reggiewjr1

June 11, 2012

ComboFix does not seem to be creating a log....?

June 11, 2012

I've backed up everything on this PC. I think we should atempt to fix these issue first. I do not have a Windows 7 OS CD to reinstall the operating system at this time. I'm hoping I can retreive this from the person who has it. If this fails for what ever reason and I can not get the OS from them, I will just run out and purchase a new copy I suppose. combofix to follow

June 10, 2012

RogueKiller V7.5.4 [06/07/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: Sunsational [Admin rights]

Mode: Scan -- Date: 06/10/2012 18:46:35

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 8 ¤¤¤

[] HKLM\[...]\Wow6432Node\Windows : () -> ACCESS DENIED

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

[ZeroAccess] (LOCKED) windir\Assembly\GAC\Desktop.ini present!

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.0scan.com

127.0.0.1 0scan.com

127.0.0.1 1000gratisproben.com

127.0.0.1 www.1000gratisproben.com

127.0.0.1 1001namen.com

127.0.0.1 www.1001namen.com

127.0.0.1 www.100888290cs.com

127.0.0.1 100888290cs.com

127.0.0.1 100sexlinks.com

127.0.0.1 www.100sexlinks.com

[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST31000528AS ATA Device +++++

--- User ---

[MBR] d1efc8267ae28f7219a0526b4d3e2eb1

[bSP] b7f1af624ca415852c3eb9ae77b37bea : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] FAT32 (0x1b) [HIDDEN!] Offset (sectors): 2048 | Size: 14524 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 29747200 | Size: 381546 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 811153408 | Size: 557797 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

June 10, 2012

DDS.TXT

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Sunsational at 17:18:58 on 2012-06-10

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3837.2492 [GMT -4:00]

.

AV: Norton 360 *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton 360 *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe

C:\Windows\SysWOW64\svchost.exe -k Akamai

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Windows\SysWOW64\AsHookDevice.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Google\Update\1.3.21.111\GoogleCrashHandler.exe

C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE

C:\Program Files\Microsoft LifeCam\MSCamS64.exe

C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe

C:\Program Files (x86)\Google\Update\1.3.21.111\GoogleCrashHandler64.exe

C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\LTONHIS\Touch Manager\SKDaemon.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Users\Sunsational\AppData\Local\Akamai\netsession_win.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Users\Sunsational\AppData\Local\Akamai\netsession_win.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Users\Sunsational\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe

C:\Users\Sunsational\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler64.exe

C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\taskhost.exe

C:\SalonTouch\SalonTouch.exe

C:\SalonTouch\ComManager.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\splwow64.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\taskmgr.exe

C:\Windows\SysWOW64\ping.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\ping.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\ping.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uSearch Bar = Preserve

uStart Page = https://mail.google.com/

uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:\Program Files

(x86)\Canon\Easy-WebPrint EX\ewpexbho.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:

\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files

(x86)\adawaretb\adawareDx.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search

Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files

(x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program

Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google

\Google Toolbar\GoogleToolbar_32.dll

BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN Toolbar

\Platform\6.3.2380.0\npwinext.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files

(x86)\Java\jre6\bin\jp2ssv.dll

BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo Layers

\YontooIEClient.dll

TB: @c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll,-100: {8dcb7100-df86-4384-

8842-8fa844297b3f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll

TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:\Program Files (x86)\Canon

\Easy-WebPrint EX\ewpexhlp.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google

Toolbar\GoogleToolbar_32.dll

TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files

(x86)\adawaretb\adawareDx.dll

EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:\Program Files (x86)\Canon

\Easy-WebPrint EX\ewpexhlp.dll

uRun: [Akamai NetSession Interface] "C:\Users\Sunsational\AppData\Local\Akamai\netsession_win.exe"

uRun: [spotify] "C:\Users\Sunsational\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart

uRun: [Google Update] "C:\Users\Sunsational\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

mRun: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe

mRun: [ASUS VIBE] C:\Program Files (x86)\ASUS\ASUS VIBE\ASUS VIBE.exe /S

mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default

Manager\DefMgr.exe" -resume

mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

mRun: [<NO NAME>]

mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe"

/starttray

mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"

mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run

uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program

Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program

Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:

\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:

\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:

\PROGRA~2\SPYBOT~1\SDHelper.dll

LSP: mswsock.dll

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} -

hxxp://office.microsoft.com/sites/production/ieawsdc32.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} -

hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {6715D12F-213F-4C6E-ACE1-8A363F550B96} -

hxxp://www.shockwave.com/content/doggiedash/sis/DoggieDash.1.0.0.6.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-

windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-

windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-

windows-i586.cab

TCP: DhcpNameServer = 68.87.71.226 68.87.73.242

TCP: Interfaces\{1DD5410E-A90C-4C4C-98AE-B70ECF336F78} : DhcpNameServer = 68.87.71.226 68.87.73.242

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo

Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files

(x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files

(x86)\Canon\Easy-WebPrint EX\ewpexbho.dll

BHO-X64: Canon Easy-WebPrint EX BHO - No File

BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:

\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO-X64: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files

(x86)\adawaretb\adawareDx.dll

BHO-X64: Ad-Aware Security Toolbar - No File

BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft

\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO-X64: Search Helper - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files

(x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:

\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files

(x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN Toolbar

\Platform\6.3.2380.0\npwinext.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files

(x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: Yontoo Layers: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo

Layers\YontooIEClient.dll

BHO-X64: Yontoo Layers - No File

TB-X64: @c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll,-100: {8dcb7100-df86-

4384-8842-8fa844297b3f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll

TB-X64: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files

(x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google

\Google Toolbar\GoogleToolbar_32.dll

TB-X64: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files

(x86)\adawaretb\adawareDx.dll

EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File

mRun-x64: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe

mRun-x64: [ASUS VIBE] C:\Program Files (x86)\ASUS\ASUS VIBE\ASUS VIBE.exe /S

mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack

\Default Manager\DefMgr.exe" -resume

mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

mRun-x64: [(Default)]

mRun-x64: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader

\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware

\mbamgui.exe" /starttray

mRun-x64: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"

mRun-x64: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --

windows-run

Hosts: 127.0.0.1 www.spywareinfo.com

.

============= SERVICES / DRIVERS ===============

.

R1 SbFw;SbFw;C:\Windows\system32\drivers\SbFw.sys --> C:\Windows\system32\drivers\SbFw.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows

\system32\DRIVERS\vwififlt.sys [?]

R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe

[2012-5-3 1226096]

R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]

R2 Device Handle Service;Device Handle Service;C:\Windows\SysWOW64\AsHookDevice.exe [2010-4-27

203392]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-

6-4 654408]

R2 msftesql$SALONTOUCH;SQL Server FullText Search (SALONTOUCH);C:\Program Files (x86)\Microsoft SQL

Server\MSSQL.1\MSSQL\Binn\msftesql.exe [2007-6-22 95592]

R2 MSSQL$SALONTOUCH;SQL Server (SALONTOUCH);C:\Program Files (x86)\Microsoft SQL Server

\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-5-27 29262680]

R2 sbapifs;sbapifs;C:\Windows\system32\DRIVERS\sbapifs.sys --> C:\Windows\system32\DRIVERS

\sbapifs.sys [?]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy

\SDWinSec.exe [2012-6-7 1153368]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys

--> C:\Windows\system32\drivers\IntcHdmi.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows

\system32\drivers\mbam.sys [?]

R3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;C:\Windows\system32\DRIVERS\SBFWIM.sys

--> C:\Windows\system32\DRIVERS\SBFWIM.sys [?]

R3 Svk2pl;GigawareX USB to Serial Driver;C:\Windows\system32\DRIVERS\Svk2pl64.sys --> C:\Windows

\system32\DRIVERS\Svk2pl64.sys [?]

S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys --> C:\Windows

\system32\DRIVERS\klim6.sys [?]

S1 SBRE;SBRE;C:\Windows\System32\drivers\SBREDrv.sys [2011-10-26 101112]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows

\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows

\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

[2010-10-14 136176]

S2 PEVSystemStart;PEVSystemStart;C:\32788R22FWJFW\pev.3XE [2011-6-26 256000]

S2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2011-12-19 3289032]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash

\FlashPlayerUpdateService.exe [2012-3-31 257696]

S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS

\fssfltr.sys [?]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety

\fsssvc.exe [2010-9-23 1493352]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

[2010-10-14 136176]

S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows

\system32\Drivers\nx6000.sys --> C:\Windows\system32\Drivers\nx6000.sys [?]

S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\system32\DRIVERS\netr28x.sys

--> C:\Windows\system32\DRIVERS\netr28x.sys [?]

S3 nosGetPlusHelper;getPlus® Helper 3004;C:\Windows\System32\svchost.exe -k nosGetPlusHelper

[2009-7-13 20992]

S3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;C:\Windows\system32\DRIVERS\sbfwim.sys -->

C:\Windows\system32\DRIVERS\sbfwim.sys [?]

S3 sbhips;sbhips;C:\Windows\system32\drivers\sbhips.sys --> C:\Windows\system32\drivers\sbhips.sys

[?]

S3 sbwtis;sbwtis;C:\Windows\system32\DRIVERS\sbwtis.sys --> C:\Windows\system32\DRIVERS\sbwtis.sys

[?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers

\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows

\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe -->

C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh

\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-06-08 12:34:12 -------- d-----w- C:\Users\Sunsational\AppData\Local

\PackageAware

2012-06-08 11:54:06 388096 ----a-r- C:\Users\Sunsational\AppData\Roaming\Microsoft

\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-06-08 11:54:06 -------- d-----w- C:\Program Files (x86)\hjt

2012-06-07 12:08:25 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2012-06-07 12:08:25 -------- d-----w- C:\Program Files (x86)\Spybot - Search &

Destroy

2012-06-06 15:09:17 -------- d-----w- C:\Users\Sunsational\AppData\Local\LogMeIn

Rescue Applet

2012-06-06 13:03:53 -------- d-----w- C:\Users\Sunsational\AppData\Local\adaware

2012-06-06 13:03:30 60536 ----a-w- C:\Windows\System32\drivers\sbhips.sys

2012-06-06 13:03:22 256632 ----a-w- C:\Windows\System32\drivers\SbFw.sys

2012-06-06 13:03:22 119416 ----a-w- C:\Windows\System32\drivers\SbFwIm.sys

2012-06-06 13:03:21 57976 ----a-w- C:\Windows\System32\drivers\sbredrv.sys

2012-06-06 13:03:21 45936 ----a-w- C:\Windows\System32\sbbd.exe

2012-06-06 13:03:20 -------- d-----w- C:\Program Files (x86)\Ad-Aware Antivirus

2012-06-06 13:03:04 -------- d-----w- C:\Users\Sunsational\AppData\Local\adawarebp

2012-06-06 13:03:04 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection

2012-06-06 12:59:17 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner

2012-06-06 12:59:16 -------- d-----w- C:\Program Files (x86)\adawaretb

2012-06-06 12:50:34 -------- d-----w- C:\Users\Sunsational\AppData\Roaming\Ad-

Aware Antivirus

2012-06-06 12:06:58 40960 ----a-r- C:\Users\Sunsational\AppData\Roaming\Microsoft

\Installer\{BC85CECC-12CE-449F-AD68-

9AEF07493674}\Adnet2k.exe1_BC85CECC12CE449FAD689AEF07493674_3.exe

2012-06-06 12:06:58 -------- d-----w- C:\t-max

2012-06-06 12:06:02 -------- d-----w- C:\Windows\Downloaded Installations

2012-06-05 00:20:58 -------- d-----w- C:\Users\Sunsational\AppData\Roaming

\Malwarebytes

2012-06-05 00:20:52 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-06-05 00:20:52 -------- d-----w- C:\ProgramData\Malwarebytes

2012-06-05 00:20:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-

Malware

2012-06-03 14:42:19 -------- d-----w- C:\Users\Sunsational\AppData\Roaming\Tific

2012-06-03 14:42:18 -------- d-----w- C:\Users\Sunsational\AppData\Local\Symantec

2012-06-03 14:34:13 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%

2012-06-03 14:23:22 -------- d-----w- C:\Users\Sunsational\AppData\Local\MSP

2012-06-03 14:23:22 -------- d-----w- C:\ProgramData

\F4D55F3B047251A123753481B4EB2367

2012-06-01 07:33:03 8955792 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition

Updates\{99B22F92-95DC-4C95-B094-E6032065D9C9}\mpengine.dll

2012-05-15 20:30:34 -------- d-----w- C:\ProgramData\boost_interprocess

.

==================== Find3M ====================

.

2012-05-05 16:25:12 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-05 16:25:12 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-05-05 16:25:07 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

2012-03-31 06:05:57 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-03-31 04:39:37 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-03-31 04:39:37 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-03-31 03:10:03 3146240 ----a-w- C:\Windows\System32\win32k.sys

2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-03-17 07:58:57 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys

2001-09-29 00:00:28 164864 ----a-w- C:\Program Files (x86)\UNWISE.EXE

.

============= FINISH: 17:20:27.79 ===============

Attach.txt

Sign In

reggiewjr1

Posts

Joined

Last visited

Content Type

Events

Profiles

Forums

Posts posted by reggiewjr1

Please help!

Please help!

Please help!

Please help!

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information