Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE and Mozilla being Redirected


  • Please log in to reply
4 replies to this topic

#1 IT&C

IT&C

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:26 PM

Posted 25 October 2012 - 06:07 PM

I think one of our PC's have also contracted the same, if not a variant of this virus/rootkit.
Google results and other links (both in IE9 and Chrome) are being redirected to various search engines (livewebsearch, livesearchnow, topwebsearch etc) and then being redirected to a completely unrelated site (I've had it take me to groupon.com several times - most likely for generating link revenue).

It doesn't happen on every link, but it does happen on 99% of IT related links (such as this site).

So far I've tried the following:
Combofix
Malwarebytes
TDSSKiller
JRT
AdwCleaner
TFC
Minitoolbox (reseting proxies/flushdns)
Spybot S&D (this found a security center disabler but after deleting the registry, MSE still does not seem to work)

Combofix made a couple of deletions but no other program has found anything, and I'm still experiencing redirection.

Might be worth noting that Windows Updates & Security Center also seem to be disabled.

Operating System is Win 7 Home Premium 64bit.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:26 PM

Posted 25 October 2012 - 07:17 PM

Hello I split your topic to here.

Having run ComboFix we will need to see that one and a DDS log from the Guide below.

Please follow this Preparation Guide and post in a new topic.
If Gmer won't run,skip it.

Let me know if all went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 IT&C

IT&C
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:26 PM

Posted 25 October 2012 - 10:54 PM

Thanks boopme.

I have attached the logs for DDS and GMER below.

Let me know if you require anything further - I also ran an ESET Online Scanner scan with 0 results (Had a false positive picking up Temp File Cleaner as being a variant of Win32/somoto.A).

DDS (Ver_2012-10-19.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421
Run by Koroknay at 11:49:23 on 2012-10-26
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.1644.479 [GMT 11:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\atieclxx.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\rundll32.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\windows\SysWOW64\AsusService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\spool\DRIVERS\x64\3\HP1006MC.EXE
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
C:\Program Files\ASUS\Eee Docking\Eee Docking.exe
C:\Program Files (x86)\Asus\LiveUpdate\LiveUpdate.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe
C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\windows\system32\taskeng.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\HP Toner Cartridge Authentication\hpcra113.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\ASUS\SHE\SuperHybridEngine.exe
C:\Program Files (x86)\ASUS\HotkeyService\HotKeyMon.exe
C:\Program Files (x86)\ASUS\HotkeyService\HotkeyService.exe
C:\Program Files (x86)\ASUS\CapsHook\CapsHook.exe
C:\Program Files (x86)\Telstra\Mobile Broadband Manager\TelstraUCM.exe
C:\Program Files (x86)\ASUS\USBChargeSetting\iSeriesCharge.exe
C:\windows\SysWOW64\RunDll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\windows\system32\wuauclt.exe
C:\windows\system32\taskhost.exe
C:\Windows\system32\WUDFHost.exe
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
uRun: [MyTomTomSA.exe] "C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HotkeyMon] AsusSender.exe C:\Program Files (x86)\ASUS\HotkeyService\HotKeyMon.exe
mRun: [HotkeyService] AsusSender.exe C:\Program Files (x86)\ASUS\HotkeyService\HotkeyService.exe
mRun: [SuperHybridEngine] AsusSender.exe C:\Program Files (x86)\ASUS\SHE\SuperHybridEngine.exe
mRun: [CapsHook] AsusSender.exe C:\Program Files (x86)\ASUS\CapsHook\CapsHook.exe
mRun: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S
mRun: [ToolboxFX] "C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [iSeriesCharge] AsusSender.exe C:\Program Files (x86)\ASUS\USBChargeSetting\iSeriesCharge.exe
mRun: [BigPondWirelessBroadbandCM] "C:\Program Files (x86)\Telstra\Mobile Broadband Manager\TelstraUCM.exe" -tsr
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
TCP: NameServer = 203.0.178.191
TCP: Interfaces\{31447D64-F4FD-4CA6-AEEC-C8CBDBFC5DB7} : DHCPNameServer = 203.0.178.191
TCP: Interfaces\{79030110-A12F-4344-9EB9-B0F991FD4461} : DHCPNameServer = 10.0.0.138
TCP: Interfaces\{79030110-A12F-4344-9EB9-B0F991FD4461}\143616369616 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{79030110-A12F-4344-9EB9-B0F991FD4461}\34963736F64333833393 : DHCPNameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{79030110-A12F-4344-9EB9-B0F991FD4461}\34F626260234F60223 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{79030110-A12F-4344-9EB9-B0F991FD4461}\45563747265646 : DHCPNameServer = 203.0.178.191
TCP: Interfaces\{79030110-A12F-4344-9EB9-B0F991FD4461}\D616265786169702C6F657E67656 : DHCPNameServer = 192.168.0.1 203.167.97.66 203.167.97.200
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SynAsusAcpi] C:\Program Files (x86)\Synaptics\SynTP\SynAsusAcpi.exe
x64-Run: [LiveUpdate] AsusSender.exe C:\Program Files (x86)\Asus\LiveUpdate\LiveUpdate.exe auto
x64-Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe autorun
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [HP LaserJet Professional CM1410 Series Fax] C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe "HP LaserJet Professional CM1410 Series Fax"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\windows\System32\drivers\amd_sata.sys [2011-4-27 75904]
R0 amd_xata;amd_xata;C:\windows\System32\drivers\amd_xata.sys [2011-4-27 38016]
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-28 63960]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2011-3-28 203776]
R2 AsusService;Asus Launcher Service;C:\Windows\SysWOW64\AsusService.exe [2011-5-5 224680]
R2 HP LaserJet Service;HP LaserJet Service;C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [2010-10-25 145920]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-25 676936]
R2 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2011-4-27 128456]
R2 ScrybeUpdater;Scrybe Updater;C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe [2011-5-27 1300264]
R2 SwiCardDetectSvc;Sierra Wireless Card Detection Service;C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [2011-6-24 317296]
R3 AiDriver;ASUS Charger Driver;C:\windows\System32\drivers\AiDriver.sys [2012-7-26 17152]
R3 amdkmdag;amdkmdag;C:\windows\System32\drivers\atikmdag.sys [2011-3-28 8013312]
R3 amdkmdap;amdkmdap;C:\windows\System32\drivers\atikmpag.sys [2011-3-28 287232]
R3 asmthub3;ASMedia USB3 Hub Service;C:\windows\System32\drivers\asmthub3.sys [2011-2-24 126952]
R3 asmtxhci;ASMEDIA XHCI Service;C:\windows\System32\drivers\asmtxhci.sys [2011-2-24 389608]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\windows\System32\drivers\AtihdW76.sys [2011-3-28 115216]
R3 btwampfl;Bluetooth AMP USB Filter;C:\windows\System32\drivers\btwampfl.sys [2011-5-5 341032]
R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\System32\drivers\btwl2cap.sys [2011-5-5 39464]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2011-3-28 76912]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2012-3-14 25928]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-25 116648]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-10-25 1153368]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2012-7-17 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-25 116648]
S3 massfilter;ZTE Mass Storage Filter Driver;C:\windows\System32\drivers\massfilter.sys [2010-7-16 9216]
S3 massfilter_lte;LTE Device Mass Storage Filter Driver;C:\windows\System32\drivers\massfilter_LTE.sys [2011-8-9 18456]
S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\windows\System32\drivers\netr28x.sys [2009-6-11 620544]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 swg3kser00;Sierra Wireless QMI USB Device for Legacy Serial Communication;C:\windows\System32\drivers\swg3kser00.sys [2012-8-3 258432]
S3 swiwdmbx;Sierra Wireless USB Bus Service;C:\windows\System32\drivers\swiwdmbx64.sys [2012-8-3 109312]
S3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);C:\windows\System32\drivers\swnc8ua3.sys [2012-8-3 249344]
S3 SWUMXA3;Sierra Wireless USB MUX Driver (UMTSA3);C:\windows\System32\drivers\swumxa3.sys [2011-7-1 199552]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2011-2-11 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2011-2-11 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2011-5-10 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-7-2 1255736]
S4 DETECT PS2: ;DETECT PS2: ;C:\Program Files (x86)\Asus\LiveUpdate\DETECTSYS.sys [2010-5-27 6144]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2012-10-25 06:45:46 -------- d-----w- C:\Users\Koroknay\AppData\Roaming\addpcs
2012-10-25 06:45:26 -------- d-----w- C:\Program Files\Temp File Cleaner
2012-10-25 05:42:11 -------- d-----w- C:\JRT
2012-10-25 05:08:36 -------- d-----w- C:\Program Files (x86)\ESET
2012-10-25 05:07:43 -------- d-----w- C:\windows\pss
2012-10-25 04:18:33 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-10-25 04:18:33 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-10-25 01:08:55 9291768 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{556B7F60-510B-40B5-8D88-5C47A131EB62}\mpengine.dll
2012-10-23 06:07:14 9291768 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-20 06:35:05 972192 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EEA67757-4603-41CC-BEB6-1DC2C51DEE76}\gapaengine.dll
2012-10-19 07:27:37 -------- d-----w- C:\Program Files (x86)\Ten PDF Reader
2012-10-17 04:52:08 -------- d-----w- C:\Users\Koroknay\AppData\Local\LogMeIn Rescue Applet
2012-10-14 06:04:53 94208 --sha-r- C:\windows\SysWow64\rastlst.dll
2012-10-13 06:24:22 -------- d-----w- C:\Users\Koroknay\AppData\Local\{C5889806-1EAC-461A-96B8-768E64783F4A}
2012-10-11 01:25:20 1659760 ----a-w- C:\windows\System32\drivers\ntfs.sys
2012-10-11 01:25:16 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-10-11 01:25:14 3914096 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-10-11 01:25:13 3968880 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-10-11 01:25:02 424448 ----a-w- C:\windows\System32\KernelBase.dll
2012-10-11 01:25:01 338432 ----a-w- C:\windows\System32\conhost.exe
2012-10-11 01:25:01 215040 ----a-w- C:\windows\System32\winsrv.dll
2012-10-11 01:23:57 715776 ----a-w- C:\windows\System32\kerberos.dll
2012-10-11 01:23:56 542208 ----a-w- C:\windows\SysWow64\kerberos.dll
2012-10-11 01:23:45 1464320 ----a-w- C:\windows\System32\crypt32.dll
2012-10-11 01:23:45 1159680 ----a-w- C:\windows\SysWow64\crypt32.dll
2012-10-11 01:23:44 184320 ----a-w- C:\windows\System32\cryptsvc.dll
2012-10-11 01:23:44 140288 ----a-w- C:\windows\System32\cryptnet.dll
2012-10-11 01:23:43 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll
2012-10-11 01:23:42 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll
2012-10-09 02:00:11 -------- d-----w- C:\Users\Koroknay\AppData\Local\{89E6C17C-08E7-4159-89FD-B730156CDABE}
2012-10-06 11:42:11 -------- d-----w- C:\Users\Koroknay\AppData\Local\{BACF330D-BB24-4BDE-8334-132E4512E698}
2012-10-05 10:18:44 -------- d-----w- C:\Users\Koroknay\AppData\Local\{1C3EDBB3-F850-49AB-9027-39F988F8E117}
2012-10-04 22:10:39 -------- d-----w- C:\Users\Koroknay\AppData\Local\{2773AF5E-D41F-486A-81D1-862C9EB00F2C}
2012-10-04 05:29:06 -------- d-----w- C:\Users\Koroknay\AppData\Local\{B0AA9AC6-74AE-43AE-9315-C7307A39588B}
2012-10-04 05:21:55 -------- d-----w- C:\Users\Koroknay\AppData\Local\{B2CA7CEE-94B9-477C-90EC-2555614C4A7D}
2012-10-03 12:11:53 -------- d-----w- C:\Users\Koroknay\AppData\Local\{189B802F-4EB1-4D55-AE29-214C81EC96A2}
2012-10-03 07:42:58 -------- d-----w- C:\Users\Koroknay\AppData\Local\{C14A86F2-C01B-4DD1-9ED6-7250D653561D}
.
==================== Find3M ====================
.
2012-09-29 08:54:26 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-09-14 19:19:29 2048 ----a-w- C:\windows\System32\tzres.dll
2012-09-14 18:28:53 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2012-09-07 01:54:50 412456 ----a-w- C:\windows\System32\SynCOM.dll
2012-09-07 01:54:49 177448 ----a-w- C:\windows\SysWow64\SynCOM.dll
2012-09-07 01:54:45 276264 ----a-w- C:\windows\System32\SynCtrl.dll
2012-09-07 01:54:44 222504 ----a-w- C:\windows\SysWow64\SynCtrl.dll
2012-09-07 01:54:41 1452080 ----a-w- C:\windows\System32\drivers\SynTP.sys
2012-09-07 01:54:40 226600 ----a-w- C:\windows\System32\SynTPAPI.dll
2012-09-07 01:54:40 107816 ----a-w- C:\windows\SysWow64\SynTPCOM.dll
2012-09-07 01:54:39 148264 ----a-w- C:\windows\System32\SynTPCo9.dll
2012-09-07 01:54:37 66856 ----a-w- C:\windows\SysWow64\SynTPEnhPS.dll
2012-08-30 12:03:48 228768 ----a-w- C:\windows\System32\drivers\MpFilter.sys
2012-08-30 12:03:48 128456 ----a-w- C:\windows\System32\drivers\NisDrvWFP.sys
2012-08-24 18:05:07 220160 ----a-w- C:\windows\System32\wintrust.dll
2012-08-24 16:57:48 172544 ----a-w- C:\windows\SysWow64\wintrust.dll
2012-08-24 10:31:32 2312704 ----a-w- C:\windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12:50 1913200 ----a-w- C:\windows\System32\drivers\tcpip.sys
2012-08-22 18:12:40 950128 ----a-w- C:\windows\System32\drivers\ndis.sys
2012-08-22 18:12:40 376688 ----a-w- C:\windows\System32\drivers\netio.sys
2012-08-22 18:12:33 288624 ----a-w- C:\windows\System32\drivers\FWPKCLNT.SYS
2012-08-21 21:01:00 245760 ----a-w- C:\windows\System32\OxpsConverter.exe
2012-08-20 18:48:44 362496 ----a-w- C:\windows\System32\wow64win.dll
2012-08-20 18:48:44 243200 ----a-w- C:\windows\System32\wow64.dll
2012-08-20 18:48:44 13312 ----a-w- C:\windows\System32\wow64cpu.dll
2012-08-20 18:48:37 16384 ----a-w- C:\windows\System32\ntvdm64.dll
2012-08-20 17:40:21 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
2012-08-20 17:38:44 44032 ----a-w- C:\windows\apppatch\acwow64.dll
2012-08-20 17:38:26 25600 ----a-w- C:\windows\SysWow64\setup16.exe
2012-08-20 17:37:19 5120 ----a-w- C:\windows\SysWow64\wow32.dll
2012-08-20 17:37:18 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll
2012-08-20 15:38:21 7680 ----a-w- C:\windows\SysWow64\instnm.exe
2012-08-20 15:38:20 2048 ----a-w- C:\windows\SysWow64\user.exe
2012-08-20 15:33:28 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-08-02 17:58:52 574464 ----a-w- C:\windows\System32\d3d10level9.dll
2012-08-02 16:57:20 490496 ----a-w- C:\windows\SysWow64\d3d10level9.dll
.
============= FINISH: 11:49:50.55 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-10-19.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 29/06/2011 1:41:34 PM
System Uptime: 25/10/2012 6:09:42 PM (17 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | 1215B
Processor: AMD E-350 Processor | CPU 1 | 1600/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 100 GiB total, 55.129 GiB free.
D: is FIXED (NTFS) - 351 GiB total, 350.263 GiB free.
E: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP187: 5/10/2012 6:18:54 AM - Windows Update
RP188: 10/10/2012 1:45:10 PM - Windows Update
RP191: 13/10/2012 5:27:47 PM - Windows Update
.
==== Installed Programs ======================
.
?? ??? ?? Windows Live Mesh ActiveX ???
??????? Windows Live Mesh ActiveX ??(????)
??????? Windows Live Mesh ActiveX ???
64 Bit HP CIO Components Installer
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader X (10.1.4)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Asmedia ASM104x USB 3.0 Host Controller Driver
ASUS WebStorage
AsusScreensaver
ASUSUpdate for Eee PC
AsusVibe2.0
Atheros Client Installation Program
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
ATI Catalyst Install Manager
BlackBerry Desktop Software 7.0
BlackBerry Device Software Updater
Bonjour
Broadcom Wireless Network Adapter
CapsHook
Catalyst Control Center - Branding
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
Catalyst Control Center Profiles Mobile
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
Chicken Invaders 2
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dr.Eee
E-Cam
Eee Docking 3.8.3
ESET Online Scanner v3
FontResizer
Game Park Console
Google Chrome
Google Update Helper
Hotkey Service
HP FWUpdateEDO3
HP LaserJet Professional CM1410 Series
HP LJ CM1410 MFP Series HP Scan
HP Toner Cartridge Authentication
HP Update
HPLaserJetHelp_LearnCenter
HPLJUT
HPOARInstall_x64
hppCM1410LaserJetService
hppFaxDrvCM1410
hppFaxUtilityCM1410
hppLaserJetService
hppSendFaxCM1410
hppTLBXFXCM1410
hpzTLBXFX
I.R.I.S. OCR
InstantOn
iTunes
Junk Mail filter update
LiveUpdate
Malwarebytes Anti-Malware version 1.65.1.1000
Marketsplash Shortcuts
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Business 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Mobile Broadband Manager
MSVCRT
MSVCRT_amd64
MyTomTom 3.1.0.530
QuickTime
Ralink RT2860 Wireless LAN Card
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition
Skype Click to Call
Skype™ 5.10
Spybot - Search & Destroy
Super Hybrid Engine
Synaptics Gesture Suite featuring SYNAPTICS | Scrybe
Synaptics Pointing Device Driver
syncables desktop SE
Telstra Mobile Broadband Manager
Temp File Cleaner
Ten PDF Reader 8.1
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
USBCharge+
Visual Studio C++ 10.0 Runtime
WIDCOMM Bluetooth Software
Windows Live ??
Windows Live ?? ???
Windows Live ???
Windows Live ????
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WMV9/VC-1 Video Playback
.
==== Event Viewer Messages From Past Week ========
.
26/10/2012 11:40:07 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
25/10/2012 6:15:47 PM, Error: Service Control Manager [7000] - The DETECT PS2: service failed to start due to the following error: This driver has been blocked from loading
25/10/2012 6:15:47 PM, Error: Application Popup [1060] - \??\C:\Program Files (x86)\ASUS\LiveUpdate\DetectSys.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
25/10/2012 6:10:36 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
25/10/2012 6:10:19 PM, Error: Service Control Manager [7001] - The SBSD Security Center Service service depends on the Security Center service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
25/10/2012 5:25:46 PM, Error: Service Control Manager [7034] - The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================

#4 IT&C

IT&C
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:26 PM

Posted 25 October 2012 - 10:55 PM

Note: All options for GMER were greyed (only Services, Registry and Files were checked)

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-10-26 12:24:54
Windows 6.1.7601 Service Pack 1
Running: gmer.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3b2962e
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06dc103d6
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06de45a9a
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3b2962e (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06dc103d6 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06de45a9a (not active ControlSet)

---- EOF - GMER 1.0.15 ----

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:26 PM

Posted 26 October 2012 - 08:43 PM

Hello,please repost the DDS and GMEr logs per step 9 in the Prep Guide.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users