Jump to content

Ransomeware


Recommended Posts

My friend's Laptop has been infected with ransomeware virus. Apparently, previously he had the Google ReDirect virus and it caused him to get this ransomeware virus. He tried to remove both EENK and Malewarebytes but both would hang (not respond) after reaching a certain point. He attempted to use another program but the virus remains. What should he do?

Link to post
Share on other sites

Can the system be booted to Safemode with Networking to keep the connection live? If no d/l DDS to another PC transfer to Desktop of laptop, run the scan and save the logs. Transfer back to other PC and post here....

Download and save DDS to your Desktop from either of the following links:

http://download.bleepingcomputer.com/sUBs/dds.scr

http://compendiate.net/sUBs/dds/dds.scr

Double click DDS to run the scan, Vista or Windows 7 user accept UAC alert.

There will be an alert that two logs will be saved to the Desktop, DDS.txt and Attach.txt

Copy and paste those two logs to your reply when the scan is complete....

Link to post
Share on other sites

Here what I got: DDS (Ver_2012-11-20.01) - NTFS_AMD64 MINIMAL

Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.7.2

Run by Mr. Celadon at 20:25:50 on 2012-12-04

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4061.3163 [GMT -5:00]

.

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\Explorer.EXE

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\system32\ctfmon.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: ??.??: {5adefb9e-b824-45e6-86e2-2b7941f5d6a3} -

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Wajam: {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

uRun: [ACE Compression Software] Rundll32.exe "C:\Users\Mr. Celadon\AppData\Local\ACE Compression Software\ognghilg.dll",vlc_entry__1_0_0e

mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r

mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe

mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe

mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctMTI3MDI3NTU1NC1GTDEwKzEtWE8xMCsxMS1MSUMrMi1UVUcrMy1ERFQrMC1ERDEwRisxLVNUMTBGQVBQKzEtRjEwTTEyVEErMS1VMTArMS1WSVAxMisxLVRMKzEtRjEwTTEyUisx"&"prod=90"&"ver=10.0.1424

StartupFolder: C:\Users\MRD07D~1.CEL\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

StartupFolder: C:\Users\MRD07D~1.CEL\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\STARDO~1.LNK - C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{60D6618B-153F-4353-8185-908E676E5888}\_DCE9A4DB2A5F2786140FA3.exe

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

TCP: Interfaces\{0A659ED4-E5E5-405A-8787-45D47742EC08} : DHCPNameServer = 66.174.95.44 66.174.92.14

TCP: Interfaces\{1451340D-D0B3-4B47-B958-B00091FDA7BE} : DHCPNameServer = 66.174.95.44 66.174.92.14

TCP: Interfaces\{46EDC8B3-83DB-45A5-9391-D954A6ADFF95} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{46EDC8B3-83DB-45A5-9391-D954A6ADFF95}\34F6F6B69656 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{7527C01C-8154-4814-9045-5F150B8BDDA1} : DHCPNameServer = 66.174.95.44 66.174.92.14

TCP: Interfaces\{D659D42C-8251-4349-A501-0BA6149E4416} : DHCPNameServer = 66.174.95.44 66.174.92.14

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe

x64-Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Mr. Celadon\AppData\Roaming\Mozilla\Firefox\Profiles\65fuhod7.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - about:home

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll

FF - ExtSQL: !HIDDEN! 2012-09-29 20:18; auto-update@mozilla.org; C:\Users\Mr. Celadon\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaUpdate

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

============= SERVICES / DRIVERS ===============

.

R0 lullaby;lullaby;C:\Windows\System32\drivers\lullaby.sys [2000-3-22 15928]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-6-25 283200]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-8-11 140672]

R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2009-6-11 112128]

S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

S2 ASMMAP64;ASMMAP64;C:\Program Files\ATKGFNEX\ASMMAP64.sys [2000-3-22 14904]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 FastBootAgent;FastBootAgent;C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe [2000-3-22 306232]

S2 ptumlcmsvc;PTUML290 Connection Manager Service;C:\Windows\System32\ptumlcmsvc64.exe [2011-5-21 138768]

S2 WajamUpdater;WajamUpdater;C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [2012-10-5 109064]

S3 PTUMLBUS;PTUML USB Composite Device Driver;C:\Windows\System32\drivers\PTUMLBUS.sys [2011-5-21 73616]

S3 PTUMLCVsp;PANTECH UML290 Connection Manager Port;C:\Windows\System32\drivers\PTUMLCVsp.sys [2011-5-21 182672]

S3 PTUMLMdm;PANTECH UML290;C:\Windows\System32\drivers\PTUMLMdm.sys [2011-5-21 182672]

S3 PTUMLNET61;PANTECH UML290 WWAN (NDIS6.1);C:\Windows\System32\drivers\PTUMLNET61.sys [2011-5-21 98832]

S3 PTUMLNVsp;PANTECH UML290 NMEA Port;C:\Windows\System32\drivers\PTUMLNVsp.sys [2011-5-21 183824]

S3 PTUMLRMNET;PANTECH UML290 RMNET Service;C:\Windows\System32\drivers\PTUMLRMNET.sys [2011-5-21 69136]

S3 PTUMLVsp;PANTECH UML290 Diagnostic Port;C:\Windows\System32\drivers\PTUMLVsp.sys [2011-5-21 182672]

S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]

S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2009-7-9 1222144]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-5-21 1255736]

.

=============== Created Last 30 ================

.

2012-12-03 23:40:26 -------- d-----w- C:\_OTM

2012-12-03 17:55:21 -------- d-----w- C:\Users\Mr. Celadon\AppData\Roaming\Irnize

2012-12-03 17:55:21 -------- d-----w- C:\Users\Mr. Celadon\AppData\Roaming\Ehsyp

2012-11-24 01:04:19 -------- d-----w- C:\Users\Mr. Celadon\AppData\Local\Chromium

2012-11-23 16:55:42 -------- d-----w- C:\Users\Mr. Celadon\AppData\Roaming\The Creative Assembly

2012-11-23 00:13:31 -------- d-----w- C:\Users\Mr. Celadon\AppData\Local\ACE Compression Software

2012-11-22 01:59:42 -------- d-----w- C:\ProgramData\Premium

2012-11-22 01:59:37 -------- d-----w- C:\ProgramData\InstallMate

2012-11-21 13:03:55 -------- d-----w- C:\Users\Mr. Celadon\AppData\Local\2K Games

2012-11-21 13:03:44 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation

2012-11-21 13:03:17 519000 ----a-w- C:\Windows\System32\d3dx10_40.dll

2012-11-21 13:03:17 452440 ----a-w- C:\Windows\SysWow64\d3dx10_40.dll

2012-11-21 13:03:17 2605920 ----a-w- C:\Windows\System32\D3DCompiler_40.dll

2012-11-21 13:03:17 2036576 ----a-w- C:\Windows\SysWow64\D3DCompiler_40.dll

2012-11-21 13:03:15 5631312 ----a-w- C:\Windows\System32\D3DX9_40.dll

2012-11-21 13:03:15 4379984 ----a-w- C:\Windows\SysWow64\D3DX9_40.dll

2012-11-20 15:50:00 -------- d-----w- C:\Program Files (x86)\Common Files\Steam

2012-11-14 04:00:42 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui

2012-11-14 04:00:41 9728 ----a-w- C:\Windows\System32\Wdfres.dll

2012-11-14 04:00:41 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys

2012-11-14 04:00:41 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys

2012-11-14 03:53:38 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys

2012-11-14 03:53:38 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys

2012-11-14 03:53:35 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll

2012-11-14 03:53:35 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll

2012-11-14 03:53:34 744448 ----a-w- C:\Windows\System32\WUDFx.dll

2012-11-14 03:53:34 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll

2012-11-14 03:53:34 229888 ----a-w- C:\Windows\System32\WUDFHost.exe

2012-11-14 03:22:54 3147264 ----a-w- C:\Windows\System32\win32k.sys

2012-11-14 03:16:01 95744 ----a-w- C:\Windows\System32\synceng.dll

2012-11-14 03:16:01 78336 ----a-w- C:\Windows\SysWow64\synceng.dll

.

==================== Find3M ====================

.

2012-11-28 10:51:26 45056 ----a-w- C:\Windows\System32\acovcnt.exe

2012-10-19 15:31:43 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-10-19 15:31:43 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll

2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-10-07 12:54:57 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2012-10-07 12:54:56 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-09-14 19:23:40 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-09-14 18:30:38 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2009-04-08 18:31:56 106496 ----a-w- C:\Program Files (x86)\Common Files\CPInstallAction.dll

2008-08-12 05:45:20 155648 ----a-w- C:\Program Files (x86)\Common Files\MSIactionall.dll

2006-05-03 16:06:54 163328 --sha-r- C:\Windows\SysWOW64\flvDX.dll

2007-02-21 17:47:16 31232 --sha-r- C:\Windows\SysWOW64\msfDX.dll

2008-03-16 19:30:52 216064 --sha-r- C:\Windows\SysWOW64\nbDX.dll

2010-01-07 04:00:00 107520 --sha-r- C:\Windows\SysWOW64\TAKDSDecoder.dll

.

============= FINISH: 20:27:24.03 ===============

Link to post
Share on other sites

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 5/20/2011 6:09:20 PM

System Uptime: 12/4/2012 8:23:14 PM (0 hours ago)

.

Motherboard: ASUSTeK Computer Inc. | | K50IJ

Processor: Pentium® Dual-Core CPU T4500 @ 2.30GHz | Socket 478 | 2294/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 116 GiB total, 41.333 GiB free.

D: is FIXED (NTFS) - 331 GiB total, 260.709 GiB free.

E: is CDROM ()

F: is CDROM ()

G: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller

Device ID: PCI\VEN_1969&DEV_1026&SUBSYS_14F51043&REV_B0\FF8034CE485B39FF00

Manufacturer: Atheros

Name: Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller #2

PNP Device ID: PCI\VEN_1969&DEV_1026&SUBSYS_14F51043&REV_B0\FF8034CE485B39FF00

Service: L1E

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: Security Processor Loader Driver

Device ID: ROOT\LEGACY_SPLDR\0000

Manufacturer:

Name: Security Processor Loader Driver

PNP Device ID: ROOT\LEGACY_SPLDR\0000

Service: spldr

.

==== System Restore Points ===================

.

RP19: 11/20/2012 10:49:18 AM - Installed Steam

RP20: 11/20/2012 11:06:50 AM - Removed Steam

RP21: 11/20/2012 11:12:15 AM - Installed Steam

RP22: 11/21/2012 8:01:30 AM - Installed DirectX

RP23: 11/21/2012 8:42:13 AM - Removed Rome Total War - patch 1.3

RP24: 11/23/2012 11:52:37 AM - Installed DirectX

RP25: 11/23/2012 11:54:43 AM - Installed Microsoft Visual C++ 2005 Redistributable

RP26: 11/23/2012 7:57:53 PM - Installed DirectX

RP27: 11/25/2012 11:13:32 AM - Installed DirectX

RP28: 11/28/2012 9:35:34 AM - Installed DirectX

RP29: 11/28/2012 8:32:01 PM - Windows Update

.

==== Installed Programs ======================

.

µTorrent

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.4)

Alcor Micro USB Card Reader

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Applian FLV and Media Player 3.1.1.12

ASUS AI Recovery

ASUS CopyProtect

ASUS FancyStart

ASUS LifeFrame3

ASUS Live Update

ASUS MultiFrame

ASUS Power4Gear Hybrid

ASUS SmartLogon

ASUS Splendid Video Enhancement Technology

ASUS Virtual Camera

Asus_Camera_ScreenSaver

Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver

ATK Generic Function Service

ATK Hotkey

ATK Media

ATKOSD2

Audacity 1.2.6

Bonjour

CCleaner

ControlDeck

ConvertHelper 2.2

D3DX10

DAEMON Tools Lite

Empire: Total War

eMule

ETDWare PS/2-x64 7.0.5.5_WHQL

Fast Boot

Gangsters

Gangsters 2

Gotham City Impostors: Free To Play

Intel® Graphics Media Accelerator Driver

IsoBuster 3.0

iTunes

Java 7 Update 7

Java Auto Updater

Java SE Development Kit 7 Update 5 (64-bit)

Java 7 Update 5 (64-bit)

JavaFX 2.1.1 (64-bit)

JavaFX 2.1.1 SDK (64-bit)

LAME v3.98.3 for Audacity

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Mozilla Firefox 16.0.2 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

Napoleon: Total War

NVIDIA PhysX

ObjectDock Free

Octoshape add-in for Adobe Flash Player

OpenOffice.org 3.4.1

PANTECH UML290

PhotoScape

Platform

QuickTime

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Steam

SUPER © v2012.build.52 (July 7, 2012) version v2012.build.52

SUPERAntiSpyware

Total War: SHOGUN 2

Total War: Shogun 2 - Assembly Kit

Total War: Shogun 2 - TEd

Universal Extractor 1.6.1

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

USB 2.0 1.3M UVC WebCam

VIA Platform Device Manager

Vid-Saver

Visual Studio 2008 x64 Redistributables

VLC media player 1.1.11

Wajam

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

WinFlash

WinRAR 4.00 (32-bit)

Wireless Console 3

.

==== Event Viewer Messages From Past Week ========

.

12/4/2012 8:24:08 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

12/4/2012 8:24:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

12/4/2012 8:24:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

12/4/2012 8:24:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

12/4/2012 8:24:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

12/4/2012 8:23:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

12/4/2012 8:23:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

12/4/2012 8:23:40 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr tdx vwififlt Wanarpv6 WfpLwf ws2ifsl

12/4/2012 8:23:36 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

12/4/2012 8:23:36 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

12/4/2012 8:23:36 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

12/4/2012 8:23:36 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

12/4/2012 8:23:36 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

12/4/2012 8:23:36 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

12/4/2012 8:23:36 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

12/4/2012 8:23:36 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

12/4/2012 8:23:36 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

12/4/2012 8:23:36 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

12/4/2012 8:23:36 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

12/3/2012 6:24:34 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache SASDIFSV SASKUTIL spldr Wanarpv6

.

==== End Of File ===========================

Link to post
Share on other sites

Are you able to boot into Safemode with Networking to maintain an internet connection? If not this will have to be transferred to the Desktop of sick laptop. I give the full instruction:

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from the following link :-

Combofix

  • Ensure that Combofix is saved directly to the Desktop of sick Laptop <--- Very important
  • Disable all security programs as they will have a negative effect on Combofix, instructions available Here if required. Be aware the list may not have all programs listed, if you need more help please ask.
  • Close any open browsers and any other programs you might have running
  • Double click the combofix.gif icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
  • Instructions for running Combofix available Here if required.
  • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
  • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read Here why disabling autoruns is recommended.

*EXTRA NOTES*

  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...

Kevin

Link to post
Share on other sites

Thats OK,

Here is the info:

ComboFix 12-12-04.01 - Mr. Celadon 12/04/2012 21:14:11.2.2 - x64 MINIMAL

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4061.3070 [GMT -5:00]

Running from: c:\users\Mr. Celadon\Desktop\ComboFix.exe

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\Vid-Saver

c:\program files (x86)\Vid-Saver\Uninstall.exe

c:\program files (x86)\Vid-Saver\Vid-Saver.exe

c:\program files (x86)\Vid-Saver\Vid-Saver.ico

c:\program files (x86)\Vid-Saver\Vid-Saver.ini

c:\program files (x86)\Vid-Saver\Vid-SaverGui.exe

c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69

c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69\GEARDIFx.exe

c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\DIFxAPI.dll

c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\DifXInst64.exe

c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\DIFxInstallLog.txt

c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\GEARAspi.dll

c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\GEARAspi64.dll

c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\GEARAspiWDM.inf

c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\gearaspiwdmx64.cat

c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\x64\GEARAspiWDM.sys

c:\programdata\dsgsdgdsgdsgw.pad

c:\users\Mr. Celadon\AppData\Local\ACE Compression Software\ognghilg.dll

c:\users\Mr. Celadon\AppData\Roaming\Irnize

c:\users\Mr. Celadon\AppData\Roaming\Irnize\fecei.ymn

D:\install.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-11-05 to 2012-12-05 )))))))))))))))))))))))))))))))

.

.

2012-12-05 02:23 . 2012-12-05 02:23 -------- d-----w- c:\users\Public\AppData\Local\temp

2012-12-05 02:23 . 2012-12-05 02:23 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-12-03 23:40 . 2012-12-03 23:40 -------- d-----w- C:\_OTM

2012-12-03 17:55 . 2012-12-03 18:23 -------- d-----w- c:\users\Mr. Celadon\AppData\Roaming\Ehsyp

2012-11-24 01:04 . 2012-11-24 01:04 -------- d-----w- c:\users\Mr. Celadon\AppData\Local\Chromium

2012-11-23 16:55 . 2012-11-28 14:37 -------- d-----w- c:\users\Mr. Celadon\AppData\Roaming\The Creative Assembly

2012-11-23 00:13 . 2012-12-05 02:22 -------- d-----w- c:\users\Mr. Celadon\AppData\Local\ACE Compression Software

2012-11-22 01:59 . 2012-11-22 01:59 -------- d-----w- c:\programdata\Premium

2012-11-22 01:59 . 2012-11-22 02:01 -------- d-----w- c:\programdata\InstallMate

2012-11-21 13:03 . 2012-11-21 13:03 -------- d-----w- c:\users\Mr. Celadon\AppData\Local\2K Games

2012-11-21 13:03 . 2012-11-21 13:03 -------- d-----w- c:\program files (x86)\NVIDIA Corporation

2012-11-21 13:03 . 2008-10-15 11:22 519000 ----a-w- c:\windows\system32\d3dx10_40.dll

2012-11-21 13:03 . 2008-10-15 11:22 452440 ----a-w- c:\windows\SysWow64\d3dx10_40.dll

2012-11-21 13:03 . 2008-10-15 11:22 2605920 ----a-w- c:\windows\system32\D3DCompiler_40.dll

2012-11-21 13:03 . 2008-10-15 11:22 2036576 ----a-w- c:\windows\SysWow64\D3DCompiler_40.dll

2012-11-21 13:03 . 2008-10-15 11:22 5631312 ----a-w- c:\windows\system32\D3DX9_40.dll

2012-11-21 13:03 . 2008-10-15 11:22 4379984 ----a-w- c:\windows\SysWow64\D3DX9_40.dll

2012-11-20 15:50 . 2012-11-22 11:53 -------- d-----w- c:\program files (x86)\Common Files\Steam

2012-11-14 04:00 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui

2012-11-14 04:00 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2012-11-14 04:00 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2012-11-14 04:00 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll

2012-11-14 03:53 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys

2012-11-14 03:53 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys

2012-11-14 03:53 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll

2012-11-14 03:53 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll

2012-11-14 03:53 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe

2012-11-14 03:53 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll

2012-11-14 03:53 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll

2012-11-14 03:22 . 2012-10-18 18:18 3147264 ----a-w- c:\windows\system32\win32k.sys

2012-11-14 03:16 . 2012-09-25 22:39 95744 ----a-w- c:\windows\system32\synceng.dll

2012-11-14 03:16 . 2012-09-25 21:55 78336 ----a-w- c:\windows\SysWow64\synceng.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-28 10:51 . 2012-07-06 10:49 45056 ----a-w- c:\windows\system32\acovcnt.exe

2012-10-19 15:31 . 2012-07-27 14:36 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-10-19 15:31 . 2011-05-21 14:37 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-10-07 12:54 . 2012-10-07 12:55 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-10-07 12:54 . 2011-05-27 00:52 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-09-14 19:23 . 2012-10-10 10:59 2048 ----a-w- c:\windows\system32\tzres.dll

2012-09-14 18:30 . 2012-10-10 10:59 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2009-04-08 18:31 . 2009-04-08 18:31 106496 ----a-w- c:\program files (x86)\Common Files\CPInstallAction.dll

2008-08-12 05:45 . 2008-08-12 05:45 155648 ----a-w- c:\program files (x86)\Common Files\MSIactionall.dll

2006-05-03 16:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll

2007-02-21 17:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll

2008-03-16 19:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll

2010-01-07 04:00 107520 --sha-r- c:\windows\SysWOW64\TAKDSDecoder.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-24 5629312]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-07-13 2244096]

"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]

"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-07-07 8493624]

"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-04-20 159744]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg&inst=NzctMTI3MDI3NTU1NC1GTDEwKzEtWE8xMCsxMS1MSUMrMi1UVUcrMy1ERFQrMC1ERDEwRisxLVNUMTBGQVBQKzEtRjEwTTEyVEErMS1VMTArMS1WSVAxMisxLVRMKzEtRjEwTTEyUisx∏=90&ver=10.0.1424" [?]

.

c:\users\Mr. Celadon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]

Stardock ObjectDock.lnk - c:\program files (x86)\Stardock\ObjectDockFree\ObjectDock.exe [2010-10-6 3768176]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

FancyStart daemon.lnk - c:\windows\Installer\{60D6618B-153F-4353-8185-908E676E5888}\_DCE9A4DB2A5F2786140FA3.exe [2000-3-22 12862]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2012-07-27 20:51 35768 ----a-w- c:\program files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver]

2000-03-22 10:45 72248 ----a-w- c:\windows\AsScrProlog.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]

2000-03-22 10:45 3054136 ----a-w- c:\windows\AsScrPro.exe

.

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

R2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 FastBootAgent;FastBootAgent;c:\windows\SysWOW64\Fast Boot\FastBootAgent.exe [2009-07-24 306232]

R2 ptumlcmsvc;PTUML290 Connection Manager Service;c:\windows\system32\ptumlcmsvc64.exe [2010-11-03 138768]

R2 WajamUpdater;WajamUpdater;c:\program files (x86)\Wajam\Updater\WajamUpdater.exe [2012-10-05 109064]

R3 DIRECTIO;DIRECTIO;c:\bit_temp\DirectIo.sys [x]

R3 PTUMLBUS;PTUML USB Composite Device Driver;c:\windows\system32\DRIVERS\PTUMLBUS.sys [2010-11-02 73616]

R3 PTUMLCVsp;PANTECH UML290 Connection Manager Port;c:\windows\system32\DRIVERS\PTUMLCVsp.sys [2010-11-02 182672]

R3 PTUMLMdm;PANTECH UML290;c:\windows\system32\DRIVERS\PTUMLMdm.sys [2010-11-02 182672]

R3 PTUMLNET61;PANTECH UML290 WWAN (NDIS6.1);c:\windows\system32\DRIVERS\PTUMLNET61.sys [2010-11-02 98832]

R3 PTUMLNVsp;PANTECH UML290 NMEA Port;c:\windows\system32\DRIVERS\PTUMLNVsp.sys [2010-11-02 183824]

R3 PTUMLRMNET;PANTECH UML290 RMNET Service;c:\windows\system32\DRIVERS\PTUMLRMNET.sys [2010-11-02 69136]

R3 PTUMLVsp;PANTECH UML290 Diagnostic Port;c:\windows\system32\DRIVERS\PTUMLVsp.sys [2010-11-02 182672]

R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-07-09 1222144]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-21 1255736]

S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [2009-06-18 15928]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-06-25 283200]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-11-24 140672]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2009-06-12 112128]

.

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-07-12 165912]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-07-12 387608]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-07-12 365592]

"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-04-09 320000]

"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-06-12 619392]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

FF - ProfilePath - c:\users\Mr. Celadon\AppData\Roaming\Mozilla\Firefox\Profiles\65fuhod7.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - about:home

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=

FF - ExtSQL: !HIDDEN! 2012-09-29 20:18; auto-update@mozilla.org; c:\users\Mr. Celadon\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaUpdate

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

Wow6432Node-HKCU-Run-Steam - c:\program files (x86)\Steam\Steam.exe

Wow6432Node-HKCU-Run-ACE Compression Software - c:\users\Mr. Celadon\AppData\Local\ACE Compression Software\ognghilg.dll

WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

AddRemove-Vid-Saver - c:\program files (x86)\Vid-Saver\Uninstall.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-12-04 21:27:09

ComboFix-quarantined-files.txt 2012-12-05 02:27

ComboFix2.txt 2012-07-21 14:22

.

Pre-Run: 44,359,659,520 bytes free

Post-Run: 44,052,987,904 bytes free

.

- - End Of File - - 1E1D2640F85506CE93BBF3183C1EFF0B

Link to post
Share on other sites

OK, do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the Codebox below into it:


ClearJavaCache::
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"=-

Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe

CF3.jpg

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Next,

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page http://www.eset.com/home/products/online-scanner/ to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    Click Start
  • When asked, allow the add/on to be installed
    Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
  • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

If threats were found

  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish

close program

copy and paste the report here

Kevin

Link to post
Share on other sites

<p> </p>

<pre style="color: rgb(0, 0, 0); word-wrap: break-word; white-space: pre-wrap;">

ComboFix 12-12-04.01 - Mr. Celadon 12/05/2012 16:57:50.3.2 - x64 NETWORK

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4061.3127 [GMT -5:00]

Running from: c:\users\Mr. Celadon\Desktop\ComboFix.exe

Command switches used :: c:\users\Mr. Celadon\Desktop\CFScript.txt

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((( Files Created from 2012-11-05 to 2012-12-05 )))))))))))))))))))))))))))))))

.

.

2012-12-05 22:06 . 2012-12-05 22:06 -------- d-----w- c:\users\Public\AppData\Local\temp

2012-12-05 22:06 . 2012-12-05 22:06 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-12-03 23:40 . 2012-12-03 23:40 -------- d-----w- C:\_OTM

2012-12-03 17:55 . 2012-12-03 18:23 -------- d-----w- c:\users\Mr. Celadon\AppData\Roaming\Ehsyp

2012-11-24 01:04 . 2012-11-24 01:04 -------- d-----w- c:\users\Mr. Celadon\AppData\Local\Chromium

2012-11-23 16:55 . 2012-11-28 14:37 -------- d-----w- c:\users\Mr. Celadon\AppData\Roaming\The Creative Assembly

2012-11-23 00:13 . 2012-12-05 02:22 -------- d-----w- c:\users\Mr. Celadon\AppData\Local\ACE Compression Software

2012-11-22 01:59 . 2012-11-22 01:59 -------- d-----w- c:\programdata\Premium

2012-11-22 01:59 . 2012-11-22 02:01 -------- d-----w- c:\programdata\InstallMate

2012-11-21 13:03 . 2012-11-21 13:03 -------- d-----w- c:\users\Mr. Celadon\AppData\Local\2K Games

2012-11-21 13:03 . 2012-11-21 13:03 -------- d-----w- c:\program files (x86)\NVIDIA Corporation

2012-11-21 13:03 . 2008-10-15 11:22 519000 ----a-w- c:\windows\system32\d3dx10_40.dll

2012-11-21 13:03 . 2008-10-15 11:22 452440 ----a-w- c:\windows\SysWow64\d3dx10_40.dll

2012-11-21 13:03 . 2008-10-15 11:22 2605920 ----a-w- c:\windows\system32\D3DCompiler_40.dll

2012-11-21 13:03 . 2008-10-15 11:22 2036576 ----a-w- c:\windows\SysWow64\D3DCompiler_40.dll

2012-11-21 13:03 . 2008-10-15 11:22 5631312 ----a-w- c:\windows\system32\D3DX9_40.dll

2012-11-21 13:03 . 2008-10-15 11:22 4379984 ----a-w- c:\windows\SysWow64\D3DX9_40.dll

2012-11-20 15:50 . 2012-11-22 11:53 -------- d-----w- c:\program files (x86)\Common Files\Steam

2012-11-14 04:00 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui

2012-11-14 04:00 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2012-11-14 04:00 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2012-11-14 04:00 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll

2012-11-14 03:53 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys

2012-11-14 03:53 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys

2012-11-14 03:53 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll

2012-11-14 03:53 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll

2012-11-14 03:53 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe

2012-11-14 03:53 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll

2012-11-14 03:53 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll

2012-11-14 03:22 . 2012-10-18 18:18 3147264 ----a-w- c:\windows\system32\win32k.sys

2012-11-14 03:16 . 2012-09-25 22:39 95744 ----a-w- c:\windows\system32\synceng.dll

2012-11-14 03:16 . 2012-09-25 21:55 78336 ----a-w- c:\windows\SysWow64\synceng.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-28 10:51 . 2012-07-06 10:49 45056 ----a-w- c:\windows\system32\acovcnt.exe

2012-10-19 15:31 . 2012-07-27 14:36 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-10-19 15:31 . 2011-05-21 14:37 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-10-07 12:54 . 2012-10-07 12:55 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-10-07 12:54 . 2011-05-27 00:52 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-09-14 19:23 . 2012-10-10 10:59 2048 ----a-w- c:\windows\system32\tzres.dll

2012-09-14 18:30 . 2012-10-10 10:59 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2009-04-08 18:31 . 2009-04-08 18:31 106496 ----a-w- c:\program files (x86)\Common Files\CPInstallAction.dll

2008-08-12 05:45 . 2008-08-12 05:45 155648 ----a-w- c:\program files (x86)\Common Files\MSIactionall.dll

2006-05-03 16:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll

2007-02-21 17:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll

2008-03-16 19:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll

2010-01-07 04:00 107520 --sha-r- c:\windows\SysWOW64\TAKDSDecoder.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-24 5629312]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-07-13 2244096]

"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]

"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-07-07 8493624]

"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-04-20 159744]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]

.

c:\users\Mr. Celadon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]

Stardock ObjectDock.lnk - c:\program files (x86)\Stardock\ObjectDockFree\ObjectDock.exe [2010-10-6 3768176]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

FancyStart daemon.lnk - c:\windows\Installer\{60D6618B-153F-4353-8185-908E676E5888}\_DCE9A4DB2A5F2786140FA3.exe [2000-3-22 12862]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2012-07-27 20:51 35768 ----a-w- c:\program files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver]

2000-03-22 10:45 72248 ----a-w- c:\windows\AsScrProlog.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]

2000-03-22 10:45 3054136 ----a-w- c:\windows\AsScrPro.exe

.

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

R2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 FastBootAgent;FastBootAgent;c:\windows\SysWOW64\Fast Boot\FastBootAgent.exe [2009-07-24 306232]

R2 ptumlcmsvc;PTUML290 Connection Manager Service;c:\windows\system32\ptumlcmsvc64.exe [2010-11-03 138768]

R2 WajamUpdater;WajamUpdater;c:\program files (x86)\Wajam\Updater\WajamUpdater.exe [2012-10-05 109064]

R3 DIRECTIO;DIRECTIO;c:\bit_temp\DirectIo.sys [x]

R3 PTUMLBUS;PTUML USB Composite Device Driver;c:\windows\system32\DRIVERS\PTUMLBUS.sys [2010-11-02 73616]

R3 PTUMLCVsp;PANTECH UML290 Connection Manager Port;c:\windows\system32\DRIVERS\PTUMLCVsp.sys [2010-11-02 182672]

R3 PTUMLMdm;PANTECH UML290;c:\windows\system32\DRIVERS\PTUMLMdm.sys [2010-11-02 182672]

R3 PTUMLNET61;PANTECH UML290 WWAN (NDIS6.1);c:\windows\system32\DRIVERS\PTUMLNET61.sys [2010-11-02 98832]

R3 PTUMLNVsp;PANTECH UML290 NMEA Port;c:\windows\system32\DRIVERS\PTUMLNVsp.sys [2010-11-02 183824]

R3 PTUMLRMNET;PANTECH UML290 RMNET Service;c:\windows\system32\DRIVERS\PTUMLRMNET.sys [2010-11-02 69136]

R3 PTUMLVsp;PANTECH UML290 Diagnostic Port;c:\windows\system32\DRIVERS\PTUMLVsp.sys [2010-11-02 182672]

R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-07-09 1222144]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-21 1255736]

S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [2009-06-18 15928]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-06-25 283200]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-11-24 140672]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2009-06-12 112128]

.

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-07-12 165912]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-07-12 387608]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-07-12 365592]

"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-04-09 320000]

"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-06-12 619392]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

FF - ProfilePath - c:\users\Mr. Celadon\AppData\Roaming\Mozilla\Firefox\Profiles\65fuhod7.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - about:home

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=

FF - ExtSQL: !HIDDEN! 2012-09-29 20:18; auto-update@mozilla.org; c:\users\Mr. Celadon\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaUpdate

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

AddRemove-Vid-Saver - c:\program files (x86)\Vid-Saver\Uninstall.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-12-05 17:10:44

ComboFix-quarantined-files.txt 2012-12-05 22:10

ComboFix2.txt 2012-07-21 14:22

.

Pre-Run: 44,159,643,648 bytes free

Post-Run: 44,063,113,216 bytes free

.

- - End Of File - - 82666E4DDA34E1F695786E573C0CB19F</pre>

Link to post
Share on other sites

<p> </p>

<pre style="color: rgb(0, 0, 0); word-wrap: break-word; white-space: pre-wrap;">

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8TSVLSR1\updater-startnow-200-2.4-fixed[1].exe Win32/Toolbar.Zugo application unable to clean

C:\Qoobox\Quarantine\C\Users\Mr. Celadon\AppData\Local\lfgmh.exe.vir a variant of Win32/Kryptik.AIUD trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Users\Mr. Celadon\AppData\Local\ACE Compression Software\ognghilg.dll.vir Win32/Boaxxe.G trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Users\Mr. Celadon\AppData\Local\{664CA3C8-89FE-44D8-BAEF-E3186C53D765}\{5B9FB423-BDC8-45B6-9F59-F092B6067213}\pozscblcg.dll.vir a variant of Win32/Kryptik.AIGB trojan cleaned by deleting - quarantined

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8TSVLSR1\updater-startnow-200-2.4-fixed[1].exe Win32/Toolbar.Zugo application cleaned by deleting - quarantined</pre>

Link to post
Share on other sites

Run the following to give overview of security, Java, Adobe etc....

Download Security Check by screen317 from HERE or HERE.

Save it to your Desktop.

Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me see that log, also tell how your system is responding and what issues concerns remain..

Kevin

Link to post
Share on other sites

Ok thanks. Before I get to that here's more info: Results of screen317's Security Check version 0.99.56

Windows 7 x64 (UAC is enabled)

Out of date service pack!!

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Security Center service is not running! This report may not be accurate!

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Java 7 Update 7

Java version out of Date!

Adobe Flash Player 11.4.402.287 Flash Player out of Date!

Adobe Reader 10.1.4 Adobe Reader out of Date!

Mozilla Firefox 16.0.2 Firefox out of Date!

````````Process Check: objlist.exe by Laurent````````

`````````````````System Health check`````````````````

Total Fragmentation on Drive C:

````````````````````End of Log``````````````````````

Link to post
Share on other sites

Sorry, here it is.

DDS (Ver_2012-11-20.01) - NTFS_AMD64 MINIMAL

Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.7.2

Run by Mr. Celadon at 6:47:55 on 2012-12-07

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4061.3166 [GMT -5:00]

.

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\Explorer.EXE

C:\Windows\system32\ctfmon.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: ??.??: {5adefb9e-b824-45e6-86e2-2b7941f5d6a3} -

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Wajam: {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r

mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe

mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe

mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

StartupFolder: C:\Users\MRD07D~1.CEL\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

StartupFolder: C:\Users\MRD07D~1.CEL\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\STARDO~1.LNK - C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{60D6618B-153F-4353-8185-908E676E5888}\_DCE9A4DB2A5F2786140FA3.exe

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{0A659ED4-E5E5-405A-8787-45D47742EC08} : DHCPNameServer = 66.174.95.44 66.174.92.14

TCP: Interfaces\{1451340D-D0B3-4B47-B958-B00091FDA7BE} : DHCPNameServer = 66.174.95.44 66.174.92.14

TCP: Interfaces\{46EDC8B3-83DB-45A5-9391-D954A6ADFF95} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{46EDC8B3-83DB-45A5-9391-D954A6ADFF95}\34F6F6B69656 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{7527C01C-8154-4814-9045-5F150B8BDDA1} : DHCPNameServer = 66.174.95.44 66.174.92.14

TCP: Interfaces\{D659D42C-8251-4349-A501-0BA6149E4416} : DHCPNameServer = 66.174.95.44 66.174.92.14

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe

x64-Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Mr. Celadon\AppData\Roaming\Mozilla\Firefox\Profiles\65fuhod7.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - about:home

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll

FF - ExtSQL: !HIDDEN! 2012-09-29 20:18; auto-update@mozilla.org; C:\Users\Mr. Celadon\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaUpdate

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

.

============= SERVICES / DRIVERS ===============

.

R0 lullaby;lullaby;C:\Windows\System32\drivers\lullaby.sys [2000-3-22 15928]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-6-25 283200]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-8-11 140672]

R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2009-6-11 112128]

S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

S2 ASMMAP64;ASMMAP64;C:\Program Files\ATKGFNEX\ASMMAP64.sys [2000-3-22 14904]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 FastBootAgent;FastBootAgent;C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe [2000-3-22 306232]

S2 ptumlcmsvc;PTUML290 Connection Manager Service;C:\Windows\System32\ptumlcmsvc64.exe [2011-5-21 138768]

S2 WajamUpdater;WajamUpdater;C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [2012-10-5 109064]

S3 PTUMLBUS;PTUML USB Composite Device Driver;C:\Windows\System32\drivers\PTUMLBUS.sys [2011-5-21 73616]

S3 PTUMLCVsp;PANTECH UML290 Connection Manager Port;C:\Windows\System32\drivers\PTUMLCVsp.sys [2011-5-21 182672]

S3 PTUMLMdm;PANTECH UML290;C:\Windows\System32\drivers\PTUMLMdm.sys [2011-5-21 182672]

S3 PTUMLNET61;PANTECH UML290 WWAN (NDIS6.1);C:\Windows\System32\drivers\PTUMLNET61.sys [2011-5-21 98832]

S3 PTUMLNVsp;PANTECH UML290 NMEA Port;C:\Windows\System32\drivers\PTUMLNVsp.sys [2011-5-21 183824]

S3 PTUMLRMNET;PANTECH UML290 RMNET Service;C:\Windows\System32\drivers\PTUMLRMNET.sys [2011-5-21 69136]

S3 PTUMLVsp;PANTECH UML290 Diagnostic Port;C:\Windows\System32\drivers\PTUMLVsp.sys [2011-5-21 182672]

S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]

S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2009-7-9 1222144]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-5-21 1255736]

.

=============== Created Last 30 ================

.

2012-12-05 22:18:55 -------- d-----w- C:\Program Files (x86)\ESET

2012-12-05 22:11:20 -------- d-sh--w- C:\$RECYCLE.BIN

2012-12-03 23:40:26 -------- d-----w- C:\_OTM

2012-12-03 17:55:21 -------- d-----w- C:\Users\Mr. Celadon\AppData\Roaming\Ehsyp

2012-11-24 01:04:19 -------- d-----w- C:\Users\Mr. Celadon\AppData\Local\Chromium

2012-11-23 16:55:42 -------- d-----w- C:\Users\Mr. Celadon\AppData\Roaming\The Creative Assembly

2012-11-23 00:13:31 -------- d-----w- C:\Users\Mr. Celadon\AppData\Local\ACE Compression Software

2012-11-22 01:59:42 -------- d-----w- C:\ProgramData\Premium

2012-11-22 01:59:37 -------- d-----w- C:\ProgramData\InstallMate

2012-11-21 13:03:55 -------- d-----w- C:\Users\Mr. Celadon\AppData\Local\2K Games

2012-11-21 13:03:44 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation

2012-11-21 13:03:17 519000 ----a-w- C:\Windows\System32\d3dx10_40.dll

2012-11-21 13:03:17 452440 ----a-w- C:\Windows\SysWow64\d3dx10_40.dll

2012-11-21 13:03:17 2605920 ----a-w- C:\Windows\System32\D3DCompiler_40.dll

2012-11-21 13:03:17 2036576 ----a-w- C:\Windows\SysWow64\D3DCompiler_40.dll

2012-11-21 13:03:15 5631312 ----a-w- C:\Windows\System32\D3DX9_40.dll

2012-11-21 13:03:15 4379984 ----a-w- C:\Windows\SysWow64\D3DX9_40.dll

2012-11-20 15:50:00 -------- d-----w- C:\Program Files (x86)\Common Files\Steam

2012-11-14 04:00:42 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui

2012-11-14 04:00:41 9728 ----a-w- C:\Windows\System32\Wdfres.dll

2012-11-14 04:00:41 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys

2012-11-14 04:00:41 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys

2012-11-14 03:53:38 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys

2012-11-14 03:53:38 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys

2012-11-14 03:53:35 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll

2012-11-14 03:53:35 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll

2012-11-14 03:53:34 744448 ----a-w- C:\Windows\System32\WUDFx.dll

2012-11-14 03:53:34 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll

2012-11-14 03:53:34 229888 ----a-w- C:\Windows\System32\WUDFHost.exe

2012-11-14 03:22:54 3147264 ----a-w- C:\Windows\System32\win32k.sys

2012-11-14 03:16:01 95744 ----a-w- C:\Windows\System32\synceng.dll

2012-11-14 03:16:01 78336 ----a-w- C:\Windows\SysWow64\synceng.dll

.

==================== Find3M ====================

.

2012-11-28 10:51:26 45056 ----a-w- C:\Windows\System32\acovcnt.exe

2012-10-19 15:31:43 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-10-19 15:31:43 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-10-16 21:20:49 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 21:20:46 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 20:34:37 559104 ----a-w- C:\Windows\apppatch\AcLayers.dll

2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll

2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-10-07 12:54:57 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2012-10-07 12:54:56 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-09-14 19:23:40 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-09-14 18:30:38 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2009-04-08 18:31:56 106496 ----a-w- C:\Program Files (x86)\Common Files\CPInstallAction.dll

2008-08-12 05:45:20 155648 ----a-w- C:\Program Files (x86)\Common Files\MSIactionall.dll

2006-05-03 16:06:54 163328 --sha-r- C:\Windows\SysWOW64\flvDX.dll

2007-02-21 17:47:16 31232 --sha-r- C:\Windows\SysWOW64\msfDX.dll

2008-03-16 19:30:52 216064 --sha-r- C:\Windows\SysWOW64\nbDX.dll

2010-01-07 04:00:00 107520 --sha-r- C:\Windows\SysWOW64\TAKDSDecoder.dll

.

============= FINISH: 6:49:21.20 ===============

Link to post
Share on other sites

I do not see an anti-virus application installed, definitely worth doing that now:

To keep safe when online you need a good Antivirus/Antspyware/Antimalware/Anti-Rootkit combination application. Microsoft Security Essentials covers all of those bases, but better still it is free. Go here http://www.microsoft.com/security_essentials/ and hit the "Download free" tab, follow the prompts. Once installed it will want to update and carry out a quick scan, allow that to happen.

Let me know what scan result you get with MSE...

Link to post
Share on other sites

The system does have outdated apps that can be exploited and may contribute to the current problems....

Visit http://get.adobe.com.../otherversions/ and download the latest version of Acrobat Reader

Step 1 - Select your Operating System.

Step 2 - Select your Langauge.

Step 3 - Select latest version.

Untick the option for McAfee security scanner if offered.

Download and install.

Having the latest updates ensures there are no security vulnerabilities in your system.

Next,

Go here http://www.adobe.com...ckwave/welcome/ and have Adobe Flashplayer checked. Accept new version if required.

There maybe an offer of Google Chrome, untick those options if offered...

Next,

Your Java javaicon.gif maybe out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:

Go to http://java.com/en/ and click on "Do I have Java"

It will check your current version and then offer to update to the latest version

Watch for and make sure you untick the box next to whatever free program they prompt you to install during the installation, unless you want it.

***Note: Check in Programs and Features (or Add/Remove Programs if you are an XP user) to make certain there are no old versions of Java still installed, if so - remove them.

It is imperative that any old versions of the above 3 updates are removed from the system....

I also note that Firefox is outdated, that should also be updated to the latest version.....

Next,

download http://general-chang...de/2-adwcleaner by Xplode onto your Desktop.

  • Please close all open programs and internet browsers.
  • Double click on Adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

Post that log, also give an update on the curent status of the system... Any issues that remain.

Thanks,

Kevin

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.