Sanji78 Posted December 5, 2012 ID:620039 Share Posted December 5, 2012 My friend's Laptop has been infected with ransomeware virus. Apparently, previously he had the Google ReDirect virus and it caused him to get this ransomeware virus. He tried to remove both EENK and Malewarebytes but both would hang (not respond) after reaching a certain point. He attempted to use another program but the virus remains. What should he do? Link to post Share on other sites More sharing options...
Sanji78 Posted December 5, 2012 Author ID:620041 Share Posted December 5, 2012 Oh, and one more thing, he can't get online while in safe mode. Link to post Share on other sites More sharing options...
kevinf80 Posted December 5, 2012 ID:620042 Share Posted December 5, 2012 Will the system boot into safe mode? What is the operating system? Windows 7, Vista, XP. 32 or 64 bit.... Link to post Share on other sites More sharing options...
Sanji78 Posted December 5, 2012 Author ID:620044 Share Posted December 5, 2012 Will the system boot into safe mode? What is the operating system? Windows 7, Vista, XP. 32 or 64 bit.... The OS is Windows 7, and yes it boots in safe mode. Link to post Share on other sites More sharing options...
kevinf80 Posted December 5, 2012 ID:620046 Share Posted December 5, 2012 Can the system be booted to Safemode with Networking to keep the connection live? If no d/l DDS to another PC transfer to Desktop of laptop, run the scan and save the logs. Transfer back to other PC and post here....Download and save DDS to your Desktop from either of the following links:http://download.bleepingcomputer.com/sUBs/dds.scrhttp://compendiate.net/sUBs/dds/dds.scrDouble click DDS to run the scan, Vista or Windows 7 user accept UAC alert.There will be an alert that two logs will be saved to the Desktop, DDS.txt and Attach.txtCopy and paste those two logs to your reply when the scan is complete.... Link to post Share on other sites More sharing options...
Sanji78 Posted December 5, 2012 Author ID:620051 Share Posted December 5, 2012 Here what I got: DDS (Ver_2012-11-20.01) - NTFS_AMD64 MINIMALInternet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.7.2Run by Mr. Celadon at 20:25:50 on 2012-12-04Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4061.3163 [GMT -5:00].SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestrictedC:\Program Files\SUPERAntiSpyware\SASCORE64.EXEC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\Explorer.EXEC:\Windows\System32\svchost.exe -k swprvC:\Windows\system32\ctfmon.exeC:\Windows\system32\igfxsrvc.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: ??.??: {5adefb9e-b824-45e6-86e2-2b7941f5d6a3} - BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Wajam: {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dlluRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorunuRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeuRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silentuRun: [ACE Compression Software] Rundll32.exe "C:\Users\Mr. Celadon\AppData\Local\ACE Compression Software\ognghilg.dll",vlc_entry__1_0_0emRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -rmRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exemRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exemRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exemRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimemRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctMTI3MDI3NTU1NC1GTDEwKzEtWE8xMCsxMS1MSUMrMi1UVUcrMy1ERFQrMC1ERDEwRisxLVNUMTBGQVBQKzEtRjEwTTEyVEErMS1VMTArMS1WSVAxMisxLVRMKzEtRjEwTTEyUisx"&"prod=90"&"ver=10.0.1424StartupFolder: C:\Users\MRD07D~1.CEL\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exeStartupFolder: C:\Users\MRD07D~1.CEL\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\STARDO~1.LNK - C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{60D6618B-153F-4353-8185-908E676E5888}\_DCE9A4DB2A5F2786140FA3.exeuPolicies-Explorer: NoDrives = dword:0mPolicies-Explorer: NoDrives = dword:0mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0mPolicies-System: PromptOnSecureDesktop = dword:0TCP: Interfaces\{0A659ED4-E5E5-405A-8787-45D47742EC08} : DHCPNameServer = 66.174.95.44 66.174.92.14TCP: Interfaces\{1451340D-D0B3-4B47-B958-B00091FDA7BE} : DHCPNameServer = 66.174.95.44 66.174.92.14TCP: Interfaces\{46EDC8B3-83DB-45A5-9391-D954A6ADFF95} : DHCPNameServer = 192.168.1.1TCP: Interfaces\{46EDC8B3-83DB-45A5-9391-D954A6ADFF95}\34F6F6B69656 : DHCPNameServer = 192.168.1.1TCP: Interfaces\{7527C01C-8154-4814-9045-5F150B8BDDA1} : DHCPNameServer = 66.174.95.44 66.174.92.14TCP: Interfaces\{D659D42C-8251-4349-A501-0BA6149E4416} : DHCPNameServer = 66.174.95.44 66.174.92.14Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllx64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dllx64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dllx64-Run: [igfxTray] C:\Windows\System32\igfxtray.exex64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exex64-Run: [Persistence] C:\Windows\System32\igfxpers.exex64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exex64-Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exex64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-Notify: igfxcui - igfxdev.dll.================= FIREFOX ===================.FF - ProfilePath - C:\Users\Mr. Celadon\AppData\Roaming\Mozilla\Firefox\Profiles\65fuhod7.default\FF - prefs.js: browser.search.selectedEngine - YahooFF - prefs.js: browser.startup.homepage - about:homeFF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dllFF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dllFF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dllFF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dllFF - ExtSQL: !HIDDEN! 2012-09-29 20:18; auto-update@mozilla.org; C:\Users\Mr. Celadon\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaUpdate.---- FIREFOX POLICIES ----FF - user.js: yahoo.ytff.general.dontshowhpoffer - true============= SERVICES / DRIVERS ===============.R0 lullaby;lullaby;C:\Windows\System32\drivers\lullaby.sys [2000-3-22 15928]R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-6-25 283200]R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-8-11 140672]R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2009-6-11 112128]S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]S2 ASMMAP64;ASMMAP64;C:\Program Files\ATKGFNEX\ASMMAP64.sys [2000-3-22 14904]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 FastBootAgent;FastBootAgent;C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe [2000-3-22 306232]S2 ptumlcmsvc;PTUML290 Connection Manager Service;C:\Windows\System32\ptumlcmsvc64.exe [2011-5-21 138768]S2 WajamUpdater;WajamUpdater;C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [2012-10-5 109064]S3 PTUMLBUS;PTUML USB Composite Device Driver;C:\Windows\System32\drivers\PTUMLBUS.sys [2011-5-21 73616]S3 PTUMLCVsp;PANTECH UML290 Connection Manager Port;C:\Windows\System32\drivers\PTUMLCVsp.sys [2011-5-21 182672]S3 PTUMLMdm;PANTECH UML290;C:\Windows\System32\drivers\PTUMLMdm.sys [2011-5-21 182672]S3 PTUMLNET61;PANTECH UML290 WWAN (NDIS6.1);C:\Windows\System32\drivers\PTUMLNET61.sys [2011-5-21 98832]S3 PTUMLNVsp;PANTECH UML290 NMEA Port;C:\Windows\System32\drivers\PTUMLNVsp.sys [2011-5-21 183824]S3 PTUMLRMNET;PANTECH UML290 RMNET Service;C:\Windows\System32\drivers\PTUMLRMNET.sys [2011-5-21 69136]S3 PTUMLVsp;PANTECH UML290 Diagnostic Port;C:\Windows\System32\drivers\PTUMLVsp.sys [2011-5-21 182672]S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2009-7-9 1222144]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-5-21 1255736].=============== Created Last 30 ================.2012-12-03 23:40:26 -------- d-----w- C:\_OTM2012-12-03 17:55:21 -------- d-----w- C:\Users\Mr. Celadon\AppData\Roaming\Irnize2012-12-03 17:55:21 -------- d-----w- C:\Users\Mr. Celadon\AppData\Roaming\Ehsyp2012-11-24 01:04:19 -------- d-----w- C:\Users\Mr. Celadon\AppData\Local\Chromium2012-11-23 16:55:42 -------- d-----w- C:\Users\Mr. Celadon\AppData\Roaming\The Creative Assembly2012-11-23 00:13:31 -------- d-----w- C:\Users\Mr. Celadon\AppData\Local\ACE Compression Software2012-11-22 01:59:42 -------- d-----w- C:\ProgramData\Premium2012-11-22 01:59:37 -------- d-----w- C:\ProgramData\InstallMate2012-11-21 13:03:55 -------- d-----w- C:\Users\Mr. Celadon\AppData\Local\2K Games2012-11-21 13:03:44 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation2012-11-21 13:03:17 519000 ----a-w- C:\Windows\System32\d3dx10_40.dll2012-11-21 13:03:17 452440 ----a-w- C:\Windows\SysWow64\d3dx10_40.dll2012-11-21 13:03:17 2605920 ----a-w- C:\Windows\System32\D3DCompiler_40.dll2012-11-21 13:03:17 2036576 ----a-w- C:\Windows\SysWow64\D3DCompiler_40.dll2012-11-21 13:03:15 5631312 ----a-w- C:\Windows\System32\D3DX9_40.dll2012-11-21 13:03:15 4379984 ----a-w- C:\Windows\SysWow64\D3DX9_40.dll2012-11-20 15:50:00 -------- d-----w- C:\Program Files (x86)\Common Files\Steam2012-11-14 04:00:42 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui2012-11-14 04:00:41 9728 ----a-w- C:\Windows\System32\Wdfres.dll2012-11-14 04:00:41 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys2012-11-14 04:00:41 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys2012-11-14 03:53:38 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys2012-11-14 03:53:38 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys2012-11-14 03:53:35 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll2012-11-14 03:53:35 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll2012-11-14 03:53:34 744448 ----a-w- C:\Windows\System32\WUDFx.dll2012-11-14 03:53:34 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll2012-11-14 03:53:34 229888 ----a-w- C:\Windows\System32\WUDFHost.exe2012-11-14 03:22:54 3147264 ----a-w- C:\Windows\System32\win32k.sys2012-11-14 03:16:01 95744 ----a-w- C:\Windows\System32\synceng.dll2012-11-14 03:16:01 78336 ----a-w- C:\Windows\SysWow64\synceng.dll.==================== Find3M ====================.2012-11-28 10:51:26 45056 ----a-w- C:\Windows\System32\acovcnt.exe2012-10-19 15:31:43 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2012-10-19 15:31:43 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb2012-10-07 12:54:57 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll2012-10-07 12:54:56 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll2012-09-14 19:23:40 2048 ----a-w- C:\Windows\System32\tzres.dll2012-09-14 18:30:38 2048 ----a-w- C:\Windows\SysWow64\tzres.dll2009-04-08 18:31:56 106496 ----a-w- C:\Program Files (x86)\Common Files\CPInstallAction.dll2008-08-12 05:45:20 155648 ----a-w- C:\Program Files (x86)\Common Files\MSIactionall.dll2006-05-03 16:06:54 163328 --sha-r- C:\Windows\SysWOW64\flvDX.dll2007-02-21 17:47:16 31232 --sha-r- C:\Windows\SysWOW64\msfDX.dll2008-03-16 19:30:52 216064 --sha-r- C:\Windows\SysWOW64\nbDX.dll2010-01-07 04:00:00 107520 --sha-r- C:\Windows\SysWOW64\TAKDSDecoder.dll.============= FINISH: 20:27:24.03 =============== Link to post Share on other sites More sharing options...
Sanji78 Posted December 5, 2012 Author ID:620053 Share Posted December 5, 2012 .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2Install Date: 5/20/2011 6:09:20 PMSystem Uptime: 12/4/2012 8:23:14 PM (0 hours ago).Motherboard: ASUSTeK Computer Inc. | | K50IJ Processor: Pentium® Dual-Core CPU T4500 @ 2.30GHz | Socket 478 | 2294/200mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 116 GiB total, 41.333 GiB free.D: is FIXED (NTFS) - 331 GiB total, 260.709 GiB free.E: is CDROM ()F: is CDROM ()G: is Removable.==== Disabled Device Manager Items =============.Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}Description: Atheros AR8121/AR8113/AR8114 PCI-E Ethernet ControllerDevice ID: PCI\VEN_1969&DEV_1026&SUBSYS_14F51043&REV_B0\FF8034CE485B39FF00Manufacturer: AtherosName: Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller #2PNP Device ID: PCI\VEN_1969&DEV_1026&SUBSYS_14F51043&REV_B0\FF8034CE485B39FF00Service: L1E.Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}Description: Security Processor Loader DriverDevice ID: ROOT\LEGACY_SPLDR\0000Manufacturer: Name: Security Processor Loader DriverPNP Device ID: ROOT\LEGACY_SPLDR\0000Service: spldr.==== System Restore Points ===================.RP19: 11/20/2012 10:49:18 AM - Installed SteamRP20: 11/20/2012 11:06:50 AM - Removed SteamRP21: 11/20/2012 11:12:15 AM - Installed SteamRP22: 11/21/2012 8:01:30 AM - Installed DirectXRP23: 11/21/2012 8:42:13 AM - Removed Rome Total War - patch 1.3RP24: 11/23/2012 11:52:37 AM - Installed DirectXRP25: 11/23/2012 11:54:43 AM - Installed Microsoft Visual C++ 2005 RedistributableRP26: 11/23/2012 7:57:53 PM - Installed DirectXRP27: 11/25/2012 11:13:32 AM - Installed DirectXRP28: 11/28/2012 9:35:34 AM - Installed DirectXRP29: 11/28/2012 8:32:01 PM - Windows Update.==== Installed Programs ======================.µTorrentAdobe AIRAdobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Reader X (10.1.4)Alcor Micro USB Card ReaderApple Application SupportApple Mobile Device SupportApple Software UpdateApplian FLV and Media Player 3.1.1.12ASUS AI RecoveryASUS CopyProtectASUS FancyStartASUS LifeFrame3ASUS Live UpdateASUS MultiFrameASUS Power4Gear HybridASUS SmartLogonASUS Splendid Video Enhancement TechnologyASUS Virtual CameraAsus_Camera_ScreenSaverAtheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet DriverATK Generic Function ServiceATK HotkeyATK MediaATKOSD2Audacity 1.2.6BonjourCCleanerControlDeckConvertHelper 2.2D3DX10DAEMON Tools LiteEmpire: Total WareMuleETDWare PS/2-x64 7.0.5.5_WHQLFast BootGangstersGangsters 2Gotham City Impostors: Free To PlayIntel® Graphics Media Accelerator DriverIsoBuster 3.0iTunesJava 7 Update 7Java Auto UpdaterJava SE Development Kit 7 Update 5 (64-bit)Java 7 Update 5 (64-bit)JavaFX 2.1.1 (64-bit)JavaFX 2.1.1 SDK (64-bit)LAME v3.98.3 for AudacityMicrosoft .NET Framework 4 Client ProfileMicrosoft Application Error ReportingMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Mozilla Firefox 16.0.2 (x86 en-US)Mozilla Maintenance ServiceMSVCRTNapoleon: Total WarNVIDIA PhysXObjectDock FreeOctoshape add-in for Adobe Flash PlayerOpenOffice.org 3.4.1PANTECH UML290PhotoScapePlatformQuickTimeSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2446708)Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)SteamSUPER © v2012.build.52 (July 7, 2012) version v2012.build.52SUPERAntiSpywareTotal War: SHOGUN 2Total War: Shogun 2 - Assembly KitTotal War: Shogun 2 - TEdUniversal Extractor 1.6.1Update for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)USB 2.0 1.3M UVC WebCamVIA Platform Device ManagerVid-SaverVisual Studio 2008 x64 RedistributablesVLC media player 1.1.11WajamWindows Live Communications PlatformWindows Live EssentialsWindows Live ID Sign-in AssistantWindows Live InstallerWindows Live Language SelectorWindows Live Movie MakerWindows Live Photo CommonWindows Live Photo GalleryWindows Live PIMT PlatformWindows Live SOXEWindows Live SOXE DefinitionsWindows Live UX PlatformWindows Live UX Platform Language PackWinFlashWinRAR 4.00 (32-bit)Wireless Console 3.==== Event Viewer Messages From Past Week ========.12/4/2012 8:24:08 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.12/4/2012 8:24:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}12/4/2012 8:24:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}12/4/2012 8:24:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}12/4/2012 8:24:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}12/4/2012 8:23:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}12/4/2012 8:23:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}12/4/2012 8:23:40 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr tdx vwififlt Wanarpv6 WfpLwf ws2ifsl12/4/2012 8:23:36 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.12/4/2012 8:23:36 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.12/4/2012 8:23:36 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.12/4/2012 8:23:36 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.12/4/2012 8:23:36 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.12/4/2012 8:23:36 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.12/4/2012 8:23:36 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.12/4/2012 8:23:36 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.12/4/2012 8:23:36 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.12/4/2012 8:23:36 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.12/4/2012 8:23:36 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.12/3/2012 6:24:34 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache SASDIFSV SASKUTIL spldr Wanarpv6.==== End Of File =========================== Link to post Share on other sites More sharing options...
kevinf80 Posted December 5, 2012 ID:620058 Share Posted December 5, 2012 Are you able to boot into Safemode with Networking to maintain an internet connection? If not this will have to be transferred to the Desktop of sick laptop. I give the full instruction:Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from the following link :-Combofix Ensure that Combofix is saved directly to the Desktop of sick Laptop <--- Very important Disable all security programs as they will have a negative effect on Combofix, instructions available Here if required. Be aware the list may not have all programs listed, if you need more help please ask. Close any open browsers and any other programs you might have running Double click the icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator) Instructions for running Combofix available Here if required. If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes. When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read Here why disabling autoruns is recommended.*EXTRA NOTES* If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so. If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)Post the log in next reply please...Kevin Link to post Share on other sites More sharing options...
Sanji78 Posted December 5, 2012 Author ID:620060 Share Posted December 5, 2012 Thanks for your help. I will provide the results tomorrow. Link to post Share on other sites More sharing options...
kevinf80 Posted December 5, 2012 ID:620147 Share Posted December 5, 2012 Thats OK, Link to post Share on other sites More sharing options...
Sanji78 Posted December 5, 2012 Author ID:620318 Share Posted December 5, 2012 Thats OK, Here is the info: ComboFix 12-12-04.01 - Mr. Celadon 12/04/2012 21:14:11.2.2 - x64 MINIMALMicrosoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4061.3070 [GMT -5:00]Running from: c:\users\Mr. Celadon\Desktop\ComboFix.exeSP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\program files (x86)\Vid-Saverc:\program files (x86)\Vid-Saver\Uninstall.exec:\program files (x86)\Vid-Saver\Vid-Saver.exec:\program files (x86)\Vid-Saver\Vid-Saver.icoc:\program files (x86)\Vid-Saver\Vid-Saver.inic:\program files (x86)\Vid-Saver\Vid-SaverGui.exec:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69\GEARDIFx.exec:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\DIFxAPI.dllc:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\DifXInst64.exec:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\DIFxInstallLog.txtc:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\GEARAspi.dllc:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\GEARAspi64.dllc:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\GEARAspiWDM.infc:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\gearaspiwdmx64.catc:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\x64\GEARAspiWDM.sysc:\programdata\dsgsdgdsgdsgw.padc:\users\Mr. Celadon\AppData\Local\ACE Compression Software\ognghilg.dllc:\users\Mr. Celadon\AppData\Roaming\Irnizec:\users\Mr. Celadon\AppData\Roaming\Irnize\fecei.ymnD:\install.exe..((((((((((((((((((((((((( Files Created from 2012-11-05 to 2012-12-05 )))))))))))))))))))))))))))))))..2012-12-05 02:23 . 2012-12-05 02:23 -------- d-----w- c:\users\Public\AppData\Local\temp2012-12-05 02:23 . 2012-12-05 02:23 -------- d-----w- c:\users\Default\AppData\Local\temp2012-12-03 23:40 . 2012-12-03 23:40 -------- d-----w- C:\_OTM2012-12-03 17:55 . 2012-12-03 18:23 -------- d-----w- c:\users\Mr. Celadon\AppData\Roaming\Ehsyp2012-11-24 01:04 . 2012-11-24 01:04 -------- d-----w- c:\users\Mr. Celadon\AppData\Local\Chromium2012-11-23 16:55 . 2012-11-28 14:37 -------- d-----w- c:\users\Mr. Celadon\AppData\Roaming\The Creative Assembly2012-11-23 00:13 . 2012-12-05 02:22 -------- d-----w- c:\users\Mr. Celadon\AppData\Local\ACE Compression Software2012-11-22 01:59 . 2012-11-22 01:59 -------- d-----w- c:\programdata\Premium2012-11-22 01:59 . 2012-11-22 02:01 -------- d-----w- c:\programdata\InstallMate2012-11-21 13:03 . 2012-11-21 13:03 -------- d-----w- c:\users\Mr. Celadon\AppData\Local\2K Games2012-11-21 13:03 . 2012-11-21 13:03 -------- d-----w- c:\program files (x86)\NVIDIA Corporation2012-11-21 13:03 . 2008-10-15 11:22 519000 ----a-w- c:\windows\system32\d3dx10_40.dll2012-11-21 13:03 . 2008-10-15 11:22 452440 ----a-w- c:\windows\SysWow64\d3dx10_40.dll2012-11-21 13:03 . 2008-10-15 11:22 2605920 ----a-w- c:\windows\system32\D3DCompiler_40.dll2012-11-21 13:03 . 2008-10-15 11:22 2036576 ----a-w- c:\windows\SysWow64\D3DCompiler_40.dll2012-11-21 13:03 . 2008-10-15 11:22 5631312 ----a-w- c:\windows\system32\D3DX9_40.dll2012-11-21 13:03 . 2008-10-15 11:22 4379984 ----a-w- c:\windows\SysWow64\D3DX9_40.dll2012-11-20 15:50 . 2012-11-22 11:53 -------- d-----w- c:\program files (x86)\Common Files\Steam2012-11-14 04:00 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui2012-11-14 04:00 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys2012-11-14 04:00 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys2012-11-14 04:00 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll2012-11-14 03:53 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys2012-11-14 03:53 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys2012-11-14 03:53 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll2012-11-14 03:53 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll2012-11-14 03:53 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe2012-11-14 03:53 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll2012-11-14 03:53 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll2012-11-14 03:22 . 2012-10-18 18:18 3147264 ----a-w- c:\windows\system32\win32k.sys2012-11-14 03:16 . 2012-09-25 22:39 95744 ----a-w- c:\windows\system32\synceng.dll2012-11-14 03:16 . 2012-09-25 21:55 78336 ----a-w- c:\windows\SysWow64\synceng.dll...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-11-28 10:51 . 2012-07-06 10:49 45056 ----a-w- c:\windows\system32\acovcnt.exe2012-10-19 15:31 . 2012-07-27 14:36 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2012-10-19 15:31 . 2011-05-21 14:37 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2012-10-07 12:54 . 2012-10-07 12:55 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll2012-10-07 12:54 . 2011-05-27 00:52 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll2012-09-14 19:23 . 2012-10-10 10:59 2048 ----a-w- c:\windows\system32\tzres.dll2012-09-14 18:30 . 2012-10-10 10:59 2048 ----a-w- c:\windows\SysWow64\tzres.dll2009-04-08 18:31 . 2009-04-08 18:31 106496 ----a-w- c:\program files (x86)\Common Files\CPInstallAction.dll2008-08-12 05:45 . 2008-08-12 05:45 155648 ----a-w- c:\program files (x86)\Common Files\MSIactionall.dll2006-05-03 16:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll2007-02-21 17:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll2008-03-16 19:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll2010-01-07 04:00 107520 --sha-r- c:\windows\SysWOW64\TAKDSDecoder.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-24 5629312].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-07-13 2244096]"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-07-07 8493624]"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-04-20 159744]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg&inst=NzctMTI3MDI3NTU1NC1GTDEwKzEtWE8xMCsxMS1MSUMrMi1UVUcrMy1ERFQrMC1ERDEwRisxLVNUMTBGQVBQKzEtRjEwTTEyVEErMS1VMTArMS1WSVAxMisxLVRMKzEtRjEwTTEyUisx∏=90&ver=10.0.1424" [?].c:\users\Mr. Celadon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]Stardock ObjectDock.lnk - c:\program files (x86)\Stardock\ObjectDockFree\ObjectDock.exe [2010-10-6 3768176].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk - c:\windows\Installer\{60D6618B-153F-4353-8185-908E676E5888}\_DCE9A4DB2A5F2786140FA3.exe [2000-3-22 12862].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0)"PromptOnSecureDesktop"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"aux"=wdmaud.drv.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]@="".[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]2012-07-27 20:51 35768 ----a-w- c:\program files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver]2000-03-22 10:45 72248 ----a-w- c:\windows\AsScrProlog.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]2000-03-22 10:45 3054136 ----a-w- c:\windows\AsScrPro.exe.R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]R2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]R2 FastBootAgent;FastBootAgent;c:\windows\SysWOW64\Fast Boot\FastBootAgent.exe [2009-07-24 306232]R2 ptumlcmsvc;PTUML290 Connection Manager Service;c:\windows\system32\ptumlcmsvc64.exe [2010-11-03 138768]R2 WajamUpdater;WajamUpdater;c:\program files (x86)\Wajam\Updater\WajamUpdater.exe [2012-10-05 109064]R3 DIRECTIO;DIRECTIO;c:\bit_temp\DirectIo.sys [x]R3 PTUMLBUS;PTUML USB Composite Device Driver;c:\windows\system32\DRIVERS\PTUMLBUS.sys [2010-11-02 73616]R3 PTUMLCVsp;PANTECH UML290 Connection Manager Port;c:\windows\system32\DRIVERS\PTUMLCVsp.sys [2010-11-02 182672]R3 PTUMLMdm;PANTECH UML290;c:\windows\system32\DRIVERS\PTUMLMdm.sys [2010-11-02 182672]R3 PTUMLNET61;PANTECH UML290 WWAN (NDIS6.1);c:\windows\system32\DRIVERS\PTUMLNET61.sys [2010-11-02 98832]R3 PTUMLNVsp;PANTECH UML290 NMEA Port;c:\windows\system32\DRIVERS\PTUMLNVsp.sys [2010-11-02 183824]R3 PTUMLRMNET;PANTECH UML290 RMNET Service;c:\windows\system32\DRIVERS\PTUMLRMNET.sys [2010-11-02 69136]R3 PTUMLVsp;PANTECH UML290 Diagnostic Port;c:\windows\system32\DRIVERS\PTUMLVsp.sys [2010-11-02 182672]R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-07-09 1222144]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-21 1255736]S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [2009-06-18 15928]S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-06-25 283200]S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-11-24 140672]S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2009-06-12 112128]...--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-07-12 165912]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-07-12 387608]"Persistence"="c:\windows\system32\igfxpers.exe" [2009-07-12 365592]"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-04-09 320000]"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-06-12 619392].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localFF - ProfilePath - c:\users\Mr. Celadon\AppData\Roaming\Mozilla\Firefox\Profiles\65fuhod7.default\FF - prefs.js: browser.search.selectedEngine - YahooFF - prefs.js: browser.startup.homepage - about:homeFF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=FF - ExtSQL: !HIDDEN! 2012-09-29 20:18; auto-update@mozilla.org; c:\users\Mr. Celadon\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaUpdateFF - user.js: yahoo.ytff.general.dontshowhpoffer - true.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)Wow6432Node-HKCU-Run-Steam - c:\program files (x86)\Steam\Steam.exeWow6432Node-HKCU-Run-ACE Compression Software - c:\users\Mr. Celadon\AppData\Local\ACE Compression Software\ognghilg.dllWebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)AddRemove-Vid-Saver - c:\program files (x86)\Vid-Saver\Uninstall.exe...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2012-12-04 21:27:09ComboFix-quarantined-files.txt 2012-12-05 02:27ComboFix2.txt 2012-07-21 14:22.Pre-Run: 44,359,659,520 bytes freePost-Run: 44,052,987,904 bytes free.- - End Of File - - 1E1D2640F85506CE93BBF3183C1EFF0B Link to post Share on other sites More sharing options...
kevinf80 Posted December 5, 2012 ID:620345 Share Posted December 5, 2012 OK, do the following:1. Close any open browsers.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.3. Open notepad and copy/paste the text in the Codebox below into it:ClearJavaCache::Registry::[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]"AvgUninstallURL"=-Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exeRefering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.Next,Eset Online Scanner**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as adminGo Eset web page http://www.eset.com/home/products/online-scanner/ to run an online scanner from ESET. Turn off the real time scanner of any existing antivirus program while performing the online scan click on the Run ESET Online Scanner button Tick the box next to YES, I accept the Terms of Use.Click Start When asked, allow the add/on to be installedClick Start Make sure that the option Remove found threats is unticked Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.Click Scan wait for the virus definitions to be downloaded Wait for the scan to finishWhen the scan is complete If no threats were found put a checkmark in "Uninstall application on close" close program report to me that nothing was foundIf threats were found click on "list of threats found" click on "export to text file" and save it as ESET SCAN and save to the desktop Click on back put a checkmark in "Uninstall application on close" click on finishclose programcopy and paste the report hereKevin Link to post Share on other sites More sharing options...
Sanji78 Posted December 5, 2012 Author ID:620385 Share Posted December 5, 2012 <p> </p><pre style="color: rgb(0, 0, 0); word-wrap: break-word; white-space: pre-wrap;">ComboFix 12-12-04.01 - Mr. Celadon 12/05/2012 16:57:50.3.2 - x64 NETWORKMicrosoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4061.3127 [GMT -5:00]Running from: c:\users\Mr. Celadon\Desktop\ComboFix.exeCommand switches used :: c:\users\Mr. Celadon\Desktop\CFScript.txtSP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point..((((((((((((((((((((((((( Files Created from 2012-11-05 to 2012-12-05 )))))))))))))))))))))))))))))))..2012-12-05 22:06 . 2012-12-05 22:06 -------- d-----w- c:\users\Public\AppData\Local\temp2012-12-05 22:06 . 2012-12-05 22:06 -------- d-----w- c:\users\Default\AppData\Local\temp2012-12-03 23:40 . 2012-12-03 23:40 -------- d-----w- C:\_OTM2012-12-03 17:55 . 2012-12-03 18:23 -------- d-----w- c:\users\Mr. Celadon\AppData\Roaming\Ehsyp2012-11-24 01:04 . 2012-11-24 01:04 -------- d-----w- c:\users\Mr. Celadon\AppData\Local\Chromium2012-11-23 16:55 . 2012-11-28 14:37 -------- d-----w- c:\users\Mr. Celadon\AppData\Roaming\The Creative Assembly2012-11-23 00:13 . 2012-12-05 02:22 -------- d-----w- c:\users\Mr. Celadon\AppData\Local\ACE Compression Software2012-11-22 01:59 . 2012-11-22 01:59 -------- d-----w- c:\programdata\Premium2012-11-22 01:59 . 2012-11-22 02:01 -------- d-----w- c:\programdata\InstallMate2012-11-21 13:03 . 2012-11-21 13:03 -------- d-----w- c:\users\Mr. Celadon\AppData\Local\2K Games2012-11-21 13:03 . 2012-11-21 13:03 -------- d-----w- c:\program files (x86)\NVIDIA Corporation2012-11-21 13:03 . 2008-10-15 11:22 519000 ----a-w- c:\windows\system32\d3dx10_40.dll2012-11-21 13:03 . 2008-10-15 11:22 452440 ----a-w- c:\windows\SysWow64\d3dx10_40.dll2012-11-21 13:03 . 2008-10-15 11:22 2605920 ----a-w- c:\windows\system32\D3DCompiler_40.dll2012-11-21 13:03 . 2008-10-15 11:22 2036576 ----a-w- c:\windows\SysWow64\D3DCompiler_40.dll2012-11-21 13:03 . 2008-10-15 11:22 5631312 ----a-w- c:\windows\system32\D3DX9_40.dll2012-11-21 13:03 . 2008-10-15 11:22 4379984 ----a-w- c:\windows\SysWow64\D3DX9_40.dll2012-11-20 15:50 . 2012-11-22 11:53 -------- d-----w- c:\program files (x86)\Common Files\Steam2012-11-14 04:00 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui2012-11-14 04:00 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys2012-11-14 04:00 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys2012-11-14 04:00 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll2012-11-14 03:53 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys2012-11-14 03:53 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys2012-11-14 03:53 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll2012-11-14 03:53 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll2012-11-14 03:53 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe2012-11-14 03:53 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll2012-11-14 03:53 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll2012-11-14 03:22 . 2012-10-18 18:18 3147264 ----a-w- c:\windows\system32\win32k.sys2012-11-14 03:16 . 2012-09-25 22:39 95744 ----a-w- c:\windows\system32\synceng.dll2012-11-14 03:16 . 2012-09-25 21:55 78336 ----a-w- c:\windows\SysWow64\synceng.dll...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-11-28 10:51 . 2012-07-06 10:49 45056 ----a-w- c:\windows\system32\acovcnt.exe2012-10-19 15:31 . 2012-07-27 14:36 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2012-10-19 15:31 . 2011-05-21 14:37 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2012-10-07 12:54 . 2012-10-07 12:55 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll2012-10-07 12:54 . 2011-05-27 00:52 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll2012-09-14 19:23 . 2012-10-10 10:59 2048 ----a-w- c:\windows\system32\tzres.dll2012-09-14 18:30 . 2012-10-10 10:59 2048 ----a-w- c:\windows\SysWow64\tzres.dll2009-04-08 18:31 . 2009-04-08 18:31 106496 ----a-w- c:\program files (x86)\Common Files\CPInstallAction.dll2008-08-12 05:45 . 2008-08-12 05:45 155648 ----a-w- c:\program files (x86)\Common Files\MSIactionall.dll2006-05-03 16:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll2007-02-21 17:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll2008-03-16 19:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll2010-01-07 04:00 107520 --sha-r- c:\windows\SysWOW64\TAKDSDecoder.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-24 5629312].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-07-13 2244096]"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-07-07 8493624]"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-04-20 159744]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776].c:\users\Mr. Celadon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]Stardock ObjectDock.lnk - c:\program files (x86)\Stardock\ObjectDockFree\ObjectDock.exe [2010-10-6 3768176].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk - c:\windows\Installer\{60D6618B-153F-4353-8185-908E676E5888}\_DCE9A4DB2A5F2786140FA3.exe [2000-3-22 12862].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0)"PromptOnSecureDesktop"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"aux"=wdmaud.drv.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]@="".[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]2012-07-27 20:51 35768 ----a-w- c:\program files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver]2000-03-22 10:45 72248 ----a-w- c:\windows\AsScrProlog.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]2000-03-22 10:45 3054136 ----a-w- c:\windows\AsScrPro.exe.R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]R2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]R2 FastBootAgent;FastBootAgent;c:\windows\SysWOW64\Fast Boot\FastBootAgent.exe [2009-07-24 306232]R2 ptumlcmsvc;PTUML290 Connection Manager Service;c:\windows\system32\ptumlcmsvc64.exe [2010-11-03 138768]R2 WajamUpdater;WajamUpdater;c:\program files (x86)\Wajam\Updater\WajamUpdater.exe [2012-10-05 109064]R3 DIRECTIO;DIRECTIO;c:\bit_temp\DirectIo.sys [x]R3 PTUMLBUS;PTUML USB Composite Device Driver;c:\windows\system32\DRIVERS\PTUMLBUS.sys [2010-11-02 73616]R3 PTUMLCVsp;PANTECH UML290 Connection Manager Port;c:\windows\system32\DRIVERS\PTUMLCVsp.sys [2010-11-02 182672]R3 PTUMLMdm;PANTECH UML290;c:\windows\system32\DRIVERS\PTUMLMdm.sys [2010-11-02 182672]R3 PTUMLNET61;PANTECH UML290 WWAN (NDIS6.1);c:\windows\system32\DRIVERS\PTUMLNET61.sys [2010-11-02 98832]R3 PTUMLNVsp;PANTECH UML290 NMEA Port;c:\windows\system32\DRIVERS\PTUMLNVsp.sys [2010-11-02 183824]R3 PTUMLRMNET;PANTECH UML290 RMNET Service;c:\windows\system32\DRIVERS\PTUMLRMNET.sys [2010-11-02 69136]R3 PTUMLVsp;PANTECH UML290 Diagnostic Port;c:\windows\system32\DRIVERS\PTUMLVsp.sys [2010-11-02 182672]R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-07-09 1222144]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-21 1255736]S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [2009-06-18 15928]S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-06-25 283200]S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-11-24 140672]S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2009-06-12 112128]...--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-07-12 165912]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-07-12 387608]"Persistence"="c:\windows\system32\igfxpers.exe" [2009-07-12 365592]"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-04-09 320000]"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-06-12 619392].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localFF - ProfilePath - c:\users\Mr. Celadon\AppData\Roaming\Mozilla\Firefox\Profiles\65fuhod7.default\FF - prefs.js: browser.search.selectedEngine - YahooFF - prefs.js: browser.startup.homepage - about:homeFF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=FF - ExtSQL: !HIDDEN! 2012-09-29 20:18; auto-update@mozilla.org; c:\users\Mr. Celadon\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaUpdateFF - user.js: yahoo.ytff.general.dontshowhpoffer - true.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)AddRemove-Vid-Saver - c:\program files (x86)\Vid-Saver\Uninstall.exe...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2012-12-05 17:10:44ComboFix-quarantined-files.txt 2012-12-05 22:10ComboFix2.txt 2012-07-21 14:22.Pre-Run: 44,159,643,648 bytes freePost-Run: 44,063,113,216 bytes free.- - End Of File - - 82666E4DDA34E1F695786E573C0CB19F</pre> Link to post Share on other sites More sharing options...
Sanji78 Posted December 5, 2012 Author ID:620386 Share Posted December 5, 2012 <p> </p><pre style="color: rgb(0, 0, 0); word-wrap: break-word; white-space: pre-wrap;">C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8TSVLSR1\updater-startnow-200-2.4-fixed[1].exe Win32/Toolbar.Zugo application unable to cleanC:\Qoobox\Quarantine\C\Users\Mr. Celadon\AppData\Local\lfgmh.exe.vir a variant of Win32/Kryptik.AIUD trojan cleaned by deleting - quarantinedC:\Qoobox\Quarantine\C\Users\Mr. Celadon\AppData\Local\ACE Compression Software\ognghilg.dll.vir Win32/Boaxxe.G trojan cleaned by deleting - quarantinedC:\Qoobox\Quarantine\C\Users\Mr. Celadon\AppData\Local\{664CA3C8-89FE-44D8-BAEF-E3186C53D765}\{5B9FB423-BDC8-45B6-9F59-F092B6067213}\pozscblcg.dll.vir a variant of Win32/Kryptik.AIGB trojan cleaned by deleting - quarantinedC:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8TSVLSR1\updater-startnow-200-2.4-fixed[1].exe Win32/Toolbar.Zugo application cleaned by deleting - quarantined</pre> Link to post Share on other sites More sharing options...
kevinf80 Posted December 6, 2012 ID:620521 Share Posted December 6, 2012 Run the following to give overview of security, Java, Adobe etc....Download Security Check by screen317 from HERE or HERE.Save it to your Desktop.Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.A Notepad document should open automatically called checkup.txt; please post the contents of that document.Let me see that log, also tell how your system is responding and what issues concerns remain..Kevin Link to post Share on other sites More sharing options...
Sanji78 Posted December 7, 2012 Author ID:620751 Share Posted December 7, 2012 Ok thanks. Before I get to that here's more info: Results of screen317's Security Check version 0.99.56 Windows 7 x64 (UAC is enabled) Out of date service pack!! Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Java 7 Update 7 Java version out of Date! Adobe Flash Player 11.4.402.287 Flash Player out of Date! Adobe Reader 10.1.4 Adobe Reader out of Date! Mozilla Firefox 16.0.2 Firefox out of Date! ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` Link to post Share on other sites More sharing options...
kevinf80 Posted December 7, 2012 ID:620803 Share Posted December 7, 2012 Can you post the logs from DDS.... Link to post Share on other sites More sharing options...
Sanji78 Posted December 7, 2012 Author ID:620920 Share Posted December 7, 2012 Sorry, here it is. DDS (Ver_2012-11-20.01) - NTFS_AMD64 MINIMALInternet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.7.2Run by Mr. Celadon at 6:47:55 on 2012-12-07Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4061.3166 [GMT -5:00].SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestrictedC:\Program Files\SUPERAntiSpyware\SASCORE64.EXEC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\Explorer.EXEC:\Windows\system32\ctfmon.exeC:\Windows\system32\igfxsrvc.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: ??.??: {5adefb9e-b824-45e6-86e2-2b7941f5d6a3} - BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Wajam: {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dlluRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorunuRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exemRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -rmRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exemRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exemRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exemRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimemRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"StartupFolder: C:\Users\MRD07D~1.CEL\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exeStartupFolder: C:\Users\MRD07D~1.CEL\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\STARDO~1.LNK - C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{60D6618B-153F-4353-8185-908E676E5888}\_DCE9A4DB2A5F2786140FA3.exeuPolicies-Explorer: NoDrives = dword:0mPolicies-Explorer: NoDrives = dword:0mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0mPolicies-System: PromptOnSecureDesktop = dword:0DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cabTCP: NameServer = 192.168.1.1TCP: Interfaces\{0A659ED4-E5E5-405A-8787-45D47742EC08} : DHCPNameServer = 66.174.95.44 66.174.92.14TCP: Interfaces\{1451340D-D0B3-4B47-B958-B00091FDA7BE} : DHCPNameServer = 66.174.95.44 66.174.92.14TCP: Interfaces\{46EDC8B3-83DB-45A5-9391-D954A6ADFF95} : DHCPNameServer = 192.168.1.1TCP: Interfaces\{46EDC8B3-83DB-45A5-9391-D954A6ADFF95}\34F6F6B69656 : DHCPNameServer = 192.168.1.1TCP: Interfaces\{7527C01C-8154-4814-9045-5F150B8BDDA1} : DHCPNameServer = 66.174.95.44 66.174.92.14TCP: Interfaces\{D659D42C-8251-4349-A501-0BA6149E4416} : DHCPNameServer = 66.174.95.44 66.174.92.14Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllx64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dllx64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dllx64-Run: [igfxTray] C:\Windows\System32\igfxtray.exex64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exex64-Run: [Persistence] C:\Windows\System32\igfxpers.exex64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exex64-Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exex64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-Notify: igfxcui - igfxdev.dll.================= FIREFOX ===================.FF - ProfilePath - C:\Users\Mr. Celadon\AppData\Roaming\Mozilla\Firefox\Profiles\65fuhod7.default\FF - prefs.js: browser.search.selectedEngine - YahooFF - prefs.js: browser.startup.homepage - about:homeFF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dllFF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dllFF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dllFF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dllFF - ExtSQL: !HIDDEN! 2012-09-29 20:18; auto-update@mozilla.org; C:\Users\Mr. Celadon\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaUpdate.---- FIREFOX POLICIES ----FF - user.js: yahoo.ytff.general.dontshowhpoffer - true.============= SERVICES / DRIVERS ===============.R0 lullaby;lullaby;C:\Windows\System32\drivers\lullaby.sys [2000-3-22 15928]R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-6-25 283200]R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-8-11 140672]R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2009-6-11 112128]S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]S2 ASMMAP64;ASMMAP64;C:\Program Files\ATKGFNEX\ASMMAP64.sys [2000-3-22 14904]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 FastBootAgent;FastBootAgent;C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe [2000-3-22 306232]S2 ptumlcmsvc;PTUML290 Connection Manager Service;C:\Windows\System32\ptumlcmsvc64.exe [2011-5-21 138768]S2 WajamUpdater;WajamUpdater;C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [2012-10-5 109064]S3 PTUMLBUS;PTUML USB Composite Device Driver;C:\Windows\System32\drivers\PTUMLBUS.sys [2011-5-21 73616]S3 PTUMLCVsp;PANTECH UML290 Connection Manager Port;C:\Windows\System32\drivers\PTUMLCVsp.sys [2011-5-21 182672]S3 PTUMLMdm;PANTECH UML290;C:\Windows\System32\drivers\PTUMLMdm.sys [2011-5-21 182672]S3 PTUMLNET61;PANTECH UML290 WWAN (NDIS6.1);C:\Windows\System32\drivers\PTUMLNET61.sys [2011-5-21 98832]S3 PTUMLNVsp;PANTECH UML290 NMEA Port;C:\Windows\System32\drivers\PTUMLNVsp.sys [2011-5-21 183824]S3 PTUMLRMNET;PANTECH UML290 RMNET Service;C:\Windows\System32\drivers\PTUMLRMNET.sys [2011-5-21 69136]S3 PTUMLVsp;PANTECH UML290 Diagnostic Port;C:\Windows\System32\drivers\PTUMLVsp.sys [2011-5-21 182672]S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2009-7-9 1222144]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-5-21 1255736].=============== Created Last 30 ================.2012-12-05 22:18:55 -------- d-----w- C:\Program Files (x86)\ESET2012-12-05 22:11:20 -------- d-sh--w- C:\$RECYCLE.BIN2012-12-03 23:40:26 -------- d-----w- C:\_OTM2012-12-03 17:55:21 -------- d-----w- C:\Users\Mr. Celadon\AppData\Roaming\Ehsyp2012-11-24 01:04:19 -------- d-----w- C:\Users\Mr. Celadon\AppData\Local\Chromium2012-11-23 16:55:42 -------- d-----w- C:\Users\Mr. Celadon\AppData\Roaming\The Creative Assembly2012-11-23 00:13:31 -------- d-----w- C:\Users\Mr. Celadon\AppData\Local\ACE Compression Software2012-11-22 01:59:42 -------- d-----w- C:\ProgramData\Premium2012-11-22 01:59:37 -------- d-----w- C:\ProgramData\InstallMate2012-11-21 13:03:55 -------- d-----w- C:\Users\Mr. Celadon\AppData\Local\2K Games2012-11-21 13:03:44 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation2012-11-21 13:03:17 519000 ----a-w- C:\Windows\System32\d3dx10_40.dll2012-11-21 13:03:17 452440 ----a-w- C:\Windows\SysWow64\d3dx10_40.dll2012-11-21 13:03:17 2605920 ----a-w- C:\Windows\System32\D3DCompiler_40.dll2012-11-21 13:03:17 2036576 ----a-w- C:\Windows\SysWow64\D3DCompiler_40.dll2012-11-21 13:03:15 5631312 ----a-w- C:\Windows\System32\D3DX9_40.dll2012-11-21 13:03:15 4379984 ----a-w- C:\Windows\SysWow64\D3DX9_40.dll2012-11-20 15:50:00 -------- d-----w- C:\Program Files (x86)\Common Files\Steam2012-11-14 04:00:42 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui2012-11-14 04:00:41 9728 ----a-w- C:\Windows\System32\Wdfres.dll2012-11-14 04:00:41 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys2012-11-14 04:00:41 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys2012-11-14 03:53:38 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys2012-11-14 03:53:38 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys2012-11-14 03:53:35 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll2012-11-14 03:53:35 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll2012-11-14 03:53:34 744448 ----a-w- C:\Windows\System32\WUDFx.dll2012-11-14 03:53:34 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll2012-11-14 03:53:34 229888 ----a-w- C:\Windows\System32\WUDFHost.exe2012-11-14 03:22:54 3147264 ----a-w- C:\Windows\System32\win32k.sys2012-11-14 03:16:01 95744 ----a-w- C:\Windows\System32\synceng.dll2012-11-14 03:16:01 78336 ----a-w- C:\Windows\SysWow64\synceng.dll.==================== Find3M ====================.2012-11-28 10:51:26 45056 ----a-w- C:\Windows\System32\acovcnt.exe2012-10-19 15:31:43 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2012-10-19 15:31:43 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2012-10-16 21:20:49 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll2012-10-16 21:20:46 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll2012-10-16 20:34:37 559104 ----a-w- C:\Windows\apppatch\AcLayers.dll2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb2012-10-07 12:54:57 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll2012-10-07 12:54:56 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll2012-09-14 19:23:40 2048 ----a-w- C:\Windows\System32\tzres.dll2012-09-14 18:30:38 2048 ----a-w- C:\Windows\SysWow64\tzres.dll2009-04-08 18:31:56 106496 ----a-w- C:\Program Files (x86)\Common Files\CPInstallAction.dll2008-08-12 05:45:20 155648 ----a-w- C:\Program Files (x86)\Common Files\MSIactionall.dll2006-05-03 16:06:54 163328 --sha-r- C:\Windows\SysWOW64\flvDX.dll2007-02-21 17:47:16 31232 --sha-r- C:\Windows\SysWOW64\msfDX.dll2008-03-16 19:30:52 216064 --sha-r- C:\Windows\SysWOW64\nbDX.dll2010-01-07 04:00:00 107520 --sha-r- C:\Windows\SysWOW64\TAKDSDecoder.dll.============= FINISH: 6:49:21.20 =============== Link to post Share on other sites More sharing options...
kevinf80 Posted December 7, 2012 ID:620925 Share Posted December 7, 2012 I do not see an anti-virus application installed, definitely worth doing that now:To keep safe when online you need a good Antivirus/Antspyware/Antimalware/Anti-Rootkit combination application. Microsoft Security Essentials covers all of those bases, but better still it is free. Go here http://www.microsoft.com/security_essentials/ and hit the "Download free" tab, follow the prompts. Once installed it will want to update and carry out a quick scan, allow that to happen.Let me know what scan result you get with MSE... Link to post Share on other sites More sharing options...
Sanji78 Posted December 7, 2012 Author ID:620932 Share Posted December 7, 2012 I will be posting shortly. Also, I forgot to mention that there is already a toolbar infection listed already. Link to post Share on other sites More sharing options...
kevinf80 Posted December 7, 2012 ID:620940 Share Posted December 7, 2012 What was it called? Link to post Share on other sites More sharing options...
Sanji78 Posted December 8, 2012 Author ID:621006 Share Posted December 8, 2012 He says the infection is called Trojan:JS/tracur.E and was found by the Microsoft Security Essentials. He wants to know how to tell if all the infections are gone. Also, the google/bing redirect virus is still on his firefox. Link to post Share on other sites More sharing options...
kevinf80 Posted December 8, 2012 ID:621054 Share Posted December 8, 2012 The system does have outdated apps that can be exploited and may contribute to the current problems....Visit http://get.adobe.com.../otherversions/ and download the latest version of Acrobat ReaderStep 1 - Select your Operating System.Step 2 - Select your Langauge.Step 3 - Select latest version.Untick the option for McAfee security scanner if offered.Download and install.Having the latest updates ensures there are no security vulnerabilities in your system.Next,Go here http://www.adobe.com...ckwave/welcome/ and have Adobe Flashplayer checked. Accept new version if required.There maybe an offer of Google Chrome, untick those options if offered...Next,Your Java maybe out of date. Older versions have vulnerabilities that malware can use to infect your system.Please follow these steps to remove older version of Java components and upgrade the application.Upgrading Java:Go to http://java.com/en/ and click on "Do I have Java"It will check your current version and then offer to update to the latest versionWatch for and make sure you untick the box next to whatever free program they prompt you to install during the installation, unless you want it.***Note: Check in Programs and Features (or Add/Remove Programs if you are an XP user) to make certain there are no old versions of Java still installed, if so - remove them.It is imperative that any old versions of the above 3 updates are removed from the system....I also note that Firefox is outdated, that should also be updated to the latest version.....Next,download http://general-chang...de/2-adwcleaner by Xplode onto your Desktop.Please close all open programs and internet browsers.Double click on Adwcleaner.exe to run the tool.Click on Delete.Confirm each time with OK.Your computer will be rebooted automatically. A text file will open after the restart.Please post the content of that logfile in your reply.You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.Post that log, also give an update on the curent status of the system... Any issues that remain.Thanks,Kevin Link to post Share on other sites More sharing options...
Sanji78 Posted December 9, 2012 Author ID:621327 Share Posted December 9, 2012 I will be back tomorrow with new info. I'm still waiting for his results. Link to post Share on other sites More sharing options...
kevinf80 Posted December 9, 2012 ID:621387 Share Posted December 9, 2012 OK, let me know what`s happening... Link to post Share on other sites More sharing options...
Recommended Posts