Jump to content

Search the Community

Showing results for tags 'ComboFix'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 17 results

  1. Hello, I saw that you posted some information in regards to a similar problem that i seem to be having with my Dell Inspiron Laptop that is running Windows Vista. I was trying to run a virus scan with Malwarebytes and then the computer just shut down. I also tried to boot the computer in safe mode and i tried running the scan and the same thing, the computer wanted to shut down randomly. I tried downloading the Combofix program and it would be great if I can send you the log to analyze (if that is ok?). Also i tried running Malwarebytes Scan after doing the Combofix and the Scan worked properly this time however it still keeps finding tons of Malware issues on the computer and I quarantine all the virus files. Then I try running the scan again and the Malwarebytes program continues to find infected issues on the computer. It never seems to completely clean out all the infected issues. Looking forward to your response. Thank you, Jazzfactor
  2. Hi folks, I am running Maleware bytes on a PC that is running Windows 7. It has apparently found 314 non-malware items that I just quarantined. The biggest issue I was worried about was that there continued being a pop up saying something about blocking fff5ee.com and fffsee.com. I am reading some folks ran ComboFix. In the past when I had more serious issues and had to run ComboFix I would just send the log to someone I used to be in contact with. Anyways, I am looking for someone to help me out. I am not sure what to do from this point forward. Thank you for your time
  3. My work machine has picked up ff5ee.com, which I understand to be a browser hijacker. Computer has been running terribly and exhibiting all sorts of symptoms, so I ran Malwarebytes and noticed it was blocking traffic from ff5ee.com. I ran ComboFix this morning hoping that it would knock it out. The log is attached. Would someone be willing to take a look and confirm whether or not I'm clean? Thanks in advance for any help.
  4. Help! I have the exact same problem as the person in this post: https://forums.malwa...reexe-shutdown/ My Windows 7 system has been hijacked, and this problem even occurs when running in Safe Mode with Networking. After startup, my system is running random internet radio broadcasts through my speakers, and multiple dllhost.exe are running in my system resources. Can you also help me as you helped this other person? I have already run MalwareBytes, CCCleaner, SpyBot and Microsoft Security Essentials. I am still having the same problem. CloudCreator
  5. I recently ran "Hitman Pro" and got the following message with a suspicious file. I also ran "Combofix" and the report seems to indicate a potential problem with a "win32 infection. I have attached this report. Should I be worried about these? HitmanPro 3.7.9.225www.hitmanpro.com Computer name . . . . : LEWIS-PC Windows . . . . . . . : 6.1.1.7601.X64/4 User name . . . . . . : Lewis-PC\Lewis UAC . . . . . . . . . : Enabled License . . . . . . . : Free Scan date . . . . . . : 2014-10-04 19:37:21 Scan mode . . . . . . : Normal Scan duration . . . . : 3m 58s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 1 Objects scanned . . . : 1,672,948 Files scanned . . . . : 28,931 Remnants scanned . . : 256,507 files / 1,387,510 keys Suspicious files ____________________________________________________________ C:\windows\system32\PerfStringBackup.INI Size . . . . . . . : 7,052 bytes Age . . . . . . . : 1908.8 days (2009-07-14 01:13:15) Entropy . . . . . : 3.1 Thank youComboFix.txt
  6. I've never had to post a question on a forum before, but tonight I think I'm way over my head. I've had my yahoo email password hacked about 4 times. I ran some basic malware and spyware programs, but to no avail. I read somewhere to use ComboFix, and I dove right in. I've never used such a dangerous program! Ah! So, the first ComboFix didn't seem to go through. Somehow, though I disabled it, AVG interferred with its process. The PC reset and the typical no connection to the internet ensured. Additionally, my laptop (windows 7) freezes up now and is super buggy. I looked for the log, but it didn't seem to exist. The "file folder" in which things were to be stored just redirects me to the "My Computer" screen. <sigh> I've been trying to follow the diretions here: https://forums.malwarebytes.org/index.php?showtopic=21435, but nothing is working. Please help!
  7. I found a couple older threads in the forum with the same issue I'm having, and they were told to run ComboFix. I've ran it and I need to know where to go from here. I don't know how to interpret the log, so I'll post it. Thank you. ComboFix 14-01-08.03 - user 01/10/2014 18:36:57.1.2 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2807.1361 [GMT -5:00] Running from: c:\users\user\Downloads\ComboFix.exe SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\END c:\users\user\Documents\~yt8612.tmp . . ((((((((((((((((((((((((( Files Created from 2013-12-10 to 2014-01-10 ))))))))))))))))))))))))))))))) . . 2014-01-10 23:44 . 2014-01-10 23:44 -------- d-----w- c:\users\Guest\AppData\Local\temp 2014-01-10 23:44 . 2014-01-10 23:44 -------- d-----w- c:\users\Guest Account\AppData\Local\temp 2014-01-10 23:44 . 2014-01-10 23:44 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-01-10 23:36 . 2014-01-10 23:36 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{074C9223-C88C-4D6F-B264-1673545A3146}\offreg.dll 2014-01-05 01:08 . 2014-01-05 01:08 -------- d-----w- c:\users\user\AppData\Local\MFAData 2014-01-04 02:35 . 2013-11-26 08:35 5769216 ----a-w- c:\windows\system32\jscript9.dll 2014-01-04 02:35 . 2013-11-26 08:16 4243968 ----a-w- c:\windows\SysWow64\jscript9.dll 2013-12-28 22:48 . 2013-09-20 13:50 348160 ------w- c:\windows\SysWow64\msvcr71.dll 2013-12-23 12:08 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe 2013-12-23 12:08 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL 2013-12-23 12:08 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe 2013-12-23 12:08 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL 2013-12-23 12:08 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll 2013-12-23 12:02 . 2013-12-23 12:02 -------- d-----w- c:\windows\Migration 2013-12-23 12:00 . 2013-10-14 23:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE 2013-12-23 11:46 . 2013-10-05 20:25 1474048 ----a-w- c:\windows\system32\crypt32.dll 2013-12-23 11:45 . 2013-10-12 02:30 830464 ----a-w- c:\windows\system32\nshwfp.dll 2013-12-14 07:29 . 2013-12-14 07:29 -------- d-----w- c:\users\user\AppData\Local\Apple Computer . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-01-04 02:26 . 2013-03-12 15:06 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-01-04 02:26 . 2013-03-12 15:06 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-12-11 17:16 . 2013-12-11 14:55 9272200 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2013-12-01 19:42 . 2013-04-21 01:43 90708896 ----a-w- c:\windows\system32\MRT.exe 2013-11-19 10:21 . 2010-11-21 03:27 267936 ------w- c:\windows\system32\MpSigStub.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files (x86)\Steam\Steam.exe" [2014-01-07 1815464] "Mikogo"="c:\users\user\AppData\Roaming\Mikogo 4\mikogo-host.exe" [2013-04-10 6323016] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-14 20584608] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888] "BambooCore"="c:\program files (x86)\Bamboo Dock\BambooCore.exe" [2013-11-08 646744] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Mikogo"="c:\users\user\AppData\Roaming\Mikogo 4\mikogo-host.exe" [2013-04-10 6323016] . c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Facebook Messenger.lnk - c:\users\user\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe [2013-3-7 248240] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe [2010-9-3 255536] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . 2;2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [x] 3;4 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x] 3;4 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys;c:\windows\SYSNATIVE\DRIVERS\avgfwd6a.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 M4-Service;M4-Service;c:\users\user\AppData\Roaming\Mikogo 4\M4-Service.exe;c:\users\user\AppData\Roaming\Mikogo 4\M4-Service.exe [x] R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x] R3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys;c:\windows\SYSNATIVE\DRIVERS\hidkmdf.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x] R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x] R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x] R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys;c:\windows\SYSNATIVE\DRIVERS\wachidrouter.sys [x] R3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys;c:\windows\SYSNATIVE\DRIVERS\wacomrouterfilter.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [x] S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe;c:\program files\Tablet\Pen\Pen_Tablet.exe [x] S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe;c:\program files\Tablet\Pen\Pen_TouchService.exe [x] S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [x] S2 WTabletServiceCon;Wacom Consumer Service;c:\program files\Tablet\Pen\WTabletServiceCon.exe;c:\program files\Tablet\Pen\WTabletServiceCon.exe [x] S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe;c:\program files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe [x] S3 bpenum;Intel® WiMAX Link Enumerator;c:\windows\system32\DRIVERS\bpenum.sys;c:\windows\SYSNATIVE\DRIVERS\bpenum.sys [x] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x] S4 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x] S4 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x] S4 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x] S4 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x] . . --- Other Services/Drivers In Memory --- . *Deregistered* - NisDrv . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2014-01-07 23:49 1211672 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.72\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2014-01-10 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-12 02:26] . 2014-01-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1704738542-2975121776-925690435-1000Core.job - c:\users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-13 22:35] . 2014-01-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1704738542-2975121776-925690435-1000UA.job - c:\users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-13 22:35] . 2014-01-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1704738542-2975121776-925690435-1003Core.job - c:\users\Guest Account\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-06-19 20:55] . 2014-01-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1704738542-2975121776-925690435-1003UA.job - c:\users\Guest Account\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-06-19 20:55] . 2014-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-25 06:30] . 2014-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-25 06:30] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-11 167704] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-11 392984] "Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-11 417560] "IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2010-03-07 1445888] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\tgdzjid0.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - ExtSQL: 2013-12-07 03:12; giorgio@gilestro.tk; c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\tgdzjid0.default\extensions\giorgio@gilestro.tk.xpi . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-iLivid - c:\users\user\AppData\Local\iLivid\iLivid.exe Wow6432Node-HKCU-Run-DW7 - c:\program files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe Wow6432Node-HKLM-Run-DivXMediaServer - c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2014-01-10 18:48:01 ComboFix-quarantined-files.txt 2014-01-10 23:48 . Pre-Run: 40,532,475,904 bytes free Post-Run: 49,943,601,152 bytes free . - - End Of File - - F490A51193B703BE7C39DEF28E0B7C03 A36C5E4F47E84449FF07ED3517B43A31
  8. Google going to random sites, ran combo fix, It hung up at c:\Windows\system32\Services.exe infected attempting to repair. started browsing forums and here we go. DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16446 BrowserJavaVersion: 10.17.2 Run by DAMON at 16:57:41 on 2013-03-08 . ============== Running Processes ================ . C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\PROGRA~2\COUPON~2\bar\1.bin\5zbarsvc.exe C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe C:\Program Files (x86)\Norton AntiVirus\Engine\20.3.0.36\ccSvcHst.exe C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\Program Files (x86)\Rosewill\Common\RegistryWriter.exe C:\Program Files (x86)\Norton AntiVirus\Engine\20.3.0.36\ccSvcHst.exe C:\Program Files (x86)\Lexmark 4200 Series\LXBMmon.exe C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files (x86)\Windows Sidebar\sidebar.exe C:\Program Files (x86)\Rosewill\Common\RaUI.exe C:\Program Files (x86)\Picasa2\PicasaMediaDetector.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zbrmon.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\PROGRA~2\COUPON~2\bar\1.bin\5zmedint.exe C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\CrExtP5z.exe C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_168_ActiveX.exe C:\Windows\SysWOW64\DllHost.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ mStart Page = hxxp://search.coupons.com/ uURLSearchHooks: <No Name>: {9b138bf3-1d40-4e7e-84bb-2975198ad938} - C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zSrcAs.dll dURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - <orphaned> BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned> BHO: Toolbar BHO: {0297a026-3011-46d3-ad62-bb9a7612aea7} - C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zbar.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\20.3.0.36\ips\ipsbho.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Search Assistant BHO: {7d69ed06-0171-4379-9528-08df51092727} - C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zSrcAs.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - <orphaned> TB: CouponXplorer: {65C72339-FB1D-4155-84E1-9AFACEE02D6F} - C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zbar.dll TB: <No Name>: - LocalServer32 - <no file> TB: CouponXplorer: {65c72339-fb1d-4155-84e1-9afacee02d6f} - C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zbar.dll uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe uRun: [iSUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" uRun: [sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe mRun: [Lexmark 4200 Series] "C:\Program Files (x86)\Lexmark 4200 Series\fm3032.exe" /s mRun: [Picasa Media Detector] "C:\Program Files (x86)\Picasa2\PicasaMediaDetector.exe" mRun: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe mRun: [intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s mRun: [ArcSoft Connection Service] "C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" mRun: [CouponXplorer Search Scope Monitor] "C:\PROGRA~2\COUPON~2\bar\1.bin\5zsrchmn.exe" /m=2 /w /h mRun: [CouponXplorer_5z Browser Plugin Loader] C:\PROGRA~2\COUPON~2\bar\1.bin\5zbrmon.exe mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} LSP: C:\Windows\System32\wpclsp.dll DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5694/mcfscan.cab TCP: NameServer = 192.168.1.254 TCP: Interfaces\{7C0C3719-751E-4E19-B5B1-C9C7B641CE0F} : DHCPNameServer = 192.168.1.254 Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\Windows\SysWow64\browseui.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-Run: [RtHDVCpl] RAVCpl64.exe x64-Run: [skytel] Skytel.exe x64-Run: [WPCUMI] C:\Windows\System32\WpcUmi.exe x64-Run: [lxbmmon.exe] "C:\Program Files (x86)\Lexmark 4200 Series\lxbmmon.exe" x64-Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" x64-Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 x64-mPolicies-Explorer: NoDrives = dword:0 x64-mPolicies-System: EnableUIADesktopToggle = dword:0 x64-Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - LocalServer32 - <no file> x64-Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - <orphaned> x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll . ============= SERVICES / DRIVERS =============== . R? alswkmhw;alswkmhw R? AutoSyncService;Memeo AutoSync R? aygwwdzr;aygwwdzr R? CAMHWBS2;CAMHWBS2 R? clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64 R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86 R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64 R? FnetUsbDrv;FnetUsbDrv R? fssfltr;fssfltr R? fsssvc;Windows Live Family Safety Service R? irvpnqxy;irvpnqxy R? kyzmhviq;kyzmhviq R? mferkdk;McAfee Inc. mferkdk R? mfesmfk;McAfee Inc. mfesmfk R? mvftpdcx;mvftpdcx R? PerfHost;Performance Counter DLL Host R? Point64;Microsoft IntelliPoint Filter Driver R? Revoflt;Revoflt R? SkypeUpdate;Skype Updater R? USBAAPL64;Apple Mobile USB Driver R? wlcrasvc;Windows Live Mesh remote connections service R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0 S? BHDrvx64;BHDrvx64 S? ccSet_NAV;Norton AntiVirus Settings Manager S? CouponXplorer_5zService;CouponXplorerService S? EraserUtilRebootDrv;EraserUtilRebootDrv S? FontCache;Windows Font Cache Service S? IDSVia64;IDSVia64 S? IntcHdmiAddService;Intel® High Definition Audio HDMI S? LVPr2M64;Logitech LVPr2M64 Driver S? LVPrcS64;Process Monitor S? lxbm_device;lxbm_device S? NAV;Norton AntiVirus S? PxHlpa64;PxHlpa64 S? RalinkRegistryWriter;Ralink Registry Writer S? SymDS;Symantec Data Store S? SymEFA;Symantec Extended File Attributes S? SymIRON;Symantec Iron Driver S? SYMTDIv;Symantec Vista Network Dispatch Driver S? VST64_DPV;VST64_DPV S? VST64HWBS2;VST64HWBS2 S? WDBtnMgrSvc.exe;WD Drive Manager Service S? WDC_SAM;WD SCSI Pass Thru driver . =============== File Associations =============== . FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %* . =============== Created Last 30 ================ . . ==================== Find3M ==================== . 2013-03-08 18:04:30 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-03-08 18:04:29 262560 ----a-w- C:\Windows\SysWow64\javaws.exe 2013-03-08 18:04:29 174496 ----a-w- C:\Windows\SysWow64\javaw.exe 2013-03-08 18:04:29 174496 ----a-w- C:\Windows\SysWow64\java.exe 2013-03-08 18:04:28 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2013-03-08 18:04:28 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2013-03-02 17:56:36 106496 ----a-w- C:\Windows\SysWow64\ATL71.DLL 2013-02-26 21:12:13 177312 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS 2013-02-26 17:14:46 71024 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-02-26 17:14:46 691568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-02-05 03:49:34 70004024 ----a-w- C:\Windows\System32\mrt.exe 2013-01-31 03:18:18 455840 ----a-w- C:\Windows\System32\drivers\NAVx64\1403000.024\symtdiv.sys 2013-01-31 03:18:18 432800 ----a-w- C:\Windows\System32\drivers\NAVx64\1403000.024\symnets.sys 2013-01-31 03:18:06 1139800 ----a-w- C:\Windows\System32\drivers\NAVx64\1403000.024\symefa64.sys 2013-01-29 01:45:19 796248 ----a-w- C:\Windows\System32\drivers\NAVx64\1403000.024\srtsp64.sys 2013-01-29 01:45:19 36952 ----a-w- C:\Windows\System32\drivers\NAVx64\1403000.024\srtspx64.sys 2013-01-22 02:15:33 493656 ----a-w- C:\Windows\System32\drivers\NAVx64\1403000.024\symds64.sys 2013-01-17 06:28:58 273840 ------w- C:\Windows\System32\MpSigStub.exe 2012-12-14 21:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys . ============= FINISH: 17:00:21.95 =============== ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) Acrobat.com Adobe AIR Adobe Flash Player 11 ActiveX Adobe Reader 9.5.4 Apple Application Support Apple Mobile Device Support Apple Software Update ArcSoft Panorama Maker 5 BlackBerry Desktop Software 6.1 Bonjour Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module CouponXplorer Toolbar D3DX10 FaxRedist FlipShare Google Chrome Google Earth Plug-in Google Update Helper Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Intel® Graphics Media Accelerator Driver iTunes Java 7 Update 17 Java Auto Updater Junk Mail filter update Lexmark 4200 Series LinkWare Logitech Vid Logitech Webcam Software Malwarebytes Anti-Malware version 1.70.0.1100 Memeo AutoBackup Memeo AutoSync Mesh Runtime Messenger Companion Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2656353) Microsoft .NET Framework 1.1 Security Update (KB2656370) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft IntelliPoint 7.1 Microsoft IntelliType Pro 7.1 Microsoft Office 2007 Primary Interop Assemblies Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Home and Student 2007 Microsoft Office Live Add-in 1.5 Microsoft Office Office 64-bit Components 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared 64-bit MUI (English) 2007 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual Studio 2005 Tools for Office Runtime MobileMe Control Panel Move Media Player MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK Nero 7 Essentials neroxml Netflix in Windows Media Center Nikon Message Center 2 Norton AntiVirus Pacific Storm Picasa 2 Picture Control Utility Privateers Bounty - Age of Sail II QuickBooks QuickBooks Pro 2010 QuickBooks Product Listing Service QuickTime RealNetworks - Microsoft Visual C++ 2008 Runtime RealPlayer Realtek High Definition Audio Driver RealUpgrade 1.1 Revo Uninstaller Pro 2.5.3 Rosewill Wireless Network 11N USB adapter RNX-EasyN1 Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition Segoe UI Silvestri Comp Review PN 4e Skype web features Skype™ 5.10 Spybot - Search & Destroy StarCraft SupportSoft Assisted Service Unity Web Player Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) ViewNX 2 WD Diagnostics WD Drive Manager (x64) Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Messenger Companion Core Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources . ==== End Of File ===========================
  9. Hi there, I followed your instructions on some other posts on using the ComboFix but now I'm not sure if I'm good to go or not... ============================================================================================================================================================================= ComboFix 12-12-04.01 - sapwiz 05/12/12 21:58:47.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1255.972.1033.18.2038.1451 [GMT 2:00] Running from: c:\documents and settings\user\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\user\WINDOWS c:\windows\msmqinst.log c:\windows\system32\MUI\040D\tourstart.exe c:\windows\system32\SET108.tmp c:\windows\system32\zip32.dll . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_FAD . . ((((((((((((((((((((((((( Files Created from 2012-11-05 to 2012-12-05 ))))))))))))))))))))))))))))))) . . 2012-12-03 04:28 . 2012-10-30 22:51 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-12-03 04:28 . 2012-10-30 22:51 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-12-03 04:28 . 2012-10-30 22:51 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-12-03 04:28 . 2012-10-30 22:51 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2012-12-03 04:28 . 2012-10-30 22:51 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-12-03 04:28 . 2012-10-30 22:51 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2012-12-03 04:28 . 2012-10-30 22:51 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys 2012-12-03 04:28 . 2012-10-30 22:51 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2012-12-03 04:28 . 2012-10-30 22:51 41224 ----a-w- c:\windows\avastSS.scr 2012-12-03 04:28 . 2012-10-30 22:50 227648 ----a-w- c:\windows\system32\aswBoot.exe 2012-12-03 04:27 . 2012-12-03 04:27 -------- d-----w- c:\program files\AVAST Software 2012-12-03 04:27 . 2012-12-03 04:27 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software 2012-12-02 19:21 . 2012-12-02 19:22 -------- d-----w- c:\documents and settings\Administrator . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-12 21:27 . 2012-04-01 17:47 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-11-12 21:27 . 2011-05-25 16:47 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-11-08 18:11 . 2010-07-19 19:47 52648 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll 2012-11-08 18:11 . 2010-07-19 19:47 83912 ----a-w- c:\windows\system32\LMIRfsClientNP.dll 2012-11-08 18:11 . 2010-07-19 19:47 31144 ----a-w- c:\windows\system32\LMIport.dll 2012-11-08 18:11 . 2010-07-19 19:47 92072 ----a-w- c:\windows\system32\LMIinit.dll 2012-10-22 08:37 . 2008-04-14 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys 2012-10-02 18:04 . 2008-04-14 12:00 58368 ----a-w- c:\windows\system32\synceng.dll 2012-09-24 13:32 . 2012-06-15 15:58 477168 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-09-24 13:32 . 2010-09-11 09:52 473072 ----a-w- c:\windows\system32\deployJava1.dll 2012-09-24 11:51 . 2012-06-15 15:58 73728 ----a-w- c:\windows\system32\javacpl.cpl 2010-05-12 13:42 . 2012-10-26 21:44 124344 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll 2010-05-12 14:22 . 2012-10-26 21:44 13240 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll 2010-05-12 13:43 . 2012-10-26 21:44 70592 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll 2010-05-12 13:42 . 2012-10-26 21:44 91576 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll 2010-05-12 13:42 . 2012-10-26 21:44 22464 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll 2010-05-12 13:41 . 2012-10-26 21:44 255416 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll 2010-05-12 13:42 . 2012-10-26 21:44 31160 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll 2010-05-12 13:42 . 2012-10-26 21:44 40384 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll 2010-04-14 10:55 . 2012-10-26 21:44 652640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll 2010-05-12 13:43 . 2012-10-26 21:44 24000 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll 2012-10-26 21:44 . 2012-10-26 21:44 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IDProtect Monitor"="c:\program files\Athena\IDProtect Client\Utils\IDProtect Monitor.exe" [2010-01-17 323664] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 137752] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152] "LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2009-07-23 185688] "LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2009-07-23 124248] "Daemon for Mouse Suite"="c:\program files\Lenovo\Lenovo Mouse Suite\ICO.EXE" [2010-07-27 69632] "LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-01-27 63048] "Genie TimeLine Tray"="c:\program files\Genie-Soft\Genie Timeline\GSTimeLineAgent.exe" [2011-01-11 1051264] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2012-11-08 18:11 92072 ----a-w- c:\windows\system32\LMIinit.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "c:\\Program Files\\eMule\\eMule.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"= "c:\\Program Files\\Soluto\\SolutoCleanup.exe"= "c:\\Program Files\\Soluto\\Soluto.exe"= "c:\\Program Files\\Soluto\\SolutoService.exe"= "c:\\Program Files\\Soluto\\SolutoConsole.exe"= "c:\\Program Files\\Soluto\\SolutoUpdateService.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "59000:TCP"= 59000:TCP:emule tcp "59500:UDP"= 59500:UDP:empule upd . R0 Soluto;Soluto;c:\windows\system32\drivers\Soluto.sys [04/03/11 11:39 AM 51144] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [03/12/12 6:28 AM 738504] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [03/12/12 6:28 AM 361032] R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [16/04/10 3:22 PM 65584] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [03/12/12 6:28 AM 21256] R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [07/02/12 4:47 PM 374704] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [27/01/10 11:22 AM 12856] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [02/08/11 8:08 PM 11520] S2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [06/09/12 10:48 AM 604688] S3 cpuz135;cpuz135;\??\c:\windows\TEMP\cpuz135\cpuz135_x32.sys --> c:\windows\TEMP\cpuz135\cpuz135_x32.sys [?] S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [23/10/12 12:19 AM 77624] S3 GemCCID;GemCCID;c:\windows\system32\drivers\GemCCID.sys [23/10/10 9:01 PM 87424] S3 GenieTimelineService;Genie Timeline Service;c:\program files\Genie-Soft\Genie Timeline\GenieTimelineService.exe [11/01/11 5:25 PM 362624] S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [11/06/11 1:08 PM 24576] S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [22/06/10 6:01 PM 21248] S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys --> c:\windows\system32\DRIVERS\ivusb.sys [?] S3 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [15/09/11 12:06 PM 88576] S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [23/10/12 12:19 AM 181432] S3 wimmount;wimmount;c:\windows\system32\drivers\wimmount.sys [15/06/10 11:52 AM 19024] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2012-12-05 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 21:27] . 2012-12-05 c:\windows\Tasks\avast! Emergency Update.job - c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-12-03 22:50] . 2012-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-08-04 09:45] . 2012-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-08-04 09:45] . 2012-12-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-573735546-1177238915-1003Core.job - c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-03-16 17:06] . 2012-12-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-573735546-1177238915-1003UA.job - c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-03-16 17:06] . 2012-11-23 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:54] . 2012-12-05 c:\windows\Tasks\SystemToolsDailyTest.job - c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:54] . . ------- Supplementary Scan ------- . uStart Page = https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=llya694le36z&scc=1&ltmpl=default&ltmplcache=2&from=login uDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: mof.gov.il\wa TCP: DhcpNameServer = 192.168.2.1 DPF: {87FA0696-C219-429B-AF1D-EE0A7FF3E18B} - hxxps://hb2.bankleumi.co.il/las163bfeb7d306c40a845d1a835072d1b6128e0934/las0/HomeBank/Operations/Masav.CAB DPF: {9EF2BA47-C6A7-470D-9DD9-4323B0CB8353} - hxxp://192.168.2.222/WebClient.cab DPF: {BC4CF6B5-8DE7-4F51-A369-364629A6C2B7} - hxxps://hb2.bankleumi.co.il/eas/activex/BankDOKOp.cab FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\6cz35eb1.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.globes.co.il/ FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q= FF - ExtSQL: 2012-10-19 16:08; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} FF - ExtSQL: 2012-12-03 06:28; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF FF - ExtSQL: !HIDDEN! 2010-07-24 23:24; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension . . ------- File Associations ------- . .scr=Icad.load.scr . - - - - ORPHANS REMOVED - - - - . HKCU-Run-ZortamMp3MediaStudio - c:\program files\Zortam Mp3 Media Studio\zmmspro.exe SafeBoot-WudfPf SafeBoot-WudfRd AddRemove-01_Simmental - c:\program files\SAMSUNG\USB Drivers\01_Simmental\Uninstall.exe AddRemove-02_Siberian - c:\program files\SAMSUNG\USB Drivers\02_Siberian\Uninstall.exe AddRemove-03_Swallowtail - c:\program files\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exe AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe AddRemove-05_Sloan - c:\program files\SAMSUNG\USB Drivers\05_Sloan\Uninstall.exe AddRemove-06_Spencer - c:\program files\SAMSUNG\USB Drivers\06_Spencer\Uninstall.exe AddRemove-07_Schorl - c:\program files\SAMSUNG\USB Drivers\07_Schorl\Uninstall.exe AddRemove-08_EMPChipset - c:\program files\SAMSUNG\USB Drivers\08_EMPChipset\Uninstall.exe AddRemove-09_Hsp - c:\program files\SAMSUNG\USB Drivers\09_Hsp\Uninstall.exe AddRemove-11_HSP_Plus_Default - c:\program files\SAMSUNG\USB Drivers\11_HSP_Plus_Default\Uninstall.exe AddRemove-12_Symbian_USB_Download_Driver - c:\program files\SAMSUNG\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\SAMSUNG\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe AddRemove-16_Shrewsbury - c:\program files\SAMSUNG\USB Drivers\16_Shrewsbury\Uninstall.exe AddRemove-17_EMP_Chipset2 - c:\program files\SAMSUNG\USB Drivers\17_EMP_Chipset2\Uninstall.exe AddRemove-18_Zinia_Serial_Driver - c:\program files\SAMSUNG\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe AddRemove-19_VIA_driver - c:\program files\SAMSUNG\USB Drivers\19_VIA_driver\Uninstall.exe AddRemove-20_NXP_Driver - c:\program files\SAMSUNG\USB Drivers\20_NXP_Driver\Uninstall.exe AddRemove-21_Searsburg - c:\program files\SAMSUNG\USB Drivers\21_Searsburg\Uninstall.exe AddRemove-22_WiBro_WiMAX - c:\program files\SAMSUNG\USB Drivers\22_WiBro_WiMAX\Uninstall.exe AddRemove-24_flashusbdriver - c:\program files\SAMSUNG\USB Drivers\24_flashusbdriver\Uninstall.exe AddRemove-25_escape - c:\program files\SAMSUNG\USB Drivers\25_escape\Uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-12-05 22:08 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(708) c:\windows\system32\LMIinit.dll . - - - - - - - > 'explorer.exe'(3716) c:\windows\system32\WININET.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\hnetcfg.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\LMIRfsClientNP.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\AVAST Software\Avast\AvastSvc.exe c:\windows\System32\SCardSvr.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\LogMeIn\x86\RaMaint.exe c:\windows\system32\igfxsrvc.exe c:\program files\LogMeIn\x86\LogMeIn.exe c:\program files\Lenovo\Lenovo Mouse Suite\FSRremoS.EXE c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2012-12-05 22:17:45 - machine was rebooted ComboFix-quarantined-files.txt 2012-12-05 20:17 . Pre-Run: 40,225,918,976 bytes free Post-Run: 41,662,914,560 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - 1BAAF038255B7713D2727CEF01F92FD1 ========================================================================================================================================================================
  10. I got the dreaded Smitfraud 2 days ago, and although malwarebytes and spybot detect it, they do not seem able to eliminate it. I found another thread about smitfraud-c on this forum so I followed some steps (TDDSkiller and Combofix). Could someone review this log and tell me if 1) I need to do anything else, and 2) was there any backdoor elements I should be concerned about? Any help is truly appreciated. The combofix log is below: ComboFix 12-07-18.04 - Madcow 07/18/2012 20:33:23.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6135.4333 [GMT -4:00] Running from: c:\users\Madcow\Desktop\ComboFix.exe AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\Search Toolbar c:\program files (x86)\Search Toolbar\icon.ico c:\program files (x86)\Search Toolbar\SearchToolbar.dll c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe c:\program files (x86)\Search Toolbar\SearchToolbarUpdater.exe c:\users\Madcow\GoToAssistDownloadHelper.exe c:\windows\svchost.exe . . ((((((((((((((((((((((((( Files Created from 2012-06-19 to 2012-07-19 ))))))))))))))))))))))))))))))) . . 2012-07-19 00:38 . 2012-07-19 00:38 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-07-19 00:14 . 2012-07-19 00:14 -------- d-----w- c:\program files (x86)\7-zip 2012-07-19 00:14 . 2012-07-19 00:14 -------- d-----w- c:\program files (x86)\Freeze.com 2012-07-19 00:14 . 2012-07-19 00:14 -------- d-----w- c:\programdata\Yahoo! 2012-07-19 00:14 . 2012-07-19 00:14 -------- d-----w- c:\programdata\Yahoo! Companion 2012-07-19 00:14 . 2012-07-19 00:14 -------- d-----w- c:\program files (x86)\Yahoo! 2012-07-19 00:14 . 2012-07-19 00:14 -------- d-----w- c:\users\Madcow\AppData\Roaming\Yahoo! 2012-07-19 00:06 . 2012-07-19 00:06 -------- d-----w- C:\TDSSKiller_Quarantine 2012-07-18 23:11 . 2012-07-18 23:11 110080 ----a-r- c:\users\Madcow\AppData\Roaming\Microsoft\Installer\{F896D026-9016-4122-B9BD-957FF092FFE9}\IconF7A21AF7.exe 2012-07-18 23:11 . 2012-07-18 23:11 110080 ----a-r- c:\users\Madcow\AppData\Roaming\Microsoft\Installer\{F896D026-9016-4122-B9BD-957FF092FFE9}\IconD7F16134.exe 2012-07-18 23:11 . 2012-07-18 23:11 110080 ----a-r- c:\users\Madcow\AppData\Roaming\Microsoft\Installer\{F896D026-9016-4122-B9BD-957FF092FFE9}\Icon1226A4C5.exe 2012-07-18 23:11 . 2012-07-18 23:14 -------- d-----w- C:\sh4ldr 2012-07-18 23:11 . 2012-07-18 23:11 -------- d-----w- c:\program files\Enigma Software Group 2012-07-18 23:10 . 2012-07-18 23:11 -------- d-----w- c:\windows\F896D02690164122B9BD957FF092FFE9.TMP 2012-07-18 05:45 . 2012-07-18 23:52 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-07-18 05:45 . 2012-07-18 22:54 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2012-07-18 05:43 . 2012-07-18 05:43 -------- d-----w- c:\users\Madcow\AppData\Local\Giant Savings 2012-07-18 05:43 . 2012-07-18 21:06 -------- d-----w- c:\program files (x86)\Giant Savings 2012-07-17 22:47 . 2012-07-17 22:49 -------- d-----w- c:\users\Madcow\AppData\Roaming\AVG 2012-07-17 22:27 . 2012-07-17 22:27 -------- d-----w- c:\users\Madcow\AppData\Local\AVG Secure Search 2012-07-17 22:27 . 2012-07-17 22:28 -------- d-----w- c:\programdata\AVG Secure Search 2012-07-17 22:27 . 2012-07-18 21:06 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search 2012-07-17 22:27 . 2012-07-18 21:06 -------- d-----w- c:\program files (x86)\AVG Secure Search 2012-07-17 22:25 . 2012-07-18 21:05 -------- d-----w- c:\programdata\AVG2012 2012-07-17 22:25 . 2012-07-17 22:25 -------- d-----w- C:\$AVG 2012-07-17 22:24 . 2012-07-17 22:46 -------- d-----w- c:\program files (x86)\AVG 2012-07-17 22:19 . 2012-07-18 21:05 -------- d-----w- c:\programdata\MFAData 2012-07-17 22:19 . 2012-07-17 22:19 -------- d--h--w- c:\programdata\Common Files 2012-07-17 19:53 . 2012-07-17 19:53 -------- d-----w- c:\programdata\Kaspersky Lab . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-18 21:58 . 2012-04-07 21:51 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-07-18 21:58 . 2011-07-22 20:00 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-06-13 07:06 . 2010-02-14 14:59 58957832 ----a-w- c:\windows\system32\MRT.exe 2012-05-18 02:47 . 2012-06-13 07:00 17807360 ----a-w- c:\windows\system32\mshtml.dll 2012-05-18 02:16 . 2012-06-13 07:00 10924032 ----a-w- c:\windows\system32\ieframe.dll 2012-05-18 02:06 . 2012-06-13 07:00 2311680 ----a-w- c:\windows\system32\jscript9.dll 2012-05-18 01:59 . 2012-06-13 07:00 1346048 ----a-w- c:\windows\system32\urlmon.dll 2012-05-18 01:59 . 2012-06-13 07:00 1392128 ----a-w- c:\windows\system32\wininet.dll 2012-05-18 01:58 . 2012-06-13 07:00 1494528 ----a-w- c:\windows\system32\inetcpl.cpl 2012-05-18 01:58 . 2012-06-13 07:00 237056 ----a-w- c:\windows\system32\url.dll 2012-05-18 01:56 . 2012-06-13 07:00 85504 ----a-w- c:\windows\system32\jsproxy.dll 2012-05-18 01:55 . 2012-06-13 07:00 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-05-18 01:55 . 2012-06-13 07:00 818688 ----a-w- c:\windows\system32\jscript.dll 2012-05-18 01:54 . 2012-06-13 07:00 2144768 ----a-w- c:\windows\system32\iertutil.dll 2012-05-18 01:51 . 2012-06-13 07:00 96768 ----a-w- c:\windows\system32\mshtmled.dll 2012-05-18 01:51 . 2012-06-13 07:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-05-18 01:47 . 2012-06-13 07:00 248320 ----a-w- c:\windows\system32\ieui.dll 2012-05-17 22:45 . 2012-06-13 07:00 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-05-17 22:35 . 2012-06-13 07:00 1129472 ----a-w- c:\windows\SysWow64\wininet.dll 2012-05-17 22:35 . 2012-06-13 07:00 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-05-17 22:29 . 2012-06-13 07:00 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-05-17 22:24 . 2012-06-13 07:00 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-05-15 01:32 . 2012-06-12 19:30 3146752 ----a-w- c:\windows\system32\win32k.sys 2012-05-06 02:56 . 2011-04-29 01:11 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS 2012-05-04 11:06 . 2012-06-12 19:30 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 10:03 . 2012-06-12 19:30 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03 . 2012-06-12 19:30 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-05-01 05:40 . 2012-06-12 19:30 209920 ----a-w- c:\windows\system32\profsvc.dll 2012-04-28 03:55 . 2012-06-12 19:30 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-26 05:41 . 2012-06-12 19:30 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-04-26 05:41 . 2012-06-12 19:30 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-04-26 05:34 . 2012-06-12 19:30 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-04-24 05:37 . 2012-06-12 19:30 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2012-04-24 05:37 . 2012-06-12 19:30 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-04-24 05:37 . 2012-06-12 19:30 1462272 ----a-w- c:\windows\system32\crypt32.dll 2012-04-24 04:36 . 2012-06-12 19:30 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-04-24 04:36 . 2012-06-12 19:30 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-04-24 04:36 . 2012-06-12 19:30 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2009-07-17 237568] "Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600] "PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520] "EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-12-04 665424] "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568] "VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2009-02-03 237693] "SPIRunE"="SPIRunE.dll" [2010-02-17 18432] "AutoTask"="c:\program files (x86)\AutoTask\AutoTask.exe" [2009-06-22 335872] "CTxfiHlp"="CTXFIHLP.EXE" [2010-07-07 24576] "PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-03-24 599328] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ SGETask.lnk - c:\program files\SIMU\SGE\SGETask.Exe [2010-9-24 91720] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-18 250056] R3 AllShare;SAMSUNG AllShare Service;c:\program files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [2010-07-16 6638080] R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-02-14 79360] R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-02-04 79360] R3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [2010-02-14 79360] R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2010-07-07 230488] R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2010-07-07 1445976] R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2010-07-07 95320] R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-03-02 13088] R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [2010-02-17 38536] R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848] R3 t3;Sound Blaster X-Fi Xtreme Audio;c:\windows\system32\drivers\t3.sys [2010-02-17 639512] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-19 1255736] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS [2012-03-29 451192] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS [2012-03-29 1092728] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\BASHDefs\20120711.002_b67\BHDrvx64.sys [2012-07-11 1161376] S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys [2011-11-29 167048] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\IPSDefs\20120717.003_b7e\IDSvia64.sys [2012-07-17 509088] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS [2012-03-29 190072] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0602010.005\SYMNETS.SYS [2012-03-29 405624] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648] S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe [2012-03-27 138232] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120] S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224] S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248] S3 AE1000;Linksys AE1000 Driver;c:\windows\system32\DRIVERS\ae1000w7.sys [2010-02-12 1101600] S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2010-07-07 230488] S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2010-07-07 1445976] S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2010-07-07 95320] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-06-13 138912] S3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [2010-07-07 1612888] S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-08-06 320040] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-07-07 174184] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2012-07-18 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 21:58] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-syctransfer&type=type=W3i_SP,204,0_0,StartPage,20120729,16897,0,6,0 mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 Trusted Zone: play.net\* TCP: DhcpNameServer = 192.168.0.1 DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB DPF: {5721FA68-5ABD-40A8-81F1-4136691194BF} - hxxps://www.play.net/components/activex/AXSAL.ocx . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Toolbar-Locked - (no file) . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360] "ImagePath"="\"c:\program files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\6.2.1.5\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe c:\windows\SysWOW64\rundll32.exe c:\windows\SysWOW64\Ctxfihlp.exe c:\windows\SysWOW64\CTXFISPI.EXE . ************************************************************************** . Completion time: 2012-07-18 20:45:40 - machine was rebooted ComboFix-quarantined-files.txt 2012-07-19 00:45 . Pre-Run: 662,897,065,984 bytes free Post-Run: 662,337,064,960 bytes free . - - End Of File - - 4275DA58F6B02F3D160352FBC27BC399
  11. At first when i saved combo fix i ACCIDENTALLY saved combofix not to my desktop but to whereever it saved it and now after combofix ran last night and I got on to post the combofix log and now I cant do anything on my computer such as open any system, internet explorer, skype, yahoo, notepad, system restore. I ran combo fix and got an error on my computer, C:\program files(x86)\internet explorer\iexplore.exe illegal Operation attempted on a registry key that has been marked for deletion. (click ok or x it out) another box opens: Can't open this item it might have been moved, renamed or deleted. Don you want to removes this item? same things come for Skype, Yahoo Messenger, and any other program on my computer. I cant even restore my computer. It says thats marked for deletion!!!!!! now i hardbooted my computer and can get on the internet skype and yahoo, but almost every programs it says the firewall has blocked access, do you want to allow access. how do i delete or find combofix saved anywhere on my computer besides the desktop?
  12. I get prompted with 80000032.@ virus very frequently so I installed combofix to remove the virus. TDSS reported no finding after removal. I unintalled combofix but then the internet stop working. Attach the log of combofix. Some of the language is Chinese, please let me know if you need translation. ComboFix.txt
  13. Hello! Never tried the forum bit but here goes, I've read several posts of users having similar issues to what I'm seeing with my machine, as all of them were delighted with the results I'm highly inclined to seek your assistance. It seems whenever I plug my computer into its internet connection the CPU usage goes full on, upon opening the WTM to find the culprit I see that PING.EXE begins with a nominal percentage before (in seconds) exponentially rocketing up to 100% causing the machine to freeze absolutely. However, no sooner than the cable has been disconnected, all returns to a stable operating state. Manually stopping ping.exe and the searchindexer.exe tree works temporarily but they soon revitalize and the issue resumes, svchost.exe also has a high CPU and memory usage but I've not tried stopping any of those. The few times I ventured online google.com would not work, where other sites would. I thought myself a fairly proficient a user when it comes to macro software processes but am bewildered by the Windows components and really don't want to deadline my machine. I defer to the knowledge and experience of this forums admins, moderators, experts, and trusted advisors, Please Help! Thankyou Attach.txt DDS.txt
  14. I just got done removing a virus from my desktop system, and I was instructed by a specialist to run Combofix during the removal process. After I ran combofix, I restarted my desktop, but now I can't connect to any webpages, skype, etc, even though it says I'm connected to the internet in the bottom right hand corner. I'm also connected to the internet right now on my laptop, which is how I am posting this. I already tried unplugging my router/modem and let them unplugged for a minute or 2, then plugged it back in and nothing changed. I made sure that my IP/DNS was set to obtain automatically. I tried to do 'ipconfig /release' and 'ipconfig /renew' in cmd, and still nothing changed. I also tried to use the "winsockfix" that I've been seeing a lot about when searching this on google. I checked my hosts file, and it is blank. Please help me!! I've been trying to fix this for 3 hours now and no luck. Combofix log: http://pastebin.com/7qfVrTYk Thank you for the help
  15. My computer has been constantly redirecting my google searches for the past month or so, and additionally, recently a "TCP/IP Ping Command" has popped up in my volume mixer, playing sounds of different commercials. This has been worrying me greatly, and I would greatly appreciate assistance with these, primarily the Ping.exe virus. It will not let me delete Ping.exe due to the TrustedInstaller having full rights over it. I have copy-pasted my DDS.txt here. . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31 Run by Chris at 18:13:45 on 2012-06-21 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8175.4771 [GMT -5:00] . AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe C:\Windows\system32\svchost.exe -k LocalService C:\PROGRA~2\Stardock\OBJECT~1\WINDOW~1\VistaSrv.exe C:\PROGRA~2\Stardock\OBJECT~1\WINDOW~1\WBVista.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\PROGRA~2\Stardock\OBJECT~1\WINDOW~1\WBVista.exe C:\Windows\System32\spoolsv.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\PROGRA~2\Stardock\OBJECT~1\WINDOW~1\WBVista.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BBSvc.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\FantapperUpdateService.exe C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe C:\Program Files\GIGABYTE\SMART6\Recovery\RPMDaemon.exe C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\WUDFHost.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Users\Chris\AppData\Roaming\Google\Google Talk\googletalk.exe C:\Users\Chris\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe C:\Program Files (x86)\RocketDock\RocketDock.exe C:\Users\Chris\AppData\Roaming\Spotify\spotify.exe C:\Users\Chris\Local Settings\Apps\F.lux\flux.exe C:\Users\Chris\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Logitech\Vid HD\Vid.exe C:\Program Files (x86)\LOLReplay\LOLRecorder.exe C:\Program Files\Rainmeter\Rainmeter.exe C:\Program Files (x86)\MagicDisc\MagicDisc.exe C:\Program Files (x86)\Smartp1ck\Smartp1ck.exe C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files (x86)\Acer Display\eDisplay Management\DTHtml.exe C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Razer\BlackWidow\BlackWidowTray.exe C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe C:\Windows\sysWOW64\wbem\wmiprvse.exe C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe C:\Program Files (x86)\Common Files\Portrait Displays\Shared\HookManager.exe C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\wpctrl.exe C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\floater.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Windows\system32\SearchProtocolHost.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe C:\Windows\SysWOW64\ping.exe C:\Windows\system32\conhost.exe C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\SeaPort.exe C:\Windows\system32\wbengine.exe C:\Windows\System32\vds.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\SysWOW64\ping.exe C:\Windows\system32\conhost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://lf.startnow.com/?src=startpage&provider=bing&provider_name=bing&provider_code=Z051&partner_id=276&product_id=709&affiliate_id=&channel=5000&toolbar_id=200&toolbar_version=2.1.0&install_country=US&install_date=20110730&user_guid=13C2E5EE9B5D45D8B3F74B75AB7226BF&machine_id=348521e6b323e04df9806cdd37276a89&browser=IE&os=win&os_version=6.1-x64-SP0 uInternet Settings,ProxyOverride = *.local uURLSearchHooks: Harmony Hollow Software Toolbar: {3806b089-6759-411d-b2c3-b7995a9f34d7} - C:\Program Files (x86)\Harmony_Hollow_Software\prxtbHar0.dll mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz2.dll mURLSearchHooks: Harmony Hollow Software Toolbar: {3806b089-6759-411d-b2c3-b7995a9f34d7} - C:\Program Files (x86)\Harmony_Hollow_Software\prxtbHar0.dll mWinlogon: Userinit=userinit.exe, BHO: Splashtop Connect VisualBookmark: {0e5680d1-bf44-4929-94af-fd30d784ad1d} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll BHO: {1036AD63-AEAC-460B-9060-C96005D4DC86} - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll BHO: Harmony Hollow Software Toolbar: {3806b089-6759-411d-b2c3-b7995a9f34d7} - C:\Program Files (x86)\Harmony_Hollow_Software\prxtbHar0.dll BHO: Toolbar BHO: {3a421c8f-e238-4aeb-8874-b8b5f2cc4772} - C:\PROGRA~2\COUPON~2\bar\1.bin\2pbar.dll BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll BHO: Search Assistant BHO: {60e91567-ef8a-4520-bce2-83aba5256799} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pSrcAs.dll BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Fantapper: {8a86d350-37ab-410a-8531-7d1363f317b3} - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\\IEInstaller.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz2.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BingExt.dll BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: RebateRobot BHO: {fa3fedf6-1a34-4076-9f25-a26a2de6a401} - C:\Program Files\RebateRobot\RebateRobot.dll BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz2.dll TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll TB: Harmony Hollow Software Toolbar: {3806b089-6759-411d-b2c3-b7995a9f34d7} - C:\Program Files (x86)\Harmony_Hollow_Software\prxtbHar0.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BingExt.dll" TB: Coupon Alert: {3462c343-be19-4143-af70-cefb56f46fc6} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbar.dll uRun: [Google Update] "C:\Users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [googletalk] C:\Users\Chris\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent uRun: [AdobeBridge] uRun: [lime pro] "C:\Program Files (x86)\Lime PRO\LimePro.exe" -h uRun: [Octoshape Streaming Services] "C:\Users\Chris\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun uRun: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe" uRun: [spotify] "C:\Users\Chris\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart uRun: [F.lux] "C:\Users\Chris\Local Settings\Apps\F.lux\flux.exe" /noshow uRun: [spotify Web Helper] "C:\Users\Chris\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" uRun: [Logitech Vid] "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode mRun: [sTCAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe" mRun: [ZyngaGamesAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe" mRun: [Adobe Reader Speed Launcher] "c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [PivotSoftware] "C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe" -delay=10 mRun: [DT ACR] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe -ACR mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin mRun: [Razer Blackwidow Driver] C:\Program Files (x86)\Razer\BlackWidow\BlackwidowTray.exe mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW mRun: [sSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide mRun: [Coupon Alert Search Scope Monitor] "C:\PROGRA~2\COUPON~2\bar\1.bin\2psrchmn.exe" /m=2 /w /h mRun: [CouponAlert_2p Browser Plugin Loader] C:\PROGRA~2\COUPON~2\bar\1.bin\2pbrmon.exe StartupFolder: C:\Users\Chris\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Logitech\Ereg\eReg.exe StartupFolder: C:\Users\Chris\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe StartupFolder: C:\Users\Chris\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SMARTP~1.LNK - C:\Program Files (x86)\Smartp1ck\Smartp1ck.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOLREC~1.LNK - C:\Program Files (x86)\LOLReplay\LOLRecorder.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll LSP: mswsock.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab TCP: Interfaces\{2C222A49-E29D-47BE-8BD1-D6426B1ED9EC} : NameServer = 75.75.76.76,75.75.75.75 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll Notify: WBSrv - C:\Program Files (x86)\Stardock\Object Desktop\WindowBlinds\wbsrv.dll AppInit_DLLs: wbsys.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4 BHO-X64: Splashtop Connect VisualBookmark: {0E5680D1-BF44-4929-94AF-FD30D784AD1D} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll BHO-X64: {1036AD63-AEAC-460B-9060-C96005D4DC86} - No File BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll BHO-X64: Increase performance and video formats for your HTML5 <video> - No File BHO-X64: Harmony Hollow Software Toolbar: {3806b089-6759-411d-b2c3-b7995a9f34d7} - C:\Program Files (x86)\Harmony_Hollow_Software\prxtbHar0.dll BHO-X64: Harmony Hollow Software - No File BHO-X64: Toolbar BHO: {3a421c8f-e238-4aeb-8874-b8b5f2cc4772} - C:\PROGRA~2\COUPON~2\bar\1.bin\2pbar.dll BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll BHO-X64: Symantec NCO BHO - No File BHO-X64: Search Assistant BHO: {60e91567-ef8a-4520-bce2-83aba5256799} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pSrcAs.dll BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL BHO-X64: Symantec Intrusion Prevention - No File BHO-X64: StartNow Toolbar Helper: {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll BHO-X64: StartNow Toolbar Helper - No File BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO-X64: Fantapper: {8A86D350-37AB-410A-8531-7D1363F317B3} - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\\IEInstaller.dll BHO-X64: Fantapper - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz2.dll BHO-X64: Vuze Remote - No File BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BingExt.dll BHO-X64: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll BHO-X64: WeCareReminder - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: RebateRobot BHO: {FA3FEDF6-1A34-4076-9F25-A26A2DE6A401} - C:\Program Files\RebateRobot\RebateRobot.dll BHO-X64: RebateRobot - No File BHO-X64: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll BHO-X64: Yontoo Layers - No File TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll TB-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz2.dll TB-X64: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll TB-X64: Harmony Hollow Software Toolbar: {3806b089-6759-411d-b2c3-b7995a9f34d7} - C:\Program Files (x86)\Harmony_Hollow_Software\prxtbHar0.dll TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BingExt.dll" TB-X64: Coupon Alert: {3462c343-be19-4143-af70-cefb56f46fc6} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbar.dll mRun-x64: [sTCAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe" mRun-x64: [ZyngaGamesAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe" mRun-x64: [Adobe Reader Speed Launcher] "c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [Adobe ARM] "c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [PivotSoftware] "C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe" -delay=10 mRun-x64: [DT ACR] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe -ACR mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun-x64: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin mRun-x64: [Razer Blackwidow Driver] C:\Program Files (x86)\Razer\BlackWidow\BlackwidowTray.exe mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW mRun-x64: [sSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun-x64: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide mRun-x64: [Coupon Alert Search Scope Monitor] "C:\PROGRA~2\COUPON~2\bar\1.bin\2psrchmn.exe" /m=2 /w /h mRun-x64: [CouponAlert_2p Browser Plugin Loader] C:\PROGRA~2\COUPON~2\bar\1.bin\2pbrmon.exe AppInit_DLLs-X64: wbsys.dll SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\oi4y2sxl.default\ FF - prefs.js: browser.search.selectedEngine - My Web Search FF - prefs.js: browser.startup.homepage - chrome://fvd.speeddial/content/fvd_about_blank.html FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=F217A19E-2964-40BF-BB31-BEC39213C22B&n=77eda012&ind=2012061714&p2=^CD^xdm002^S01785^us&si=CPjfvtHd1bACFUJo4AodnV9Ezw&searchfor= FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll FF - plugin: C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\NP2pStub.dll FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll FF - plugin: C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll FF - plugin: C:\Users\Chris\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: C:\Users\Chris\AppData\Roaming\Mozilla\plugins\npoctoshape.dll . ---- FIREFOX POLICIES ---- . FF - user.js: extentions.y2layers.installId - fa38ec04-a300-4a1a-9ef5-51911586c87a FF - user.js: extentions.y2layers.defaultEnableAppsList - bestvideodownloader,ezLooker,pagerage,buzzdock,toprelatedtopics,twittube . FF - user.js: extensions.autoDisableScopes - 14 . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS [?] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS [?] R1 AppleCharger;AppleCharger;C:\Windows\system32\DRIVERS\AppleCharger.sys --> C:\Windows\system32\DRIVERS\AppleCharger.sys [?] R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110929.001\BHDrvx64.sys [2011-9-29 1152632] R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20111006.030\IDSviA64.sys [2011-10-7 488568] R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [?] R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1207020.003\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1207020.003\SYMNETS.SYS [?] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BBSvc.EXE [2012-2-20 193816] R2 FTSvc;Fantapper Player Update Service;C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\FantapperUpdateService.exe [2011-12-12 11776] R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-2-28 2343816] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-16 654408] R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe [2012-6-11 130008] R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2012-5-6 793048] R2 PdiService;Portrait Displays SDK Service;C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2011-7-9 109168] R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\system32\DRIVERS\RtNdPt60.sys --> C:\Windows\system32\DRIVERS\RtNdPt60.sys [?] R2 SCBackService;Splashtop Connect Service;C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe [2010-11-15 477000] R2 Smart TimeLock;Smart TimeLock Service;C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe [2011-7-9 114688] R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-4-22 2666880] R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-7-9 2655768] R2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [2011-5-20 210144] R2 WCUService_STC_FF;Splashtop Connect Firefox Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe [2011-3-23 493384] R2 WCUService_STC_IE;Splashtop Connect IE Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe [2011-3-22 497480] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?] R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\SeaPort.EXE [2012-2-20 240408] R3 CompFilter64;UVCCompositeFilter;C:\Windows\system32\DRIVERS\lvbflt64.sys --> C:\Windows\system32\DRIVERS\lvbflt64.sys [?] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-10-7 136824] R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?] R3 LVUVC64;Logitech HD Webcam C525(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 RzSynapse;Razer Driver;C:\Windows\system32\DRIVERS\RzSynapse.sys --> C:\Windows\system32\DRIVERS\RzSynapse.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 CouponAlert_2pService;Coupon AlertService;C:\PROGRA~2\COUPON~2\bar\1.bin\2pbarsvc.exe --> C:\PROGRA~2\COUPON~2\bar\1.bin\2pbarsvc.exe [?] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-27 136176] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-5 160944] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-19 257224] S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?] S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-4-4 1030600] S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-27 136176] S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2011-7-9 30528] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 51445112] S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?] S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);C:\Windows\system32\DRIVERS\RtTeam60.sys --> C:\Windows\system32\DRIVERS\RtTeam60.sys [?] S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);C:\Windows\system32\DRIVERS\RtVlan60.sys --> C:\Windows\system32\DRIVERS\RtVlan60.sys [?] S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);C:\Windows\system32\DRIVERS\RtTeam60.sys --> C:\Windows\system32\DRIVERS\RtTeam60.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== File Associations =============== . .scr=DWGTrueViewScriptFile . =============== Created Last 30 ================ . 2012-06-21 22:56:15 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-06-21 22:55:43 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-06-21 22:55:19 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-06-21 22:55:19 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-06-21 22:17:01 -------- d-----w- C:\ProgramData\Kaspersky Lab 2012-06-21 04:34:59 -------- d-----w- C:\Users\Chris\AppData\Roaming\Braid 2012-06-21 04:34:08 -------- d-----w- C:\Program Files (x86)\Braid 2012-06-20 21:12:43 -------- d-----w- C:\ProgramData\AVAST Software 2012-06-20 21:12:43 -------- d-----w- C:\Program Files\AVAST Software 2012-06-20 20:47:21 -------- d-----w- C:\Users\Chris\AppData\Roaming\SUPERAntiSpyware.com 2012-06-20 20:47:02 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com 2012-06-20 20:47:02 -------- d-----w- C:\Program Files\SUPERAntiSpyware 2012-06-20 20:27:21 -------- d-----w- C:\TDSSKiller_Quarantine 2012-06-20 20:08:35 -------- d-----w- C:\ProgramData\McAfee Security Scan 2012-06-20 20:08:32 -------- d-----w- C:\Program Files (x86)\McAfee Security Scan 2012-06-20 16:49:06 -------- d-----w- C:\Users\Chris\AppData\Local\Macromedia 2012-06-17 16:51:12 -------- d-----w- C:\Program Files (x86)\CouponAlert_2p 2012-06-16 03:00:40 695296 ----a-w- C:\Users\Chris\MinecraftSP.exe 2012-06-16 03:00:40 43795464 ----a-w- C:\Users\Chris\Minecraft 1.2.0_02 Installer (Cracked).exe 2012-06-13 22:47:05 -------- d-----w- C:\Program Files (x86)\osu! 2012-06-13 22:46:43 -------- d-----w- C:\Users\Chris\AppData\Roaming\Downloaded Installations 2012-06-13 07:40:48 -------- d-----w- C:\Users\Chris\Sumotori Dreams 2012-06-13 07:40:47 -------- d-----w- C:\Users\Chris\Sumoeditor 2012-06-13 07:35:47 -------- d-----w- C:\Program Files (x86)\gravitysensation.com 2012-06-13 01:07:53 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-06-11 21:20:14 912504 ----a-w- C:\Windows\System32\drivers\NISx64\1207020.003\symefa64.sys 2012-06-11 21:20:14 744568 ----a-w- C:\Windows\System32\drivers\NISx64\1207020.003\srtsp64.sys 2012-06-11 21:20:14 450680 ----a-w- C:\Windows\System32\drivers\NISx64\1207020.003\symds64.sys 2012-06-11 21:20:14 40568 ----a-w- C:\Windows\System32\drivers\NISx64\1207020.003\srtspx64.sys 2012-06-11 21:20:14 386168 ----a-w- C:\Windows\System32\drivers\NISx64\1207020.003\symnets.sys 2012-06-11 21:20:14 171128 ----a-w- C:\Windows\System32\drivers\NISx64\1207020.003\ironx64.sys 2012-06-11 21:20:08 -------- d-----w- C:\Windows\System32\drivers\NISx64\1207020.003 2012-06-08 03:42:41 -------- d-----w- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2 2012-06-07 00:20:21 53248 ----a-r- C:\Users\Chris\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe 2012-06-07 00:05:22 -------- d-----w- C:\Users\Chris\AppData\Local\Logitech® Webcam Software 2012-06-07 00:03:24 -------- d-----w- C:\Users\Chris\AppData\Local\LogiShrd 2012-06-07 00:00:11 -------- d-----w- C:\Program Files (x86)\Common Files\LWS 2012-06-05 23:57:14 -------- d-----w- C:\ProgramData\Blizzard Entertainment 2012-06-05 23:57:14 -------- d-----w- C:\Program Files (x86)\Diablo III 2012-06-05 23:57:14 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment 2012-06-05 23:56:33 -------- d-----w- C:\ProgramData\Battle.net 2012-06-05 21:39:55 -------- d-----w- C:\Users\Chris\Tekkit Server 2012-06-05 21:30:04 -------- d-----w- C:\Users\Chris\AppData\Roaming\.techniclauncher 2012-06-04 00:37:42 -------- d-----w- C:\Users\Chris\Minecraft Server 2012-06-03 02:41:23 -------- d-----w- C:\Riot Games 2012-06-03 01:06:32 -------- d-----we C:\Windows\system64 2012-06-03 00:18:05 518144 ----a-w- C:\Windows\SWREG.exe 2012-05-26 01:42:14 -------- d-----w- C:\Program Files (x86)\Smartp1ck . ==================== Find3M ==================== . 2012-06-21 23:00:41 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-06-21 23:00:41 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-06-21 22:50:12 25640 ----a-w- C:\Windows\gdrv.sys 2012-06-17 21:09:43 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr 2012-06-17 21:09:43 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe 2012-06-17 21:09:28 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0 2012-05-24 21:38:50 0 --sha-w- C:\Windows\System32\dds_trash_log.cmd 2012-05-20 05:20:03 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe 2012-05-15 04:01:31 1188864 ----a-w- C:\Windows\System32\wininet.dll 2012-05-15 03:03:54 981504 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys 2012-05-12 04:23:38 30528 ----a-w- C:\Windows\GVTDrv64.sys 2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll 2012-04-28 05:32:05 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll 2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-04-26 12:48:02 71680 ----a-w- C:\Windows\System32\frapsv64.dll 2012-04-26 12:48:00 65536 ----a-w- C:\Windows\SysWow64\frapsvid.dll 2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll 2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2012-04-20 03:45:41 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2012-04-20 03:16:44 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-04-15 04:24:40 466456 ----a-w- C:\Windows\System32\wrap_oal.dll 2012-04-15 04:24:40 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll 2012-04-15 04:24:40 122904 ----a-w- C:\Windows\System32\OpenAL32.dll 2012-04-15 04:24:40 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll 2012-04-07 12:31:40 3216384 ----a-w- C:\Windows\System32\msi.dll 2012-04-07 11:26:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll 2012-04-04 20:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2011-07-29 21:59:55 2047876859 ----a-w- C:\Program Files (x86)\DragonNestSetupV05.exe . ============= FINISH: 18:14:18.08 ===============
  16. I have WinXP SP3 professional. I use Avast and Comodo and malwarebytes when I have a problem. I hope this is the right forum if not please let me know. I use malwarebytes and then combofix if I find a problem. This has worked many times and I have found iinnumerable problems with malwearbytes and combofix both programs deleting many files and solving many problems like browser hyjacking. I am no expert and I know that you will tell me to never use combofix but I think it a great program and have had no problems untill now. I understand that it must be run from the desktop and one must disable firewalls and virus protection giving it plenty of time to finish. This is the first problem I have ever had with combofix and it occured recently with the "12.6.12.3" version. My computer works fine now untill I try to uninstall combofix with the "combofix /uninstall" command at the run box. When I do that and I reboot I get, in event viewer Event Type: Error Event Source: Service Control Manager Event Category: None Event ID: 7000 Date: 6/18/2012 Time: 4:16:39 PM User: N/A Computer: HOME-SATA Description: The CryptSvc service failed to start due to the following error: The executable program that this service is configured to run in does not implement the service. and my icons are all on one side and if I move them they return to one side on a reboot. I can not connect to the internet but when I try to disable the Windows connection I get an error telling me that the device can not be found. All these problems go away when I reinstall combofix. This is my Combofix log from my reinstall of combofix. ============================ ComboFix 12-06-12.03 - mwda 06/18/2012 19:10:30.5.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2013.1507 [GMT -5:00] Running from: c:\documents and settings\mwda\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B} FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} . - REDUCED FUNCTIONALITY MODE - . . ((((((((((((((((((((((((( Files Created from 2012-05-19 to 2012-06-19 ))))))))))))))))))))))))))))))) . . 2012-06-11 19:49 . 2012-06-11 19:49 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll 2012-06-11 19:49 . 2012-06-11 19:49 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll 2012-05-22 21:53 . 2012-05-22 21:53 -------- d-----w- c:\documents and settings\mwda\Application Data\Auslogics . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-11 19:13 . 2012-03-31 21:43 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-11 19:13 . 2011-08-26 02:29 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-05-31 13:22 . 2004-08-04 06:56 599040 ----a-w- c:\windows\system32\crypt32.dll 2012-04-11 13:14 . 2004-08-04 05:18 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-04-11 13:12 . 2004-08-04 05:17 1862272 ----a-w- c:\windows\system32\win32k.sys 2012-04-11 12:35 . 2004-08-03 22:59 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-04-04 20:56 . 2004-07-08 20:59 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-11 19:49 . 2011-05-07 22:21 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-02-23 15:04 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Kalender"="c:\program files\Kalender\Kalender.exe" [2010-08-22 933888] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 6749512] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\guard32.dll . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR WG111v2 Smart Wizard.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v2 Smart Wizard.lnk backup=c:\windows\pss\NETGEAR WG111v2 Smart Wizard.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^mwda^Start Menu^Programs^Startup^Locate32 Autorun.lnk] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2011-06-06 17:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2011-06-06 17:55 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2009-02-26 18:37 173592 ----a-w- c:\windows\system32\hkcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2009-02-26 18:37 141336 ----a-w- c:\windows\system32\igfxtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch] 2007-05-14 17:35 46632 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent] 1999-08-04 05:00 122940 ----a-w- c:\program files\Microsoft Money\System\Money Express.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD] 2007-05-14 17:38 30248 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] 2009-02-26 18:37 142360 ----a-w- c:\windows\system32\igfxpers.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPort11reminder] 2007-02-01 18:46 255528 ----a-w- c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-06-14 02:00 77824 ----a-w- c:\program files\QuickTime\qttask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2009-05-21 19:01 17881600 ----a-w- c:\windows\RTHDCPL.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] 2006-10-25 14:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-02-18 16:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) . R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [1/18/2011 8:25 PM 14776] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [3/11/2011 4:34 PM 371544] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/11/2011 4:34 PM 301528] R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [6/11/2010 12:49 PM 13696] R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [1/6/2011 6:37 PM 494968] R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [1/6/2011 6:37 PM 31704] R1 HWiNFO32;HWiNFO32/64 Kernel Driver;d:\instal\util\diag\hw32\HWiNFO32.sys [12/16/2011 10:02 PM 21624] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/11/2011 4:34 PM 19544] R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [6/19/2010 7:22 PM 20968] R2 pciinfo;pciinfo;c:\windows\system32\drivers\PCIINFO.SYS [6/20/2010 9:30 AM 2752] S1 tdx;@%SystemRoot%\system32\tcpipcfg.dll,-50004;c:\windows\system32\DRIVERS\tdx.sys --> c:\windows\system32\DRIVERS\tdx.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/8/2010 9:56 PM 136176] S2 iphlpsvc;@%SystemRoot%\system32\iphlpsvc.dll,-200;c:\windows\System32\svchost.exe -k NetSvcs [8/4/2004 1:56 AM 14336] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [3/31/2012 4:43 PM 257224] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [6/11/2010 12:51 PM 1684736] S3 cpuz130;cpuz130;\??\c:\docume~1\mwda\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\mwda\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?] S3 DirectNT;DirectNT;\??\h:\back\win_e\bat\utilitis\cpu information\DIRECTNT.SYS --> h:\back\win_e\bat\utilitis\cpu information\DIRECTNT.SYS [?] S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [3/31/2011 4:00 PM 13192] S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [3/31/2011 4:00 PM 8456] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/8/2010 9:56 PM 136176] S3 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [1/18/2011 5:47 PM 312152] S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\18.tmp --> c:\windows\system32\18.tmp [?] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/27/2012 11:27 AM 113120] S3 PORTMON;PORTMON;\??\d:\installed\util\sysinternals\SysinternalsSuite\PORTMSYS.SYS --> d:\installed\util\sysinternals\SysinternalsSuite\PORTMSYS.SYS [?] S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [8/24/2011 4:19 PM 272128] S3 WinDefend;Windows Defender;c:\windows\System32\svchost.exe -k secsvcs [8/4/2004 1:56 AM 14336] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504] S4 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe [3/28/2011 12:39 PM 229376] . --- Other Services/Drivers In Memory --- . *Deregistered* - uphcleanhlp . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] UPHClean REG_MULTI_SZ UPHClean . Contents of the 'Scheduled Tasks' folder . 2012-06-18 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 19:13] . 2012-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-09 02:56] . 2012-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-09 02:56] . 2012-05-25 c:\windows\Tasks\MyDefrag v4.3.1 Daily.job - c:\program files\MyDefrag v4.3.1\Scripts\AutomaticDaily.MyD [2011-03-21 17:03] . 2011-03-21 c:\windows\Tasks\MyDefrag v4.3.1 Monthly.job - c:\program files\MyDefrag v4.3.1\Scripts\AutomaticMonthly.MyD [2011-03-21 17:03] . . ------- Supplementary Scan ------- . uStart Page = hxxp://google.com/ uInternet Connection Wizard,ShellNext = iexplore IE: &Define - c:\program files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm IE: Look Up in &Encyclopedia - c:\program files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\documents and settings\mwda\Application Data\Mozilla\Firefox\Profiles\93dgnwqq.default\ FF - prefs.js: browser.search.selectedEngine - Bing FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z178&form=ZGAADF&install_date=20110901&q= FF - prefs.js: network.proxy.type - 0 FF - user.js: browser.cache.memory.capacity - 65536 FF - user.js: browser.chrome.favicons - false FF - user.js: browser.display.show_image_placeholders - true FF - user.js: browser.turbo.enabled - true FF - user.js: browser.urlbar.autocomplete.enabled - true FF - user.js: browser.urlbar.autofill - true FF - user.js: content.interrupt.parsing - true FF - user.js: content.max.tokenizing.time - 2250000 FF - user.js: content.notify.backoffcount - 5 FF - user.js: content.notify.interval - 750000 FF - user.js: content.notify.ontimer - true FF - user.js: content.switch.threshold - 750000 FF - user.js: network.http.max-connections - 48 FF - user.js: network.http.max-connections-per-server - 16 FF - user.js: network.http.max-persistent-connections-per-proxy - 16 FF - user.js: network.http.max-persistent-connections-per-server - 8 FF - user.js: network.http.pipelining - true FF - user.js: network.http.pipelining.firstrequest - true FF - user.js: network.http.pipelining.maxrequests - 8 FF - user.js: network.http.proxy.pipelining - true FF - user.js: network.http.request.max-start-delay - 0 FF - user.js: nglayout.initialpaint.delay - 0 FF - user.js: plugin.expose_full_path - true FF - user.js: ui.submenuDelay - 0 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-06-18 19:11 Windows 5.1.2600 Service Pack 3 NTFS . detected NTDLL code modification: ZwClose . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2] "ImagePath"="\??\c:\windows\system32\18.tmp" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(784) c:\windows\system32\guard32.dll . - - - - - - - > 'lsass.exe'(840) c:\windows\system32\guard32.dll . - - - - - - - > 'explorer.exe'(2524) c:\windows\system32\WININET.dll c:\windows\system32\msi.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . Completion time: 2012-06-18 19:13:28 ComboFix-quarantined-files.txt 2012-06-19 00:13 ComboFix2.txt 2012-06-19 00:00 . Pre-Run: 67,047,350,272 bytes free Post-Run: 67,029,594,112 bytes free . - - End Of File - - 4B0530F5AF933F1F4A2437CB5B73CBA3 ======================== I may be still infected with some sort of malware though I just updated and ran a full scan of Malwarebytes and it found nothing. any help would be appreciated Marshall
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.