Jump to content

Cronyx

Members
 View Profile  See their activity

  • Posts

    1

  • Joined

  • Last visited

Reputation

0 Neutral
  1. Cronyx
    Post Merged We look for post with 0 replies, so when you reply to your own topic, we assume you're being helped. Please be patient, someone will assist you as soon as possible. Fixing this computer for someone else. It was an absolute mess, been working on it for hours. Had a rootkit but that's gone, and some other stuff, also gone. To save time, here's what I've already run through: Combofix TDSSkiller Tweaking.com AIO Hitman Emsisoft Emergency Kit MBAM MSSE Super ESET Now for manual things I've done, I did the 0xA0 to 0X80 trick in nettcpip.inf to invalidate the driver signing on the IPv4 protocol in the TCP/IP stack and let me uninstall/reinstall it. Deleted the following reg keys before reinstalling: HKLM/system/CurrentControlSet/services/tcpip HKLM/system/CurrentControlSet/services/dhcp HKLM/system/CurrentControlSet/services/dnscache HKLM/system/CurrentControlSet/services/ipsec HKLM/system/CurrentControlSet/services/policyagent HKLM/system/CurrentControlSet/services/atmarpc HKLM/system/CurrentControlSet/services/nla HKLM/system/CurrentControlSet/services/winsock HKLM/system/CurrentControlSet/services/winsock2 That got me a little closer, but was still having problems. Wasn't able to get an IP address with DHCP leasing from the router, had to manually assign one, with gateway, subnet, DNS, etc. But I could browse if I did that. Wasn't fixed *right* though so I kept going. Did an sfc /verifyonly, took the log file and ran it through a "findstr" looking for the "[sR]" string and dumped that to an other file to make it more manageable. Found some files it was hanging on, replaced afd.sys, netbt.sys, and tcpip.sys. RPC service wasn't available. Turns out DHCP wasn't turning on, threw a file not found error with net start dhcp. Tracked that down, and DNScache, using FSS (Fubar Service Scanner) to missing reg keys. Copied them from a working Win 7 machine and imported them over here with a flash drive. Ran FSS again, and this time no errors, but the odd thing is, it reports that google and yahoo are both accessible by IP and by name. Well, it got the IP part right. So where am I right now... DHCP is working again. I am being issued a leased IP address, gateway and subnet are autodetecting. However even though FSS says google.com and yahoo.com are accessable, they aren't. Can't ping them, nslookup or tracert. Can load pages just fine through any browser if I load the IP address, but clicking on any links (obviously) fails unless those links are IP based. I wish I had saved any of the logs *during* all this, sorry. All the logs now are clean, including sfc /verifyonly's CBS.log, hijackthis, combofix, and all malware tools I run now also come up clean (though I can't update any of them anymore). I've tried different NICs, and even easytether to my android. The same symptoms are across all adapters. Even uninstalled and reinstalled IPv4 again. (Oh, I also set the 0x08 back to 0xa8, so the certificate is back) Also tried the obvious things like ipconfig /release, /flushdns, /registerdns, /renew, etc, and have tried google's 8.8.8.8 and 8.8.4.4. Nothing. I'm convinced it isn't anything viral related anymore; that dragon is dead, it's just a matter of cleaning up its corpse. I think I'm just tired and missing a setting some where. Anyway, here's this. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:06:57 PM, on 9/6/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16448) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\dell\DBRM\Reminder\DbrmTrayicon.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\SAMSUNG\Samsung SCX-4725 Series SmartPanel\SPanel\RCP\Scan2pc.exe C:\Windows\Samsung\PanelMgr\SSMMgr.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Users\Owner\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe C:\Users\Owner\AppData\Local\DIRECTV Player\NDSPCShowServer.exe C:\Windows\system32\conhost.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [DBRMTray] C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe O4 - HKLM\..\Run: [util] C:\Windows\system32\Util.exe O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [Whitney2_S2P] C:\Program Files\SAMSUNG\Samsung SCX-4725 Series SmartPanel\SPanel\RCP\Scan2pc.exe O4 - HKLM\..\Run: [samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\RunOnce: [DBRMTray] C:\Dell\DBRM\Reminder\TrayApp.exe O4 - HKCU\..\Run: [PCShowServer] "C:\Users\Owner\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe" O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {0CD93B23-33FF-4B59-A25D-0DD6812478B1} (Manheim Media Player) - https://simulcast.manheim.com/simulcast_docs/av/ManheimAVPlugin2-win-ie.cab O16 - DPF: {298BFFEE-662D-11D5-ADAF-00E0810232D7} (lgbplay Class) - https://simulcast.manheim.com/simulcast_docs/av/LiveSound.dll O16 - DPF: {2EA5DD45-9254-4B0D-9F48-E92FEC3A9754} (Simulcast Plugin (ActiveX) v1) - https://simulcast.manheim.com/simulcast_docs/av/SimulcastAVPlugin-win-ie.cab O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - https://www.ove.com/plugin_assets/aurigma/ImageUploader5.cab O16 - DPF: {7206EAAC-5CFA-43A3-9F61-E27E8E51E42F} (laiExcuter Class) - http://adus1.liveblockauctions.com/container_repository/laiexec.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{DA7037A3-5F8E-4486-B561-71302F272547}: NameServer = 8.8.8.8,8.8.4.4 O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe O23 - Service: Broadcom Power monitoring service (BPowMon) - Broadcom Corp. - C:\Program Files\Broadcom\BPowMon\BPowMon.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: U2VSvr - Unknown owner - C:\Windows\system32\U2VSvr.exe -- End of file - 5976 bytes Farbar Service Scanner Version: 06-08-2012 Ran by Owner (administrator) on 06-09-2012 at 21:09:09 Running from "E:\Triage\Farbar Service Scanner" Microsoft Windows 7 Professional Service Pack 1 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo IP is accessible. Yahoo.com is accessible. Other Services: ============== File Check: ======== C:\Windows\system32\nsisvc.dll => MD5 is legit C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit C:\Windows\system32\dhcpcore.dll => MD5 is legit C:\Windows\system32\Drivers\afd.sys => MD5 is legit C:\Windows\system32\Drivers\tdx.sys => MD5 is legit C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit C:\Windows\system32\dnsrslvr.dll => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit **** End of log **** And here's this too. ComboFix 12-09-06.02 - Owner 09/06/2012 22:09:45.3.2 - x86 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2047.1394 [GMT -5:00] Running from: c:\temp\triage\Armoury\ComboFix\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} . . ((((((((((((((((((((((((( Files Created from 2012-08-07 to 2012-09-07 ))))))))))))))))))))))))))))))) . . 2012-09-07 03:13 . 2012-09-07 03:13 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-09-07 03:06 . 2012-09-07 03:06 388096 ----a-r- c:\users\Owner\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-09-07 03:06 . 2012-09-07 03:06 -------- d-----w- c:\program files\Trend Micro 2012-09-07 00:03 . 2012-09-07 00:31 181064 ----a-w- c:\windows\PSEXESVC.EXE 2012-09-06 17:38 . 2012-09-06 17:38 302592 ----a-w- C:\0uodmh5o.exe 2012-09-06 16:29 . 2012-08-23 07:15 7022536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9EE9AE63-0285-46B2-AB02-BC8B4B329D58}\mpengine.dll 2012-09-06 16:28 . 2012-05-04 09:59 514560 ----a-w- c:\windows\system32\qdvd.dll 2012-09-06 16:13 . 2012-08-23 07:15 7022536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-09-06 14:22 . 2012-09-06 14:22 -------- d-----w- c:\program files\ESET 2012-09-06 14:18 . 2012-09-06 14:18 -------- d-----w- c:\program files\Combined Community Codec Pack 2012-09-06 14:18 . 2012-09-06 14:18 -------- d-----w- c:\windows\system32\Adobe 2012-09-06 14:18 . 2012-09-06 14:18 -------- d-----w- c:\program files\Common Files\Java 2012-09-06 14:18 . 2012-09-06 14:17 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-09-06 14:17 . 2012-09-06 14:17 -------- d-----w- c:\program files\Common Files\Adobe AIR 2012-09-06 14:14 . 2012-09-06 14:17 821736 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-09-06 14:14 . 2012-09-06 14:17 -------- d-----w- c:\program files\Java 2012-09-06 14:11 . 2012-09-06 14:11 -------- d-----w- c:\programdata\McAfee 2012-09-05 21:59 . 2012-09-05 21:59 -------- d-----w- c:\programdata\Dell 2012-09-05 21:48 . 2012-09-05 21:49 -------- d-----w- c:\programdata\HitmanPro 2012-09-05 21:48 . 2012-09-05 21:48 -------- d-----w- c:\programdata\Hitman Pro 2012-09-05 21:30 . 2011-02-18 04:47 66112 ----a-w- c:\windows\system32\drivers\ssudbus.sys 2012-09-05 21:30 . 2010-12-21 05:55 581192 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll 2012-09-05 21:30 . 2010-12-21 05:55 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll 2012-09-05 21:26 . 2012-09-05 21:26 -------- d-----w- c:\programdata\Samsung 2012-09-05 21:25 . 2012-09-06 16:12 -------- dc----w- c:\windows\system32\DRVSTORE 2012-09-05 20:39 . 2008-05-08 03:03 303616 ----a-w- C:\SetACL.exe 2012-09-05 20:29 . 2004-06-11 21:33 290304 ----a-w- C:\subinacl.exe 2012-09-05 20:28 . 2012-09-07 00:14 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs 2012-09-05 20:19 . 2012-09-07 03:15 -------- d-----w- c:\users\Owner\AppData\Local\temp 2012-09-05 15:45 . 2012-09-05 15:45 -------- d-----w- c:\programdata\PC-Doctor for Windows 2012-08-29 16:02 . 2012-08-29 16:02 3993600 ----a-w- c:\program files\GUT8102.tmp 2012-08-29 15:52 . 2012-08-29 15:55 -------- d-----w- c:\users\Owner\AppData\Local\Google 2012-08-29 15:52 . 2012-08-29 15:59 -------- d-----w- c:\program files\Google 2012-08-22 21:01 . 2012-08-22 21:01 63120 ----a-r- c:\users\Owner\AppData\Roaming\Microsoft\Installer\{C199DEA2-657E-46C2-9FDB-7C1C068B6B35}\ARPPRODUCTICON.exe 2012-08-22 21:01 . 2012-09-05 21:44 -------- d-----w- c:\users\Owner\AppData\Local\DIRECTV Player 2012-08-22 20:58 . 2012-09-06 14:17 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-08-16 03:11 . 2012-05-05 07:46 400896 ----a-w- c:\windows\system32\srcore.dll 2012-08-16 03:11 . 2012-07-18 17:47 2345984 ----a-w- c:\windows\system32\win32k.sys 2012-08-16 03:11 . 2012-02-11 05:43 492032 ----a-w- c:\windows\system32\win32spl.dll 2012-08-16 03:11 . 2012-02-11 05:37 317440 ----a-w- c:\windows\system32\spoolsv.exe 2012-08-16 03:11 . 2012-07-04 21:14 41984 ----a-w- c:\windows\system32\browcli.dll 2012-08-16 03:11 . 2012-07-04 21:14 102912 ----a-w- c:\windows\system32\browser.dll 2012-08-16 03:11 . 2012-05-14 04:33 769024 ----a-w- c:\windows\system32\localspl.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-09-06 14:17 . 2010-12-23 17:40 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-09-06 14:17 . 2011-06-04 18:19 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PCShowServer"="c:\users\Owner\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe" [2012-08-16 524976] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-12 7739936] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-23 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-23 175128] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-23 166424] "DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2010-05-20 206336] "Util"="c:\windows\system32\Util.exe" [2009-08-26 189816] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2010-07-21 1778064] "Whitney2_S2P"="c:\program files\SAMSUNG\Samsung SCX-4725 Series SmartPanel\SPanel\RCP\Scan2pc.exe" [2006-12-12 274432] "Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2006-12-02 520192] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "DBRMTray"="c:\dell\DBRM\Reminder\TrayApp.exe" [2010-02-04 7168] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x] R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x] R3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x] R3 T1PExGrp;T1PExGrp;c:\windows\system32\DRIVERS\T1PExGrp.sys [x] R3 T1PMrGrp;T1PMrGrp;c:\windows\system32\DRIVERS\T1PMrGrp.sys [x] R3 t1pusb;Trigger 1+ Graphics Card;c:\windows\system32\drivers\t1pusb.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S1 A2DDA;A2 Direct Disk Access Support Driver;c:\temp\triage\Armoury\Emsisoft Emergency Kit\Run\a2ddax86.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [x] S2 BPowMon;Broadcom Power monitoring service;c:\program files\Broadcom\BPowMon\BPowMon.exe [x] S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x] S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [x] S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x] S2 U2VSvr;U2VSvr;c:\windows\system32\U2VSvr.exe [x] S3 k57nd60x;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [x] . . Contents of the 'Scheduled Tasks' folder . 2012-09-07 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-22 14:17] . . ------- Supplementary Scan ------- . TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{DA7037A3-5F8E-4486-B561-71302F272547}: NameServer = 8.8.8.8,8.8.4.4 DPF: {0CD93B23-33FF-4B59-A25D-0DD6812478B1} - hxxps://simulcast.manheim.com/simulcast_docs/av/ManheimAVPlugin2-win-ie.cab DPF: {2EA5DD45-9254-4B0D-9F48-E92FEC3A9754} - hxxps://simulcast.manheim.com/simulcast_docs/av/SimulcastAVPlugin-win-ie.cab DPF: {7206EAAC-5CFA-43A3-9F61-E27E8E51E42F} - hxxp://adus1.liveblockauctions.com/container_repository/laiexec.cab . . ------------------------ Other Running Processes ------------------------ . c:\program files\Microsoft Security Client\MsMpEng.exe c:\windows\system32\sppsvc.exe c:\windows\system32\taskhost.exe c:\windows\system32\conhost.exe c:\windows\system32\MTri1+.exe c:\users\Owner\AppData\Local\DIRECTV Player\NDSPCShowServer.exe c:\windows\system32\conhost.exe c:\\?\c:\windows\system32\wbem\WMIADAP.EXE . ************************************************************************** . Completion time: 2012-09-06 22:19:28 - machine was rebooted ComboFix-quarantined-files.txt 2012-09-07 03:19 ComboFix2.txt 2012-09-06 19:37 ComboFix3.txt 2012-09-05 20:19 . Pre-Run: 128,856,731,648 bytes free Post-Run: 128,431,730,688 bytes free . - - End Of File - - 0228F139191D524823274EC48F195D69 Goin to bed, will check back tomorrow. Thanks guys. o/
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.