20:16 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-08-30 20:16 . 2012-08-30 20:16 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-08-30 20:16 . 2012-08-30 20:16 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-08-30 20:16 . 2012-08-30 20:16 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-08-30 20:16 . 2012-08-30 20:16 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-08-30 20:15 . 2012-08-30 20:15 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-08-30 20:15 . 2012-08-30 20:15 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-08-30 20:15 . 2012-08-30 20:15 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-08-30 20:15 . 2012-08-30 20:15 340992 ----a-w- c:\windows\system32\schannel.dll
2012-08-30 20:15 . 2012-08-30 20:15 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-08-30 20:15 . 2012-08-30 20:15 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-08-30 20:15 . 2012-08-30 20:15 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-08-30 20:15 . 2012-08-30 20:15 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-08-30 20:15 . 2012-08-30 20:15 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-08-30 20:13 . 2012-08-30 20:13 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-08-30 20:13 . 2012-08-30 20:13 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-08-30 20:13 . 2012-08-30 20:13 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-08-30 20:07 . 2012-08-30 20:07 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-08-30 20:06 . 2012-08-30 20:06 3216384 ----a-w- c:\windows\system32\msi.dll
2012-08-30 20:06 . 2012-08-30 20:06 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-08-30 20:06 . 2012-08-30 20:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-30 20:06 . 2012-08-30 20:06 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-08-30 20:06 . 2012-08-30 20:06 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-08-30 20:05 . 2012-08-30 20:05 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-08-30 20:05 . 2012-08-30 20:05 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-08-30 20:05 . 2012-08-30 20:05 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-08-30 20:05 . 2012-08-30 20:05 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-08-30 20:05 . 2012-08-30 20:05 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-08-30 20:04 . 2012-08-30 20:04 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-30 20:03 . 2012-08-30 20:03 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-08-30 19:54 . 2012-08-30 19:54 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-08-30 19:54 . 2012-08-30 19:54 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-08-23 01:17 . 2012-08-23 01:18 -------- d-----w- c:\users\Jim Nesbitt\AppData\Local\Microsoft Games
2012-08-17 23:43 . 2012-08-17 23:42 3833856 ----a-w- c:\windows\SysWow64\cdintf300.dll
2012-08-16 22:42 . 2012-08-16 22:42 -------- d-----w- c:\users\Jim Nesbitt\AppData\Local\Macromedia
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-10 21:14 . 2012-07-09 21:33 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-10 21:14 . 2012-07-09 21:33 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="c:\users\Jim Nesbitt\AppData\Local\AOL\AIM\aim.exe" [2012-02-11 1263448]
"SmileboxTray"="c:\users\Jim Nesbitt\AppData\Roaming\Smilebox\SmileboxTray.exe" [2012-08-13 305000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-02 343168]
"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-02-22 1497352]
"RemoteControl10"="c:\program files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe" [2010-09-20 87336]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\users\Jim Nesbitt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
Trillian.lnk - c:\program files (x86)\directbluejim\trillian.exe [2012-7-27 2380752]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2012-7-25 1155472]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-6-24 9216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DelayedDesktopSwitchTimeout"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-27 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-09-15 299008]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-07-29 52584]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-27 136176]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-09-08 34200]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-07 114144]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-09-15 340240]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 t1pusb64;Trigger 1+ Graphics Card;c:\windows\system32\drivers\t1pusb64.sys [2011-08-05 172544]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-21 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 excsd;ExpressCache Storage Filter Driver;c:\windows\system32\DRIVERS\excsd.sys [2011-09-23 80688]
S0 mctkmdldr;mctkmdldr;c:\windows\system32\drivers\mctkmdldr64.sys [2011-04-09 19584]
S1 excfs;ExpressCache File System Filter Driver;c:\windows\system32\DRIVERS\excfs.sys [2011-09-23 23344]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2011-09-22 13824]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2011-01-25 60416]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-09-02 204288]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-09-15 1166848]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-10-18 936272]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-10-18 1001808]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928]
S2 ExpressCache;ExpressCache;c:\program files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [2011-09-23 79664]
S2 GManager;GManager;c:\windows\system32\GManager.exe [2011-08-31 310648]
S2 MCTDesktopSvr;MCTDesktopSvr;c:\program files (x86)\Common Files\DesktopUtil\MCTDesktopSvr.exe [2011-05-04 199296]
S2 SGDrv;SGDrv;c:\windows\system32\DRIVERS\SGdrv64.sys [2011-04-11 7680]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-05-05 2656536]
S3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys [2009-07-14 9728]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-09-02 9371136]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-09-02 309760]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-09-15 299008]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-06-02 128488]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-06-02 401896]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-10-18 1354064]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-08-30 53760]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-10-11 288768]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2011-08-17 31216]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2011-06-17 186152]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-10-11 59904]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-04-04 12262624]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-09-08 25496]
S3 mctkmd;mctkmd;c:\windows\system32\drivers\mctkmd64.sys [2011-09-30 124544]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-09-17 8604672]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-05-17 533096]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2011-01-25 18432]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2011-09-08 42392]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-27 22:50]
.
2012-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-27 22:50]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-04 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-04 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-04 418840]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-01 12661352]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-09-15 1935120]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-10-18 10357008]
"MCTDUtil"="c:\program files (x86)\Common Files\DesktopUtil\Util-Desktop.exe" [2011-05-04 195200]
"FDispPos"="c:\program files (x86)\Common Files\DesktopUtil\Util-Desktop.exe" [2011-05-04 195200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://samsung.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: cisco.com\tools
Trusted Zone: cisco.com\www
TCP: DhcpNameServer = 192.168.1.1 208.67.222.222 208.67.220.220
FF - ProfilePath - c:\users\Jim Nesbitt\AppData\Roaming\Mozilla\Firefox\Profiles\ttll1tg9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-09-11 19:52:44
ComboFix-quarantined-files.txt 2012-09-12 02:52
.
Pre-Run: 269,294,792,704 bytes free
Post-Run: 269,178,163,200 bytes free
.
- - End Of File - - 13014C85ABB0594BC1F8E8C6EA715E6C

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,224 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:12 AM

Posted 14 September 2012 - 10:23 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,224 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:12 AM

Posted 20 September 2012 - 07:27 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users