Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

need help some programs will crash out and not load


  • Please log in to reply
14 replies to this topic

#1 Blueyestim

Blueyestim

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:11:48 AM

Posted 07 November 2013 - 03:29 PM

some of my programs will not load and have stopped working my mail is one of them some run just fine ... also my windows explorer will start then crash out i dont know whats going on here HELP please



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,211 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:48 PM

Posted 10 November 2013 - 09:55 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

Download DDS by sUBs from one of the following links, if you no longer have it available. Save it to your desktop.

1: DDS.scr (Not recommended if you use Chrome to download this .scr file. Use the other options.)
2: DDS.pif
3: DDS.COM

Double click on the DDS icon, allow it to run.
A small box will open, with an explanation about the tool. No input is needed, the scan is running.
Notepad will open with the results.
Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

dds_scr.gif

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please restart the computer before running this security check.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===

Please paste the logs in your next reply, DO NOT ATTACH THEM
Let me know what problem persists.

#3 Blueyestim

Blueyestim
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:11:48 AM

Posted 10 November 2013 - 11:45 AM

here is the reports you wanted waiting on your reply

 

thank you for the help !!

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Professional x86
Ran by Tim home on Sun 11/10/2013 at 10:54:31.71
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\fixcleaner
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\adawarebp



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Tim home\AppData\Roaming\fixcleaner"
Successfully deleted: [Folder] "C:\Users\Tim home\appdata\local\adawarebp"
Successfully deleted: [Folder] "C:\Program Files\fixcleaner"



~~~ FireFox

Emptied folder: C:\Users\Tim home\AppData\Roaming\mozilla\firefox\profiles\h41hsl18.default-1375551149044\minidumps [85 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 11/10/2013 at 10:57:09.88
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16720  BrowserJavaVersion: 10.45.2
Run by Tim home at 11:00:38 on 2013-11-10
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.2987.2036 [GMT -5:00]
.
AV: Lavasoft Ad-Aware *Enabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Aware *Enabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files\ASUSTek Computer Inc\Disk Unlocker\ASPFSVS.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\lxdiserv.exe
C:\Windows\system32\lxdicoms.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\DAODx.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
C:\PROGRA~1\AD-AWA~1\AdAware.exe
C:\Program Files\Microsoft Office\Office15\MsoSync.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe
C:\Windows\explorer.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\System32\svchost.exe -k WerSvcGroup
.

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 10/11/2013 9:19:27 PM
System Uptime: 11/10/2013 10:48:29 AM (1 hours ago)
.
Motherboard: ASUSTeK COMPUTER INC. |  | M5A97 R2.0
Processor: AMD FX™-6100 Six-Core Processor              | Socket 942 | 3300/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 1863 GiB total, 1688.251 GiB free.
D: is FIXED (NTFS) - 2048 GiB total, 1448.275 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is FIXED (NTFS) - 298 GiB total, 150.412 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: SBRE
Device ID: ROOT\LEGACY_SBRE\0000
Manufacturer:
Name: SBRE
PNP Device ID: ROOT\LEGACY_SBRE\0000
Service: SBRE
.
==== System Restore Points ===================
.
RP96: 11/5/2013 8:54:07 PM - Installed Java 7 Update 45
RP97: 11/6/2013 11:33:16 AM - Windows Update
RP98: 11/7/2013 6:27:41 AM - Removed ASUS Product Register Program
RP99: 11/7/2013 6:28:57 AM - Removed Asmedia ASM104x USB 3.0 Host Controller Driver.
RP100: 11/7/2013 8:10:52 AM - Windows Backup
RP102: 11/7/2013 11:46:49 PM - DriverUpdate Installing Drivers
RP103: 11/8/2013 12:07:00 AM - Removed WinRAR 5.00 (32-bit) (VMware ThinApp).
RP104: 11/8/2013 12:07:48 AM - Removed MSXML 4.0 SP3 Parser (KB2758694)
RP105: 11/9/2013 5:30:38 AM - Removed FixCleaner
RP106: 11/9/2013 5:47:32 AM - Installed Asmedia ASM104x USB 3.0 Host Controller Driver.
RP107: 11/9/2013 5:51:32 AM - Installed Realtek Ethernet Controller Driver
RP108: 11/9/2013 6:09:24 AM - PROPLUS
RP109: 11/10/2013 9:28:40 AM - Removed Java 7 Update 45
.
==== Installed Programs ======================
.
Ad-Aware Antivirus
Adobe Flash Player 11 Plugin
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD AVIVO Codecs
AMD Catalyst Control Center
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Fuel
AMD Media Foundation Decoders
AMD Steady Video Plug-In
AMD Wireless Display v3.0
Asmedia ASM104x USB 3.0 Host Controller Driver
ASUS Boot Setting
ASUS GPU Tweak
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Cool & Quiet
Definition Update for Microsoft Office 2013 (KB2760587) 32-Bit Edition
Disk Unlocker
DriverUpdate
Dual-Core Optimizer
eReg
ESET Online Scanner v3
ffdshow v1.1.4382 [2012-03-12]
Google Chrome
Google Update Helper
Home Media Center
HydraVision
Java 7 Update 45
Java Auto Updater
Lexmark 3500-4500 Series
Logitech SetPoint 6.61
Microsoft .NET Framework 4.5
Microsoft Access MUI (English) 2013
Microsoft Access Setup Metadata MUI (English) 2013
Microsoft Application Error Reporting
Microsoft DCF MUI (English) 2013
Microsoft Excel MUI (English) 2013
Microsoft Groove MUI (English) 2013
Microsoft InfoPath MUI (English) 2013
Microsoft Lync MUI (English) 2013
Microsoft Office OSM MUI (English) 2013
Microsoft Office OSM UX MUI (English) 2013
Microsoft Office Professional Plus 2013
Microsoft Office Proofing (English) 2013
Microsoft Office Proofing Tools 2013 - English
Microsoft Office Proofing Tools 2013 - Español
Microsoft Office Shared MUI (English) 2013
Microsoft Office Shared Setup Metadata MUI (English) 2013
Microsoft OneNote MUI (English) 2013
Microsoft Outlook MUI (English) 2013
Microsoft PowerPoint MUI (English) 2013
Microsoft Publisher MUI (English) 2013
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
Microsoft Word MUI (English) 2013
Mozilla Firefox 25.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP3 Parser
Nero 2014
Nero Audio Pack 1
Nero Blu-ray Player
Nero Blu-ray Player Help (CHM)
Nero Burning Core
Nero Burning ROM
Nero Burning ROM Help (CHM)
Nero ControlCenter
Nero ControlCenter Help (CHM)
Nero Core Components
Nero Disc Menus Basic
Nero Disc to Device
Nero Effects Basic
Nero Express
Nero Express Help (CHM)
Nero Kwik Themes Basic
Nero Launcher
Nero MediaHome
Nero MediaHome Help (CHM)
Nero PiP Effects Basic
Nero Recode
Nero Recode Help (CHM)
Nero RescueAgent
Nero RescueAgent Help (CHM)
Nero SharedVideoCodecs
Nero Video
Nero Video Help (CHM)
neroxml
Outils de vérification linguistique 2013 de Microsoft Office - Français
Prerequisite installer
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4.5 (KB2737083)
Security Update for Microsoft .NET Framework 4.5 (KB2742613)
Security Update for Microsoft .NET Framework 4.5 (KB2789648)
Security Update for Microsoft .NET Framework 4.5 (KB2833957)
Security Update for Microsoft .NET Framework 4.5 (KB2840642v2)
Security Update for Microsoft .NET Framework 4.5 (KB2861208)
Security Update for Microsoft Excel 2013 (KB2827238) 32-Bit Edition
Security Update for Microsoft Office 2013 (KB2810009) 32-Bit Edition
Security Update for Microsoft Office 2013 (KB2817623) 32-Bit Edition
Update for Microsoft .NET Framework 4.5 (KB2750147)
Update for Microsoft .NET Framework 4.5 (KB2805221)
Update for Microsoft .NET Framework 4.5 (KB2805226)
Update for Microsoft Access 2013 (KB2768008) 32-Bit Edition
Update for Microsoft InfoPath 2013 (KB2752078) 32-Bit Edition
Update for Microsoft Lync 2013 (KB2817621) 32-Bit Edition
Update for Microsoft Office 2013 (KB2726954) 32-Bit Edition
Update for Microsoft Office 2013 (KB2726996) 32-Bit Edition
Update for Microsoft Office 2013 (KB2737954) 32-Bit Edition
Update for Microsoft Office 2013 (KB2738038) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760224) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760242) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760257) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760267) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760539) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760553) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760610) 32-Bit Edition
Update for Microsoft Office 2013 (KB2767845) 32-Bit Edition
Update for Microsoft Office 2013 (KB2768016) 32-Bit Edition
Update for Microsoft Office 2013 (KB2817309) 32-Bit Edition
Update for Microsoft Office 2013 (KB2817311) 32-Bit Edition
Update for Microsoft Office 2013 (KB2817314) 32-Bit Edition
Update for Microsoft Office 2013 (KB2817316) 32-Bit Edition
Update for Microsoft Office 2013 (KB2817490) 32-Bit Edition
Update for Microsoft Office 2013 (KB2817493) 32-Bit Edition
Update for Microsoft Office 2013 (KB2817626) 32-Bit Edition
Update for Microsoft Office 2013 (KB2817640) 32-Bit Edition
Update for Microsoft Office 2013 (KB2827225) 32-Bit Edition
Update for Microsoft Office 2013 (KB2827228) 32-Bit Edition
Update for Microsoft Office 2013 (KB2827230) 32-Bit Edition
Update for Microsoft Office 2013 (KB2827235) 32-Bit Edition
Update for Microsoft OneNote 2013 (KB2810016) 32-Bit Edition
Update for Microsoft Outlook 2013 (KB2825632) 32-Bit Edition
Update for Microsoft PowerPoint 2013 (KB2726947) 32-Bit Edition
Update for Microsoft PowerPoint 2013 (KB2817625) 32-Bit Edition
Update for Microsoft Publisher 2013 (KB2752097) 32-Bit Edition
Update for Microsoft SkyDrive Pro (KB2825633) 32-Bit Edition
Update for Microsoft Visio 2013 (KB2752018) 32-Bit Edition
Update for Microsoft Visio Viewer 2013 (KB2768338) 32-Bit Edition
Update for Microsoft Word 2013 (KB2817631) 32-Bit Edition
Update for Microsoft Word 2013 (KB2827218) 32-Bit Edition
Viber
WinRAR 5.00 (32-bit)
World of Warcraft
XYplorer 13.10
.
==== End Of File ===========================
 

 

# AdwCleaner v3.011 - Report created 10/11/2013 at 11:10:56
# Updated 03/11/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : Tim home - TIMHOME-PC
# Running from : D:\New Folder\adwcleaner(4).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16720


-\\ Mozilla Firefox v25.0 (en-US)

[ File : C:\Users\Tim home\AppData\Roaming\Mozilla\Firefox\Profiles\0v1f3p4c.default\prefs.js ]


[ File : C:\Users\Tim home\AppData\Roaming\Mozilla\Firefox\Profiles\h41hsl18.default-1375551149044\prefs.js ]

Line Deleted : user_pref("extensions.gmailnoads@mywebber.com.install-event-fired", true);

*************************

AdwCleaner[R0].txt - [14752 octets] - [13/10/2013 10:08:46]
AdwCleaner[R1].txt - [2069 octets] - [07/11/2013 00:31:30]
AdwCleaner[R2].txt - [4188 octets] - [09/11/2013 04:58:12]
AdwCleaner[R3].txt - [2517 octets] - [10/11/2013 10:38:39]
AdwCleaner[R4].txt - [1401 octets] - [10/11/2013 11:09:07]
AdwCleaner[S0].txt - [15208 octets] - [13/10/2013 10:09:36]
AdwCleaner[S1].txt - [2170 octets] - [07/11/2013 00:34:15]
AdwCleaner[S2].txt - [2612 octets] - [10/11/2013 10:47:00]
AdwCleaner[S3].txt - [1324 octets] - [10/11/2013 11:10:56]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1384 octets] ##########
 

Results of screen317's Security Check version 0.99.76  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Lavasoft Ad-Aware   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Ad-Aware
 Java 7 Update 45  
 Adobe Flash Player     11.9.900.117  
 Mozilla Firefox (25.0)
 Google Chrome 22.0.1229.95  
````````Process Check: objlist.exe by Laurent````````  
 Ad-Aware AAWService.exe is disabled!
 Ad-Aware AAWTray.exe is disabled!
 Ad-Aware Antivirus AdAwareService.exe   
 Ad-Aware Antivirus SBAMSvc.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 16% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,211 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:48 PM

Posted 11 November 2013 - 07:47 AM

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: Turorial
Link 1
Link 2

IMPORTANT !!! Save ComboFix.exe to your Desktop

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe and follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note: Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

The DDS.txt log that you posted in your previous post is not complete.
Can you please run the tool again and post a complete log.
No need to include the Attach.txt log this time.

Let me know what problem persists.

#5 Blueyestim

Blueyestim
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:11:48 AM

Posted 11 November 2013 - 01:09 PM

here is the combofix log file

 

ComboFix 13-11-11.01 - Tim home 11/11/2013  12:56:46.7.6 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.2987.2351 [GMT -5:00]
Running from: c:\users\Tim home\Desktop\ComboFix.exe
AV: Lavasoft Ad-Aware *Disabled/Outdated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
SP: Lavasoft Ad-Aware *Disabled/Outdated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\FlashPlayerApp.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-11 to 2013-11-11  )))))))))))))))))))))))))))))))
.
.
2013-11-11 18:04 . 2013-11-11 18:04    --------    d-----w-    c:\users\Tim home\AppData\Local\temp
2013-11-11 18:04 . 2013-11-11 18:04    --------    d-----w-    c:\users\tim\AppData\Local\temp
2013-11-11 18:04 . 2013-11-11 18:04    --------    d-----w-    c:\users\TEMP\AppData\Local\temp
2013-11-11 18:04 . 2013-11-11 18:04    --------    d-----w-    c:\users\Public\AppData\Local\temp
2013-11-11 18:04 . 2013-11-11 18:04    --------    d-----w-    c:\users\home\AppData\Local\temp
2013-11-11 18:04 . 2013-11-11 18:04    --------    d-----w-    c:\users\hedev\AppData\Local\temp
2013-11-11 18:04 . 2013-11-11 18:04    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-11-11 07:48 . 2013-11-11 07:48    --------    d-----w-    c:\users\Tim home\AppData\Roaming\InstallShield
2013-11-11 07:48 . 2013-11-11 07:48    --------    d-----w-    C:\DRIVERS
2013-11-11 07:02 . 2013-11-11 07:02    --------    d-----w-    c:\windows\system32\BestPractices
2013-11-11 07:02 . 2013-11-11 07:02    --------    d-----w-    C:\inetpub
2013-11-10 14:41 . 2013-11-10 14:41    --------    d-----w-    c:\windows\Sun
2013-11-10 14:38 . 2013-11-10 14:38    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-11-10 07:38 . 2013-11-11 16:09    --------    d-----w-    c:\users\Tim home\AppData\Roaming\ViberPC
2013-11-10 07:37 . 2013-11-11 16:09    --------    d-----w-    c:\users\Tim home\AppData\Local\Viber
2013-11-09 10:47 . 2013-11-09 10:47    --------    d-----w-    c:\program files\ASM104xUSB3
2013-11-09 10:34 . 2013-11-09 23:01    --------    d-----w-    c:\users\Tim home\AppData\Local\ElevatedDiagnostics
2013-11-09 10:14 . 2013-11-09 10:14    --------    d-----w-    c:\windows\ERUNT
2013-11-08 04:55 . 2013-11-08 04:55    --------    d-----w-    c:\windows\system32\RTCOM
2013-11-08 04:53 . 2005-11-14 04:19    5632    ----a-w-    c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2013-11-07 11:09 . 2013-11-07 11:47    --------    d-----w-    c:\programdata\Avira
2013-11-07 11:04 . 2013-11-07 11:04    --------    d-----w-    c:\users\Tim home\AppData\Local\NativeMessaging
2013-11-07 10:44 . 2013-11-10 14:00    --------    d-----w-    c:\program files\Mozilla Maintenance Service
2013-11-07 05:18 . 2013-01-09 08:11    10240    ----a-w-    c:\windows\FreeMem.exe
2013-11-07 04:12 . 2013-11-07 04:12    --------    d-----w-    c:\users\Tim home\AppData\Roaming\Curse Advertising
2013-11-07 04:11 . 2013-11-11 15:33    --------    d-----w-    c:\users\Tim home\AppData\Local\Deployment
2013-11-05 15:45 . 2013-11-05 15:45    --------    d-----w-    c:\program files\Common Files\Motive
2013-11-05 15:44 . 2013-11-05 15:44    --------    d-----w-    c:\programdata\Motive
2013-11-05 13:10 . 2013-11-05 13:10    --------    d-----w-    c:\program files\AGEIA Technologies
2013-11-02 11:32 . 2013-11-02 11:32    --------    d-----w-    c:\users\Tim home\AppData\Local\VS Revo Group
2013-11-02 11:32 . 2013-11-02 11:32    --------    d-----w-    c:\programdata\VS Revo Group
2013-11-02 10:30 . 2013-11-02 10:30    --------    d-----w-    c:\programdata\McAfee
2013-11-02 03:10 . 2013-09-04 01:15    258560    ----a-w-    c:\windows\system32\drivers\usbhub.sys
2013-11-02 03:10 . 2013-09-04 01:14    76288    ----a-w-    c:\windows\system32\drivers\usbccgp.sys
2013-11-02 03:10 . 2013-09-04 01:14    284672    ----a-w-    c:\windows\system32\drivers\usbport.sys
2013-11-02 03:10 . 2013-09-04 01:14    43008    ----a-w-    c:\windows\system32\drivers\usbehci.sys
2013-11-02 03:10 . 2013-09-04 01:14    20480    ----a-w-    c:\windows\system32\drivers\usbohci.sys
2013-11-02 03:10 . 2013-09-04 01:14    24064    ----a-w-    c:\windows\system32\drivers\usbuhci.sys
2013-11-02 03:10 . 2013-09-04 01:14    6016    ----a-w-    c:\windows\system32\drivers\usbd.sys
2013-11-02 03:10 . 2012-08-24 17:05    136560    ----a-w-    c:\windows\system32\drivers\ksecpkg.sys
2013-11-02 03:10 . 2012-08-24 17:02    369856    ----a-w-    c:\windows\system32\drivers\cng.sys
2013-11-02 03:10 . 2012-08-24 16:57    247808    ----a-w-    c:\windows\system32\schannel.dll
2013-11-02 03:10 . 2012-08-24 16:56    1039360    ----a-w-    c:\windows\system32\lsasrv.dll
2013-11-02 03:09 . 2012-05-04 09:59    514560    ----a-w-    c:\windows\system32\qdvd.dll
2013-10-31 14:34 . 2013-10-31 14:34    --------    d-----w-    c:\programdata\ATI
2013-10-31 14:34 . 2013-10-31 14:34    --------    d-----w-    c:\users\Tim home\AppData\Roaming\library_dir
2013-10-31 14:33 . 2013-11-05 14:42    --------    d-----w-    c:\program files\AMD AVT
2013-10-31 13:09 . 2013-10-31 13:09    --------    d-----w-    c:\program files\Common Files\ATI Technologies
2013-10-30 12:24 . 2013-10-30 12:26    --------    d-----w-    c:\windows\system32\MRT
2013-10-30 12:12 . 2013-11-08 04:45    13464    ----a-w-    c:\windows\system32\drivers\SWDUMon.sys
2013-10-30 12:12 . 2013-10-30 12:12    --------    d-----w-    c:\users\Tim home\AppData\Local\SlimWare Utilities Inc
2013-10-30 12:11 . 2013-10-30 12:11    --------    d-----w-    c:\program files\DriverUpdate
2013-10-29 22:32 . 2012-08-16 13:11    109568    ----a-w-    c:\windows\system32\atiuxpag.dll
2013-10-29 22:22 . 2013-10-29 22:22    38912    ----a-w-    c:\windows\system32\kdbsdk32.dll
2013-10-29 14:55 . 2013-10-29 14:55    --------    d-----w-    c:\users\Tim home\AppData\Local\Blizzard Entertainment
2013-10-29 13:01 . 2013-11-09 17:08    --------    d-----w-    c:\program files\World of Warcraft
2013-10-29 13:01 . 2013-11-05 14:15    --------    d-----w-    c:\program files\Common Files\Blizzard Entertainment
2013-10-29 13:01 . 2013-10-29 13:01    --------    d-----w-    c:\programdata\Blizzard Entertainment
2013-10-29 12:52 . 2013-11-05 14:42    --------    d-----w-    c:\programdata\Battle.net
2013-10-29 12:28 . 2013-10-29 12:28    --------    d-----w-    c:\users\Tim home\AppData\Local\AMD
2013-10-29 12:27 . 2013-10-29 12:27    --------    d-----w-    c:\users\Tim home\AppData\Roaming\ATI
2013-10-29 12:27 . 2013-10-29 12:27    --------    d-----w-    c:\users\Tim home\AppData\Local\ATI
2013-10-29 12:26 . 2013-10-29 12:26    0    ----a-w-    c:\windows\ativpsrm.bin
2013-10-29 12:23 . 2013-10-31 14:33    --------    d-----w-    c:\programdata\AMD
2013-10-29 12:22 . 2012-06-11 17:20    442368    ----a-w-    c:\windows\system32\ATIDEMGX.dll
2013-10-29 12:05 . 2013-10-29 12:05    53248    ----a-r-    c:\users\Tim home\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2013-10-29 12:05 . 2013-11-10 17:37    16400    ----a-w-    c:\windows\system32\drivers\LNonPnP.sys
2013-10-29 10:58 . 2013-10-29 10:58    --------    d-----w-    c:\program files\ASUSTek Computer Inc
2013-10-29 10:58 . 2012-08-17 20:23    755200    ------w-    c:\users\Tim home\AppData\Roaming\Microsoft\Windows\Templates\1028.msi
2013-10-29 10:50 . 2012-06-12 14:00    552080    ----a-w-    c:\windows\system32\drivers\Rt86win7.sys
2013-10-29 10:50 . 2012-06-12 14:00    80488    ----a-w-    c:\windows\system32\RtNicProp32.dll
2013-10-29 10:50 . 2012-06-12 14:00    100896    ----a-w-    c:\windows\system32\RTNUninst32.dll
2013-10-29 10:48 . 2011-08-11 08:55    1332    ------r-    c:\windows\system32\drivers\DTSU2P.DAT
2013-10-29 10:47 . 2013-11-08 04:55    --------    d--h--w-    c:\program files\Temp
2013-10-29 10:46 . 2000-01-01 00:00    2080472    ----a-w-    c:\windows\RtlExUpd.dll
2013-10-29 10:46 . 2013-11-05 14:42    --------    d-----w-    c:\program files\AMD APP
2013-10-29 10:46 . 2012-08-28 12:27    45736    ----a-r-    c:\windows\system32\drivers\usbfilter.sys
2013-10-29 10:46 . 2013-10-29 10:46    --------    dc----w-    c:\windows\system32\DRVSTORE
2013-10-29 10:45 . 2013-11-02 02:10    --------    d-----w-    c:\program files\ATI Technologies
2013-10-29 10:45 . 2013-10-29 10:45    16896    ----a-w-    c:\windows\AsTaskSched.dll
2013-10-29 10:43 . 2013-10-29 10:43    311428    ----a-w-    c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll
2013-10-29 10:43 . 2013-10-29 10:43    184452    ----a-w-    c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll
2013-10-29 10:43 . 2003-09-03 06:28    724992    ----a-w-    c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll
2013-10-29 10:43 . 2003-09-03 06:27    69715    ----a-w-    c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll
2013-10-29 10:43 . 2003-09-03 06:26    266240    ----a-w-    c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll
2013-10-29 10:43 . 2003-09-03 06:26    192512    ----a-w-    c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll
2013-10-29 10:43 . 2003-09-03 06:25    5632    ----a-w-    c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe
2013-10-23 22:45 . 2013-10-23 22:45    --------    d-----w-    c:\users\Tim home\AppData\Roaming\Leadertech
2013-10-23 22:43 . 2013-10-23 22:46    --------    d-----w-    c:\programdata\Logishrd
2013-10-23 22:43 . 2013-10-23 22:43    --------    d-----w-    c:\program files\Logitech
2013-10-23 22:43 . 2013-10-29 12:05    --------    d-----w-    c:\program files\Common Files\Logishrd
2013-10-23 22:41 . 2013-10-29 12:02    --------    d-----w-    c:\users\Tim home\AppData\Roaming\Logishrd
2013-10-23 22:41 . 2013-10-23 22:46    --------    d-----w-    c:\users\Tim home\AppData\Roaming\Logitech
2013-10-16 03:04 . 2013-10-16 03:15    --------    d-----w-    c:\users\Tim home\AppData\Roaming\Home Media Center
2013-10-16 02:49 . 2013-10-16 02:49    --------    d-----w-    c:\program files\Home Media Center
2013-10-16 02:41 . 2012-02-26 20:47    79360    ----a-w-    c:\windows\system32\ff_vfw.dll
2013-10-16 02:41 . 2013-11-05 14:43    --------    d-----w-    c:\program files\ffdshow
2013-10-16 02:41 . 2013-10-16 02:41    --------    d-----w-    c:\program files\Common Files\WebM Project
2013-10-15 04:06 . 2013-10-15 04:06    --------    d-----w-    c:\users\Default\AppData\Local\Microsoft Help
2013-10-14 22:09 . 2013-10-14 22:09    --------    d-----w-    c:\windows\PCHEALTH
2013-10-14 22:05 . 2013-10-14 22:06    --------    d-----w-    c:\programdata\Microsoft Toolkit
2013-10-14 01:13 . 2013-10-14 01:13    --------    d-----w-    c:\program files\MSXML 4.0
2013-10-13 16:54 . 2013-04-17 07:02    1230336    ----a-w-    c:\windows\system32\WindowsCodecs.dll
2013-10-13 15:08 . 2013-11-10 16:11    --------    d-----w-    C:\AdwCleaner
2013-10-13 15:00 . 2013-10-13 15:00    9728    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-10-13 05:58 . 2013-10-13 05:58    --------    d-----w-    c:\programdata\Logs
2013-10-13 04:26 . 2013-10-14 02:13    --------    d-----w-    c:\programdata\Nero
2013-10-13 04:17 . 2010-05-26 15:41    248672    ----a-w-    c:\windows\system32\d3dx11_43.dll
2013-10-13 04:15 . 2010-05-26 15:41    470880    ----a-w-    c:\windows\system32\d3dx10_43.dll
2013-10-13 04:12 . 2010-05-26 15:41    1998168    ----a-w-    c:\windows\system32\D3DX9_43.dll
2013-10-13 04:11 . 2010-05-26 15:41    1868128    ----a-w-    c:\windows\system32\d3dcsx_43.dll
2013-10-13 04:09 . 2010-05-26 15:41    2106216    ----a-w-    c:\windows\system32\D3DCompiler_43.dll
2013-10-13 03:35 . 2013-05-23 12:39    43368    ----a-w-    c:\windows\system32\drivers\gfiark.sys
2013-10-13 02:32 . 2013-10-13 02:32    --------    d-----w-    c:\users\Tim home\AppData\Roaming\LavasoftStatistics
2013-10-13 02:31 . 2013-10-13 02:31    --------    d-----w-    c:\windows\system32\drivers\VDD
2013-10-13 02:29 . 2013-10-13 02:29    --------    d-----w-    c:\programdata\Downloaded Installations
2013-10-13 02:29 . 2013-10-13 02:29    --------    d-----w-    c:\users\Tim home\AppData\Roaming\SecureSearch
2013-10-13 02:28 . 2013-10-13 02:28    13560    ----a-w-    c:\windows\system32\drivers\gfibto.sys
2013-10-13 02:24 . 2013-10-13 02:34    --------    d-----w-    c:\programdata\Ad-Aware Antivirus
2013-10-13 01:50 . 2013-10-13 01:50    --------    d-----w-    c:\programdata\Kerish Products
2013-10-13 01:14 . 2013-10-13 15:09    --------    d-----w-    c:\programdata\Uniblue
2013-10-13 00:55 . 2013-10-13 00:55    --------    d-----w-    c:\users\Tim home\AppData\Local\adaware
2013-10-13 00:55 . 2013-10-13 02:34    --------    d-----w-    c:\programdata\Ad-Aware Browsing Protection
2013-10-13 00:54 . 2013-11-05 14:43    --------    d-----w-    c:\program files\Ad-Aware Antivirus
2013-10-13 00:54 . 2013-11-11 07:46    --------    d-----w-    c:\users\Tim home\AppData\Roaming\Ad-Aware Antivirus
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-10 13:54 . 2013-10-12 04:37    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-08 14:01 . 2013-10-08 14:01    141256    ----a-w-    c:\windows\system32\amdhcp32.dll
2013-10-08 13:39 . 2013-10-08 13:39    200704    ----a-w-    c:\windows\system32\clinfo.exe
2013-10-08 13:39 . 2013-10-08 13:39    995342    ----a-w-    c:\windows\system32\amdocl_as32.exe
2013-10-08 13:39 . 2013-10-08 13:39    798734    ----a-w-    c:\windows\system32\amdocl_ld32.exe
2013-10-08 13:38 . 2013-10-08 13:38    83456    ----a-w-    c:\windows\system32\OpenVideo.dll
2013-10-08 13:38 . 2013-10-08 13:38    73216    ----a-w-    c:\windows\system32\OVDecode.dll
2013-10-08 13:36 . 2013-10-08 13:36    23761408    ----a-w-    c:\windows\system32\amdocl.dll
2013-10-08 13:34 . 2013-10-08 13:34    57344    ----a-w-    c:\windows\system32\OpenCL.dll
2013-09-24 14:52 . 2013-09-24 14:52    77312    ----a-w-    c:\windows\system32\drivers\AtihdW73.sys
2013-09-24 14:50 . 2013-09-24 14:50    84480    ----a-w-    c:\windows\system32\DelayAPO.dll
2013-09-16 04:50 . 2013-10-12 01:35    7328304    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{A97D212D-FC4F-468D-BACD-F0C29D395C2A}\mpengine.dll
2013-09-14 01:30 . 2013-10-12 02:07    737072    ----a-w-    c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2013-09-14 01:30 . 2013-10-12 02:07    2876528    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-09-14 01:30 . 2013-10-12 02:07    42776    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-09-14 01:30 . 2013-10-12 02:07    539984    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-09-14 00:48 . 2013-10-12 14:27    338944    ----a-w-    c:\windows\system32\drivers\afd.sys
2013-09-08 02:07 . 2013-10-12 14:27    1294272    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:03 . 2013-10-12 14:27    231424    ----a-w-    c:\windows\system32\mswsock.dll
2013-08-29 01:51 . 2013-10-12 14:25    3969472    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-08-29 01:51 . 2013-10-12 14:25    3914176    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-08-29 01:50 . 2013-10-12 14:25    1289096    ----a-w-    c:\windows\system32\ntdll.dll
2013-08-29 01:50 . 2013-10-12 14:25    619520    ----a-w-    c:\windows\system32\tdh.dll
2013-08-29 01:48 . 2013-10-12 14:25    640512    ----a-w-    c:\windows\system32\advapi32.dll
2013-08-28 01:04 . 2013-10-12 14:25    2348544    ----a-w-    c:\windows\system32\win32k.sys
2013-08-28 00:57 . 2013-10-12 14:25    434688    ----a-w-    c:\windows\system32\scavengeui.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-09-13 10:02    1724616    ----a-w-    c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-09-13 10:02    1724616    ----a-w-    c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-09-13 10:02    1724616    ----a-w-    c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HydraVisionDesktopManager"="c:\program files\ATI Technologies\HydraVision\HydraDM.exe" [2012-08-16 393216]
"Viber"="c:\users\Tim home\AppData\Local\Viber\Viber.exe" [2013-07-31 912904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI.exe" [2000-01-01 6336216]
"lxdimon.exe"="c:\program files\Lexmark 3500-4500 Series\lxdimon.exe" [2009-04-27 434856]
"lxdiamon"="c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe" [2009-04-27 25256]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2013-07-31 2296600]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2013-09-27 559696]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2013-06-13 19:31    64280    ----a-w-    c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [x]
R2 ca82e1a5;Optimizer Pro Crash Monitor; [x]
R2 SBAMSvc;Ad-Aware;c:\program files\Ad-Aware Antivirus\SBAMSvc.exe [2012-09-20 3677000]
R3 amdiox86;AMD IO Driver; [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2009-11-11 22392]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [2013-05-23 43368]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [2013-11-08 13464]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 27136]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-10-12 1343400]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
R4 ASGT;ASGT;c:\windows\System32\ASGT.exe [2012-01-17 55296]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-10-13 13560]
S1 VDiskBus;ASUS Disk Unlocker;c:\windows\system32\DRIVERS\VDiskBus32.sys [2012-06-01 37664]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files\Ad-Aware Antivirus\AdAwareService.exe [2013-06-13 1236336]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-08-16 217600]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-10-29 276992]
S2 AODDriver4.2.0;AODDriver4.2.0;c:\program files\AMD\OverDrive\i386\AODDriver2.sys [2013-05-24 49384]
S2 ASDiskUnlocker;ASDiskUnlocker;c:\program files\ASUSTek Computer Inc\Disk Unlocker\ASPFSVS.exe [2012-06-18 187552]
S2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe [2007-06-11 517040]
S2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxdiserv.exe [2007-06-11 99248]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2012-09-13 66344]
S3 ASFLTDrv.sys;ASFLTDrv.sys;c:\program files\ASUSTek Computer Inc\Disk Unlocker\ASFLTDrv.sys [2010-09-17 17408]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-11-03 102888]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-11-03 313832]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2013-09-24 77312]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\Drivers\LEqdUsb.Sys [2013-05-23 42264]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\Drivers\LHidEqd.Sys [2013-05-23 10136]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2012-06-12 552080]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2012-08-28 45736]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASFLTDRV.SYS
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
iissvcs    REG_MULTI_SZ       w3svc was
apphost    REG_MULTI_SZ       apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-12 13:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office15\ONBttnIE.dll/105
Trusted Zone: $talisma_url$
TCP: DhcpNameServer = 192.168.1.254
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Tim home\AppData\Roaming\Mozilla\Firefox\Profiles\h41hsl18.default-1375551149044\
FF - prefs.js: browser.startup.homepage - hxxp://yahoo.com/
FF - ExtSQL: 2013-10-12 23:31; adblockpopups@jessehakanen.net; c:\users\Tim home\AppData\Roaming\Mozilla\Firefox\Profiles\h41hsl18.default-1375551149044\extensions\adblockpopups@jessehakanen.net.xpi
FF - ExtSQL: 2013-10-23 18:44; {F003DA68-8256-4b37-A6C4-350FA04494DF}; c:\program files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF - ExtSQL: 2013-11-02 07:04; gmailnoads@mywebber.com; c:\users\Tim home\AppData\Roaming\Mozilla\Firefox\Profiles\h41hsl18.default-1375551149044\extensions\gmailnoads@mywebber.com.xpi
FF - ExtSQL: 2013-11-06 22:50; {bee6eb20-01e0-ebd1-da83-080329fb9a3a}; c:\users\Tim home\AppData\Roaming\Mozilla\Firefox\Profiles\h41hsl18.default-1375551149044\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
FF - ExtSQL: 2013-11-06 22:52; artur.dubovoy@gmail.com; c:\users\Tim home\AppData\Roaming\Mozilla\Firefox\Profiles\h41hsl18.default-1375551149044\extensions\artur.dubovoy@gmail.com.xpi
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-11-11  13:05:13
ComboFix-quarantined-files.txt  2013-11-11 18:05
ComboFix2.txt  2013-11-07 06:53
ComboFix3.txt  2013-11-07 06:03
ComboFix4.txt  2013-11-06 16:32
ComboFix5.txt  2013-11-11 17:56
.
Pre-Run: 1,816,440,135,680 bytes free
Post-Run: 1,816,667,537,408 bytes free
.
- - End Of File - - C40F85ECBA1221F5FA49BA7FDA7B4299
A36C5E4F47E84449FF07ED3517B43A31
 



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,211 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:48 PM

Posted 11 November 2013 - 02:14 PM

Open notepad and copy/paste the text in the quote box below into it:
 
Driver::
ca82e1a5

Save this as CFScript.txt on your desktop.

CFScriptB-4.gif

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.

Let me know what problem persists.

#7 Blueyestim

Blueyestim
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:11:48 AM

Posted 11 November 2013 - 03:21 PM

if go right into explorer is will open now but if i right click on screen and open screen resolution goto advanced it will still crash out so still some problems going on

 

here is the 2nd combofix log after CFScript

 

 

 

ComboFix 13-11-11.01 - Tim home 11/11/2013  14:48:17.8.6 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.2987.2067 [GMT -5:00]
Running from: c:\users\Tim home\Desktop\ComboFix.exe
Command switches used :: c:\users\Tim home\Desktop\CFScript.txt
AV: Lavasoft Ad-Aware *Disabled/Outdated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
SP: Lavasoft Ad-Aware *Disabled/Outdated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_ca82e1a5
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-11 to 2013-11-11  )))))))))))))))))))))))))))))))
.
.
2013-11-11 19:55 . 2013-11-11 19:55    --------    d-----w-    c:\users\tim\AppData\Local\temp
2013-11-11 19:55 . 2013-11-11 19:55    --------    d-----w-    c:\users\TEMP\AppData\Local\temp
2013-11-11 19:55 . 2013-11-11 19:55    --------    d-----w-    c:\users\Public\AppData\Local\temp
2013-11-11 19:55 . 2013-11-11 19:55    --------    d-----w-    c:\users\home\AppData\Local\temp
2013-11-11 19:55 . 2013-11-11 19:55    --------    d-----w-    c:\users\hedev\AppData\Local\temp
2013-11-11 19:55 . 2013-11-11 19:55    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-11-11 18:05 . 2013-11-11 19:57    --------    d-----w-    c:\users\Tim home\AppData\Local\temp
2013-11-11 07:48 . 2013-11-11 07:48    --------    d-----w-    c:\users\Tim home\AppData\Roaming\InstallShield
2013-11-11 07:48 . 2013-11-11 07:48    --------    d-----w-    C:\DRIVERS
2013-11-11 07:02 . 2013-11-11 07:02    --------    d-----w-    c:\windows\system32\BestPractices
2013-11-11 07:02 . 2013-11-11 07:02    --------    d-----w-    C:\inetpub
2013-11-10 14:41 . 2013-11-10 14:41    --------    d-----w-    c:\windows\Sun
2013-11-10 14:38 . 2013-11-10 14:38    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-11-10 07:38 . 2013-11-11 19:57    --------    d-----w-    c:\users\Tim home\AppData\Roaming\ViberPC
2013-11-10 07:37 . 2013-11-11 19:57    --------    d-----w-    c:\users\Tim home\AppData\Local\Viber
2013-11-09 10:47 . 2013-11-09 10:47    --------    d-----w-    c:\program files\ASM104xUSB3
2013-11-09 10:34 . 2013-11-09 23:01    --------    d-----w-    c:\users\Tim home\AppData\Local\ElevatedDiagnostics
2013-11-09 10:14 . 2013-11-09 10:14    --------    d-----w-    c:\windows\ERUNT
2013-11-08 04:55 . 2013-11-08 04:55    --------    d-----w-    c:\windows\system32\RTCOM
2013-11-08 04:53 . 2005-11-14 04:19    5632    ----a-w-    c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2013-11-07 11:09 . 2013-11-07 11:47    --------    d-----w-    c:\programdata\Avira
2013-11-07 11:04 . 2013-11-07 11:04    --------    d-----w-    c:\users\Tim home\AppData\Local\NativeMessaging
2013-11-07 10:44 . 2013-11-10 14:00    --------    d-----w-    c:\program files\Mozilla Maintenance Service
2013-11-07 05:18 . 2013-01-09 08:11    10240    ----a-w-    c:\windows\FreeMem.exe
2013-11-07 04:12 . 2013-11-07 04:12    --------    d-----w-    c:\users\Tim home\AppData\Roaming\Curse Advertising
2013-11-07 04:11 . 2013-11-11 15:33    --------    d-----w-    c:\users\Tim home\AppData\Local\Deployment
2013-11-05 15:45 . 2013-11-05 15:45    --------    d-----w-    c:\program files\Common Files\Motive
2013-11-05 15:44 . 2013-11-05 15:44    --------    d-----w-    c:\programdata\Motive
2013-11-05 13:10 . 2013-11-05 13:10    --------    d-----w-    c:\program files\AGEIA Technologies
2013-11-02 11:32 . 2013-11-02 11:32    --------    d-----w-    c:\users\Tim home\AppData\Local\VS Revo Group
2013-11-02 11:32 . 2013-11-02 11:32    --------    d-----w-    c:\programdata\VS Revo Group
2013-11-02 10:30 . 2013-11-02 10:30    --------    d-----w-    c:\programdata\McAfee
2013-11-02 03:10 . 2013-09-04 01:15    258560    ----a-w-    c:\windows\system32\drivers\usbhub.sys
2013-11-02 03:10 . 2013-09-04 01:14    76288    ----a-w-    c:\windows\system32\drivers\usbccgp.sys
2013-11-02 03:10 . 2013-09-04 01:14    284672    ----a-w-    c:\windows\system32\drivers\usbport.sys
2013-11-02 03:10 . 2013-09-04 01:14    43008    ----a-w-    c:\windows\system32\drivers\usbehci.sys
2013-11-02 03:10 . 2013-09-04 01:14    20480    ----a-w-    c:\windows\system32\drivers\usbohci.sys
2013-11-02 03:10 . 2013-09-04 01:14    24064    ----a-w-    c:\windows\system32\drivers\usbuhci.sys
2013-11-02 03:10 . 2013-09-04 01:14    6016    ----a-w-    c:\windows\system32\drivers\usbd.sys
2013-11-02 03:10 . 2012-08-24 17:05    136560    ----a-w-    c:\windows\system32\drivers\ksecpkg.sys
2013-11-02 03:10 . 2012-08-24 17:02    369856    ----a-w-    c:\windows\system32\drivers\cng.sys
2013-11-02 03:10 . 2012-08-24 16:57    247808    ----a-w-    c:\windows\system32\schannel.dll
2013-11-02 03:10 . 2012-08-24 16:56    1039360    ----a-w-    c:\windows\system32\lsasrv.dll
2013-11-02 03:09 . 2012-05-04 09:59    514560    ----a-w-    c:\windows\system32\qdvd.dll
2013-10-31 14:34 . 2013-10-31 14:34    --------    d-----w-    c:\programdata\ATI
2013-10-31 14:34 . 2013-10-31 14:34    --------    d-----w-    c:\users\Tim home\AppData\Roaming\library_dir
2013-10-31 14:33 . 2013-11-05 14:42    --------    d-----w-    c:\program files\AMD AVT
2013-10-31 13:09 . 2013-10-31 13:09    --------    d-----w-    c:\program files\Common Files\ATI Technologies
2013-10-30 12:24 . 2013-10-30 12:26    --------    d-----w-    c:\windows\system32\MRT
2013-10-30 12:12 . 2013-11-08 04:45    13464    ----a-w-    c:\windows\system32\drivers\SWDUMon.sys
2013-10-30 12:12 . 2013-10-30 12:12    --------    d-----w-    c:\users\Tim home\AppData\Local\SlimWare Utilities Inc
2013-10-30 12:11 . 2013-10-30 12:11    --------    d-----w-    c:\program files\DriverUpdate
2013-10-29 22:32 . 2012-08-16 13:11    109568    ----a-w-    c:\windows\system32\atiuxpag.dll
2013-10-29 22:22 . 2013-10-29 22:22    38912    ----a-w-    c:\windows\system32\kdbsdk32.dll
2013-10-29 14:55 . 2013-10-29 14:55    --------    d-----w-    c:\users\Tim home\AppData\Local\Blizzard Entertainment
2013-10-29 13:01 . 2013-11-09 17:08    --------    d-----w-    c:\program files\World of Warcraft
2013-10-29 13:01 . 2013-11-05 14:15    --------    d-----w-    c:\program files\Common Files\Blizzard Entertainment
2013-10-29 13:01 . 2013-10-29 13:01    --------    d-----w-    c:\programdata\Blizzard Entertainment
2013-10-29 12:52 . 2013-11-05 14:42    --------    d-----w-    c:\programdata\Battle.net
2013-10-29 12:28 . 2013-10-29 12:28    --------    d-----w-    c:\users\Tim home\AppData\Local\AMD
2013-10-29 12:27 . 2013-10-29 12:27    --------    d-----w-    c:\users\Tim home\AppData\Roaming\ATI
2013-10-29 12:27 . 2013-10-29 12:27    --------    d-----w-    c:\users\Tim home\AppData\Local\ATI
2013-10-29 12:26 . 2013-10-29 12:26    0    ----a-w-    c:\windows\ativpsrm.bin
2013-10-29 12:23 . 2013-10-31 14:33    --------    d-----w-    c:\programdata\AMD
2013-10-29 12:22 . 2012-06-11 17:20    442368    ----a-w-    c:\windows\system32\ATIDEMGX.dll
2013-10-29 12:05 . 2013-10-29 12:05    53248    ----a-r-    c:\users\Tim home\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2013-10-29 12:05 . 2013-11-10 17:37    16400    ----a-w-    c:\windows\system32\drivers\LNonPnP.sys
2013-10-29 10:58 . 2013-10-29 10:58    --------    d-----w-    c:\program files\ASUSTek Computer Inc
2013-10-29 10:58 . 2012-08-17 20:23    755200    ------w-    c:\users\Tim home\AppData\Roaming\Microsoft\Windows\Templates\1028.msi
2013-10-29 10:50 . 2012-06-12 14:00    552080    ----a-w-    c:\windows\system32\drivers\Rt86win7.sys
2013-10-29 10:50 . 2012-06-12 14:00    80488    ----a-w-    c:\windows\system32\RtNicProp32.dll
2013-10-29 10:50 . 2012-06-12 14:00    100896    ----a-w-    c:\windows\system32\RTNUninst32.dll
2013-10-29 10:48 . 2011-08-11 08:55    1332    ------r-    c:\windows\system32\drivers\DTSU2P.DAT
2013-10-29 10:47 . 2013-11-08 04:55    --------    d--h--w-    c:\program files\Temp
2013-10-29 10:46 . 2000-01-01 00:00    2080472    ----a-w-    c:\windows\RtlExUpd.dll
2013-10-29 10:46 . 2013-11-05 14:42    --------    d-----w-    c:\program files\AMD APP
2013-10-29 10:46 . 2012-08-28 12:27    45736    ----a-r-    c:\windows\system32\drivers\usbfilter.sys
2013-10-29 10:46 . 2013-10-29 10:46    --------    dc----w-    c:\windows\system32\DRVSTORE
2013-10-29 10:45 . 2013-11-02 02:10    --------    d-----w-    c:\program files\ATI Technologies
2013-10-29 10:45 . 2013-10-29 10:45    16896    ----a-w-    c:\windows\AsTaskSched.dll
2013-10-29 10:43 . 2013-10-29 10:43    311428    ----a-w-    c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll
2013-10-29 10:43 . 2013-10-29 10:43    184452    ----a-w-    c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll
2013-10-29 10:43 . 2003-09-03 06:28    724992    ----a-w-    c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll
2013-10-29 10:43 . 2003-09-03 06:27    69715    ----a-w-    c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll
2013-10-29 10:43 . 2003-09-03 06:26    266240    ----a-w-    c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll
2013-10-29 10:43 . 2003-09-03 06:26    192512    ----a-w-    c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll
2013-10-29 10:43 . 2003-09-03 06:25    5632    ----a-w-    c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe
2013-10-23 22:45 . 2013-10-23 22:45    --------    d-----w-    c:\users\Tim home\AppData\Roaming\Leadertech
2013-10-23 22:43 . 2013-10-23 22:46    --------    d-----w-    c:\programdata\Logishrd
2013-10-23 22:43 . 2013-10-23 22:43    --------    d-----w-    c:\program files\Logitech
2013-10-23 22:43 . 2013-10-29 12:05    --------    d-----w-    c:\program files\Common Files\Logishrd
2013-10-23 22:41 . 2013-10-29 12:02    --------    d-----w-    c:\users\Tim home\AppData\Roaming\Logishrd
2013-10-23 22:41 . 2013-10-23 22:46    --------    d-----w-    c:\users\Tim home\AppData\Roaming\Logitech
2013-10-16 03:04 . 2013-10-16 03:15    --------    d-----w-    c:\users\Tim home\AppData\Roaming\Home Media Center
2013-10-16 02:49 . 2013-10-16 02:49    --------    d-----w-    c:\program files\Home Media Center
2013-10-16 02:41 . 2012-02-26 20:47    79360    ----a-w-    c:\windows\system32\ff_vfw.dll
2013-10-16 02:41 . 2013-11-05 14:43    --------    d-----w-    c:\program files\ffdshow
2013-10-16 02:41 . 2013-10-16 02:41    --------    d-----w-    c:\program files\Common Files\WebM Project
2013-10-15 04:06 . 2013-10-15 04:06    --------    d-----w-    c:\users\Default\AppData\Local\Microsoft Help
2013-10-14 22:09 . 2013-10-14 22:09    --------    d-----w-    c:\windows\PCHEALTH
2013-10-14 22:05 . 2013-10-14 22:06    --------    d-----w-    c:\programdata\Microsoft Toolkit
2013-10-14 01:13 . 2013-10-14 01:13    --------    d-----w-    c:\program files\MSXML 4.0
2013-10-13 16:54 . 2013-04-17 07:02    1230336    ----a-w-    c:\windows\system32\WindowsCodecs.dll
2013-10-13 15:08 . 2013-11-10 16:11    --------    d-----w-    C:\AdwCleaner
2013-10-13 15:00 . 2013-10-13 15:00    9728    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-10-13 05:58 . 2013-10-13 05:58    --------    d-----w-    c:\programdata\Logs
2013-10-13 04:26 . 2013-10-14 02:13    --------    d-----w-    c:\programdata\Nero
2013-10-13 04:17 . 2010-05-26 15:41    248672    ----a-w-    c:\windows\system32\d3dx11_43.dll
2013-10-13 04:15 . 2010-05-26 15:41    470880    ----a-w-    c:\windows\system32\d3dx10_43.dll
2013-10-13 04:12 . 2010-05-26 15:41    1998168    ----a-w-    c:\windows\system32\D3DX9_43.dll
2013-10-13 04:11 . 2010-05-26 15:41    1868128    ----a-w-    c:\windows\system32\d3dcsx_43.dll
2013-10-13 04:09 . 2010-05-26 15:41    2106216    ----a-w-    c:\windows\system32\D3DCompiler_43.dll
2013-10-13 03:35 . 2013-05-23 12:39    43368    ----a-w-    c:\windows\system32\drivers\gfiark.sys
2013-10-13 02:32 . 2013-10-13 02:32    --------    d-----w-    c:\users\Tim home\AppData\Roaming\LavasoftStatistics
2013-10-13 02:31 . 2013-10-13 02:31    --------    d-----w-    c:\windows\system32\drivers\VDD
2013-10-13 02:29 . 2013-10-13 02:29    --------    d-----w-    c:\programdata\Downloaded Installations
2013-10-13 02:29 . 2013-10-13 02:29    --------    d-----w-    c:\users\Tim home\AppData\Roaming\SecureSearch
2013-10-13 02:28 . 2013-10-13 02:28    13560    ----a-w-    c:\windows\system32\drivers\gfibto.sys
2013-10-13 02:24 . 2013-10-13 02:34    --------    d-----w-    c:\programdata\Ad-Aware Antivirus
2013-10-13 01:50 . 2013-10-13 01:50    --------    d-----w-    c:\programdata\Kerish Products
2013-10-13 01:14 . 2013-10-13 15:09    --------    d-----w-    c:\programdata\Uniblue
2013-10-13 00:55 . 2013-10-13 00:55    --------    d-----w-    c:\users\Tim home\AppData\Local\adaware
2013-10-13 00:55 . 2013-10-13 02:34    --------    d-----w-    c:\programdata\Ad-Aware Browsing Protection
2013-10-13 00:54 . 2013-11-05 14:43    --------    d-----w-    c:\program files\Ad-Aware Antivirus
2013-10-13 00:54 . 2013-11-11 07:46    --------    d-----w-    c:\users\Tim home\AppData\Roaming\Ad-Aware Antivirus
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-10 13:54 . 2013-10-12 04:37    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-08 14:01 . 2013-10-08 14:01    141256    ----a-w-    c:\windows\system32\amdhcp32.dll
2013-10-08 13:39 . 2013-10-08 13:39    200704    ----a-w-    c:\windows\system32\clinfo.exe
2013-10-08 13:39 . 2013-10-08 13:39    995342    ----a-w-    c:\windows\system32\amdocl_as32.exe
2013-10-08 13:39 . 2013-10-08 13:39    798734    ----a-w-    c:\windows\system32\amdocl_ld32.exe
2013-10-08 13:38 . 2013-10-08 13:38    83456    ----a-w-    c:\windows\system32\OpenVideo.dll
2013-10-08 13:38 . 2013-10-08 13:38    73216    ----a-w-    c:\windows\system32\OVDecode.dll
2013-10-08 13:36 . 2013-10-08 13:36    23761408    ----a-w-    c:\windows\system32\amdocl.dll
2013-10-08 13:34 . 2013-10-08 13:34    57344    ----a-w-    c:\windows\system32\OpenCL.dll
2013-09-24 14:52 . 2013-09-24 14:52    77312    ----a-w-    c:\windows\system32\drivers\AtihdW73.sys
2013-09-24 14:50 . 2013-09-24 14:50    84480    ----a-w-    c:\windows\system32\DelayAPO.dll
2013-09-16 04:50 . 2013-10-12 01:35    7328304    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{A97D212D-FC4F-468D-BACD-F0C29D395C2A}\mpengine.dll
2013-09-14 01:30 . 2013-10-12 02:07    737072    ----a-w-    c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2013-09-14 01:30 . 2013-10-12 02:07    2876528    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-09-14 01:30 . 2013-10-12 02:07    42776    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-09-14 01:30 . 2013-10-12 02:07    539984    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-09-14 00:48 . 2013-10-12 14:27    338944    ----a-w-    c:\windows\system32\drivers\afd.sys
2013-09-08 02:07 . 2013-10-12 14:27    1294272    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:03 . 2013-10-12 14:27    231424    ----a-w-    c:\windows\system32\mswsock.dll
2013-08-29 01:51 . 2013-10-12 14:25    3969472    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-08-29 01:51 . 2013-10-12 14:25    3914176    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-08-29 01:50 . 2013-10-12 14:25    1289096    ----a-w-    c:\windows\system32\ntdll.dll
2013-08-29 01:50 . 2013-10-12 14:25    619520    ----a-w-    c:\windows\system32\tdh.dll
2013-08-29 01:48 . 2013-10-12 14:25    640512    ----a-w-    c:\windows\system32\advapi32.dll
2013-08-28 01:04 . 2013-10-12 14:25    2348544    ----a-w-    c:\windows\system32\win32k.sys
2013-08-28 00:57 . 2013-10-12 14:25    434688    ----a-w-    c:\windows\system32\scavengeui.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-09-13 10:02    1724616    ----a-w-    c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-09-13 10:02    1724616    ----a-w-    c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-09-13 10:02    1724616    ----a-w-    c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HydraVisionDesktopManager"="c:\program files\ATI Technologies\HydraVision\HydraDM.exe" [2012-08-16 393216]
"Viber"="c:\users\Tim home\AppData\Local\Viber\Viber.exe" [2013-07-31 912904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI.exe" [2000-01-01 6336216]
"lxdimon.exe"="c:\program files\Lexmark 3500-4500 Series\lxdimon.exe" [2009-04-27 434856]
"lxdiamon"="c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe" [2009-04-27 25256]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2013-07-31 2296600]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2013-09-27 559696]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2013-06-13 19:31    64280    ----a-w-    c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [x]
R3 amdiox86;AMD IO Driver; [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2009-11-11 22392]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [2013-05-23 43368]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [2013-11-08 13464]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 27136]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-10-12 1343400]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
R4 ASGT;ASGT;c:\windows\System32\ASGT.exe [2012-01-17 55296]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-10-13 13560]
S1 VDiskBus;ASUS Disk Unlocker;c:\windows\system32\DRIVERS\VDiskBus32.sys [2012-06-01 37664]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files\Ad-Aware Antivirus\AdAwareService.exe [2013-06-13 1236336]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-08-16 217600]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-10-29 276992]
S2 AODDriver4.2.0;AODDriver4.2.0;c:\program files\AMD\OverDrive\i386\AODDriver2.sys [2013-05-24 49384]
S2 ASDiskUnlocker;ASDiskUnlocker;c:\program files\ASUSTek Computer Inc\Disk Unlocker\ASPFSVS.exe [2012-06-18 187552]
S2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe [2007-06-11 517040]
S2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxdiserv.exe [2007-06-11 99248]
S2 SBAMSvc;Ad-Aware;c:\program files\Ad-Aware Antivirus\SBAMSvc.exe [2012-09-20 3677000]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2012-09-13 66344]
S3 ASFLTDrv.sys;ASFLTDrv.sys;c:\program files\ASUSTek Computer Inc\Disk Unlocker\ASFLTDrv.sys [2010-09-17 17408]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-11-03 102888]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-11-03 313832]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2013-09-24 77312]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\Drivers\LEqdUsb.Sys [2013-05-23 42264]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\Drivers\LHidEqd.Sys [2013-05-23 10136]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2012-06-12 552080]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2012-08-28 45736]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
iissvcs    REG_MULTI_SZ       w3svc was
apphost    REG_MULTI_SZ       apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-12 13:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office15\ONBttnIE.dll/105
Trusted Zone: $talisma_url$
TCP: DhcpNameServer = 192.168.1.254
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Tim home\AppData\Roaming\Mozilla\Firefox\Profiles\h41hsl18.default-1375551149044\
FF - prefs.js: browser.startup.homepage - hxxp://yahoo.com/
FF - ExtSQL: 2013-10-12 23:31; adblockpopups@jessehakanen.net; c:\users\Tim home\AppData\Roaming\Mozilla\Firefox\Profiles\h41hsl18.default-1375551149044\extensions\adblockpopups@jessehakanen.net.xpi
FF - ExtSQL: 2013-10-23 18:44; {F003DA68-8256-4b37-A6C4-350FA04494DF}; c:\program files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF - ExtSQL: 2013-11-02 07:04; gmailnoads@mywebber.com; c:\users\Tim home\AppData\Roaming\Mozilla\Firefox\Profiles\h41hsl18.default-1375551149044\extensions\gmailnoads@mywebber.com.xpi
FF - ExtSQL: 2013-11-06 22:50; {bee6eb20-01e0-ebd1-da83-080329fb9a3a}; c:\users\Tim home\AppData\Roaming\Mozilla\Firefox\Profiles\h41hsl18.default-1375551149044\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
FF - ExtSQL: 2013-11-06 22:52; artur.dubovoy@gmail.com; c:\users\Tim home\AppData\Roaming\Mozilla\Firefox\Profiles\h41hsl18.default-1375551149044\extensions\artur.dubovoy@gmail.com.xpi
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4680)
c:\programdata\Ad-Aware Browsing Protection\adawarebp.dll
c:\program files\ATI Technologies\HydraVision\HydraDMH.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atieclxx.exe
c:\windows\system32\CISVC.EXE
c:\windows\system32\spool\DRIVERS\W32X86\3\lxdiserv.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\taskhost.exe
c:\windows\DAODx.exe
c:\windows\system32\conhost.exe
c:\progra~1\AD-AWA~1\AdAware.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Microsoft Office\Office15\MsoSync.exe
.
**************************************************************************
.
Completion time: 2013-11-11  14:59:39 - machine was rebooted
ComboFix-quarantined-files.txt  2013-11-11 19:59
ComboFix2.txt  2013-11-11 18:05
ComboFix3.txt  2013-11-07 06:53
ComboFix4.txt  2013-11-07 06:03
ComboFix5.txt  2013-11-11 19:47
.
Pre-Run: 1,816,710,045,696 bytes free
Post-Run: 1,816,664,076,288 bytes free
.
- - End Of File - - C75CC91430ADF31B1F58BA0F26492A64
A36C5E4F47E84449FF07ED3517B43A31
 



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,211 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:48 PM

Posted 12 November 2013 - 07:42 AM

if go right into explorer is will open now but if i right click on screen and open screen resolution goto advanced it will still crash out so still some problems going on

Could be that a Graphics driver is corrupted or of the wrong version.
===

Download and run this tool.

Secunia Personal Software Inspector (PSI)
http://secunia.com/vulnerability_scanning/personal/
Secunia PSI is a security scanner which identifies programs that are insecure and need updates.
===

Run the SFC.exe
How to use the System File Checker tool to troubleshoot missing or corrupted system files on Windows Vista or on Windows 7
http://support.microsoft.com/kb/929833
===

This may also help to identify the culprit.

Hardware and Devices troubleshooter
http://windows.microsoft.com/en-ca/windows7/open-the-hardware-and-devices-troubleshooter

Keep me posted.

#9 Blueyestim

Blueyestim
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:11:48 AM

Posted 12 November 2013 - 06:29 PM

this site makes my firefox crash out and i have to restart it also have to close this site before it can load the rest of the scans looked good no problems

 

Secunia Personal Software Inspector (PSI)
http://secunia.com/vulnerability_scanning/personal/
Secunia PSI is a security scanner which identifies programs that are insecure and need updates.



#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,211 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:48 PM

Posted 13 November 2013 - 08:05 AM

Secunia Personal Software Inspector (PSI)
http://secunia.com/vulnerability_scanning/personal/
Secunia PSI is a security scanner which identifies programs that are insecure and need updates.


Right click on the link and use Open in New Tab.

If it still crash is it at the page or when you try to download the application?
===

Have you tried the other two fixes?

If this is not the site that crashes which one is it?

#11 Blueyestim

Blueyestim
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:11:48 AM

Posted 14 November 2013 - 07:41 PM

ok seunia did some updates SFC.exe ran and did whatever it did ok now Hardware and Devices troubleshooter looks ok also  when i try to open system from control panel explorer stops working right but my computer is running better then it was by alot looks like explorer crashing is my only problem i can see



#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,211 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:48 PM

Posted 15 November 2013 - 08:36 AM

There could be a damage .CPL file that is causing this problem

Execute the first instructions on this topic.

http://social.technet.microsoft.com/Forums/windows/en-US/8df5c556-386d-43b3-b307-610a1515438c/windows-explorer-has-stopped-working-every-time-when-i-visit-control-panel?forum=itprovistasecurity

Find out which .cpl is causing the problem. If you find one change the file extension to .cpl.old
Restart the computer and see if the problem persists.

Let me know what you find.

#13 Blueyestim

Blueyestim
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:11:48 AM

Posted 15 November 2013 - 09:54 PM

i remove one for my java that was not working but still the same no change !!!



#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,211 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:48 PM

Posted 16 November 2013 - 08:47 AM

If you have Double clicked on each of the .cpl file and none are giving you an error then I suggest you start a new topic in the Windows 7 Forum
http://www.bleepingcomputer.com/forums/forum167.html

Someone with of experience of Windows 7 can possibly help you.

This is no longer a malware issue.

I will keep this topic open. If you need to return please do.

#15 Blueyestim

Blueyestim
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:11:48 AM

Posted 16 November 2013 - 09:52 AM

thank you for all your help!!!  

we have it about 80% working better now






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users