Bartley
-
Posts
20 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by Bartley
-
Having several issues, not sure what is happening
Bartley replied to Bartley's topic in Resolved Malware Removal Logs
Farbar Service Scanner Version: 08-07-2012 Ran by Brad (administrator) on 13-07-2012 at 00:43:30 Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64) ************************************************ ======== Search: "dhcpcsvc.dll;afd.sys;tcpip.sys;dnsrslvr.dll;mpssvc.dll;bfe.dll;vssvc.exe;wscsvc.dll;WMIsvc.dll;qmgr.dll;es.dll;cryptsvc.dll;rpcss.dll;" ========= C:\Windows\System32\BFE.DLL [2009-09-10 22:19] - [2009-04-11 02:11] - 0458240 ____A (Microsoft Corporation) FFB96C2589FFA60473EAD78B39FBDE29 C:\Windows\System32\cryptsvc.dll [2012-06-13 22:43] - [2012-04-23 11:25] - 0174592 ____A (Microsoft Corporation) 62740B9D2A137E8CED41A9E4239A7A31 C:\Windows\System32\dhcpcsvc.dll [2009-09-10 22:20] - [2009-04-11 02:11] - 0268288 ____A (Microsoft Corporation) 3ED0321127CE70ACDAABBF77E157C2A7 C:\Windows\System32\dnsrslvr.dll [2011-04-15 00:03] - [2011-03-02 11:12] - 0117760 ____A (Microsoft Corporation) 06230F1B721494A6DF8D47FD395BB1B0 C:\Windows\System32\es.dll [2009-09-10 22:21] - [2009-04-11 02:11] - 0361984 ____A (Microsoft Corporation) E12F22B73F153DECE721CD45EC05B4AF C:\Windows\System32\MPSSVC.dll [2009-09-10 22:20] - [2009-04-11 02:11] - 0603136 ____A (Microsoft Corporation) 897E3BAF68BA406A61682AE39C83900C C:\Windows\System32\qmgr.dll [2009-09-10 22:21] - [2009-04-11 02:11] - 1081856 ____A (Microsoft Corporation) 6D316F4859634071CC25C4FD4589AD2C C:\Windows\System32\rpcss.dll [2009-09-10 22:21] - [2009-04-11 02:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF C:\Windows\System32\VSSVC.exe [2009-09-10 22:21] - [2009-04-11 02:11] - 1433600 ____A (Microsoft Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1 C:\Windows\System32\wscsvc.dll [2009-09-10 22:19] - [2009-04-11 02:11] - 0074752 ____A (Microsoft Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A C:\Windows\System32\wbem\WMIsvc.dll [2009-09-10 22:20] - [2009-04-11 02:11] - 0221696 ____A (Microsoft Corporation) D2E7296ED1BD26D8DB2799770C077A02 C:\Windows\System32\drivers\afd.sys [2012-02-15 20:30] - [2012-01-03 09:25] - 0404992 ____A (Microsoft Corporation) C4F6CE6087760AD70960C9EB130E7943 C:\Windows\System32\drivers\tcpip.sys [2012-05-11 22:25] - [2012-03-30 07:45] - 1423744 ____A (Microsoft Corporation) 46D448E9117464E4D3BBF36D7E3FA48E C:\Windows\winsxs\x86_microsoft-windows-dhcp-client-dll_31bf3856ad364e35_6.0.6002.18005_none_d945a2ac2bb19ac6\dhcpcsvc.dll [2009-09-10 22:20] - [2009-04-11 01:28] - 0204288 ____A (Microsoft Corporation) 9028559C132146FB75EB7ACF384B086A C:\Windows\winsxs\x86_microsoft-windows-dhcp-client-dll_31bf3856ad364e35_6.0.6001.18000_none_d75a29a02e8fcf7a\dhcpcsvc.dll [2008-01-20 21:48] - [2008-01-20 21:48] - 0204288 ____A (Microsoft Corporation) 43A988A9C10333476CB5FB667CBD629D C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6002.22840_none_78447b63b1339621\cryptsvc.dll [2012-06-13 22:43] - [2012-04-23 09:48] - 0135168 ____A (Microsoft Corporation) C979AEA8C4D8F875CD25507D08980006 C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6002.18618_none_77e34ec697f67015\cryptsvc.dll [2012-06-13 22:43] - [2012-04-23 11:00] - 0133120 ____A (Microsoft Corporation) 75C6A297E364014840B48ECCD7525E30 C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6002.18005_none_77eb127097f11935\cryptsvc.dll [2009-09-10 22:20] - [2009-04-11 01:28] - 0129024 ____A (Microsoft Corporation) FB27772BEAF8E1D28CCD825C09DA939B C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6001.18000_none_75ff99649acf4de9\cryptsvc.dll [2008-01-20 21:49] - [2008-01-20 21:49] - 0128000 ____A (Microsoft Corporation) 6DE363F9F99334514C46AEC02D3E3678 C:\Windows\winsxs\wow64_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6002.18005_none_754c5dff3b9d9ea6\es.dll [2009-09-10 22:21] - [2009-04-11 01:28] - 0268800 ____A (Microsoft Corporation) 67058C46504BC12D821F38CF99B7B28F C:\Windows\winsxs\wow64_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6001.22162_none_73aba2ca57c84d78\es.dll [2009-08-10 16:24] - [2008-04-18 00:30] - 0269312 ____A (Microsoft Corporation) 776D75AF432C598068CC933C7421171B C:\Windows\winsxs\wow64_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6001.18057_none_7331d75d3e9e1070\es.dll [2009-08-10 16:24] - [2008-04-18 00:48] - 0269312 ____A (Microsoft Corporation) 3CB3343D720168B575133A0A20DC2465 C:\Windows\winsxs\wow64_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6001.18000_none_7360e4f33e7bd35a\es.dll [2008-01-20 21:48] - [2008-01-20 21:48] - 0262144 ____A (Microsoft Corporation) F4BF4FA769DB51B106D2B4B35256988B C:\Windows\winsxs\wow64_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6000.20818_none_720177625a73c603\es.dll [2009-08-10 16:24] - [2008-04-19 03:27] - 0268800 ____A (Microsoft Corporation) 131B7E46A7ACD49CB56BB03917A76DE3 C:\Windows\winsxs\wow64_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6000.16677_none_7135f8df4187b761\es.dll [2009-08-10 16:24] - [2008-04-19 03:13] - 0268800 ____A (Microsoft Corporation) 7B4971C3D43525175A4EA0D143E0412E C:\Windows\winsxs\amd64_networking-mpssvc-svc_31bf3856ad364e35_6.0.6002.18005_none_f81e50087d5bfa1b\MPSSVC.dll [2009-09-10 22:20] - [2009-04-11 02:11] - 0603136 ____A (Microsoft Corporation) 897E3BAF68BA406A61682AE39C83900C C:\Windows\winsxs\amd64_networking-mpssvc-svc_31bf3856ad364e35_6.0.6001.18000_none_f632d6fc803a2ecf\MPSSVC.dll [2008-01-20 21:49] - [2008-01-20 21:49] - 0601088 ____A (Microsoft Corporation) 8A670648C755867A3AA38DA50BA569AA C:\Windows\winsxs\amd64_microsoft-windows-wmi-core-svc_31bf3856ad364e35_6.0.6002.18005_none_febcd05fac705b10\WMIsvc.dll [2009-09-10 22:20] - [2009-04-11 02:11] - 0221696 ____A (Microsoft Corporation) D2E7296ED1BD26D8DB2799770C077A02 C:\Windows\winsxs\amd64_microsoft-windows-wmi-core-svc_31bf3856ad364e35_6.0.6001.18000_none_fcd15753af4e8fc4\WMIsvc.dll [2008-01-20 21:50] - [2008-01-20 21:50] - 0221696 ____A (Microsoft Corporation) AC98F38FEAB066A8F983D54FF3F4FD4C C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.22770_none_362b4e6b2d472f6a\afd.sys [2012-02-15 20:30] - [2012-01-03 09:21] - 0404992 ____A (Microsoft Corporation) 022ED7EB19DFECF39C106E0F9CF2BB19 C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.22629_none_366a5ebb2d168a9d\afd.sys [2011-06-16 18:22] - [2011-04-21 08:54] - 0405504 ____A (Microsoft Corporation) 7B8E5F3A0626CA83B706F0738830845F C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18564_none_35b080ce141ddbe4\afd.sys [2012-02-15 20:30] - [2012-01-03 09:25] - 0404992 ____A (Microsoft Corporation) C4F6CE6087760AD70960C9EB130E7943 C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18457_none_35be4fb214130ed1\afd.sys [2011-06-16 18:22] - [2011-04-21 09:20] - 0405504 ____A (Microsoft Corporation) 0CC146C4ADDEA45791B18B1E2659F4A9 C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18005_none_35f2572213ec5bd2\afd.sys [2009-09-10 22:21] - [2009-04-11 00:44] - 0406016 ____A (Microsoft Corporation) 12415CCFD3E7CEC55B5184E67B039FE4 C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.22905_none_34958b832fe3983b\afd.sys [2011-06-16 18:22] - [2011-04-21 08:47] - 0408064 ____A (Microsoft Corporation) B53144D2EBB0843DD0436F5EA6953F65 C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18639_none_33ef7c5016dab752\afd.sys [2011-06-16 18:22] - [2011-04-21 08:42] - 0407552 ____A (Microsoft Corporation) 9BB97042FA331A0FB4BDD98B9280A50A C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18000_none_3406de1616ca9086\afd.sys [2008-01-20 21:48] - [2008-01-20 21:48] - 0408064 ____A (Microsoft Corporation) DB37041AB857ABC7E179E856D8E1582C C:\Windows\winsxs\amd64_microsoft-windows-vssservice_31bf3856ad364e35_6.0.6002.18005_none_b8d6e306cd56b049\VSSVC.exe [2009-09-10 22:21] - [2009-04-11 02:11] - 1433600 ____A (Microsoft Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1 C:\Windows\winsxs\amd64_microsoft-windows-vssservice_31bf3856ad364e35_6.0.6001.18000_none_b6eb69fad034e4fd\VSSVC.exe [2008-01-20 21:50] - [2008-01-20 21:50] - 1432576 ____A (Microsoft Corporation) 186BD53F8A408AD20F5A056C05678629 C:\Windows\winsxs\amd64_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21226_none_bc37d12363b92291\tcpip.sys [2010-04-14 23:35] - [2010-02-18 07:27] - 1198080 ____A (Microsoft Corporation) 7B0B928E318CADC23C87226BE0A1097D C:\Windows\winsxs\amd64_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21175_none_bc00bf5763e297c8\tcpip.sys [2010-02-09 17:51] - [2009-12-08 13:21] - 1196032 ____A (Microsoft Corporation) BB6FB43B431CCAD6FC367648C87205C0 C:\Windows\winsxs\amd64_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_bc4f6fa963a72036\tcpip.sys [2009-09-09 21:48] - [2009-08-15 17:55] - 1196032 ____A (Microsoft Corporation) D4E30E6BADFF21865C3A075457CF9C00 C:\Windows\winsxs\amd64_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.17021_none_bba931004aa006ed\tcpip.sys [2010-04-14 23:35] - [2010-02-18 07:25] - 1200640 ____A (Microsoft Corporation) 396CF3FD8D2A4FDF55570C01894DB9DF C:\Windows\winsxs\amd64_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16973_none_bb7549d64ac6920e\tcpip.sys [2010-02-09 17:51] - [2009-12-08 13:22] - 1199616 ____A (Microsoft Corporation) 2F822AF5E70467F827F5B4010A7FD57F C:\Windows\winsxs\amd64_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_bbc5fabc4a894d2a\tcpip.sys [2009-09-09 21:48] - [2009-08-14 09:44] - 1200640 ____A (Microsoft Corporation) 34B30202AECCB530FDDC6C6CCFA2FB46 C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22828_none_119f31fd35108d3a\tcpip.sys [2012-05-11 22:25] - [2012-03-30 07:45] - 1422720 ____A (Microsoft Corporation) AC8D5728E6AD6A7C4819D9A67008337A C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22719_none_11ab004d35078d79\tcpip.sys [2011-11-11 00:35] - [2011-09-20 16:06] - 1423744 ____A (Microsoft Corporation) 73BED5067ED53A9DF05FA8EAB42578D0 C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22662_none_116decc535366aa6\tcpip.sys [2011-08-09 21:26] - [2011-06-17 15:14] - 1424272 ____A (Microsoft Corporation) 19A7321E3A5F1DDB215D2815DCC8F8E4 C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22425_none_119c298735134c99\tcpip.sys [2010-08-11 15:45] - [2010-06-16 12:14] - 1424264 ____A (Microsoft Corporation) 0011810B5211FDACD784DE585262ECFE C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22341_none_118286a1352721f8\tcpip.sys [2010-04-14 23:35] - [2010-02-18 09:22] - 1423752 ____A (Microsoft Corporation) 4AD4600DF1F09EE7462152C061B683C8 C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22283_none_1159459f3545c743\tcpip.sys [2010-02-09 17:51] - [2009-12-08 15:04] - 1423944 ____A (Microsoft Corporation) EE84432AD7DCADE2931528C319C55097 C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_11acc42135079bb6\tcpip.sys [2009-09-09 21:48] - [2009-08-14 11:32] - 1424952 ____A (Microsoft Corporation) D45D67A18C9FD4CC637BC9D4585C0646 C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18604_none_112731fc1be6530b\tcpip.sys [2012-05-11 22:25] - [2012-03-30 07:45] - 1423744 ____A (Microsoft Corporation) 46D448E9117464E4D3BBF36D7E3FA48E C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18519_none_1121619c1be9f088\tcpip.sys [2011-11-11 00:35] - [2011-09-20 16:06] - 1426304 ____A (Microsoft Corporation) 2CC45D932BD193CD4117321D469AD6B2 C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18484_none_10d0aed01c273845\tcpip.sys [2011-08-09 21:26] - [2011-06-17 15:14] - 1427344 ____A (Microsoft Corporation) 4DAD14118FBCF7C609F2A4CE21FBCC5F C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18272_none_10d97a5c1c20ef58\tcpip.sys [2010-08-11 15:45] - [2010-06-16 12:11] - 1426816 ____A (Microsoft Corporation) 973658A2EA9C06B2976884B9046DFC6C C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18209_none_112c2bd61be1dd22\tcpip.sys [2010-04-14 23:35] - [2010-02-18 09:28] - 1427336 ____A (Microsoft Corporation) B4B7B375FDD672AF79B0CBE9B9A48B47 C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18160_none_10e247ce1c1aa392\tcpip.sys [2010-02-09 17:51] - [2009-12-08 15:22] - 1425480 ____A (Microsoft Corporation) E52F99B1160A1A1DE83223379D2C1828 C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_10c2d66e1c321395\tcpip.sys [2009-09-09 21:48] - [2009-08-14 11:39] - 1425992 ____A (Microsoft Corporation) A7BFF59C2F610F62E6C292074FF36A1E C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18005_none_112826e21be57d78\tcpip.sys [2009-09-10 22:21] - [2009-04-11 02:15] - 1426408 ____A (Microsoft Corporation) 99D07AD0EF2C535610F6573C29BC045E C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys [2010-08-11 15:45] - [2010-06-16 18:28] - 1414544 ____A (Microsoft Corporation) D43D5336BE9DD93E02EE124297295713 C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_0fabe61737f42f96\tcpip.sys [2010-04-14 23:35] - [2010-02-18 10:04] - 1414032 ____A (Microsoft Corporation) 4680D08A2E8A2509CD9B751D7AF59606 C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22577_none_0f81a4cb3813bb8a\tcpip.sys [2010-02-09 17:51] - [2009-12-08 16:13] - 1411656 ____A (Microsoft Corporation) D1A6D398865E0686533E13DD2558D64B C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_0f6c030d3823f645\tcpip.sys [2009-09-09 21:48] - [2009-08-14 11:42] - 1413208 ____A (Microsoft Corporation) 74B776CA1B328095FE23A3306B1613A3 C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22167_none_0f8c6d1f380baafd\tcpip.sys [2008-10-09 13:37] - [2008-04-26 03:47] - 1421368 ____A (Microsoft Corporation) F10A60005FB50698E33A1940C6EBB010 C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18493_none_0ede67001f09ee46\tcpip.sys [2010-08-11 15:45] - [2010-06-16 11:40] - 1420176 ____A (Microsoft Corporation) 7D86275FB640011B372FD566C0EAFA8D C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18427_none_0f2e179c1ecd900b\tcpip.sys [2010-04-14 23:35] - [2010-02-18 10:01] - 1420688 ____A (Microsoft Corporation) 30C4ABC8075DEA44D7E775D434AF1753 C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18377_none_0ef8061a1ef61e99\tcpip.sys [2010-02-09 17:51] - [2009-12-08 15:59] - 1418840 ____A (Microsoft Corporation) 8C94F5E4F9DE14A495BAA86F643CF31D C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_0f32e3e61ecadee9\tcpip.sys [2009-09-09 21:48] - [2009-08-14 13:05] - 1418840 ____A (Microsoft Corporation) 3BCD46BE9988B09D3510A0EF54F0D65B C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_0efecf2c1ef1a5d7\tcpip.sys [2008-10-09 13:37] - [2008-04-26 03:55] - 1421368 ____A (Microsoft Corporation) 8E041924441FF8755E5B4F135C8C3767 C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_0f3cadd61ec3b22c\tcpip.sys [2008-01-20 21:51] - [2008-01-20 21:51] - 1421368 ____A (Microsoft Corporation) 7A1183FBB802F5ABAD7FA18BC67E0858 C:\Windows\winsxs\amd64_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.0.6002.18005_none_784a7242679812c3\wscsvc.dll [2009-09-10 22:19] - [2009-04-11 02:11] - 0074752 ____A (Microsoft Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A C:\Windows\winsxs\amd64_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.0.6001.18000_none_765ef9366a764777\wscsvc.dll [2008-01-20 21:47] - [2008-01-20 21:47] - 0074752 ____A (Microsoft Corporation) CB8EA6D95949384925CCFCA21CC6DFD8 C:\Windows\winsxs\amd64_microsoft-windows-network-security_31bf3856ad364e35_6.0.6002.18005_none_2b2e8478e00a148b\BFE.DLL [2009-09-10 22:19] - [2009-04-11 02:11] - 0458240 ____A (Microsoft Corporation) FFB96C2589FFA60473EAD78B39FBDE29 C:\Windows\winsxs\amd64_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22713_none_29c4e48dfc0b3fe9\BFE.DLL [2010-08-11 15:45] - [2010-06-16 17:39] - 0458240 ____A (Microsoft Corporation) B66AEBF3B7073473468B941629242FBD C:\Windows\winsxs\amd64_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22636_none_29b243adfc18c6a9\BFE.DLL [2010-04-14 23:35] - [2010-02-18 09:23] - 0458240 ____A (Microsoft Corporation) F1D4D00050E2F8549884018F4D01C3F3 C:\Windows\winsxs\amd64_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22577_none_29880261fc38529d\BFE.DLL [2010-02-09 17:51] - [2009-12-08 15:28] - 0458240 ____A (Microsoft Corporation) 05CC586424CD65D8D7D06050AC4D7F82 C:\Windows\winsxs\amd64_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22497_none_297260a3fc488d58\BFE.DLL [2009-09-09 21:48] - [2009-08-14 11:01] - 0458240 ____A (Microsoft Corporation) 839DACB86F2D11191489EDD103F47C4F C:\Windows\winsxs\amd64_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22188_none_297e2b27fc3f9349\BFE.DLL [2008-10-09 13:37] - [2008-05-27 22:38] - 0458240 ____A (Microsoft Corporation) 5021ACFB1EE1B02E5BB9C118FC8FAF63 C:\Windows\winsxs\amd64_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.18000_none_29430b6ce2e8493f\BFE.DLL [2008-01-20 21:50] - [2008-01-20 21:50] - 0458240 ____A (Microsoft Corporation) BC4737AAFFA5964E4F8827C9B8C0EB8E C:\Windows\winsxs\amd64_microsoft-windows-network-security_31bf3856ad364e35_6.0.6000.21226_none_27d6ab2ffeea4fe2\BFE.DLL [2010-04-14 23:35] - [2010-02-18 09:32] - 0439808 ____A (Microsoft Corporation) 8BAD8F13C532948D2155015000CC0706 C:\Windows\winsxs\amd64_microsoft-windows-network-security_31bf3856ad364e35_6.0.6000.21175_none_279f9963ff13c519\BFE.DLL [2010-02-09 17:51] - [2009-12-08 15:24] - 0439808 ____A (Microsoft Corporation) 08B4F274353DBB82FC3606D3F9883743 C:\Windows\winsxs\amd64_microsoft-windows-network-security_31bf3856ad364e35_6.0.6000.21108_none_27ee49b5fed84d87\BFE.DLL [2009-09-09 21:48] - [2009-08-15 19:55] - 0439808 ____A (Microsoft Corporation) 1FDF25DA238612329E0484CD98831D01 C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6002.22600_none_4071364450fab2c7\dnsrslvr.dll [2011-04-15 00:03] - [2011-03-02 11:04] - 0117760 ____A (Microsoft Corporation) 2386A8AA5C09D86CE1D0B781736BDD3F C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6002.18416_none_3fe2c96337dfc9d1\dnsrslvr.dll [2011-04-15 00:03] - [2011-03-02 11:12] - 0117760 ____A (Microsoft Corporation) 06230F1B721494A6DF8D47FD395BB1B0 C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6002.18005_none_3fec916d37d89fed\dnsrslvr.dll [2009-09-10 22:20] - [2009-04-11 02:11] - 0117760 ____A (Microsoft Corporation) 21D16B37257370975C7457C3A5EFA530 C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6001.22866_none_3e4fe4aa53ffa02c\dnsrslvr.dll [2011-04-15 00:03] - [2011-03-02 09:52] - 0117760 ____A (Microsoft Corporation) B4E755E76A92C6405390C057CDB9EA93 C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6001.18611_none_3df754233abdf8d3\dnsrslvr.dll [2011-04-15 00:03] - [2011-03-02 10:10] - 0117760 ____A (Microsoft Corporation) DAF05293C1264E251D3A25E7E24B2DDF C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6001.18000_none_3e0118613ab6d4a1\dnsrslvr.dll [2008-01-20 21:48] - [2008-01-20 21:48] - 0117760 ____A (Microsoft Corporation) 93CE26DBED3182634F18DD2FE10E41BE C:\Windows\winsxs\amd64_microsoft-windows-dhcp-client-dll_31bf3856ad364e35_6.0.6002.18005_none_35643e2fe40f0bfc\dhcpcsvc.dll [2009-09-10 22:20] - [2009-04-11 02:11] - 0268288 ____A (Microsoft Corporation) 3ED0321127CE70ACDAABBF77E157C2A7 C:\Windows\winsxs\amd64_microsoft-windows-dhcp-client-dll_31bf3856ad364e35_6.0.6001.18000_none_3378c523e6ed40b0\dhcpcsvc.dll [2008-01-20 21:50] - [2008-01-20 21:50] - 0268288 ____A (Microsoft Corporation) FDAA0EDFCFB70CD529589AD654651B40 C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6002.22840_none_d46316e769910757\cryptsvc.dll [2012-06-13 22:43] - [2012-04-23 10:25] - 0177664 ____A (Microsoft Corporation) DD9C01648A6455278A441775CA59E2FD C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6002.18618_none_d401ea4a5053e14b\cryptsvc.dll [2012-06-13 22:43] - [2012-04-23 11:25] - 0174592 ____A (Microsoft Corporation) 62740B9D2A137E8CED41A9E4239A7A31 C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6002.18005_none_d409adf4504e8a6b\cryptsvc.dll [2009-09-10 22:20] - [2009-04-11 02:11] - 0166912 ____A (Microsoft Corporation) 18918613E63F387CDE4D95CA7D49DCF7 C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6001.18000_none_d21e34e8532cbf1f\cryptsvc.dll [2008-01-20 21:49] - [2008-01-20 21:49] - 0165376 ____A (Microsoft Corporation) 4374F784121D8B3BB466B03F5E5EBD33 C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6002.18005_none_c7d4f08bf35f3abe\rpcss.dll [2009-09-10 22:21] - [2009-04-11 02:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.22389_none_c6259b510f93cd21\rpcss.dll [2009-08-10 16:57] - [2009-03-02 23:59] - 0717824 ____A (Microsoft Corporation) 857E04C16007E60FCC0803239C853E78 C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18226_none_c5d9dd2ff64839ac\rpcss.dll [2009-08-10 16:57] - [2009-03-02 23:57] - 0718336 ____A (Microsoft Corporation) 52CDADE8289FF21F1F2215FF51A5F36C C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18000_none_c5e9777ff63d6f72\rpcss.dll [2008-01-20 21:51] - [2008-01-20 21:51] - 0713728 ____A (Microsoft Corporation) FF27BE0BA7B3C48D5C99AFCB56D436C2 C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.21023_none_c47a129912422fc2\rpcss.dll [2009-08-10 16:57] - [2009-03-02 23:35] - 0724992 ____A (Microsoft Corporation) 54FF562C2710BB610B019D723B16FB2A C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.16830_none_c3e2cce1f92f2ca2\rpcss.dll [2009-08-10 16:57] - [2009-03-02 23:40] - 0724992 ____A (Microsoft Corporation) 007F8DE7AC0F9386C3FD2EC7DC87C37A C:\Windows\winsxs\amd64_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6002.18005_none_6af7b3ad073cdcab\es.dll [2009-09-10 22:21] - [2009-04-11 02:11] - 0361984 ____A (Microsoft Corporation) E12F22B73F153DECE721CD45EC05B4AF C:\Windows\winsxs\amd64_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6001.22162_none_6956f87823678b7d\es.dll [2009-08-10 16:24] - [2008-04-18 01:40] - 0361984 ____A (Microsoft Corporation) AE5538074DF0BB8EE5A3ECB9F5460965 C:\Windows\winsxs\amd64_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6001.18057_none_68dd2d0b0a3d4e75\es.dll [2009-08-10 16:24] - [2008-04-17 23:42] - 0361984 ____A (Microsoft Corporation) 6B1A97BF9FEFBDC83F3C7C7D0F826C66 C:\Windows\winsxs\amd64_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6001.18000_none_690c3aa10a1b115f\es.dll [2008-01-20 21:48] - [2008-01-20 21:48] - 0354304 ____A (Microsoft Corporation) D8338E6B3C23AD36096A6FDABD039283 C:\Windows\winsxs\amd64_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6000.20818_none_67accd1026130408\es.dll [2009-08-10 16:24] - [2008-04-19 03:30] - 0361472 ____A (Microsoft Corporation) 7143F5F8D7FF0712B6D2F336495554FE C:\Windows\winsxs\amd64_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6000.16677_none_66e14e8d0d26f566\es.dll [2009-08-10 16:24] - [2008-04-19 03:32] - 0361472 ____A (Microsoft Corporation) 1782416278B378F80862187EEBC0A51C C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6002.18005_none_819ad97caef1480e\qmgr.dll [2009-09-10 22:21] - [2009-04-11 02:11] - 1081856 ____A (Microsoft Corporation) 6D316F4859634071CC25C4FD4589AD2C C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6001.18000_none_7faf6070b1cf7cc2\qmgr.dll [2008-01-20 21:50] - [2008-01-20 21:50] - 1082368 ____A (Microsoft Corporation) D896A0D43F8AB81ECB1FC6C24DECFD58 C:\Windows\SysWOW64\cryptsvc.dll [2012-06-13 22:43] - [2012-04-23 11:00] - 0133120 ____A (Microsoft Corporation) 75C6A297E364014840B48ECCD7525E30 C:\Windows\SysWOW64\dhcpcsvc.dll [2009-09-10 22:20] - [2009-04-11 01:28] - 0204288 ____A (Microsoft Corporation) 9028559C132146FB75EB7ACF384B086A C:\Windows\SysWOW64\es.dll [2009-09-10 22:21] - [2009-04-11 01:28] - 0268800 ____A (Microsoft Corporation) 67058C46504BC12D821F38CF99B7B28F C:\Windows\erdnt\cache86\cryptsvc.dll [2012-06-28 17:23] - [2012-04-23 11:00] - 0133120 ____A (Microsoft Corporation) 75C6A297E364014840B48ECCD7525E30 C:\Windows\erdnt\cache86\es.dll [2012-06-28 17:23] - [2009-04-11 01:28] - 0268800 ____A (Microsoft Corporation) 67058C46504BC12D821F38CF99B7B28F C:\Windows\erdnt\cache64\cryptsvc.dll [2012-06-28 17:23] - [2012-04-23 11:25] - 0174592 ____A (Microsoft Corporation) 62740B9D2A137E8CED41A9E4239A7A31 C:\Windows\erdnt\cache64\es.dll [2012-06-28 17:23] - [2009-04-11 02:11] - 0361984 ____A (Microsoft Corporation) E12F22B73F153DECE721CD45EC05B4AF C:\Windows\erdnt\cache64\qmgr.dll [2012-06-28 17:23] - [2009-04-11 02:11] - 1081856 ____A (Microsoft Corporation) 6D316F4859634071CC25C4FD4589AD2C C:\Windows\erdnt\cache64\rpcss.dll [2012-06-28 17:23] - [2009-04-11 02:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF C:\Windows\erdnt\cache64\tcpip.sys [2012-06-28 17:23] - [2012-03-30 07:45] - 1423744 ____A (Microsoft Corporation) 46D448E9117464E4D3BBF36D7E3FA48E C:\Users\Brad\AppData\Local\Google\Chrome\Application\20.0.1132.57\Locales\es.dll [2012-07-12 23:40] - [2012-07-09 23:07] - 0008216 ____A () D088A143E3692E65FCEECBEAF6B66E08 C:\Users\Brad\AppData\Local\Google\Chrome\Application\20.0.1132.47\Locales\es.dll [2012-06-30 18:39] - [2012-06-28 05:27] - 0008216 ____A () 8C4CBA187C451FAE0C9C1674B9C3AC39 ====== End Of Search ====== I guess it is a little more stable, not near the movement up and down in the speed. Connection signal is still excelent, but speed hangs around 135 to 165. Boot up is better, but about every third or fourt boot, its gets to the point that the task bar loads, has a blank desktop (black) and stalls for about a minute and then loads. -
Having several issues, not sure what is happening
Bartley replied to Bartley's topic in Resolved Malware Removal Logs
Farbar Service Scanner Version: 08-07-2012 Ran by Brad (administrator) on 11-07-2012 at 22:53:12 Running from "C:\Users\Brad\Desktop" Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo IP is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Security Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ File Check: ======== C:\Windows\System32\nsisvc.dll => MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit C:\Windows\System32\dhcpcsvc.dll [2009-09-10 22:20] - [2009-04-11 02:11] - 0268288 ____A (Microsoft Corporation) 3ED0321127CE70ACDAABBF77E157C2A7 C:\Windows\System32\drivers\afd.sys [2012-02-15 20:30] - [2012-01-03 09:25] - 0404992 ____A (Microsoft Corporation) C4F6CE6087760AD70960C9EB130E7943 C:\Windows\System32\drivers\tdx.sys => MD5 is legit C:\Windows\System32\Drivers\tcpip.sys [2012-05-11 22:25] - [2012-03-30 07:45] - 1423744 ____A (Microsoft Corporation) 46D448E9117464E4D3BBF36D7E3FA48E C:\Windows\System32\dnsrslvr.dll [2011-04-15 00:03] - [2011-03-02 11:12] - 0117760 ____A (Microsoft Corporation) 06230F1B721494A6DF8D47FD395BB1B0 C:\Windows\System32\mpssvc.dll [2009-09-10 22:20] - [2009-04-11 02:11] - 0603136 ____A (Microsoft Corporation) 897E3BAF68BA406A61682AE39C83900C C:\Windows\System32\bfe.dll [2009-09-10 22:19] - [2009-04-11 02:11] - 0458240 ____A (Microsoft Corporation) FFB96C2589FFA60473EAD78B39FBDE29 C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit C:\Windows\System32\SDRSVC.dll => MD5 is legit C:\Windows\System32\vssvc.exe [2009-09-10 22:21] - [2009-04-11 02:11] - 1433600 ____A (Microsoft Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1 C:\Windows\System32\wscsvc.dll [2009-09-10 22:19] - [2009-04-11 02:11] - 0074752 ____A (Microsoft Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A C:\Windows\System32\wbem\WMIsvc.dll [2009-09-10 22:20] - [2009-04-11 02:11] - 0221696 ____A (Microsoft Corporation) D2E7296ED1BD26D8DB2799770C077A02 C:\Windows\System32\wuaueng.dll => MD5 is legit C:\Windows\System32\qmgr.dll [2009-09-10 22:21] - [2009-04-11 02:11] - 1081856 ____A (Microsoft Corporation) 6D316F4859634071CC25C4FD4589AD2C C:\Windows\System32\es.dll [2009-09-10 22:21] - [2009-04-11 02:11] - 0361984 ____A (Microsoft Corporation) E12F22B73F153DECE721CD45EC05B4AF C:\Windows\System32\cryptsvc.dll [2012-06-13 22:43] - [2012-04-23 11:25] - 0174592 ____A (Microsoft Corporation) 62740B9D2A137E8CED41A9E4239A7A31 C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\rpcss.dll [2009-09-10 22:21] - [2009-04-11 02:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF **** End of log **** here is the minitool log MiniToolBox by Farbar Version: 25-06-2012 Ran by Brad (administrator) on 11-07-2012 at 22:46:04 Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64) Boot Mode: Normal *************************************************************************** ========================= Flush DNS: =================================== Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========================= IE Proxy Settings: ============================== Proxy is not enabled. No Proxy Server is set. "Reset IE Proxy Settings": IE Proxy Settings were reset. ========================= FF Proxy Settings: ============================== "network.proxy.type", 0 "Reset FF Proxy Settings": Firefox Proxy settings were reset. ========================= Hosts content: ================================= 127.0.0.1 localhost ========================= IP Configuration: ================================ Intel® WiFi Link 5100 AGN = Wireless Network Connection (Connected) Marvell Yukon 88E8071 PCI-E Gigabit Ethernet Controller = Local Area Connection (Media disconnected) # ---------------------------------- # IPv4 Configuration # ---------------------------------- pushd interface ipv4 reset set global popd # End of IPv4 configuration Windows IP Configuration Host Name . . . . . . . . . . . . : Brad-PC Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Broadcast IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No Wireless LAN adapter Wireless Network Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel® WiFi Link 5100 AGN Physical Address. . . . . . . . . : 00-21-6B-02-AC-DA DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::c08d:9faf:3025:a61b%13(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.10.103(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : Wednesday, July 11, 2012 10:34:21 PM Lease Expires . . . . . . . . . . : Wednesday, July 18, 2012 10:34:20 PM Default Gateway . . . . . . . . . : 192.168.10.1 DHCP Server . . . . . . . . . . . : 192.168.10.1 DHCPv6 IAID . . . . . . . . . . . : 301998443 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-12-60-D1-00-1D-72-E9-41-9F DNS Servers . . . . . . . . . . . : 192.168.10.1 NetBIOS over Tcpip. . . . . . . . : Enabled Ethernet adapter Local Area Connection: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Marvell Yukon 88E8071 PCI-E Gigabit Ethernet Controller Physical Address. . . . . . . . . : 00-1D-72-E9-41-9F DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Tunnel adapter Local Area Connection* 6: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : isatap.{0B3F27C9-B9D9-42D6-9893-4D145E057DD2} Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Local Area Connection* 7: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : isatap.{E62D08BD-8FE8-4AA1-890F-5AD8D92CABBB} Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Local Area Connection* 11: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Physical Address. . . . . . . . . : 02-00-54-55-4E-01 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:108c:2ae:3f57:f598(Preferred) Link-local IPv6 Address . . . . . : fe80::108c:2ae:3f57:f598%11(Preferred) Default Gateway . . . . . . . . . : :: NetBIOS over Tcpip. . . . . . . . : Disabled Server: TRENDnet Address: 192.168.10.1 Name: google.com Addresses: 2607:f8b0:4009:800::1006 74.125.225.32 74.125.225.35 74.125.225.41 74.125.225.38 74.125.225.46 74.125.225.33 74.125.225.39 74.125.225.36 74.125.225.37 74.125.225.34 74.125.225.40 Pinging google.com [74.125.225.40] with 32 bytes of data: Reply from 74.125.225.40: bytes=32 time=34ms TTL=54 Reply from 74.125.225.40: bytes=32 time=26ms TTL=54 Ping statistics for 74.125.225.40: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 26ms, Maximum = 34ms, Average = 30ms Server: TRENDnet Address: 192.168.10.1 Name: yahoo.com Addresses: 98.139.183.24 72.30.38.140 209.191.122.70 Pinging yahoo.com [209.191.122.70] with 32 bytes of data: Reply from 209.191.122.70: bytes=32 time=27ms TTL=53 Reply from 209.191.122.70: bytes=32 time=27ms TTL=53 Ping statistics for 209.191.122.70: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 27ms, Maximum = 27ms, Average = 27ms Server: TRENDnet Address: 192.168.10.1 Name: bleepingcomputer.com Address: 208.43.87.2 Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data: Reply from 208.43.87.2: Destination host unreachable. Reply from 208.43.87.2: Destination host unreachable. Ping statistics for 208.43.87.2: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Pinging 127.0.0.1 with 32 bytes of data: Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms =========================================================================== Interface List 13 ...00 21 6b 02 ac da ...... Intel® WiFi Link 5100 AGN 10 ...00 1d 72 e9 41 9f ...... Marvell Yukon 88E8071 PCI-E Gigabit Ethernet Controller 1 ........................... Software Loopback Interface 1 14 ...00 00 00 00 00 00 00 e0 isatap.{0B3F27C9-B9D9-42D6-9893-4D145E057DD2} 15 ...00 00 00 00 00 00 00 e0 isatap.{E62D08BD-8FE8-4AA1-890F-5AD8D92CABBB} 11 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface =========================================================================== IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.10.1 192.168.10.103 25 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 192.168.10.0 255.255.255.0 On-link 192.168.10.103 281 192.168.10.103 255.255.255.255 On-link 192.168.10.103 281 192.168.10.255 255.255.255.255 On-link 192.168.10.103 281 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 192.168.10.103 281 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 192.168.10.103 281 =========================================================================== Persistent Routes: None IPv6 Route Table =========================================================================== Active Routes: If Metric Network Destination Gateway 11 18 ::/0 On-link 1 306 ::1/128 On-link 11 18 2001::/32 On-link 11 266 2001:0:5ef5:79fd:108c:2ae:3f57:f598/128 On-link 13 281 fe80::/64 On-link 11 266 fe80::/64 On-link 11 266 fe80::108c:2ae:3f57:f598/128 On-link 13 281 fe80::c08d:9faf:3025:a61b/128 On-link 1 306 ff00::/8 On-link 11 266 ff00::/8 On-link 13 281 ff00::/8 On-link =========================================================================== Persistent Routes: None ========================= Winsock entries ===================================== Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [48128] (Microsoft Corporation) Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [50176] (Microsoft Corporation) Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation) Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation) Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation) Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [19968] (Microsoft Corporation) Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation) Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation) Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation) Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation) Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation) Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation) Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation) Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation) Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation) Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation) x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [61440] (Microsoft Corporation) x64-Catalog5 02 C:\Windows\System32\napinsp.dll [62976] (Microsoft Corporation) x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation) x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation) x64-Catalog5 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation) x64-Catalog5 06 C:\Windows\System32\winrnr.dll [27648] (Microsoft Corporation) x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.) x64-Catalog9 01 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation) x64-Catalog9 02 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation) x64-Catalog9 03 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation) x64-Catalog9 04 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation) x64-Catalog9 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation) x64-Catalog9 06 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation) x64-Catalog9 07 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation) x64-Catalog9 08 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation) x64-Catalog9 09 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation) x64-Catalog9 10 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation) ========================= Event log errors: =============================== Application errors: ================== Error: (07/11/2012 10:39:35 PM) (Source: Windows Search Service) (User: ) Description: The entry <C:\USERS\BRAD\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\FQ24D5IS.DEFAULT\CACHE\0\99\B9527D01> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (07/11/2012 10:39:35 PM) (Source: Windows Search Service) (User: ) Description: The entry <C:\USERS\BRAD\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\FQ24D5IS.DEFAULT\CACHE\0\99\B9527D01> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (07/11/2012 10:39:35 PM) (Source: Windows Search Service) (User: ) Description: The entry <C:\USERS\BRAD\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\FQ24D5IS.DEFAULT\CACHE\5\36\CD46CD01> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (07/11/2012 10:39:35 PM) (Source: Windows Search Service) (User: ) Description: The entry <C:\USERS\BRAD\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\FQ24D5IS.DEFAULT\CACHE\5\36\CD46CD01> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (07/11/2012 10:39:34 PM) (Source: Windows Search Service) (User: ) Description: The entry <C:\USERS\BRAD\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\FQ24D5IS.DEFAULT\CACHE\7\0D> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (07/11/2012 10:39:34 PM) (Source: Windows Search Service) (User: ) Description: The entry <C:\USERS\BRAD\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\FQ24D5IS.DEFAULT\CACHE\7\0D> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (07/11/2012 10:39:28 PM) (Source: Windows Search Service) (User: ) Description: The entry <C:\USERS\BRAD\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\FQ24D5IS.DEFAULT\CACHE\0\27\940A3D01> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (07/11/2012 10:39:28 PM) (Source: Windows Search Service) (User: ) Description: The entry <C:\USERS\BRAD\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\FQ24D5IS.DEFAULT\CACHE\0\27\940A3D01> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (07/11/2012 10:39:27 PM) (Source: Windows Search Service) (User: ) Description: The entry <C:\USERS\BRAD\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\FQ24D5IS.DEFAULT\CACHE\2\E7> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (07/11/2012 10:39:27 PM) (Source: Windows Search Service) (User: ) Description: The entry <C:\USERS\BRAD\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\FQ24D5IS.DEFAULT\CACHE\2\E7> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) System errors: ============= Error: (07/11/2012 10:35:56 PM) (Source: Service Control Manager) (User: ) Description: Beep Error: (07/11/2012 10:34:13 PM) (Source: EventLog) (User: ) Description: The previous system shutdown at 10:32:35 PM on 7/11/2012 was unexpected. Error: (07/11/2012 10:23:21 PM) (Source: Service Control Manager) (User: ) Description: Beep Error: (07/11/2012 10:23:21 PM) (Source: Service Control Manager) (User: ) Description: BingBar Service%%1053 Error: (07/11/2012 10:23:21 PM) (Source: Service Control Manager) (User: ) Description: 30000BingBar Service Error: (07/11/2012 10:23:21 PM) (Source: Service Control Manager) (User: ) Description: Apple Mobile Device%%1053 Error: (07/11/2012 10:23:21 PM) (Source: Service Control Manager) (User: ) Description: 30000Apple Mobile Device Error: (07/11/2012 10:23:21 PM) (Source: Service Control Manager) (User: ) Description: SAS Core Service%%1053 Error: (07/11/2012 10:23:21 PM) (Source: Service Control Manager) (User: ) Description: 30000SAS Core Service Error: (07/11/2012 10:18:59 PM) (Source: DCOM) (User: ) Description: {6295DF2D-35EE-11D1-8707-00C04FD93327} Microsoft Office Sessions: ========================= =========================== Installed Programs ============================ 64 Bit HP CIO Components Installer (Version: 6.2.2) Apple Mobile Device Support (Version: 5.1.1.4) Bonjour (Version: 3.0.0.10) Canon MP280 series MP Drivers CCleaner (Version: 3.19) Conexant HD Audio (Version: 4.57.0.50) CPUID HWMonitor 1.17 EasyBits GO GameRanger Google Chrome (Version: 20.0.1132.47) HDAUDIO Soft Data Fax Modem with SmartCP (Version: 7.73.00.52) HP Customer Participation Program 14.0 (Version: 14.0) HP Deskjet F4500 All-in-One Driver Software 14.0 Rel. 6 (Version: 14.0) HP Imaging Device Functions 14.0 (Version: 14.0) HP Smart Web Printing 4.60 (Version: 4.60) HP Solution Center 14.0 (Version: 14.0) iCloud (Version: 1.1.0.40) Intel® Matrix Storage Manager iTunes (Version: 10.6.1.7) Marvell Miniport Driver (Version: 10.63.3.3) Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000) Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053) Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1) MobileMe Control Panel (Version: 3.1.8.0) MSVC80_x64_v2 (Version: 1.0.3.0) MSVC90_x64 (Version: 1.0.1.2) Network64 (Version: 140.0.215.000) NVIDIA Control Panel 285.62 (Version: 285.62) NVIDIA Graphics Driver 285.62 (Version: 285.62) NVIDIA HD Audio Driver 1.2.24.0 (Version: 1.2.24.0) NVIDIA Install Application (Version: 2.1002.46.235) NVIDIA PhysX System Software 9.11.0621 (Version: 9.11.0621) NVIDIA Update 1.5.20 (Version: 1.5.20) NVIDIA Update Components (Version: 1.5.20) O2Micro Flash Memory Card Reader Driver (x64) (Version: 3.24.1) Octoshape add-in for Adobe Flash Player PDF-Viewer (Version: 2.0.54.0) Shop for HP Supplies (Version: 14.0) SmartAudio (Version: 2.50.13.0) SUPERAntiSpyware (Version: 5.0.1108) Synaptics Pointing Device Driver (Version: 10.2.4.0) Unity Web Player (Version: 2.6.1f3_31223) Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.4) (Version: 06/01/2009 7.01.0.4) Windows Driver Package - Nokia Modem (10/05/2009 4.2) (Version: 10/05/2009 4.2) Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0) Windows Live Family Safety (Version: 15.4.3502.0922) Windows Live ID Sign-in Assistant (Version: 7.250.4225.0) Windows Live Language Selector (Version: 15.4.3508.1109) Windows Live MIME IFilter (Version: 15.4.3502.0922) Windows Live Remote Client (Version: 15.4.5722.2) Windows Live Remote Client Resources (Version: 15.4.5722.2) Windows Live Remote Service (Version: 15.4.5722.2) Windows Live Remote Service Resources (Version: 15.4.5722.2) WinRAR archiver ========================= Devices: ================================ Name: Deskjet F4500 series Description: Deskjet F4500 series Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f} Manufacturer: HP Service: StillCam Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Deskjet F4500 series Description: Deskjet F4500 series Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} Manufacturer: HP Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Deskjet 3050 J610 series Description: Deskjet 3050 J610 series Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} Manufacturer: HP Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Photosmart D110 series Description: Photosmart D110 series Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} Manufacturer: HP Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ========================= Memory info: =================================== Percentage of memory in use: 48% Total physical RAM: 4089.96 MB Available physical RAM: 2111.47 MB Total Pagefile: 8367.19 MB Available Pagefile: 5879.28 MB Total Virtual: 4095.88 MB Available Virtual: 3996.66 MB ========================= Partitions: ===================================== 1 Drive c: (OS) (Fixed) (Total:288.32 GB) (Free:100.61 GB) NTFS ========================= Users: ======================================== User accounts for \\BRAD-PC Administrator Brad Guest UpdatusUser ========================= Minidump Files ================================== C:\Windows\Minidump\Mini062212-01.dmp **** End of log **** -
Having several issues, not sure what is happening
Bartley replied to Bartley's topic in Resolved Malware Removal Logs
everything seem good, other than the strange wireless networking issue with very well might not be related -
Having several issues, not sure what is happening
Bartley replied to Bartley's topic in Resolved Malware Removal Logs
ok, did it. It said it was the same version, so to make sure i uninstalled the current version I had, and reinstalled the latest version. -
Having several issues, not sure what is happening
Bartley replied to Bartley's topic in Resolved Malware Removal Logs
ok, here they are Status: Disinfected (events: 6) 7/7/2012 2:06:21 AM Disinfected Trojan program Exploit.Java.CVE-2010-0840.g C:\Documents and Settings\Brad\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\41fc65eb-4411d3d7 High 7/7/2012 2:06:21 AM Disinfected Trojan program Exploit.Java.CVE-2010-0840.g C:\Documents and Settings\Brad\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\41fc65eb-4411d3d7/part2/jilo3.class High 7/7/2012 2:06:22 AM Disinfected Trojan program Trojan-Downloader.Java.Agent.ja C:\Documents and Settings\Brad\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\458317b9-19ec2083 High 7/7/2012 2:06:22 AM Disinfected Trojan program Trojan-Downloader.Java.Agent.ja C:\Documents and Settings\Brad\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\458317b9-19ec2083/RequiredJavaComponent.class High 7/7/2012 2:06:21 AM Disinfected Trojan program Trojan-Downloader.Java.Small.f C:\Documents and Settings\Brad\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\fad2d88-68609f1d High 7/7/2012 2:06:21 AM Disinfected Trojan program Trojan-Downloader.Java.Small.f C:\Documents and Settings\Brad\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\fad2d88-68609f1d/main.class High -
Having several issues, not sure what is happening
Bartley replied to Bartley's topic in Resolved Malware Removal Logs
yes. only one thing, some kind of coupon printer .exe program. Is there a log that tells what it was? -
Having several issues, not sure what is happening
Bartley replied to Bartley's topic in Resolved Malware Removal Logs
very short log, ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK -
Having several issues, not sure what is happening
Bartley replied to Bartley's topic in Resolved Malware Removal Logs
ComboFix 12-06-28.03 - Brad 06/28/2012 16:46:22.1.2 - x64 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4090.2346 [GMT -5:00] Running from: c:\users\Brad\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-28 ))))))))))))))))))))))))))))))) . . 2012-06-28 22:00 . 2012-06-28 22:00 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-06-28 22:00 . 2012-06-28 22:00 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-25 04:12 . 2012-06-25 06:43 -------- d-----w- C:\OEM 2012-06-22 07:12 . 2012-06-22 07:12 677136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2012-06-17 03:40 . 2012-06-17 03:40 -------- d-----w- c:\program files (x86)\ESET 2012-06-16 06:23 . 2012-06-16 06:29 -------- d-----w- C:\MGtools 2012-06-16 06:08 . 2012-06-16 06:08 -------- d-----w- c:\program files\HitmanPro 2012-06-16 06:07 . 2012-06-16 06:10 -------- d-----w- c:\programdata\HitmanPro 2012-06-15 05:48 . 2012-06-15 05:48 -------- d-----w- c:\users\Brad\AppData\Roaming\QuickScan 2012-06-15 05:09 . 2012-06-15 05:09 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-06-15 05:08 . 2012-06-15 05:08 772592 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-06-15 05:05 . 2012-06-15 05:05 955840 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-06-15 05:05 . 2012-06-15 05:05 839096 ----a-w- c:\windows\system32\deployJava1.dll 2012-06-15 05:05 . 2012-06-15 05:05 -------- d-----w- c:\program files\Java 2012-06-15 04:42 . 2012-06-23 05:41 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-06-15 04:42 . 2012-06-23 05:41 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-06-15 03:37 . 2012-06-15 03:37 -------- d-----w- c:\users\Brad\AppData\Local\Macromedia 2012-06-14 03:43 . 2012-05-01 14:29 209920 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-06-14 03:43 . 2012-04-23 16:25 132096 ----a-w- c:\windows\system32\cryptnet.dll 2012-06-14 03:43 . 2012-04-23 16:25 1267200 ----a-w- c:\windows\system32\crypt32.dll 2012-06-14 03:43 . 2012-04-23 16:00 984064 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-06-14 03:43 . 2012-04-23 16:25 174592 ----a-w- c:\windows\system32\cryptsvc.dll 2012-06-14 03:43 . 2012-04-23 16:00 98304 ----a-w- c:\windows\SysWow64\cryptnet.dll 2012-06-14 03:43 . 2012-04-23 16:00 133120 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-06-14 03:43 . 2012-05-15 20:15 2767360 ----a-w- c:\windows\system32\win32k.sys 2012-06-07 05:33 . 2012-06-07 05:33 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll 2012-06-07 05:33 . 2012-06-07 05:33 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-15 05:08 . 2010-04-26 13:00 687600 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-05-18 03:32 . 2008-10-09 19:09 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll 2012-05-18 03:32 . 2008-10-09 19:09 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll 2012-04-19 01:56 . 2012-04-19 01:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2012-04-19 01:56 . 2012-04-19 01:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts 2012-04-04 20:56 . 2009-10-04 03:12 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-03 08:22 . 2012-05-12 03:24 4699520 ----a-w- c:\windows\system32\ntoskrnl.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-02 1242448] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-06-24 4786048] "MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Salmosa"="c:\program files (x86)\Razer\Salmosa\razerhid.exe" [2008-08-21 139264] "avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-03-06 4241512] "Jomantha"="c:\program files (x86)\n52te\n52teHid.exe" [2008-06-13 159744] "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled] "Camera Assistant Software"="c:\program files\Camera Assistant Software for Gateway\traybar.exe" "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" "Jomantha"="c:\program files (x86)\n52te\n52teHid.exe" "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" . R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-28 140672] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs Themes . Contents of the 'Scheduled Tasks' folder . 2012-06-28 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-15 05:41] . 2011-07-04 c:\windows\Tasks\GlaryInitialize.job - c:\program files (x86)\Glary Utilities\initialize.exe [2010-01-18 13:25] . 2012-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cac6bd574fab30.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-18 04:38] . 2012-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-18 04:38] . 2012-06-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2646544230-175470749-843411820-1000Core.job - c:\users\Brad\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-12 17:37] . 2012-06-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2646544230-175470749-843411820-1000UA.job - c:\users\Brad\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-12 17:37] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-03-06 23:15 135408 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1220392] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0809&m=p-7805u&c=BB mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: juno.com Trusted Zone: netzero.com Trusted Zone: netzero.net TCP: DhcpNameServer = 192.168.10.1 CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll FF - ProfilePath - c:\users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\fq24d5is.default\ FF - prefs.js: browser.startup.homepage - hxxp://m.www.yahoo.com/ FF - prefs.js: network.proxy.type - 0 FF - user.js: yahoo.homepage.dontask - true . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe SafeBoot-WudfPf SafeBoot-WudfRd SafeBoot-SolutoService HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe HKLM-Run-ATT-SST_McciTrayApp - c:\program files\ATT-SST\McciTrayApp.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-2646544230-175470749-843411820-1000\Software\SecuROM\License information*] "datasecu"=hex:00,d8,76,56,49,d2,7d,9a,26,71,79,28,50,1c,40,b3,09,18,ce,17,47, 05,46,e3,fc,0f,f5,6b,d0,c2,22,92,3b,3b,df,77,bb,3e,64,cc,73,3f,f2,7c,99,21,\ "rkeysecu"=hex:6e,a6,25,e3,e8,4c,31,00,0b,b8,b6,5a,88,df,a2,b1 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}] @Denied: (A 2) (Everyone) @SACL= @="IFlashBroker" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid] @Denied: (A 2) (Everyone) @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib] @="{6EF568F4-D437-4466-AA63-A3645136D93E}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}] @Denied: (A 2) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0] @="Shockwave Flash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] @Denied: (A 2) (Everyone) @="" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0] @="FlashBroker" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . ------------------------ Other Running Processes ------------------------ . c:\program files\Alwil Software\Avast5\AvastSvc.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe c:\program files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe c:\program files (x86)\Hawking\Common\RaRegistry.exe c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe c:\program files (x86)\Razer\Salmosa\razerofa.exe c:\program files (x86)\Common Files\Steam\SteamService.exe . ************************************************************************** . Completion time: 2012-06-28 17:24:29 - machine was rebooted ComboFix-quarantined-files.txt 2012-06-28 22:24 . Pre-Run: 117,207,724,032 bytes free Post-Run: 117,266,149,376 bytes free . - - End Of File - - 4BDAB7A6CE16A5C35BD203FA1294C937 -
Having several issues, not sure what is happening
Bartley replied to Bartley's topic in Resolved Malware Removal Logs
. DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.0 Run by Brad at 1:17:33 on 2012-06-28 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4090.2160 [GMT -5:00] . AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\spool\DRIVERS\x64\3\HP1006MC.EXE C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\Program Files (x86)\Steam\steam.exe C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\Windows\ehome\ehtray.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\ehome\ehmsas.exe C:\Program Files (x86)\Hawking\Common\RaRegistry.exe C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe C:\Program Files (x86)\Hawking\Common\RaRegistry64.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Razer\Salmosa\razerhid.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Program Files (x86)\n52te\n52teHid.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Razer\Salmosa\razerofa.exe C:\Windows\system32\DRIVERS\xaudio64.exe C:\Windows\system32\svchost.exe -k HPService C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Common Files\Steam\SteamService.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe \\?\C:\Windows\system32\wbem\WMIADAP.EXE C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.yahoo.com/ uDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0809&m=p-7805u&c=BB uSearch Page = uSearch Bar = mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0809&m=p-7805u&c=BB mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0809&m=p-7805u&c=BB uInternet Settings,ProxyOverride = *.local mSearchAssistant = BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files (x86)\google\googletoolbar1.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\3.1.415.1646\swg.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files (x86)\google\googletoolbar1.dll TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll" TB: {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} - No File EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe uRun: [Google Update] "C:\Users\Brad\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe uRun: [<NO NAME>] uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe mRun: [salmosa] "C:\Program Files (x86)\Razer\Salmosa\razerhid.exe" mRun: [<NO NAME>] mRun: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui mRun: [Jomantha] "C:\Program Files (x86)\n52te\n52teHid.exe" mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll Trusted Zone: juno.com Trusted Zone: netzero.com Trusted Zone: netzero.net DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab TCP: DhcpNameServer = 192.168.10.1 TCP: Interfaces\{0B3F27C9-B9D9-42D6-9893-4D145E057DD2} : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{DD98F61F-A28A-4350-ABF6-549873407C1E} : DhcpNameServer = 192.168.10.1 TCP: Interfaces\{E62D08BD-8FE8-4AA1-890F-5AD8D92CABBB} : DhcpNameServer = 192.168.10.1 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO-X64: HP Print Enhancer - No File BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\google\googletoolbar1.dll BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\3.1.415.1646\swg.dll BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll BHO-X64: HP Smart BHO Class - No File TB-X64: &Google: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\google\googletoolbar1.dll TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll" TB-X64: {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} - No File EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File mRun-x64: [salmosa] "C:\Program Files (x86)\Razer\Salmosa\razerhid.exe" mRun-x64: [(Default)] mRun-x64: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui mRun-x64: [Jomantha] "C:\Program Files (x86)\n52te\n52teHid.exe" mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" IE-X64: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\fq24d5is.default\ FF - prefs.js: browser.startup.homepage - hxxp://m.www.yahoo.com/ FF - prefs.js: network.proxy.type - 0 FF - component: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.17\npGoogleOneClick8.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll FF - plugin: C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll FF - plugin: C:\Users\Brad\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: C:\Users\Brad\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\fq24d5is.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll . ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true ============= SERVICES / DRIVERS =============== . R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?] R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?] R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928] R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368] R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-7-18 140672] R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?] R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?] R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-1-16 44768] R2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816] R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?] R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504] R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2010-2-19 517632] R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-12-31 2253120] R2 RalinkRegistryWriter;Ralink Registry Writer;C:\Program Files (x86)\Hawking\Common\RaRegistry.exe [2009-11-17 185632] R2 RalinkRegistryWriter64;Ralink Registry Writer 64;C:\Program Files (x86)\Hawking\Common\RaRegistry64.exe [2009-11-17 212256] R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?] R3 NETwNv64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETwNv64.sys --> C:\Windows\system32\DRIVERS\NETwNv64.sys [?] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?] R3 O2MDRDR;O2MDRDR;C:\Windows\system32\DRIVERS\o2mdx64.sys --> C:\Windows\system32\DRIVERS\o2mdx64.sys [?] R3 O2SDRDR;O2SDRDR;C:\Windows\system32\DRIVERS\o2sdx64.sys --> C:\Windows\system32\DRIVERS\o2sdx64.sys [?] R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x64.sys --> C:\Windows\system32\DRIVERS\yk60x64.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-17 135664] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-5 160944] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-14 250056] S3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408] S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2010-11-25 14216] S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2010-11-25 8456] S3 fssfltr;FssFltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-17 135664] S3 JmtFltr;n52te;C:\Windows\system32\drivers\JmtFltr.sys --> C:\Windows\system32\drivers\JmtFltr.sys [?] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-4 113120] S3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;C:\Windows\system32\DRIVERS\netr28ux.sys --> C:\Windows\system32\DRIVERS\netr28ux.sys [?] S3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw5v64.sys --> C:\Windows\system32\DRIVERS\NETw5v64.sys [?] S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968] S3 salmosa;Razer Salmosa;C:\Windows\system32\drivers\salmosa.sys --> C:\Windows\system32\drivers\salmosa.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768] S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-10 89920] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] S4 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx64coinst,serviceStartProc --> RUNDLL32.EXE ykx64coinst,serviceStartProc [?] . =============== File Associations =============== . JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %* . =============== Created Last 30 ================ . 2012-06-25 04:12:10 -------- d-----w- C:\OEM 2012-06-22 07:12:45 677136 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2012-06-17 03:40:49 -------- d-----w- C:\Program Files (x86)\ESET 2012-06-16 06:23:19 -------- d-----w- C:\MGtools 2012-06-16 06:08:29 -------- d-----w- C:\Program Files\HitmanPro 2012-06-16 06:07:19 -------- d-----w- C:\ProgramData\HitmanPro 2012-06-15 05:48:42 -------- d-----w- C:\Users\Brad\AppData\Roaming\QuickScan 2012-06-15 05:08:39 772592 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2012-06-15 05:05:53 955840 ----a-w- C:\Windows\System32\npDeployJava1.dll 2012-06-15 05:05:53 839096 ----a-w- C:\Windows\System32\deployJava1.dll 2012-06-15 04:42:03 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-06-15 04:42:03 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-06-15 03:37:38 -------- d-----w- C:\Users\Brad\AppData\Local\Macromedia 2012-06-14 03:43:33 209920 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-06-14 03:43:29 984064 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-06-14 03:43:29 132096 ----a-w- C:\Windows\System32\cryptnet.dll 2012-06-14 03:43:29 1267200 ----a-w- C:\Windows\System32\crypt32.dll 2012-06-14 03:43:28 98304 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2012-06-14 03:43:28 174592 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-06-14 03:43:28 133120 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-06-14 03:43:14 2767360 ----a-w- C:\Windows\System32\win32k.sys 2012-06-07 05:33:43 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll 2012-06-07 05:33:43 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll . ==================== Find3M ==================== . 2012-06-15 05:08:09 687600 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-06-02 22:12:13 88576 ----a-w- C:\Windows\SysWow64\wudriver.dll 2012-06-02 20:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-06-02 20:19:42 171904 ----a-w- C:\Windows\SysWow64\wuwebv.dll 2012-06-02 20:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-06-02 20:12:20 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe 2012-05-18 03:32:50 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll 2012-05-18 03:32:50 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll 2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll 2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-04-19 01:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx 2012-04-19 01:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts 2012-04-04 20:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-04-03 08:22:15 4699520 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-03-30 12:45:03 1423744 ----a-w- C:\Windows\System32\drivers\tcpip.sys . ============= FINISH: 1:18:15.07 =============== Boots faster and does not freeze up. Still have horrible wireless speed, but have excellent signal -
Having several issues, not sure what is happening
Bartley replied to Bartley's topic in Resolved Malware Removal Logs
MBRCheck, version 1.2.3 © 2010, AD Command-line: Windows Version: Windows Vista Home Premium Edition Windows Information: Service Pack 2 (build 6002), 64-bit Base Board Manufacturer: Gateway BIOS Manufacturer: Phoenix Technologies LTD System Manufacturer: Gateway System Product Name: P-7805u Logical Drives Mask: 0x0000000c Kernel Drivers (total 156): 0x02C4D000 \SystemRoot\system32\ntoskrnl.exe 0x02C07000 \SystemRoot\system32\hal.dll 0x00604000 \SystemRoot\system32\kdcom.dll 0x0060E000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x00649000 \SystemRoot\system32\PSHED.dll 0x0065D000 \SystemRoot\system32\CLFS.SYS 0x006BA000 \SystemRoot\system32\CI.dll 0x0080B000 \SystemRoot\system32\drivers\Wdf01000.sys 0x008AF000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x008BE000 \SystemRoot\system32\drivers\acpi.sys 0x00914000 \SystemRoot\system32\drivers\WMILIB.SYS 0x0091D000 \SystemRoot\system32\drivers\msisadrv.sys 0x00927000 \SystemRoot\system32\drivers\pci.sys 0x00957000 \SystemRoot\System32\drivers\partmgr.sys 0x0096C000 \SystemRoot\system32\DRIVERS\compbatt.sys 0x00970000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0x0097C000 \SystemRoot\system32\drivers\volmgr.sys 0x00990000 \SystemRoot\System32\drivers\volmgrx.sys 0x0076C000 \SystemRoot\System32\drivers\mountmgr.sys 0x00A0E000 \SystemRoot\system32\DRIVERS\iaStor.sys 0x00B1C000 \SystemRoot\system32\drivers\atapi.sys 0x00B24000 \SystemRoot\system32\drivers\ataport.SYS 0x00B48000 \SystemRoot\system32\drivers\fltmgr.sys 0x00B8F000 \SystemRoot\system32\drivers\fileinfo.sys 0x00C0F000 \SystemRoot\System32\Drivers\ksecdd.sys 0x00E05000 \SystemRoot\system32\drivers\ndis.sys 0x00C96000 \SystemRoot\system32\drivers\msrpc.sys 0x00CE6000 \SystemRoot\system32\drivers\NETIO.SYS 0x01003000 \SystemRoot\System32\drivers\tcpip.sys 0x01177000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x01203000 \SystemRoot\System32\Drivers\Ntfs.sys 0x01383000 \SystemRoot\system32\drivers\volsnap.sys 0x013C7000 \SystemRoot\System32\Drivers\spldr.sys 0x013CF000 \SystemRoot\System32\Drivers\mup.sys 0x011A3000 \SystemRoot\System32\drivers\ecache.sys 0x013E1000 \SystemRoot\system32\drivers\disk.sys 0x011CF000 \SystemRoot\system32\drivers\CLASSPNP.SYS 0x013F5000 \SystemRoot\system32\drivers\crcdisk.sys 0x02314000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x02321000 \SystemRoot\system32\DRIVERS\tunmp.sys 0x0240F000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys 0x03086000 \SystemRoot\System32\Drivers\nvBridge.kmd 0x03088000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x0316B000 \SystemRoot\System32\drivers\watchdog.sys 0x0317B000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x03187000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x031CD000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x0320A000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x032F7000 \SystemRoot\system32\DRIVERS\yk60x64.sys 0x0340A000 \SystemRoot\system32\DRIVERS\NETwNv64.sys 0x03C5E000 \SystemRoot\system32\DRIVERS\ohci1394.sys 0x03C70000 \SystemRoot\system32\DRIVERS\1394BUS.SYS 0x03C80000 \SystemRoot\system32\DRIVERS\o2sdx64.sys 0x03C8C000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS 0x03CBA000 \SystemRoot\system32\DRIVERS\o2mdx64.sys 0x03CC8000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0x03CCD000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x03CE3000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x03CF1000 \SystemRoot\system32\DRIVERS\SynTP.sys 0x03D46000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x03D48000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x03D54000 \SystemRoot\SysWOW64\drivers\Afc.sys 0x03D5D000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x03D79000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys 0x03D86000 \SystemRoot\system32\DRIVERS\wmiacpi.sys 0x03D8F000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x03DA2000 \SystemRoot\system32\DRIVERS\vhidmini.sys 0x03DA6000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x03DB8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x03DC0000 \SystemRoot\system32\DRIVERS\msiscsi.sys 0x0335C000 \SystemRoot\system32\DRIVERS\storport.sys 0x033B9000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x033C6000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x033E9000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x0232A000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x031DE000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x0235B000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x02379000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x02391000 \SystemRoot\system32\DRIVERS\termdd.sys 0x03DF9000 \SystemRoot\system32\DRIVERS\swenum.sys 0x023A4000 \SystemRoot\system32\DRIVERS\ks.sys 0x033F5000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x031EE000 \SystemRoot\system32\DRIVERS\umbus.sys 0x00D3F000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x023D8000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x00D87000 \SystemRoot\system32\drivers\CHDRT64.sys 0x00BA3000 \SystemRoot\system32\drivers\portcls.sys 0x00FD6000 \SystemRoot\system32\drivers\drmk.sys 0x03400000 \SystemRoot\system32\drivers\ksthunk.sys 0x0077F000 \SystemRoot\system32\DRIVERS\CAXHWAZL.sys 0x05A07000 \SystemRoot\system32\DRIVERS\CAX_DPV.sys 0x05C0D000 \SystemRoot\system32\DRIVERS\CAX_CNXT.sys 0x05CD8000 \SystemRoot\system32\drivers\modem.sys 0x05CE7000 \SystemRoot\system32\drivers\nvhda64v.sys 0x05D14000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x05D30000 \SystemRoot\System32\Drivers\UVCFTR_S.SYS 0x05D38000 \SystemRoot\System32\Drivers\usbvideo.sys 0x05805000 \SystemRoot\System32\Drivers\aswSnx.SYS 0x058D2000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0x058DC000 \SystemRoot\System32\Drivers\Null.SYS 0x058F0000 \SystemRoot\System32\drivers\vga.sys 0x058FE000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x05923000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x0592C000 \SystemRoot\system32\drivers\rdpencdd.sys 0x05935000 \SystemRoot\System32\Drivers\Msfs.SYS 0x05940000 \SystemRoot\System32\Drivers\Npfs.SYS 0x05951000 \SystemRoot\System32\DRIVERS\rasacd.sys 0x0595A000 \SystemRoot\system32\DRIVERS\tdx.sys 0x05977000 \SystemRoot\System32\Drivers\aswTdi.SYS 0x05989000 \SystemRoot\system32\DRIVERS\smb.sys 0x05D62000 \SystemRoot\system32\drivers\afd.sys 0x059A4000 \SystemRoot\System32\Drivers\aswRdr.SYS 0x059B1000 \SystemRoot\System32\DRIVERS\netbt.sys 0x05DCD000 \SystemRoot\system32\DRIVERS\pacer.sys 0x05DEB000 \SystemRoot\system32\DRIVERS\netbios.sys 0x05B7B000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x059F5000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS 0x058E5000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS 0x05B96000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x05C00000 \SystemRoot\system32\drivers\nsiproxy.sys 0x05BE3000 \SystemRoot\System32\Drivers\dfsc.sys 0x05E00000 \SystemRoot\System32\Drivers\aswSP.SYS 0x05E58000 \SystemRoot\System32\Drivers\crashdmp.sys 0x05E66000 \SystemRoot\System32\Drivers\dump_iaStor.sys 0x00070000 \SystemRoot\System32\win32k.sys 0x05F74000 \SystemRoot\System32\drivers\Dxapi.sys 0x05F80000 \SystemRoot\system32\DRIVERS\monitor.sys 0x004E0000 \SystemRoot\System32\TSDDD.dll 0x00620000 \SystemRoot\System32\cdd.dll 0x05F93000 \SystemRoot\system32\drivers\luafv.sys 0x05FB5000 \??\C:\Windows\system32\drivers\aswMonFlt.sys 0x05FEC000 \SystemRoot\System32\Drivers\aswFsBlk.SYS 0x02200000 \SystemRoot\system32\drivers\WudfPf.sys 0x02221000 \SystemRoot\system32\drivers\spsys.sys 0x022BB000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x022CF000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x05FF5000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x00DCD000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x0A408000 \SystemRoot\system32\drivers\HTTP.sys 0x0A4AB000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x0A4D4000 \SystemRoot\system32\DRIVERS\bowser.sys 0x0A4F2000 \SystemRoot\System32\drivers\mpsdrv.sys 0x0A50C000 \SystemRoot\system32\drivers\mrxdav.sys 0x0A533000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x0A55C000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x0A5A5000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x0A5C4000 \SystemRoot\System32\DRIVERS\srv2.sys 0x0A805000 \SystemRoot\System32\DRIVERS\srv.sys 0x0A898000 \??\C:\Windows\system32\drivers\cpuz135_x64.sys 0x0A8A1000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys 0x0A8A6000 \SystemRoot\system32\drivers\peauth.sys 0x0A95C000 \SystemRoot\System32\Drivers\secdrv.SYS 0x0A967000 \SystemRoot\System32\drivers\tcpipreg.sys 0x0A977000 \SystemRoot\system32\DRIVERS\xaudio64.sys 0x0A97F000 \SystemRoot\system32\DRIVERS\cdfs.sys 0x77780000 \Windows\System32\ntdll.dll Processes (total 84): 0 System Idle Process 4 System 476 C:\Windows\System32\smss.exe 544 csrss.exe 588 C:\Windows\System32\wininit.exe 608 csrss.exe 664 C:\Windows\System32\services.exe 676 C:\Windows\System32\lsass.exe 684 C:\Windows\System32\lsm.exe 704 C:\Windows\System32\winlogon.exe 848 C:\Windows\System32\svchost.exe 904 C:\Windows\System32\nvvsvc.exe 936 C:\Windows\System32\svchost.exe 300 C:\Windows\System32\svchost.exe 400 C:\Windows\System32\svchost.exe 488 C:\Windows\System32\svchost.exe 280 C:\Windows\System32\audiodg.exe 520 C:\Windows\System32\svchost.exe 1032 C:\Windows\System32\SLsvc.exe 1164 C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe 1176 C:\Windows\System32\nvvsvc.exe 1192 C:\Windows\System32\svchost.exe 1352 C:\Windows\System32\svchost.exe 1460 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe 1596 C:\Windows\System32\spoolsv.exe 1620 C:\Windows\System32\svchost.exe 2008 C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE 916 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 2128 C:\Windows\System32\dwm.exe 2212 C:\Windows\System32\taskeng.exe 2232 C:\Windows\explorer.exe 2264 C:\Windows\System32\taskeng.exe 2496 HP1006MC.EXE 2704 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe 2716 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 2728 C:\Program Files (x86)\Steam\steam.exe 2736 C:\Windows\ehome\ehtray.exe 2756 C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE 2764 C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe 2792 C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE 2816 C:\Program Files\Bonjour\mDNSResponder.exe 2848 C:\Windows\SysWOW64\svchost.exe 2872 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe 2972 C:\Program Files (x86)\Razer\Salmosa\razerhid.exe 3028 C:\Program Files\Common Files\Motive\McciCMService.exe 3064 C:\Program Files\Alwil Software\Avast5\AvastUI.exe 2152 C:\Program Files (x86)\n52te\n52teHid.exe 760 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe 236 C:\Program Files (x86)\iTunes\iTunesHelper.exe 2200 C:\Windows\System32\svchost.exe 2280 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe 2828 C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe 2080 C:\Program Files (x86)\Razer\Salmosa\razerofa.exe 1668 C:\Windows\System32\svchost.exe 2256 C:\Windows\System32\svchost.exe 548 C:\Program Files (x86)\Hawking\Common\RaRegistry.exe 1100 C:\Program Files (x86)\Hawking\Common\RaRegistry64.exe 1664 C:\Program Files\NVIDIA Corporation\Display\nvtray.exe 3168 C:\Windows\System32\svchost.exe 3212 C:\Windows\System32\svchost.exe 3264 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 3392 C:\Windows\System32\SearchIndexer.exe 3420 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE 3456 C:\Windows\ehome\ehmsas.exe 3540 C:\Windows\System32\drivers\XAudio64.exe 3744 C:\Windows\System32\svchost.exe 3872 WmiPrvSE.exe 2672 C:\Windows\System32\wbem\unsecapp.exe 3608 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe 3868 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe 3140 C:\Program Files (x86)\Mozilla Firefox\firefox.exe 2148 C:\Windows\System32\SearchProtocolHost.exe 2868 C:\Windows\System32\svchost.exe 2024 C:\Program Files\iPod\bin\iPodService.exe 4176 C:\Program Files (x86)\Common Files\Steam\SteamService.exe 4476 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe 4520 C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe 4536 C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe 3796 C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe 3036 WmiPrvSE.exe 1012 C:\Windows\System32\SearchFilterHost.exe 3360 dllhost.exe 2288 dllhost.exe 1844 C:\Users\Brad\Desktop\MBRCheck.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`71100000 (NTFS) PhysicalDrive0 Model Number: WDCWD3200BEKT-22F3T0, Rev: 11.01A11 Size Device Name MBR Status -------------------------------------------- 298 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979 Done! -
Having several issues, not sure what is happening
Bartley replied to Bartley's topic in Resolved Malware Removal Logs
ok, made the recovery disc from the partition. So I think I am ready to do this. How dangerous is this, is there much of a chance I wont be able to boot back into windows? Do I need to back everything up before trying this? -
Having several issues, not sure what is happening
Bartley replied to Bartley's topic in Resolved Malware Removal Logs
No, I think its on the partition. -
Having several issues, not sure what is happening
Bartley replied to Bartley's topic in Resolved Malware Removal Logs
Ok, this make take some time to locate one. I did find online the original mbr in zipped format for this laptop, the Gateway p7805. Can I use that in some manner? -
Having several issues, not sure what is happening
Bartley replied to Bartley's topic in Resolved Malware Removal Logs
My computer came without a Vista dvd, do I need to find someone that has a vista 64bit dvd to perform this task? -
Having several issues, not sure what is happening
Bartley replied to Bartley's topic in Resolved Malware Removal Logs
ok, got it done. MBRCheck, version 1.2.3 © 2010, AD Command-line: Windows Version: Windows Vista Home Premium Edition Windows Information: Service Pack 2 (build 6002), 64-bit Base Board Manufacturer: Gateway BIOS Manufacturer: Phoenix Technologies LTD System Manufacturer: Gateway System Product Name: P-7805u Logical Drives Mask: 0x0000000c Kernel Drivers (total 158): 0x02C64000 \SystemRoot\system32\ntoskrnl.exe 0x02C1E000 \SystemRoot\system32\hal.dll 0x00608000 \SystemRoot\system32\kdcom.dll 0x00612000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x0064D000 \SystemRoot\system32\PSHED.dll 0x00661000 \SystemRoot\system32\CLFS.SYS 0x006BE000 \SystemRoot\system32\CI.dll 0x0080F000 \SystemRoot\system32\drivers\Wdf01000.sys 0x008B3000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x008C2000 \SystemRoot\system32\drivers\acpi.sys 0x00918000 \SystemRoot\system32\drivers\WMILIB.SYS 0x00921000 \SystemRoot\system32\drivers\msisadrv.sys 0x0092B000 \SystemRoot\system32\drivers\pci.sys 0x0095B000 \SystemRoot\System32\drivers\partmgr.sys 0x00970000 \SystemRoot\system32\DRIVERS\compbatt.sys 0x00974000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0x00980000 \SystemRoot\system32\drivers\volmgr.sys 0x00994000 \SystemRoot\System32\drivers\volmgrx.sys 0x00770000 \SystemRoot\System32\drivers\mountmgr.sys 0x00A04000 \SystemRoot\system32\DRIVERS\iaStor.sys 0x00B12000 \SystemRoot\system32\drivers\atapi.sys 0x00B1A000 \SystemRoot\system32\drivers\ataport.SYS 0x00B3E000 \SystemRoot\system32\drivers\fltmgr.sys 0x00B85000 \SystemRoot\system32\drivers\fileinfo.sys 0x00C0C000 \SystemRoot\System32\Drivers\ksecdd.sys 0x00E0D000 \SystemRoot\system32\drivers\ndis.sys 0x00C93000 \SystemRoot\system32\drivers\msrpc.sys 0x00CE3000 \SystemRoot\system32\drivers\NETIO.SYS 0x0100F000 \SystemRoot\System32\drivers\tcpip.sys 0x01183000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x0120D000 \SystemRoot\System32\Drivers\Ntfs.sys 0x0138D000 \SystemRoot\system32\drivers\volsnap.sys 0x013D1000 \SystemRoot\System32\Drivers\spldr.sys 0x013D9000 \SystemRoot\System32\Drivers\mup.sys 0x011AF000 \SystemRoot\System32\drivers\ecache.sys 0x013EB000 \SystemRoot\system32\drivers\disk.sys 0x00FD0000 \SystemRoot\system32\drivers\CLASSPNP.SYS 0x01200000 \SystemRoot\system32\drivers\crcdisk.sys 0x0231C000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x02329000 \SystemRoot\system32\DRIVERS\tunmp.sys 0x02405000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys 0x0307C000 \SystemRoot\System32\Drivers\nvBridge.kmd 0x0307E000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x03161000 \SystemRoot\System32\drivers\watchdog.sys 0x03171000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x0317D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x031C3000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x03207000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x032F4000 \SystemRoot\system32\DRIVERS\yk60x64.sys 0x03407000 \SystemRoot\system32\DRIVERS\NETwNv64.sys 0x03C5B000 \SystemRoot\system32\DRIVERS\ohci1394.sys 0x03C6D000 \SystemRoot\system32\DRIVERS\1394BUS.SYS 0x03C7D000 \SystemRoot\system32\DRIVERS\o2sdx64.sys 0x03C89000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS 0x03CB7000 \SystemRoot\system32\DRIVERS\o2mdx64.sys 0x03CC5000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0x03CCA000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x03CE0000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x03CEE000 \SystemRoot\system32\DRIVERS\SynTP.sys 0x03D43000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x03D45000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x03D51000 \SystemRoot\SysWOW64\drivers\Afc.sys 0x03D5A000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x03D76000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys 0x03D83000 \SystemRoot\system32\DRIVERS\wmiacpi.sys 0x03D8C000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x03D9F000 \SystemRoot\system32\DRIVERS\vhidmini.sys 0x03DA3000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x03DB5000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x03DBD000 \SystemRoot\system32\DRIVERS\msiscsi.sys 0x03359000 \SystemRoot\system32\DRIVERS\storport.sys 0x033B6000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x033C3000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x033E6000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x02332000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x031D4000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x02363000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x031E4000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x02381000 \SystemRoot\system32\DRIVERS\termdd.sys 0x03DF6000 \SystemRoot\system32\DRIVERS\swenum.sys 0x02394000 \SystemRoot\system32\DRIVERS\ks.sys 0x033F2000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x023C8000 \SystemRoot\system32\DRIVERS\umbus.sys 0x00D3C000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x023D8000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x00D84000 \SystemRoot\system32\drivers\CHDRT64.sys 0x00B99000 \SystemRoot\system32\drivers\portcls.sys 0x00DCA000 \SystemRoot\system32\drivers\drmk.sys 0x03DF8000 \SystemRoot\system32\drivers\ksthunk.sys 0x00783000 \SystemRoot\system32\DRIVERS\CAXHWAZL.sys 0x05A07000 \SystemRoot\system32\DRIVERS\CAX_DPV.sys 0x05C0B000 \SystemRoot\system32\DRIVERS\CAX_CNXT.sys 0x05CD6000 \SystemRoot\system32\drivers\modem.sys 0x05CE5000 \SystemRoot\system32\drivers\nvhda64v.sys 0x05D12000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x05D2E000 \SystemRoot\System32\Drivers\UVCFTR_S.SYS 0x05D36000 \SystemRoot\System32\Drivers\usbvideo.sys 0x05805000 \SystemRoot\System32\Drivers\aswSnx.SYS 0x058D2000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0x058DC000 \SystemRoot\System32\Drivers\Null.SYS 0x058F0000 \SystemRoot\System32\drivers\vga.sys 0x058FE000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x05923000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x0592C000 \SystemRoot\system32\drivers\rdpencdd.sys 0x05935000 \SystemRoot\System32\Drivers\Msfs.SYS 0x05940000 \SystemRoot\System32\Drivers\Npfs.SYS 0x05951000 \SystemRoot\System32\DRIVERS\rasacd.sys 0x0595A000 \SystemRoot\system32\DRIVERS\tdx.sys 0x05977000 \SystemRoot\System32\Drivers\aswTdi.SYS 0x05989000 \SystemRoot\system32\DRIVERS\smb.sys 0x05D60000 \SystemRoot\system32\drivers\afd.sys 0x059A4000 \SystemRoot\System32\Drivers\aswRdr.SYS 0x059B1000 \SystemRoot\System32\DRIVERS\netbt.sys 0x05DCB000 \SystemRoot\system32\DRIVERS\pacer.sys 0x05DE9000 \SystemRoot\system32\DRIVERS\netbios.sys 0x05B7B000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x059F5000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS 0x058E5000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS 0x05B96000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x05BE3000 \SystemRoot\system32\drivers\nsiproxy.sys 0x00BD4000 \SystemRoot\System32\Drivers\dfsc.sys 0x05E06000 \SystemRoot\System32\Drivers\aswSP.SYS 0x05E5E000 \SystemRoot\System32\Drivers\crashdmp.sys 0x05E6C000 \SystemRoot\System32\Drivers\dump_iaStor.sys 0x00090000 \SystemRoot\System32\win32k.sys 0x05F7A000 \SystemRoot\System32\drivers\Dxapi.sys 0x004F0000 \SystemRoot\System32\TSDDD.dll 0x006C0000 \SystemRoot\System32\cdd.dll 0x05F99000 \SystemRoot\system32\drivers\luafv.sys 0x05FBB000 \??\C:\Windows\system32\drivers\aswMonFlt.sys 0x05FF2000 \SystemRoot\System32\Drivers\aswFsBlk.SYS 0x02200000 \SystemRoot\system32\drivers\WudfPf.sys 0x02221000 \SystemRoot\system32\drivers\spsys.sys 0x022BB000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x022CF000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x05C00000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x02303000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x0A60B000 \SystemRoot\system32\drivers\HTTP.sys 0x0A6AE000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x0A6D7000 \SystemRoot\system32\DRIVERS\bowser.sys 0x0A6F5000 \SystemRoot\System32\drivers\mpsdrv.sys 0x0A70F000 \SystemRoot\system32\drivers\mrxdav.sys 0x0A736000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x0A75F000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x0A7A8000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x0A7C7000 \SystemRoot\System32\DRIVERS\srv2.sys 0x0A80D000 \SystemRoot\System32\DRIVERS\srv.sys 0x0A8C2000 \SystemRoot\system32\drivers\salmosa.sys 0x0A8C5000 \??\C:\Windows\system32\drivers\cpuz135_x64.sys 0x0A8D9000 \??\C:\Windows\SysWOW64\drivers\int15_64.sys 0x0A8F1000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys 0x0A8F6000 \SystemRoot\system32\drivers\peauth.sys 0x0A9AC000 \SystemRoot\System32\Drivers\secdrv.SYS 0x0A9B7000 \SystemRoot\System32\drivers\tcpipreg.sys 0x0A9C7000 \SystemRoot\system32\DRIVERS\xaudio64.sys 0x0A9CF000 \SystemRoot\system32\DRIVERS\cdfs.sys 0x0A8A0000 \SystemRoot\system32\DRIVERS\monitor.sys 0x77CD0000 \Windows\System32\ntdll.dll Processes (total 83): 0 System Idle Process 4 System 496 C:\Windows\System32\smss.exe 628 csrss.exe 672 C:\Windows\System32\wininit.exe 692 csrss.exe 728 C:\Windows\System32\services.exe 744 C:\Windows\System32\lsass.exe 752 C:\Windows\System32\lsm.exe 900 C:\Windows\System32\svchost.exe 928 C:\Windows\System32\winlogon.exe 996 C:\Windows\System32\nvvsvc.exe 232 C:\Windows\System32\svchost.exe 632 C:\Windows\System32\svchost.exe 892 C:\Windows\System32\svchost.exe 1008 C:\Windows\System32\svchost.exe 1096 C:\Windows\System32\audiodg.exe 1120 C:\Windows\System32\svchost.exe 1136 C:\Windows\System32\SLsvc.exe 1164 C:\Windows\System32\svchost.exe 1264 C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe 1276 C:\Windows\System32\nvvsvc.exe 1392 C:\Windows\System32\svchost.exe 1544 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe 1680 C:\Windows\System32\spoolsv.exe 1704 C:\Windows\System32\svchost.exe 1388 C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE 2200 C:\Windows\System32\dwm.exe 2232 C:\Windows\System32\taskeng.exe 2276 C:\Windows\explorer.exe 2312 C:\Windows\System32\taskeng.exe 2768 C:\Program Files\Bonjour\mDNSResponder.exe 2016 C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe 1376 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe 2144 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 1252 C:\Program Files (x86)\Steam\steam.exe 1728 C:\Windows\ehome\ehtray.exe 1056 C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe 1500 C:\Windows\SysWOW64\svchost.exe 1220 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe 2652 C:\Program Files\Common Files\Motive\McciCMService.exe 1284 C:\Program Files (x86)\Razer\Salmosa\razerhid.exe 1552 C:\Program Files\Alwil Software\Avast5\AvastUI.exe 2600 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe 2344 C:\Program Files (x86)\n52te\n52teHid.exe 1060 C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe 3084 C:\Program Files (x86)\iTunes\iTunesHelper.exe 3108 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe 3132 C:\Windows\System32\svchost.exe 3284 C:\Program Files (x86)\Hawking\Common\RaRegistry.exe 3408 C:\Program Files (x86)\Hawking\Common\RaRegistry64.exe 3460 C:\Program Files (x86)\Razer\Salmosa\razerofa.exe 3560 C:\Windows\System32\svchost.exe 3632 C:\Windows\System32\svchost.exe 3716 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 3844 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE 3856 C:\Windows\System32\SearchIndexer.exe 3968 C:\Windows\System32\drivers\XAudio64.exe 2192 C:\Windows\System32\svchost.exe 3304 C:\Program Files\iPod\bin\iPodService.exe 1568 WmiPrvSE.exe 3484 C:\Windows\System32\svchost.exe 1116 C:\Windows\ehome\ehmsas.exe 4444 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe 4456 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe 4084 C:\Program Files (x86)\Common Files\Steam\SteamService.exe 4436 C:\Windows\System32\wbem\unsecapp.exe 2880 C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe 3116 C:\Windows\System32\taskeng.exe 3544 C:\Program Files\Windows Media Player\wmpnscfg.exe 5900 C:\Program Files\Windows Media Player\wmpnetwk.exe 4116 C:\Program Files (x86)\Skype\Phone\Skype.exe 5724 taskeng.exe 4652 HP1006MC.EXE 5672 C:\Windows\System32\SearchProtocolHost.exe 6404 C:\Windows\System32\SearchFilterHost.exe 6304 C:\Program Files (x86)\Mozilla Firefox\firefox.exe 6380 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe 4656 C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe 6540 C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe 1788 dllhost.exe 6228 dllhost.exe 5308 C:\Users\Brad\Desktop\MBRCheck.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`71100000 (NTFS) PhysicalDrive0 Model Number: WDCWD3200BEKT-22F3T0, Rev: 11.01A11 Size Device Name MBR Status -------------------------------------------- 298 GB \\.\PhysicalDrive0 Unknown MBR code SHA1: F85B7CD526802923C3EA061081FBF03E1B7455C7 Found non-standard or infected MBR. Enter 'Y' and hit ENTER for more options, or 'N' to exit: Options: [1] Dump the MBR of a physical disk to file. [2] Restore the MBR of a physical disk with a standard boot code. [3] Exit. Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes: [ 0] Default (Windows Vista) [ 1] Windows XP [ 2] Windows Server 2003 [ 3] Windows Vista [ 4] Windows 2008 [ 5] Windows 7 [-1] Cancel Please select the MBR code to write to this drive: 3 Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: YES Successfully wrote new MBR code! Please reboot your computer to complete the fix. Done! -
Having several issues, not sure what is happening
Bartley replied to Bartley's topic in Resolved Malware Removal Logs
sorry but I confused, whene it says " Enter the physical disk number to fix (0-99, -1 to cancel):" I am to type the word "choice". Same question when it says "Available MBR codes: [ 0] Default (Windows XP) [ 1] Windows XP [ 2] Windows Server 2003 [ 3] Windows Vista [ 4] Windows 2008 [ 5] Windows 7 [-1] Cancel Please select the MBR code to write to this drive:" I type the word "choice" again? -
Having several issues, not sure what is happening
Bartley replied to Bartley's topic in Resolved Malware Removal Logs
here they are Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.23.02 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 Brad :: BRAD-PC [administrator] 6/22/2012 10:56:33 PM mbam-log-2012-06-22 (22-56-33).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 231668 Time elapsed: 6 minute(s), 19 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) MBRCheck, version 1.2.3 © 2010, AD Command-line: Windows Version: Windows Vista Home Premium Edition Windows Information: Service Pack 2 (build 6002), 64-bit Base Board Manufacturer: Gateway BIOS Manufacturer: Phoenix Technologies LTD System Manufacturer: Gateway System Product Name: P-7805u Logical Drives Mask: 0x0000000c Kernel Drivers (total 161): 0x02C64000 \SystemRoot\system32\ntoskrnl.exe 0x02C1E000 \SystemRoot\system32\hal.dll 0x00608000 \SystemRoot\system32\kdcom.dll 0x00612000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x0064D000 \SystemRoot\system32\PSHED.dll 0x00661000 \SystemRoot\system32\CLFS.SYS 0x006BE000 \SystemRoot\system32\CI.dll 0x0080F000 \SystemRoot\system32\drivers\Wdf01000.sys 0x008B3000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x008C2000 \SystemRoot\system32\drivers\acpi.sys 0x00918000 \SystemRoot\system32\drivers\WMILIB.SYS 0x00921000 \SystemRoot\system32\drivers\msisadrv.sys 0x0092B000 \SystemRoot\system32\drivers\pci.sys 0x0095B000 \SystemRoot\System32\drivers\partmgr.sys 0x00970000 \SystemRoot\system32\DRIVERS\compbatt.sys 0x00974000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0x00980000 \SystemRoot\system32\drivers\volmgr.sys 0x00994000 \SystemRoot\System32\drivers\volmgrx.sys 0x00770000 \SystemRoot\System32\drivers\mountmgr.sys 0x00A04000 \SystemRoot\system32\DRIVERS\iaStor.sys 0x00B12000 \SystemRoot\system32\drivers\atapi.sys 0x00B1A000 \SystemRoot\system32\drivers\ataport.SYS 0x00B3E000 \SystemRoot\system32\drivers\fltmgr.sys 0x00B85000 \SystemRoot\system32\drivers\fileinfo.sys 0x00C0C000 \SystemRoot\System32\Drivers\ksecdd.sys 0x00E0D000 \SystemRoot\system32\drivers\ndis.sys 0x00C93000 \SystemRoot\system32\drivers\msrpc.sys 0x00CE3000 \SystemRoot\system32\drivers\NETIO.SYS 0x0100F000 \SystemRoot\System32\drivers\tcpip.sys 0x01183000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x0120D000 \SystemRoot\System32\Drivers\Ntfs.sys 0x0138D000 \SystemRoot\system32\drivers\volsnap.sys 0x013D1000 \SystemRoot\System32\Drivers\spldr.sys 0x013D9000 \SystemRoot\System32\Drivers\mup.sys 0x011AF000 \SystemRoot\System32\drivers\ecache.sys 0x013EB000 \SystemRoot\system32\drivers\disk.sys 0x00FD0000 \SystemRoot\system32\drivers\CLASSPNP.SYS 0x01200000 \SystemRoot\system32\drivers\crcdisk.sys 0x0231C000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x02329000 \SystemRoot\system32\DRIVERS\tunmp.sys 0x02405000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys 0x0307C000 \SystemRoot\System32\Drivers\nvBridge.kmd 0x0307E000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x03161000 \SystemRoot\System32\drivers\watchdog.sys 0x03171000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x0317D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x031C3000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x03207000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x032F4000 \SystemRoot\system32\DRIVERS\yk60x64.sys 0x03407000 \SystemRoot\system32\DRIVERS\NETwNv64.sys 0x03C5B000 \SystemRoot\system32\DRIVERS\ohci1394.sys 0x03C6D000 \SystemRoot\system32\DRIVERS\1394BUS.SYS 0x03C7D000 \SystemRoot\system32\DRIVERS\o2sdx64.sys 0x03C89000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS 0x03CB7000 \SystemRoot\system32\DRIVERS\o2mdx64.sys 0x03CC5000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0x03CCA000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x03CE0000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x03CEE000 \SystemRoot\system32\DRIVERS\SynTP.sys 0x03D43000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x03D45000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x03D51000 \SystemRoot\SysWOW64\drivers\Afc.sys 0x03D5A000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x03D76000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys 0x03D83000 \SystemRoot\system32\DRIVERS\wmiacpi.sys 0x03D8C000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x03D9F000 \SystemRoot\system32\DRIVERS\vhidmini.sys 0x03DA3000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x03DB5000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x03DBD000 \SystemRoot\system32\DRIVERS\msiscsi.sys 0x03359000 \SystemRoot\system32\DRIVERS\storport.sys 0x033B6000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x033C3000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x033E6000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x02332000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x031D4000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x02363000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x031E4000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x02381000 \SystemRoot\system32\DRIVERS\termdd.sys 0x03DF6000 \SystemRoot\system32\DRIVERS\swenum.sys 0x02394000 \SystemRoot\system32\DRIVERS\ks.sys 0x033F2000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x023C8000 \SystemRoot\system32\DRIVERS\umbus.sys 0x00D3C000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x023D8000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x00D84000 \SystemRoot\system32\drivers\CHDRT64.sys 0x00B99000 \SystemRoot\system32\drivers\portcls.sys 0x00DCA000 \SystemRoot\system32\drivers\drmk.sys 0x03DF8000 \SystemRoot\system32\drivers\ksthunk.sys 0x00783000 \SystemRoot\system32\DRIVERS\CAXHWAZL.sys 0x05A07000 \SystemRoot\system32\DRIVERS\CAX_DPV.sys 0x05C0B000 \SystemRoot\system32\DRIVERS\CAX_CNXT.sys 0x05CD6000 \SystemRoot\system32\drivers\modem.sys 0x05CE5000 \SystemRoot\system32\drivers\nvhda64v.sys 0x05D12000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x05D2E000 \SystemRoot\System32\Drivers\UVCFTR_S.SYS 0x05D36000 \SystemRoot\System32\Drivers\usbvideo.sys 0x05805000 \SystemRoot\System32\Drivers\aswSnx.SYS 0x058D2000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0x058DC000 \SystemRoot\System32\Drivers\Null.SYS 0x058F0000 \SystemRoot\System32\drivers\vga.sys 0x058FE000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x05923000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x0592C000 \SystemRoot\system32\drivers\rdpencdd.sys 0x05935000 \SystemRoot\System32\Drivers\Msfs.SYS 0x05940000 \SystemRoot\System32\Drivers\Npfs.SYS 0x05951000 \SystemRoot\System32\DRIVERS\rasacd.sys 0x0595A000 \SystemRoot\system32\DRIVERS\tdx.sys 0x05977000 \SystemRoot\System32\Drivers\aswTdi.SYS 0x05989000 \SystemRoot\system32\DRIVERS\smb.sys 0x05D60000 \SystemRoot\system32\drivers\afd.sys 0x059A4000 \SystemRoot\System32\Drivers\aswRdr.SYS 0x059B1000 \SystemRoot\System32\DRIVERS\netbt.sys 0x05DCB000 \SystemRoot\system32\DRIVERS\pacer.sys 0x05DE9000 \SystemRoot\system32\DRIVERS\netbios.sys 0x05B7B000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x059F5000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS 0x058E5000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS 0x05B96000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x05BE3000 \SystemRoot\system32\drivers\nsiproxy.sys 0x00BD4000 \SystemRoot\System32\Drivers\dfsc.sys 0x05E06000 \SystemRoot\System32\Drivers\aswSP.SYS 0x05E5E000 \SystemRoot\System32\Drivers\crashdmp.sys 0x05E6C000 \SystemRoot\System32\Drivers\dump_iaStor.sys 0x00090000 \SystemRoot\System32\win32k.sys 0x05F7A000 \SystemRoot\System32\drivers\Dxapi.sys 0x05F86000 \SystemRoot\system32\DRIVERS\monitor.sys 0x004F0000 \SystemRoot\System32\TSDDD.dll 0x006C0000 \SystemRoot\System32\cdd.dll 0x05F99000 \SystemRoot\system32\drivers\luafv.sys 0x05FBB000 \??\C:\Windows\system32\drivers\aswMonFlt.sys 0x05FF2000 \SystemRoot\System32\Drivers\aswFsBlk.SYS 0x02200000 \SystemRoot\system32\drivers\WudfPf.sys 0x02221000 \SystemRoot\system32\drivers\spsys.sys 0x022BB000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x022CF000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x05C00000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x02303000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x0A60B000 \SystemRoot\system32\drivers\HTTP.sys 0x0A6AE000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x0A6D7000 \SystemRoot\system32\DRIVERS\bowser.sys 0x0A6F5000 \SystemRoot\System32\drivers\mpsdrv.sys 0x0A70F000 \SystemRoot\system32\drivers\mrxdav.sys 0x0A736000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x0A75F000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x0A7A8000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x0A7C7000 \SystemRoot\System32\DRIVERS\srv2.sys 0x0A80D000 \SystemRoot\System32\DRIVERS\srv.sys 0x0A8A0000 \SystemRoot\system32\drivers\usbaudio.sys 0x0A8B9000 \SystemRoot\system32\DRIVERS\hidusb.sys 0x0A8C2000 \SystemRoot\system32\drivers\salmosa.sys 0x0A8C5000 \??\C:\Windows\system32\drivers\cpuz135_x64.sys 0x0A8CE000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x0A8D9000 \??\C:\Windows\SysWOW64\drivers\int15_64.sys 0x0A8F1000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys 0x0A8F6000 \SystemRoot\system32\drivers\peauth.sys 0x0A9AC000 \SystemRoot\System32\Drivers\secdrv.SYS 0x0A9B7000 \SystemRoot\System32\drivers\tcpipreg.sys 0x0A9C7000 \SystemRoot\system32\DRIVERS\xaudio64.sys 0x0A9CF000 \SystemRoot\system32\DRIVERS\cdfs.sys 0x77CD0000 \Windows\System32\ntdll.dll Processes (total 85): 0 System Idle Process 4 System 496 C:\Windows\System32\smss.exe 628 csrss.exe 672 C:\Windows\System32\wininit.exe 692 csrss.exe 728 C:\Windows\System32\services.exe 744 C:\Windows\System32\lsass.exe 752 C:\Windows\System32\lsm.exe 900 C:\Windows\System32\svchost.exe 928 C:\Windows\System32\winlogon.exe 996 C:\Windows\System32\nvvsvc.exe 232 C:\Windows\System32\svchost.exe 632 C:\Windows\System32\svchost.exe 892 C:\Windows\System32\svchost.exe 1008 C:\Windows\System32\svchost.exe 1096 C:\Windows\System32\audiodg.exe 1120 C:\Windows\System32\svchost.exe 1136 C:\Windows\System32\SLsvc.exe 1164 C:\Windows\System32\svchost.exe 1264 C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe 1276 C:\Windows\System32\nvvsvc.exe 1392 C:\Windows\System32\svchost.exe 1544 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe 1680 C:\Windows\System32\spoolsv.exe 1704 C:\Windows\System32\svchost.exe 1388 C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE 2200 C:\Windows\System32\dwm.exe 2232 C:\Windows\System32\taskeng.exe 2276 C:\Windows\explorer.exe 2312 C:\Windows\System32\taskeng.exe 2620 C:\Program Files\NVIDIA Corporation\Display\nvtray.exe 2768 C:\Program Files\Bonjour\mDNSResponder.exe 2016 C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe 1376 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe 2144 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 1252 C:\Program Files (x86)\Steam\steam.exe 1728 C:\Windows\ehome\ehtray.exe 1400 C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE 1412 HP1006MC.EXE 1056 C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe 1500 C:\Windows\SysWOW64\svchost.exe 1220 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe 2652 C:\Program Files\Common Files\Motive\McciCMService.exe 1284 C:\Program Files (x86)\Razer\Salmosa\razerhid.exe 1552 C:\Program Files\Alwil Software\Avast5\AvastUI.exe 2600 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe 2344 C:\Program Files (x86)\n52te\n52teHid.exe 2112 C:\Windows\System32\svchost.exe 1060 C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe 3084 C:\Program Files (x86)\iTunes\iTunesHelper.exe 3108 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe 3120 C:\Windows\System32\svchost.exe 3132 C:\Windows\System32\svchost.exe 3284 C:\Program Files (x86)\Hawking\Common\RaRegistry.exe 3348 C:\Program Files (x86)\Razer\Salmosa\razertra.exe 3408 C:\Program Files (x86)\Hawking\Common\RaRegistry64.exe 3460 C:\Program Files (x86)\Razer\Salmosa\razerofa.exe 3560 C:\Windows\System32\svchost.exe 3632 C:\Windows\System32\svchost.exe 3716 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 3844 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE 3856 C:\Windows\System32\SearchIndexer.exe 3968 C:\Windows\System32\drivers\XAudio64.exe 2192 C:\Windows\System32\svchost.exe 3304 C:\Program Files\iPod\bin\iPodService.exe 1568 WmiPrvSE.exe 3484 C:\Windows\System32\svchost.exe 1116 C:\Windows\ehome\ehmsas.exe 4444 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe 4456 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe 4084 C:\Program Files (x86)\Common Files\Steam\SteamService.exe 4436 C:\Windows\System32\wbem\unsecapp.exe 2880 C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe 4344 C:\Windows\System32\SearchProtocolHost.exe 4168 C:\Windows\notepad.exe 1508 taskeng.exe 4300 C:\Windows\System32\SearchFilterHost.exe 5020 C:\Program Files (x86)\Mozilla Firefox\firefox.exe 2812 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe 4800 C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe 4892 C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe 524 dllhost.exe 3744 dllhost.exe 564 C:\Users\Brad\Desktop\MBRCheck.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`71100000 (NTFS) PhysicalDrive0 Model Number: WDCWD3200BEKT-22F3T0, Rev: 11.01A11 Size Device Name MBR Status -------------------------------------------- 298 GB \\.\PhysicalDrive0 Unknown MBR code SHA1: F85B7CD526802923C3EA061081FBF03E1B7455C7 Found non-standard or infected MBR. Enter 'Y' and hit ENTER for more options, or 'N' to exit: Done! -
Having several issues, not sure what is happening
Bartley replied to Bartley's topic in Resolved Malware Removal Logs
ok, here ya go. I had trouble and kept getting blue screen when running aswmbr.exe. I disabled my avast and turned off the wireless card and it worked. I hope that was ok to do. Thanks for your help aswMBR.txt DDS02.txt -
Having several issues, not sure what is happening
Bartley replied to Bartley's topic in Resolved Malware Removal Logs
Yes, please. -
Hello, Please see my logs attached, I'm not sure I'm infected, Malwarebytes reports nothing, but all of sudden started having several issues all at once. First I started having very sporadic wireless issues. Great signal, very slow speed. Often dropping from 270+mbps to 35mbps, even to the point of being disconnected. I have updated drivers and done all the normal stuff. But the problem happens no matter where I am at (I went to various location, with different isp, same issues). The problem is random and may start as soon as I connect, or may run for an hour without issues before it starts. Connecting by cat5 solves the problem, I would think it is my wifi card but disabling the built in card and using a usb wifi produces the same issues. At about the same time I started having slow boot up, after logging on my windows account it takes a long time for windows to load. Sometimes it will not finish loading windows and I am forced to shut it down manually. This is very unusual for this computer. The slow loading is random and does not always happen. It will often load to a blank desktop with only the taskbar, then 2 minutes later the desktop will load. Often I have temporary slowdown and freezes that last 10 to 15 seconds once it is up and running. A couple of times on shut down, it does not shut down but reboots. This occurs several times and then for no apparent reason it does finally shut down. I realize that this may not be a virus or Mal ware issues, but I am at a loss for what is going on. These issues may not even be related, but I have no answers. I'll take any ideas. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:28:18 AM, on 6/16/2012 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16446) Boot mode: Normal Running processes: C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files (x86)\Steam\steam.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe C:\Program Files (x86)\Razer\Salmosa\razerhid.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Program Files (x86)\n52te\n52teHid.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Razer\Salmosa\razertra.exe C:\Program Files (x86)\Razer\Salmosa\razerofa.exe C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Users\Brad\Desktop\fixs\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gate...&m=p-7805u&c=BB R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gate...&m=p-7805u&c=BB R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gate...&m=p-7805u&c=BB R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\google\googletoolbar1.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\3.1.415.1646\swg.dll O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\google\googletoolbar1.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll" (file missing) O4 - HKLM\..\Run: [salmosa] "C:\Program Files (x86)\Razer\Salmosa\razerhid.exe" O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui O4 - HKLM\..\Run: [Jomantha] "C:\Program Files (x86)\n52te\n52teHid.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [Google Update] "C:\Users\Brad\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-2646544230-175470749-843411820-1001\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'UpdatusUser') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: *.juno.com O15 - Trusted Zone: *.netzero.com O15 - Trusted Zone: *.netzero.net O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadbl...ivex/sabspx.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing) O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: McciCMService64 - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files (x86)\Hawking\Common\RaRegistry.exe O23 - Service: Ralink Registry Writer 64 (RalinkRegistryWriter64) - Ralink Technology, Corp. - C:\Program Files (x86)\Hawking\Common\RaRegistry64.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing) Thanks for your time DDS.txt Attach.txt