Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Blank Device Driver Screen + Corrupted Files


  • Please log in to reply
13 replies to this topic

#1 insaniak

insaniak

  • Members
  • 198 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 28 February 2013 - 07:11 PM

Ive tried running a sfc scan now it says it couldnt repair it I also tried runing the repair twice already with windows 7 recovery disk. I have attached the need files as well as HiJack This Log

Also I do not have any network connections showing up when I go to network configurations, but I still have internet access.

 

Any help would be much appreciated. Thank you

 

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:04:27 PM, on 2/28/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16464)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll
O2 - BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe"
O4 - HKUS\S-1-5-18\..\Run: [CtxfiReg] CTXFIREG.exe /FAIL2 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CtxfiReg] CTXFIREG.exe /FAIL2 (User 'Default user')
O9 - Extra button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O9 - Extra button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: xsherlock - Wellbia.com Co., Ltd. - C:\Windows\system32\xsherlock.xem

--
End of file - 7086 bytes

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16464
Run by Kyle at 16:07:17 on 2013-02-28
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.12279.9788 [GMT -8:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\vmnat.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\msiexec.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll
BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe"
dRun: [CtxfiReg] CTXFIREG.exe /FAIL2
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
LSP: %SystemRoot%\system32\vsocklib.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{708410F2-E837-4485-A241-99D37CF03C53} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{89623F60-1286-4BC1-A16D-681BE0839315} : DHCPNameServer = 207.204.224.10 68.68.32.123
TCP: Interfaces\{B2940847-3A96-4C3C-A282-CD171358A1C0} : DHCPNameServer = 68.68.32.123 207.204.224.10
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
x64-DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1    www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\kjhni8n7.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll
FF - ExtSQL: 2013-01-10 12:52; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\kjhni8n7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-01-15 19:18; anti_banner@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF - ExtSQL: 2013-01-15 19:18; content_blocker@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF - ExtSQL: 2013-01-15 19:18; online_banking@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF - ExtSQL: 2013-01-15 19:18; url_advisor@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF - ExtSQL: 2013-01-15 19:18; virtual_keyboard@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-1-8 283200]
R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2012-6-8 54104]
R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2012-8-13 178008]
R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\System32\drivers\CT20XUT.sys [2012-12-12 202840]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\System32\drivers\CTEXFIFX.sys [2012-12-12 1417304]
R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\System32\drivers\CTHWIUT.sys [2012-12-12 94808]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2012-5-25 29016]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2012-7-25 29528]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
R3 tapstrong;StrongVPN Adapter;C:\Windows\System32\drivers\tapstrong.sys [2012-12-23 35520]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [2012-8-17 356376]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-5-13 96896]
S3 CT20XUT;CT20XUT;C:\Windows\System32\drivers\CT20XUT.sys [2012-12-12 202840]
S3 CTEXFIFX;CTEXFIFX;C:\Windows\System32\drivers\CTEXFIFX.sys [2012-12-12 1417304]
S3 CTHWIUT;CTHWIUT;C:\Windows\System32\drivers\CTHWIUT.sys [2012-12-12 94808]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-1-9 24176]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-10 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-12 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-12-10 1255736]
S3 xsherlock;xsherlock;C:\Windows\System32\xsherlock.xem --> C:\Windows\System32\xsherlock.xem [?]
S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-9-27 239616]
S4 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-12-13 79360]
S4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-12-10 79360]
S4 DirMngr;DirMngr;C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [2011-3-2 224256]
S4 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-9 398184]
S4 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-9 682344]
S4 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-1-9 1103392]
S4 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-1-9 1369624]
S4 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-1-9 168384]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]
S4 StrongService;StrongService;C:\Program Files (x86)\StrongVPN\StrongService.exe [2012-12-23 27648]
S4 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-1-15 3467768]
S4 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-8-29 846448]
S4 VMwareHostd;VMware Workstation Server;C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2012-1-18 11839488]
.
=============== Created Last 30 ================
.
2013-03-01 00:02:24    388096    ----a-r-    C:\Users\Kyle\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-03-01 00:02:24    --------    d-----w-    C:\Program Files (x86)\Trend Micro
2013-02-28 23:56:32    --------    d-----w-    C:\Program Files\Unlocker
2013-02-28 23:36:47    76232    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7E5EFA7C-6FC7-4B9C-828C-55D97F276A7D}\offreg.dll
2013-02-27 00:02:37    --------    d-----w-    C:\Users\Kyle\AppData\Roaming\.minecraft
2013-02-27 00:02:21    627600    ----a-w-    C:\Windows\System32\deployJava1.dll
2013-02-20 23:34:28    --------    d-----w-    C:\Windows\System32\wbem\repository
2013-02-20 22:22:42    --------    d-----w-    C:\Users\Kyle\AppData\Local\ElevatedDiagnostics
2013-02-20 22:21:24    --------    d-----w-    C:\Users\Kyle\AppData\Local\Microsoft Corporation
2013-02-20 22:21:13    --------    d-----w-    C:\Program Files (x86)\Microsoft Windows 7 Upgrade Advisor
2013-02-19 05:32:02    --------    d-----w-    C:\Program Files (x86)\LOLReplay
2013-02-19 03:56:25    1332    ----a-w-    C:\reset.cmd
2013-02-19 03:33:51    --------    d-----w-    C:\Program Files (x86)\Common Files\HP
2013-02-19 03:07:22    9161176    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7E5EFA7C-6FC7-4B9C-828C-55D97F276A7D}\mpengine.dll
2013-02-15 22:04:52    208448    ----a-w-    C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2013-02-15 06:10:14    --------    d-----w-    C:\Program Files\Ventrilo
2013-02-13 08:20:38    996352    ----a-w-    C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 08:20:38    768000    ----a-w-    C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-09 20:55:22    --------    d-----r-    C:\Program Files (x86)\Skype
2013-02-08 06:18:50    --------    d-----w-    C:\Program Files (x86)\Grinding Gear Games
2013-02-07 08:28:42    --------    d-----w-    C:\ProgramData\regid.1986-12.com.adobe
2013-02-06 07:15:51    --------    d-----w-    C:\Program Files\Core Temp
2013-02-06 07:15:20    --------    d-----w-    C:\ProgramData\APN
.
==================== Find3M  ====================
.
2013-02-10 00:05:13    74096    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-10 00:05:13    697712    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-01-17 09:28:58    273840    ------w-    C:\Windows\System32\MpSigStub.exe
2013-01-16 03:17:57    54104    ----a-w-    C:\Windows\System32\drivers\kltdi.sys
2013-01-16 03:17:57    29528    ----a-w-    C:\Windows\System32\drivers\klmouflt.sys
2013-01-16 03:17:57    29016    ----a-w-    C:\Windows\System32\drivers\klkbdflt.sys
2013-01-09 01:19:09    2312704    ----a-w-    C:\Windows\System32\jscript9.dll
2013-01-09 01:12:03    1392128    ----a-w-    C:\Windows\System32\wininet.dll
2013-01-09 01:11:06    1494528    ----a-w-    C:\Windows\System32\inetcpl.cpl
2013-01-09 01:07:51    173056    ----a-w-    C:\Windows\System32\ieUnatt.exe
2013-01-09 01:07:47    599040    ----a-w-    C:\Windows\System32\vbscript.dll
2013-01-09 01:04:42    2382848    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-01-08 22:11:21    1800704    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-01-08 22:03:20    1129472    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-01-08 22:03:12    1427968    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2013-01-08 21:59:02    142848    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2013-01-08 21:58:29    420864    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2013-01-08 21:56:23    2382848    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-01-08 18:54:36    283200    ----a-w-    C:\Windows\System32\drivers\dtsoftbus01.sys
2013-01-05 05:53:43    5553512    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-01-05 05:00:15    3967848    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00:11    3913064    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2013-01-04 05:46:09    215040    ----a-w-    C:\Windows\System32\winsrv.dll
2013-01-04 04:51:16    5120    ----a-w-    C:\Windows\SysWow64\wow32.dll
2013-01-04 04:43:21    44032    ----a-w-    C:\Windows\apppatch\acwow64.dll
2013-01-04 03:26:48    3153408    ----a-w-    C:\Windows\System32\win32k.sys
2013-01-04 02:47:35    25600    ----a-w-    C:\Windows\SysWow64\setup16.exe
2013-01-04 02:47:34    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe
2013-01-04 02:47:34    2048    ----a-w-    C:\Windows\SysWow64\user.exe
2013-01-04 02:47:33    14336    ----a-w-    C:\Windows\SysWow64\ntvdm64.dll
2013-01-03 06:00:54    1913192    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-01-03 06:00:42    288088    ----a-w-    C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-12-22 22:40:55    666720    ----a-w-    C:\Windows\SysWow64\xsherlock.xem
2012-12-22 00:53:18    35520    ----a-w-    C:\Windows\System32\drivers\tapstrong.sys
2012-12-16 17:11:22    46080    ----a-w-    C:\Windows\System32\atmlib.dll
2012-12-16 14:45:03    367616    ----a-w-    C:\Windows\System32\atmfd.dll
2012-12-16 14:13:28    295424    ----a-w-    C:\Windows\SysWow64\atmfd.dll
2012-12-16 14:13:20    34304    ----a-w-    C:\Windows\SysWow64\atmlib.dll
2012-12-15 00:49:28    24176    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2012-12-13 23:15:39    466520    ----a-w-    C:\Windows\System32\wrap_oal.dll
2012-12-13 23:15:39    445016    ----a-w-    C:\Windows\SysWow64\wrap_oal.dll
2012-12-13 23:15:39    123480    ----a-w-    C:\Windows\System32\OpenAL32.dll
2012-12-13 23:15:38    109144    ----a-w-    C:\Windows\SysWow64\OpenAL32.dll
2012-12-13 15:21:11    175616    ----a-w-    C:\Windows\System32\msclmd.dll
2012-12-13 15:21:11    152576    ----a-w-    C:\Windows\SysWow64\msclmd.dll
2012-12-11 04:38:48    0    ----a-w-    C:\Windows\ativpsrm.bin
2012-12-07 13:20:16    441856    ----a-w-    C:\Windows\System32\Wpc.dll
2012-12-07 13:15:31    2746368    ----a-w-    C:\Windows\System32\gameux.dll
2012-12-07 12:26:17    308736    ----a-w-    C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:43    2576384    ----a-w-    C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:04    30720    ----a-w-    C:\Windows\System32\usk.rs
2012-12-07 11:20:03    43520    ----a-w-    C:\Windows\System32\csrr.rs
2012-12-07 11:20:03    23552    ----a-w-    C:\Windows\System32\oflc.rs
2012-12-07 11:20:01    45568    ----a-w-    C:\Windows\System32\oflc-nz.rs
2012-12-07 11:20:01    44544    ----a-w-    C:\Windows\System32\pegibbfc.rs
2012-12-07 11:20:01    20480    ----a-w-    C:\Windows\System32\pegi-fi.rs
2012-12-07 11:20:00    20480    ----a-w-    C:\Windows\System32\pegi-pt.rs
2012-12-07 11:19:59    20480    ----a-w-    C:\Windows\System32\pegi.rs
2012-12-07 11:19:58    46592    ----a-w-    C:\Windows\System32\fpb.rs
2012-12-07 11:19:57    40960    ----a-w-    C:\Windows\System32\cob-au.rs
2012-12-07 11:19:57    21504    ----a-w-    C:\Windows\System32\grb.rs
2012-12-07 11:19:57    15360    ----a-w-    C:\Windows\System32\djctq.rs
2012-12-07 11:19:56    55296    ----a-w-    C:\Windows\System32\cero.rs
2012-12-07 11:19:55    51712    ----a-w-    C:\Windows\System32\esrb.rs
.
============= FINISH: 16:07:26.43 ===============

Attached Files


Edited by nasdaq, 02 March 2013 - 10:05 AM.
DDS log posted.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:09 PM

Posted 02 March 2013 - 10:07 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.
 
If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===
Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix
 
IMPORTANT !!! Save ComboFix.exe to your Desktop
 
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Do not install any other programs until this if fixed.
 
How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html
 
Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note: Do not mouse click ComboFix's window while it's running. That may cause it to stall
 
Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html
 
Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===
 
Third party programs if not up to date can be the cause of infiltration an infection.
 
Please run this security check for my review.
 
Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===
 
Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.
 
Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
Please post the logs and let me know if the problem persists.


#3 insaniak

insaniak
  • Topic Starter

  • Members
  • 198 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 07 March 2013 - 06:22 PM

ComboFix 13-03-07.02 - Kyle 03/07/2013  13:22:54.2.8 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.12279.10347 [GMT -8:00]
Running from: c:\users\Kyle\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\DEBUG.log
c:\windows\SysWow64\tooldownloadreadme.htm
.
.
(((((((((((((((((((((((((   Files Created from 2013-02-07 to 2013-03-07  )))))))))))))))))))))))))))))))
.
.
2013-03-07 21:26 . 2013-03-07 21:26    --------    d-----w-    c:\users\Public\AppData\Local\temp
2013-03-07 21:26 . 2013-03-07 21:26    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-03-07 21:26 . 2013-03-07 21:26    --------    d-----w-    c:\users\Administrator\AppData\Local\temp
2013-03-01 00:02 . 2013-03-01 00:02    388096    ----a-r-    c:\users\Kyle\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-03-01 00:02 . 2013-03-01 00:02    --------    d-----w-    c:\program files (x86)\Trend Micro
2013-02-28 23:56 . 2013-02-28 23:56    --------    d-----w-    c:\program files\Unlocker
2013-02-27 00:02 . 2013-02-27 00:02    --------    d-----w-    c:\users\Kyle\AppData\Roaming\.minecraft
2013-02-27 00:02 . 2013-02-27 00:02    627600    ----a-w-    c:\windows\system32\deployJava1.dll
2013-02-27 00:02 . 2013-02-27 00:02    252296    ----a-w-    c:\windows\system32\javaws.exe
2013-02-27 00:02 . 2013-02-27 00:02    188808    ----a-w-    c:\windows\system32\javaw.exe
2013-02-27 00:02 . 2013-02-27 00:02    188808    ----a-w-    c:\windows\system32\java.exe
2013-02-27 00:02 . 2013-02-27 00:02    --------    d-----w-    c:\program files\Java
2013-02-20 23:34 . 2013-03-07 20:49    --------    d-----w-    c:\windows\system32\wbem\repository
2013-02-20 22:22 . 2013-02-20 22:22    --------    d-----w-    c:\users\Kyle\AppData\Local\ElevatedDiagnostics
2013-02-20 22:21 . 2013-02-20 22:21    --------    d-----w-    c:\users\Kyle\AppData\Local\Microsoft Corporation
2013-02-20 22:21 . 2013-02-20 22:21    --------    d-----w-    c:\program files (x86)\Microsoft Windows 7 Upgrade Advisor
2013-02-19 05:32 . 2013-02-19 05:32    --------    d-----w-    c:\program files (x86)\LOLReplay
2013-02-19 03:56 . 2013-02-19 03:59    1332    ----a-w-    C:\reset.cmd
2013-02-19 03:33 . 2013-02-19 03:33    --------    d-----w-    c:\program files (x86)\Common Files\HP
2013-02-19 03:07 . 2013-01-08 05:32    9161176    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{7E5EFA7C-6FC7-4B9C-828C-55D97F276A7D}\mpengine.dll
2013-02-15 22:04 . 2013-02-15 22:04    208448    ----a-w-    c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2013-02-15 06:10 . 2013-02-16 07:49    --------    d-----w-    c:\users\Kyle\AppData\Roaming\Ventrilo
2013-02-15 06:10 . 2013-02-15 06:10    --------    d-----w-    c:\program files\Ventrilo
2013-02-13 08:20 . 2013-01-09 01:10    996352    ----a-w-    c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 08:20 . 2013-01-08 22:01    768000    ----a-w-    c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-09 20:55 . 2013-02-09 20:55    --------    d-----w-    c:\program files (x86)\Common Files\Skype
2013-02-09 20:55 . 2013-02-09 20:55    --------    d-----r-    c:\program files (x86)\Skype
2013-02-08 06:18 . 2013-02-08 06:18    --------    d-----w-    c:\program files (x86)\Grinding Gear Games
2013-02-07 08:28 . 2013-02-07 08:28    --------    d-----w-    c:\programdata\regid.1986-12.com.adobe
2013-02-06 07:15 . 2013-02-06 07:16    --------    d-----w-    c:\program files\Core Temp
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-13 08:21 . 2012-12-11 04:59    70004024    ----a-w-    c:\windows\system32\MRT.exe
2013-02-10 00:05 . 2012-12-11 09:51    74096    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-10 00:05 . 2012-12-11 09:51    697712    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-17 09:28 . 2012-12-11 03:38    273840    ------w-    c:\windows\system32\MpSigStub.exe
2013-01-16 03:17 . 2012-07-25 22:53    29528    ----a-w-    c:\windows\system32\drivers\klmouflt.sys
2013-01-16 03:17 . 2012-06-08 19:38    54104    ----a-w-    c:\windows\system32\drivers\kltdi.sys
2013-01-16 03:17 . 2012-05-26 03:38    29016    ----a-w-    c:\windows\system32\drivers\klkbdflt.sys
2013-01-16 03:17 . 2013-01-16 02:53    613720    ----a-w-    c:\windows\system32\drivers\klif.sys
2013-01-08 18:54 . 2013-01-08 18:54    283200    ----a-w-    c:\windows\system32\drivers\dtsoftbus01.sys
2013-01-04 04:43 . 2013-02-13 08:19    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
2012-12-22 22:40 . 2012-12-22 22:40    666720    ----a-w-    c:\windows\SysWow64\xsherlock.xem
2012-12-22 00:53 . 2012-12-24 04:44    35520    ----a-w-    c:\windows\system32\drivers\tapstrong.sys
2012-12-16 17:11 . 2012-12-21 11:00    46080    ----a-w-    c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 11:00    367616    ----a-w-    c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 11:00    295424    ----a-w-    c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 11:00    34304    ----a-w-    c:\windows\SysWow64\atmlib.dll
2012-12-15 00:49 . 2013-01-09 21:10    24176    ----a-w-    c:\windows\system32\drivers\mbam.sys
2012-12-13 23:15 . 2012-12-11 04:51    466520    ----a-w-    c:\windows\system32\wrap_oal.dll
2012-12-13 23:15 . 2012-12-11 04:51    445016    ----a-w-    c:\windows\SysWow64\wrap_oal.dll
2012-12-13 23:15 . 2012-12-11 04:51    123480    ----a-w-    c:\windows\system32\OpenAL32.dll
2012-12-13 23:15 . 2012-12-11 04:51    109144    ----a-w-    c:\windows\SysWow64\OpenAL32.dll
2012-12-13 15:21 . 2009-07-14 02:36    175616    ----a-w-    c:\windows\system32\msclmd.dll
2012-12-13 15:21 . 2009-07-14 02:36    152576    ----a-w-    c:\windows\SysWow64\msclmd.dll
2012-12-11 05:07 . 2012-12-11 05:07    91648    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2012-12-11 05:07 . 2012-12-11 05:07    89088    ----a-w-    c:\windows\system32\RegisterIEPKEYs.exe
2012-12-11 05:07 . 2012-12-11 05:07    89088    ----a-w-    c:\windows\system32\ie4uinit.exe
2012-12-11 05:07 . 2012-12-11 05:07    86528    ----a-w-    c:\windows\SysWow64\iesysprep.dll
2012-12-11 05:07 . 2012-12-11 05:07    85504    ----a-w-    c:\windows\system32\iesetup.dll
2012-12-11 05:07 . 2012-12-11 05:07    82432    ----a-w-    c:\windows\system32\icardie.dll
2012-12-11 05:07 . 2012-12-11 05:07    76800    ----a-w-    c:\windows\SysWow64\SetIEInstalledDate.exe
2012-12-11 05:07 . 2012-12-11 05:07    76800    ----a-w-    c:\windows\system32\tdc.ocx
2012-12-11 05:07 . 2012-12-11 05:07    74752    ----a-w-    c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-12-11 05:07 . 2012-12-11 05:07    74752    ----a-w-    c:\windows\SysWow64\iesetup.dll
2012-12-11 05:07 . 2012-12-11 05:07    65024    ----a-w-    c:\windows\system32\pngfilt.dll
2012-12-11 05:07 . 2012-12-11 05:07    63488    ----a-w-    c:\windows\SysWow64\tdc.ocx
2012-12-11 05:07 . 2012-12-11 05:07    55296    ----a-w-    c:\windows\system32\msfeedsbs.dll
2012-12-11 05:07 . 2012-12-11 05:07    534528    ----a-w-    c:\windows\system32\ieapfltr.dll
2012-12-11 05:07 . 2012-12-11 05:07    49664    ----a-w-    c:\windows\system32\imgutil.dll
2012-12-11 05:07 . 2012-12-11 05:07    48640    ----a-w-    c:\windows\SysWow64\mshtmler.dll
2012-12-11 05:07 . 2012-12-11 05:07    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2012-12-11 05:07 . 2012-12-11 05:07    452608    ----a-w-    c:\windows\system32\dxtmsft.dll
2012-12-11 05:07 . 2012-12-11 05:07    448512    ----a-w-    c:\windows\system32\html.iec
2012-12-11 05:07 . 2012-12-11 05:07    403248    ----a-w-    c:\windows\system32\iedkcs32.dll
2012-12-11 05:07 . 2012-12-11 05:07    39936    ----a-w-    c:\windows\system32\iernonce.dll
2012-12-11 05:07 . 2012-12-11 05:07    3695416    ----a-w-    c:\windows\system32\ieapfltr.dat
2012-12-11 05:07 . 2012-12-11 05:07    367104    ----a-w-    c:\windows\SysWow64\html.iec
2012-12-11 05:07 . 2012-12-11 05:07    35840    ----a-w-    c:\windows\SysWow64\imgutil.dll
2012-12-11 05:07 . 2012-12-11 05:07    30720    ----a-w-    c:\windows\system32\licmgr10.dll
2012-12-11 05:07 . 2012-12-11 05:07    282112    ----a-w-    c:\windows\system32\dxtrans.dll
2012-12-11 05:07 . 2012-12-11 05:07    267776    ----a-w-    c:\windows\system32\ieaksie.dll
2012-12-11 05:07 . 2012-12-11 05:07    249344    ----a-w-    c:\windows\system32\webcheck.dll
2012-12-11 05:07 . 2012-12-11 05:07    23552    ----a-w-    c:\windows\SysWow64\licmgr10.dll
2012-12-11 05:07 . 2012-12-11 05:07    222208    ----a-w-    c:\windows\system32\msls31.dll
2012-12-11 05:07 . 2012-12-11 05:07    197120    ----a-w-    c:\windows\system32\msrating.dll
2012-12-11 05:07 . 2012-12-11 05:07    165888    ----a-w-    c:\windows\system32\iexpress.exe
2012-12-11 05:07 . 2012-12-11 05:07    163840    ----a-w-    c:\windows\system32\ieakui.dll
2012-12-11 05:07 . 2012-12-11 05:07    161792    ----a-w-    c:\windows\SysWow64\msls31.dll
2012-12-11 05:07 . 2012-12-11 05:07    160256    ----a-w-    c:\windows\system32\wextract.exe
2012-12-11 05:07 . 2012-12-11 05:07    160256    ----a-w-    c:\windows\system32\ieakeng.dll
2012-12-11 05:07 . 2012-12-11 05:07    152064    ----a-w-    c:\windows\SysWow64\wextract.exe
2012-12-11 05:07 . 2012-12-11 05:07    150528    ----a-w-    c:\windows\SysWow64\iexpress.exe
2012-12-11 05:07 . 2012-12-11 05:07    149504    ----a-w-    c:\windows\system32\occache.dll
2012-12-11 05:07 . 2012-12-11 05:07    145920    ----a-w-    c:\windows\system32\iepeers.dll
2012-12-11 05:07 . 2012-12-11 05:07    135168    ----a-w-    c:\windows\system32\IEAdvpack.dll
2012-12-11 05:07 . 2012-12-11 05:07    12288    ----a-w-    c:\windows\system32\mshta.exe
2012-12-11 05:07 . 2012-12-11 05:07    11776    ----a-w-    c:\windows\SysWow64\mshta.exe
2012-12-11 05:07 . 2012-12-11 05:07    114176    ----a-w-    c:\windows\system32\admparse.dll
2012-12-11 05:07 . 2012-12-11 05:07    111616    ----a-w-    c:\windows\system32\iesysprep.dll
2012-12-11 05:07 . 2012-12-11 05:07    110592    ----a-w-    c:\windows\SysWow64\IEAdvpack.dll
2012-12-11 05:07 . 2012-12-11 05:07    10752    ----a-w-    c:\windows\system32\msfeedssync.exe
2012-12-11 05:07 . 2012-12-11 05:07    103936    ----a-w-    c:\windows\system32\inseng.dll
2012-12-11 05:07 . 2012-12-11 05:07    101888    ----a-w-    c:\windows\SysWow64\admparse.dll
2012-12-11 04:50 . 2012-12-11 04:50    53248    ----a-r-    c:\users\Kyle\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2013-01-16 356376]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CtxfiReg"="CTXFIREG.exe" [2011-08-22 47104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 ALSysIO;ALSysIO;c:\users\Kyle\AppData\Local\Temp\ALSysIO64.sys [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2011-08-22 202840]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2011-08-22 1417304]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2011-08-22 94808]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-15 24176]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-12-11 1255736]
R3 xsherlock;xsherlock;c:\windows\system32\xsherlock.xem [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-09-28 239616]
R4 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-12-13 79360]
R4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-12-11 79360]
R4 DirMngr;DirMngr;c:\program files (x86)\GNU\GnuPG\dirmngr.exe [2011-03-02 224256]
R4 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-15 398184]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-15 682344]
R4 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-11-13 1103392]
R4 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-11-13 1369624]
R4 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-11-13 168384]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R4 StrongService;StrongService;c:\program files (x86)\StrongVPN\StrongService.exe [2012-12-24 27648]
R4 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-14 3467768]
R4 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-08-30 846448]
R4 VMwareHostd;VMware Workstation Server;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2012-01-18 11839488]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2011-08-08 116336]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-01-08 283200]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2013-01-16 54104]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2012-08-14 178008]
S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2011-08-22 202840]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2011-08-22 1417304]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2011-08-22 94808]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2013-01-16 29016]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2013-01-16 29528]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
S3 tapstrong;StrongVPN Adapter;c:\windows\system32\DRIVERS\tapstrong.sys [2012-12-22 35520]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-11 00:05]
.
.
--------- X64 Entries -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm
LSP: %SystemRoot%\system32\vsocklib.dll
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\kjhni8n7.default\
FF - ExtSQL: 2013-01-10 12:52; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\kjhni8n7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-01-15 19:18; anti_banner@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF - ExtSQL: 2013-01-15 19:18; content_blocker@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF - ExtSQL: 2013-01-15 19:18; online_banking@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF - ExtSQL: 2013-01-15 19:18; url_advisor@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF - ExtSQL: 2013-01-15 19:18; virtual_keyboard@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
.
- - - - ORPHANS REMOVED - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\xsherlock]
"ImagePath"="c:\windows\system32\xsherlock.xem"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
   7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
   64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
   69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
"{AF949550-9094-4807-95EC-D1C317803333}"=hex:51,66,7a,6c,4c,1d,38,12,3e,96,87,
   ab,a6,de,69,0d,ea,fa,92,83,12,de,77,27
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-03-07  13:27:53
ComboFix-quarantined-files.txt  2013-03-07 21:27
ComboFix2.txt  2013-01-10 00:58
ComboFix3.txt  2011-06-27 19:34
.
Pre-Run: 106,715,357,184 bytes free
Post-Run: 106,864,689,152 bytes free
.
- - End Of File - - D3FDF863F0009806DF022DAEB2AA27DC
 

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:09 PM

Posted 08 March 2013 - 08:35 AM

Hosts: 127.0.0.1 www.spywareinfo.com
 
Critical vulnerabilities have been identified in old version of Adobe Flash Player please get the latest version.
 
Adobe has released security updates for Adobe Flash Player 11.6.602.168 and earlier versions for Windows, Adobe Flash Player 11.6.602.167 and earlier versions for Macintosh, and Adobe Flash Player 11.2.202.270 and earlier versions for Linux. 
 
 
On the top of the page you will be given an opportunity to download the version for your operating system.
Make sure you select appropriate version.
 
You will also have an option to install the Free! McAfee Security Scan Plus Un-check the box if you are NOT using McAfee's virus protection software.
 
For the users of Internet Explorer download version 11.
 
Remove the old versions of Flash is still present.Secunia Personal Software Inspector (PSI)
<<<>>>
 
Blank Device Driver Screen
Can you give me more information on this?
 
Let me know of any remaining issues.


#5 insaniak

insaniak
  • Topic Starter

  • Members
  • 198 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 13 March 2013 - 05:27 PM

How do I remove the secunia personal software insepctor? And when I go to device manager screen its just blank. I dont know how to fix this.



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:09 PM

Posted 14 March 2013 - 08:31 AM


How do I remove the secunia personal software insepctor?

 

 
If not listed on the Add/Remove Programs list, just delete the folder where the application was placed.
 
===
 
After searching Google for this string blank device manager windows 7 I came to the conclusion that there is no simple solution to your blank Device driver page.
 
If not already done run SFC.exe
How to use the System File Checker tool to troubleshoot missing or corrupted system files on Windows Vista or on Windows 7
===
 
If that fails, ensure that you have the latest drivers.
 
Secunia Personal Software Inspector (PSI)
Secunia PSI is a security scanner which identifies programs that are insecure and need updates.
If interested in security I would download the tool and run it.
<<<>>>
 
You may also find some other fixes by searching Google as I did.


#7 insaniak

insaniak
  • Topic Starter

  • Members
  • 198 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 14 March 2013 - 12:58 PM

I have been I searched google for hours ive tried running sfc scan and it wont fix it by itself it says issado is corrupted. Im looking for help on this



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:09 PM

Posted 14 March 2013 - 01:27 PM

sfc scan and it wont fix it by itself it says issado is corrupted

Are you sure about issado?

 

Never seen this.



#9 insaniak

insaniak
  • Topic Starter

  • Members
  • 198 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 14 March 2013 - 05:47 PM

iassdo.dll



#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:09 PM

Posted 15 March 2013 - 10:11 AM


Lets have a look at what is available.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


If your operating system is 64 bit download this tool:
SystemLook_x64.exe
  • Double-click SystemLook.exe to run it.
  • Copy and paste the content of the following bold text into the main textfield:
    :filefind
    iassdo.dll
    iassdo.dll.mui
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  • Note: The log can also be found on your Desktop entitled SystemLook.txt



#11 insaniak

insaniak
  • Topic Starter

  • Members
  • 198 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 15 March 2013 - 03:08 PM

SystemLook 30.07.11 by jpshortstuff
Log created at 13:07 on 15/03/2013 by Kyle
Administrator - Elevation successful

========== filefind ==========

Searching for "iassdo.dll"
C:\Users\Kyle\Desktop\iassdo.dll    --a---- 445440 bytes    [23:44 20/02/2013]    [01:41 14/07/2009] 566C42BA91A46FA007FC892E7FAFEA7C
C:\Windows\System32\iassdo.dll    --a---- 445440 bytes    [00:09 14/07/2009]    [01:41 14/07/2009] 566C42BA91A46FA007FC892E7FAFEA7C
C:\Windows\SysWOW64\iassdo.dll    --a---- 322560 bytes    [23:53 13/07/2009]    [01:15 14/07/2009] 413EF75B686DB3EEBEE849C25859FBB4
C:\Windows\winsxs\amd64_microsoft-windows-n..tion_service_iassdo_31bf3856ad364e35_6.1.7600.16385_none_d785e6096d81d0ae\iassdo.dll    --a---- 445440 bytes    [00:09 14/07/2009]    [01:41 14/07/2009] 566C42BA91A46FA007FC892E7FAFEA7C
C:\Windows\winsxs\x86_microsoft-windows-n..tion_service_iassdo_31bf3856ad364e35_6.1.7600.16385_none_7b674a85b5245f78\iassdo.dll    --a---- 322560 bytes    [23:53 13/07/2009]    [01:15 14/07/2009] 413EF75B686DB3EEBEE849C25859FBB4

Searching for "iassdo.dll.mui"
C:\Windows\System32\en-US\iassdo.dll.mui    --a---- 47104 bytes    [05:35 14/07/2009]    [02:30 14/07/2009] 67EB435469C55E82551257C4AAF38AB0
C:\Windows\SysWOW64\en-US\iassdo.dll.mui    --a---- 5115 bytes    [00:05 14/07/2009]    [20:44 10/06/2009] 2C8E4B5C21697CC270C2024064C4EB93
C:\Windows\winsxs\amd64_microsoft-windows-n..ce_iassdo.resources_31bf3856ad364e35_6.1.7600.16385_en-us_448b1c3c529ce8ed\iassdo.dll.mui    --a---- 47104 bytes    [05:35 14/07/2009]    [02:30 14/07/2009] 67EB435469C55E82551257C4AAF38AB0
C:\Windows\winsxs\x86_microsoft-windows-n..ce_iassdo.resources_31bf3856ad364e35_6.1.7600.16385_en-us_e86c80b89a3f77b7\iassdo.dll.mui    --a---- 5115 bytes    [00:05 14/07/2009]    [20:44 10/06/2009] 2C8E4B5C21697CC270C2024064C4EB93

-= EOF =-



#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:09 PM

Posted 16 March 2013 - 06:58 AM

C:\Users\Kyle\Desktop\iassdo.dll --a---- 445440 bytes [23:44 20/02/2013] [01:41 14/07/2009] 566C42BA91A46FA007FC892E7FAFEA7C

There is no need for this file to be on your Desktop.
Please rename it to iassdo.dll.old and restart the computer normally.
If all is well then you can delete it.
==

I do not think that will solve the blank driver screen issue.

Follow the instructions on the first post of this topic.
http://social.technet.microsoft.com/Forums/en-US/w7itprohardware/thread/5a768ef4-224e-4d49-920d-440d218cb6f4/

Only one minor change to the instructions.

Under start>search programs and files, type devmgmt.msc
Right click on the devmgmt.msc and run as administrator.

Keep me posted.

#13 insaniak

insaniak
  • Topic Starter

  • Members
  • 198 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 16 March 2013 - 03:20 PM

alright done, but still nothing also its not just device manager I cannot see adapter settings as well. Im on windows 7.



#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:09 PM

Posted 17 March 2013 - 07:13 AM

This is an operating system problem.
I suggest you start a new topic in the Windows 7 Forum
http://www.bleepingcomputer.com/forums/forum167.html

I think the final result will be to reinstall the application.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users