Jump to content

BSOD


Recommended Posts

I thought i would post this because of a problem that i never thought that this program would do because of reliability it is a great program. I was going crazy trying to figure BSOD out

I was always getting BSOD after initial start up 3 minutes later with a BSOD ERROR >>>>> ATSPORT.SYS ....... I tried everything, finally I remember the other day

Malewarebytes asked me if i would like the program to manage the computer live for free for a month so I said yes (GUESS I SHOULD NOT OF ) so I uninstalled

Malewarebytes and tried my computer and WALA fixed.

I have a Windows 7 32 bit with 4 meg of ram (only 3 gig is usable in 32 bit versions) That's the way DELL sells it

it is a Vostro 320 all in one

I hope people can utilize this post to alleviate some time pain and maybe a cure

Link to post
Share on other sites

yes tdss picked it up and i deleted it maleware seems to be running all right now I am getting one more really annoying issue that maleware is not picking up

and that is google redirect in firefox mostly because FF is my preference but i cant seem to shake that problem

win 7 3 gb ram dell vostro all in one 32 bit

Link to post
Share on other sites

I dont have the tdds log but i ran it again and nothing was found here is the dds log as requested I really appreciate all your help

Thanks

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 8.0.7600.16385

Run by LT at 8:04:08 on 2011-08-20

Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3037.1009 [GMT -4:00]

.

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\PMObserv.exe

C:\Windows\system32\rundll32.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Windows\system32\ASTSRV.EXE

C:\Windows\system32\atashost.exe

C:\Program Files\AVG\AVG10\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Microsoft LifeCam\MSCamS32.exe

C:\Program Files\Microsoft SQL Server\EMMSDE\MSSQL.1\MSSQL\Binn\sqlservr.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe

C:\Program Files\Nitro PDF\Express\NitroPDFExpressDriverService.exe

C:\Windows\system32\NLSSRV32.EXE

C:\Program Files\Blaze Media Pro\NMSAccess32.exe

C:\Windows\System32\svchost.exe -k HPZ12

c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

C:\Program Files\AVG\AVG10\avgnsx.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe

C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\TeamViewer\Version6\TeamViewer.exe

C:\Program Files\AVG\AVG10\avgtray.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE

C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\PROGRA~1\AVG\AVG10\avgrsx.exe

C:\Program Files\AVG\AVG10\avgcsrvx.exe

C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe

C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE

C:\Windows\system32\taskhost.exe

C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe

C:\Users\LT\AppData\Local\Temp\Adobelm_Cleanup.0001

C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

C:\Users\LT\AppData\Local\Temp\Adobelm_Cleanup.0001

C:\Program Files\Mozilla Firefox\firefox.exe

C:\PROGRA~1\GRETECH\GOMPLA~1\GOM.exe

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

C:\Program Files\Trillian\trillian.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\prevhost.exe

C:\Windows\system32\prevhost.exe

C:\Program Files\JudysApps\TenKey\TenKey.exe

C:\Program Files\Safari\Safari.exe

C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\explorer.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uSearch Page = hxxp://www.google.com

uStart Page = hxxp://www.google.com/

uSearch Bar = hxxp://www.google.com/ie

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

uURLSearchHooks: H - No File

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: RoboForm BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~1\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Microsoft Web Test Recorder 10.0 Helper: {dda57003-0068-4ed2-9d32-4d1ec707d94d} - c:\program files\microsoft visual studio 10.0\common7\ide\privateassemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll

TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll

EB: Web Test Recorder 10.0: {5802d092-1784-4908-8cdb-99b6842d353d} - mscoree.dll

uRun: [CardScan AutoSync]

uRun: [AdobeBridge]

mRun: [<NO NAME>]

mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

StartupFolder: c:\users\lt\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE

uPolicies-explorer: HideSCAHealth = 1 (0x1)

uPolicies-explorer: TaskbarNoThumbnail = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000

IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html

IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html

IE: Se&nd to OneNote - /105

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html

IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

Trusted Zone: caldirectsecuredocs.com\www

Trusted Zone: com\pennwest-edocs

Trusted Zone: ditechsecuredocs.com\www

Trusted Zone: ditechsecuredocs.net\www

Trusted Zone: docmagic.com\www

Trusted Zone: elynx.net\ctest

Trusted Zone: elynx.net\forms

Trusted Zone: elynx.net\gmacforms

Trusted Zone: elynx.net\pro

Trusted Zone: elynx.net\secure

Trusted Zone: elynx.net\usign

Trusted Zone: elynx.net\webpost

Trusted Zone: gmacmsecuredocs.com\www

Trusted Zone: gmacmsecuredocs.net\www

Trusted Zone: gmamcsecuredocs.com\www

Trusted Zone: ss3.swiftsend.com\loandocs

Trusted Zone: swiftsend.com\docs

Trusted Zone: swiftsend.com\loandocs

Trusted Zone: swiftsend2.com\docs

Trusted Zone: swiftsend2.com\loandocs

Trusted Zone: swiftview.com\www

Trusted Zone: wamuloandocs.com\www

DPF: {108D3206-846A-4A93-BACB-F0572D043ED7} - hxxp://69.3.34.26:81/webrec.cab

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab

DPF: {51A1CDAB-573D-45A4-B69F-B44791DFF60A} - hxxp://dot.pima.gov/gis/pictometry/viewer/ver30b/PictImageCtrl30.cab

DPF: {62415890-4985-0825-2508-23487C2A845F} - hxxp://58.251.42.227:82/en/cab/ipcamera.cab

DPF: {7DD62E58-5FA8-11D2-AFB7-00104B64F127} - hxxp://www.swiftview.com/product/public/svinstall.exe

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {944713E8-1F29-42D9-ABD5-557728B9AC97} - hxxps://ilnet.wellsfargo.com/ilonline/clickloan/ptclickloanwf.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CBF95A06-D408-46E3-8077-37E5B098EB84} - hxxps://ilnet.wellsfargo.com/ilonline/clickloan/enclickloanwf.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://flagstar.webex.com/client/T27L10NSP11EP5/training/ieatgpc1.cab

TCP: Interfaces\{0239A50C-3B56-426E-9404-24A52B239DBA} : NameServer = 4.2.2.2

TCP: Interfaces\{8A087DC4-6277-43DD-9B80-3585B70BA632} : NameServer = 4.2.2.2

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll

Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll

Notify: igfxcui - igfxdev.dll

Hosts: 192.168.0.14 csccay1.calyxpds.com

Hosts: 192.168.0.14 csccay2.calyxpds.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\lt\appdata\roaming\mozilla\firefox\profiles\wsdw1c87.default\

FF - prefs.js: browser.startup.homepage - www.google.com

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

FF - plugin: c:\progra~1\micros~1\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~1\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\np_IEGetPlugin.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npsview.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\users\lt\appdata\local\google\update\1.3.21.65\npGoogleUpdate3.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2010-11-8 43928]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]

R2 MSSQL$EMMSDE;SQL Server (EMMSDE);c:\program files\microsoft sql server\emmsde\mssql.1\mssql\binn\sqlservr.exe [2006-4-14 28933976]

R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\nitro pdf\professional\NitroPDFDriverService.exe [2009-9-15 188736]

R2 NitroExpressDriverReadSpool;NitroPDFExpressDriverCreatorReadSpool;c:\program files\nitro pdf\express\NitroPDFExpressDriverService.exe [2009-12-15 196912]

R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2009-12-15 65840]

R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-1-27 2253688]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134480]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 21968]

R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

R3 PMObserv;PMObserv;c:\windows\system32\PMObserv.exe [2009-12-16 245907]

R3 VIACRX86;VIACRX86;c:\windows\system32\drivers\viacr.sys [2009-12-11 59392]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]

R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]

R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-7-13 20480]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 srv1204;srv1204;c:\windows\system32\svchost.exe -k netsvcs [2009-7-13 20992]

S2 srv1688;srv1688;c:\windows\system32\svchost.exe -k netsvcs [2009-7-13 20992]

S2 srvA00;srvA00;c:\windows\system32\svchost.exe -k netsvcs [2009-7-13 20992]

S2 srvF10;srvF10;c:\windows\system32\svchost.exe -k netsvcs [2009-7-13 20992]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-8-16 41272]

S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2010-3-12 30576]

S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2009-7-13 20992]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]

S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files\microsoft visual studio 10.0\team tools\performance tools\VSPerfDrv100.sys [2009-12-8 48128]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-22 47128]

S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]

S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]

.

=============== Created Last 30 ================

.

2011-08-17 00:46:48 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-08-17 00:46:40 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-13 13:25:40 -------- d-----w- c:\users\lt\appdata\roaming\DocumentsToGoDesktop

2011-08-13 13:25:27 -------- d-----w- c:\program files\Documents To Go Desktop

2011-08-13 01:27:59 -------- d-----w- c:\program files\iTunes

2011-08-13 01:27:59 -------- d-----w- c:\program files\iPod

2011-08-13 01:25:08 -------- d-----w- c:\program files\Bonjour

2011-08-07 19:07:06 -------- d-----w- c:\programdata\STOPzilla!

2011-08-07 14:26:50 -------- d-sh--w- C:\found.000

2011-08-07 03:55:44 -------- d-----w- c:\program files\PCSafeDoctor

2011-08-05 20:37:14 -------- d-----w- c:\program files\PC Tools Security

2011-08-05 20:35:54 -------- d-----w- c:\programdata\PC Tools

2011-08-05 15:48:23 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE2

2011-08-04 19:25:33 -------- d-----w- c:\users\lt\appdata\roaming\DiskAid

2011-07-25 12:53:47 -------- d-----w- C:\Credit-Aid_PRO_500

.

==================== Find3M ====================

.

2011-08-15 20:00:08 72080 ----a-w- c:\users\lt\g2mdlhlpx.exe

2011-07-12 15:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-07-12 15:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll

.

============= FINISH: 8:04:33.07 ===============

Link to post
Share on other sites

ComboFix 11-08-23.06 - LT 08/23/2011 22:17:57.1.2 - x86

Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3037.1186 [GMT -4:00]

Running from: c:\users\LT\Downloads\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\0wrck860apy1s6

c:\users\LT\AppData\Local\{6D35AE79-C3D3-4DBC-B4B9-4307EFD93B86}

c:\users\LT\AppData\Local\{6D35AE79-C3D3-4DBC-B4B9-4307EFD93B86}\chrome.manifest

c:\users\LT\AppData\Local\{6D35AE79-C3D3-4DBC-B4B9-4307EFD93B86}\chrome\content\_cfg.js

c:\users\LT\AppData\Local\{6D35AE79-C3D3-4DBC-B4B9-4307EFD93B86}\chrome\content\overlay.xul

c:\users\LT\AppData\Local\{6D35AE79-C3D3-4DBC-B4B9-4307EFD93B86}\install.rdf

c:\users\LT\AppData\Local\0wrck860apy1s6

c:\users\LT\AppData\Local\Temp\Adobelm_Cleanup.0001.dir.0002\~de7b92.tmp

c:\users\LT\AppData\Local\Temp\Adobelm_Cleanup.0001.dir.0002\~df394b.tmp

c:\users\LT\AppData\Local\Temp\Adobelm_Cleanup.0001.dir.0003\~df394b.tmp

c:\users\LT\AppData\Roaming\Microsoft\Windows\Templates\0wrck860apy1s6

c:\users\LT\g2ax_customer_downloadhelper_win32_x86.exe

c:\users\LT\g2mdlhlpx.exe

c:\users\LT\GoToAssistDownloadHelper.exe

c:\windows\iun6002.exe

c:\windows\jestertb.dll

c:\windows\system32\comct332.ocx

c:\windows\system32\Memman.vxd

c:\windows\system32\skinboxer43.dll

.

.

((((((((((((((((((((((((( Files Created from 2011-07-24 to 2011-08-24 )))))))))))))))))))))))))))))))

.

.

2011-08-24 02:24 . 2011-08-24 02:24 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-08-24 02:07 . 2011-08-24 02:07 -------- d-----w- c:\users\LT\AppData\Roaming\Sammsoft

2011-08-24 02:07 . 2011-08-24 02:07 -------- d-----w- c:\program files\ARO 2011

2011-08-24 02:06 . 2011-08-24 02:07 -------- d-----w- c:\program files\Ask.com

2011-08-17 00:46 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-08-17 00:46 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-13 13:25 . 2011-08-13 13:28 -------- d-----w- c:\users\LT\AppData\Roaming\DocumentsToGoDesktop

2011-08-13 13:25 . 2011-08-13 13:25 -------- d-----w- c:\program files\Documents To Go Desktop

2011-08-13 01:27 . 2011-08-13 01:28 -------- d-----w- c:\program files\iTunes

2011-08-13 01:27 . 2011-08-13 01:27 -------- d-----w- c:\program files\iPod

2011-08-13 01:25 . 2011-08-13 01:25 -------- d-----w- c:\program files\Bonjour

2011-08-13 01:23 . 2011-08-13 01:23 -------- d-----w- c:\program files\Apple Software Update

2011-08-07 19:07 . 2011-08-12 23:23 -------- d-----w- c:\programdata\STOPzilla!

2011-08-07 14:26 . 2011-08-07 14:26 -------- d-----w- C:\found.000

2011-08-07 14:01 . 2011-08-07 14:02 -------- d-----w- c:\users\LT1

2011-08-07 03:55 . 2011-08-19 13:49 -------- d-----w- c:\program files\PCSafeDoctor

2011-08-05 20:37 . 2011-08-12 23:38 -------- d-----w- c:\program files\PC Tools Security

2011-08-05 20:35 . 2011-08-12 23:26 -------- d-----w- c:\programdata\PC Tools

2011-08-05 15:48 . 2011-08-05 15:48 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE2

2011-08-04 19:25 . 2011-08-04 19:32 -------- d-----w- c:\users\LT\AppData\Roaming\DiskAid

2011-07-25 12:53 . 2011-08-03 19:34 -------- d-----w- C:\Credit-Aid_PRO_500

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-12 15:20 . 2011-07-12 15:20 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-07-12 15:20 . 2011-07-12 15:20 73064 ----a-w- c:\windows\system32\dnssd.dll

2011-04-14 16:26 . 2011-05-10 02:09 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2011-07-30 02:05 1515688 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-07-30 1515688]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-07-30 1515688]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- c:\users\LT\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- c:\users\LT\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- c:\users\LT\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AROReminder"="c:\program files\ARO 2011\ARO.exe" [2011-01-25 2312048]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-04-18 2334560]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]

"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-07-30 887976]

.

c:\users\LT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-29 227712]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"TaskbarNoThumbnail"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RkHit.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\srv1204]

@="service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\srv1688]

@="service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\srvA00]

@="service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\srvF10]

@="service"

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk

backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk

backup=c:\windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DigiScan.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\DigiScan.lnk

backup=c:\windows\pss\DigiScan.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk

backup=c:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^Users^LT^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Automotix.lnk]

path=c:\users\LT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Automotix.lnk

backup=c:\windows\pss\Automotix.lnk.Startup

backupExtension=.Startup

.

[HKLM\~\startupfolder\C:^Users^LT^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^No-IP DUC.lnk]

path=c:\users\LT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\No-IP DUC.lnk

backup=c:\windows\pss\No-IP DUC.lnk.Startup

backupExtension=.Startup

.

[HKLM\~\startupfolder\C:^Users^LT^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]

path=c:\users\LT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk

backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup

backupExtension=.Startup

.

[HKLM\~\startupfolder\C:^Users^LT^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Pandora.lnk]

path=c:\users\LT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Pandora.lnk

backup=c:\windows\pss\Pandora.lnk.Startup

backupExtension=.Startup

.

[HKLM\~\startupfolder\C:^Users^LT^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Trillian.lnk]

path=c:\users\LT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk

backup=c:\windows\pss\Trillian.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]

2008-04-23 07:08 483328 ----a-w- c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]

2010-04-09 20:54 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]

2010-10-27 09:00 1015808 ----a-w- c:\program files\Ares\Ares.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_TRAY]

2011-04-18 21:40 2334560 ----a-w- c:\program files\AVG\AVG10\avgtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]

2010-03-13 19:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]

2009-07-18 01:57 4562944 ----a-w- c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2011-04-03 02:58 136176 ----atw- c:\users\LT\AppData\Local\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2009-07-24 21:04 174104 ----a-w- c:\windows\System32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2009-07-24 21:04 141848 ----a-w- c:\windows\System32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intuit SyncManager]

2010-01-27 01:04 1337608 ----a-w- c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-07-19 22:29 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JobHisInit]

2007-08-30 20:08 229481 ----a-w- c:\program files\RDS\RMClient\JobHisInit.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]

2010-03-12 22:41 119152 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MplSetUp]

2007-08-30 20:30 49254 ----a-w- c:\program files\RDS\RMClient\MplSetUp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2009-07-24 21:04 151064 ----a-w- c:\windows\System32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]

2011-05-10 02:25 107000 ----a-w- c:\program files\Siber Systems\AI RoboForm\robotaskbaricon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartAudio]

2009-07-16 03:38 307768 ------w- c:\program files\CONEXANT\SAII\SAIICpl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

2009-03-05 20:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-10-29 18:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 srv1204;srv1204;c:\windows\system32\svchost.exe [2009-07-14 20992]

R2 srv1688;srv1688;c:\windows\system32\svchost.exe [2009-07-14 20992]

R2 srvA00;srvA00;c:\windows\system32\svchost.exe [2009-07-14 20992]

R2 srvF10;srvF10;c:\windows\system32\svchost.exe [2009-07-14 20992]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-07-06 41272]

R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-03-12 30576]

R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 20992]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]

R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys [2009-12-09 48128]

R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]

R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 20480]

R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-23 47128]

R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]

R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]

S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 22992]

S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-03-16 32592]

S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-01-07 248656]

S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-04-05 297168]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2010-11-08 43928]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-04-18 7398752]

S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]

S2 MSSQL$EMMSDE;SQL Server (EMMSDE);c:\program files\Microsoft SQL Server\EMMSDE\MSSQL.1\MSSQL\Binn\sqlservr.exe [2006-04-14 28933976]

S2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Nitro PDF\Professional\NitroPDFDriverService.exe [2009-09-15 188736]

S2 NitroExpressDriverReadSpool;NitroPDFExpressDriverCreatorReadSpool;c:\program files\Nitro PDF\Express\NitroPDFExpressDriverService.exe [2009-12-15 196912]

S2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2009-12-15 65840]

S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-01-27 2253688]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-04-15 134480]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 24144]

S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-02-10 21968]

S3 PMObserv;PMObserv;c:\windows\system32\PMObserv.exe [2008-01-29 245907]

S3 VIACRX86;VIACRX86;c:\windows\system32\DRIVERS\viacr.sys [2009-07-14 59392]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

getPlusHelper REG_MULTI_SZ getPlusHelper

nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

srv1688

.

Contents of the 'Scheduled Tasks' folder

.

2011-08-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3135763327-1407142028-3644316689-1000Core.job

- c:\users\LT\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-03 02:58]

.

2011-08-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3135763327-1407142028-3644316689-1000UA.job

- c:\users\LT\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-03 02:58]

.

2011-08-24 c:\windows\Tasks\JSUHEEJZ.job

- c:\windows\system32\FXSRESM1.dll [2011-02-01 15:19]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000

IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

IE: Se&nd to OneNote - /105

Trusted Zone: caldirectsecuredocs.com\www

Trusted Zone: com\pennwest-edocs

Trusted Zone: ditechsecuredocs.com\www

Trusted Zone: ditechsecuredocs.net\www

Trusted Zone: docmagic.com\www

Trusted Zone: elynx.net\ctest

Trusted Zone: elynx.net\forms

Trusted Zone: elynx.net\gmacforms

Trusted Zone: elynx.net\pro

Trusted Zone: elynx.net\secure

Trusted Zone: elynx.net\usign

Trusted Zone: elynx.net\webpost

Trusted Zone: gmacmsecuredocs.com\www

Trusted Zone: gmacmsecuredocs.net\www

Trusted Zone: gmamcsecuredocs.com\www

Trusted Zone: ss3.swiftsend.com\loandocs

Trusted Zone: swiftsend.com\docs

Trusted Zone: swiftsend.com\loandocs

Trusted Zone: swiftsend2.com\docs

Trusted Zone: swiftsend2.com\loandocs

Trusted Zone: swiftview.com\www

Trusted Zone: wamuloandocs.com\www

TCP: Interfaces\{0239A50C-3B56-426E-9404-24A52B239DBA}: NameServer = 4.2.2.2

TCP: Interfaces\{8A087DC4-6277-43DD-9B80-3585B70BA632}: NameServer = 4.2.2.2

DPF: {108D3206-846A-4A93-BACB-F0572D043ED7} - hxxp://69.3.34.26:81/webrec.cab

DPF: {62415890-4985-0825-2508-23487C2A845F} - hxxp://58.251.42.227:82/en/cab/ipcamera.cab

DPF: {7DD62E58-5FA8-11D2-AFB7-00104B64F127} - hxxp://www.swiftview.com/product/public/svinstall.exe

DPF: {944713E8-1F29-42D9-ABD5-557728B9AC97} - hxxps://ilnet.wellsfargo.com/ilonline/clickloan/ptclickloanwf.cab

DPF: {CBF95A06-D408-46E3-8077-37E5B098EB84} - hxxps://ilnet.wellsfargo.com/ilonline/clickloan/enclickloanwf.cab

FF - ProfilePath - c:\users\LT\AppData\Roaming\Mozilla\Firefox\Profiles\wsdw1c87.default\

FF - prefs.js: browser.startup.homepage - www.google.com

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

.

- - - - ORPHANS REMOVED - - - -

.

HKCU-Run-CardScan AutoSync - (no file)

HKCU-Run-AdobeBridge - (no file)

Notify-GoToAssist - c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll

SafeBoot-35259109.sys

MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

MSConfigStartUp-DPSRestoreLauncher - c:\program files\DigitalLifeboat\Data Protection Service\DPS.RestoreLauncher.exe

MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

MSConfigStartUp-ISTray - c:\program files\PC Tools Security\pctsGui.exe

MSConfigStartUp-Malwarebytes' Anti-Malware - c:\program files\Malwarebytes' Anti-Malware2\mbamgui.exe

MSConfigStartUp-Malwarebytes' Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware2\mbam.exe

MSConfigStartUp-YouSendIt - c:\program files\YouSendIt\Express\YouSendIt.exe

AddRemove-WYSIWYG_Web_Builder_6 - c:\windows\iun6002.exe

AddRemove-WYSIWYG_Web_Builder_7 - c:\windows\iun6002.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\services\srv1204]

"servicedll"="\\?\globalroot\Device\HarddiskVolume2\Windows\Temp\srv1204.tmp"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\services\srv1688]

"servicedll"="\\?\globalroot\Device\HarddiskVolume2\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\srv1688.tmp"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\services\srvA00]

"servicedll"="\\?\globalroot\Device\HarddiskVolume2\Windows\Temp\srvA00.tmp"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\services\srvF10]

"servicedll"="\\?\globalroot\Device\HarddiskVolume2\Windows\Temp\srvF10.tmp"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(672)

c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

.

- - - - - - - > 'Explorer.exe'(4612)

c:\users\LT\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

c:\program files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

c:\progra~1\SPYBOT~1\SDHelper.dll

c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

.

------------------------ Other Running Processes ------------------------

.

c:\progra~1\AVG\AVG10\avgchsvx.exe

c:\program files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE

c:\windows\system32\WLANExt.exe

c:\windows\system32\conhost.exe

c:\program files\Dell\Dell Wireless WLAN Card\bcmwltry.exe

c:\windows\system32\rundll32.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\windows\system32\ASTSRV.EXE

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Microsoft LifeCam\MSCamS32.exe

c:\program files\Blaze Media Pro\NMSAccess32.exe

c:\program files\AVG\AVG10\avgnsx.exe

c:\program files\Common Files\Protexis\License Service\PsiService_2.exe

c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe

c:\program files\TeamViewer\Version6\TeamViewer.exe

c:\windows\system32\taskhost.exe

c:\windows\system32\conhost.exe

c:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\system32\sppsvc.exe

c:\progra~1\AVG\AVG10\avgrsx.exe

c:\program files\AVG\AVG10\avgcsrvx.exe

.

**************************************************************************

.

Completion time: 2011-08-23 23:34:29 - machine was rebooted

ComboFix-quarantined-files.txt 2011-08-24 03:34

.

Pre-Run: 306,540,032,000 bytes free

Post-Run: 308,697,972,736 bytes free

.

- - End Of File - - 1FBD5448F0696F33D28D862096F70566

Link to post
Share on other sites

  • Staff

Hi,

I see the Ask Toolbar in your log.

I strongly recommend you remove Ask Toolbar from your computer because:

  • It promotes its toolbars on sites targeted at kids.
  • It promotes its toolbars through ads that appear to be part of other companies' sites.
  • It promotes its toolbars through other companies' spyware.
  • It is Installed without any disclosure whatsoever and without any consent from the user whatsoever.
  • It Solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.
  • It makes confusing changes to user's browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit.

You can read more about Ask.com here

To remove it:

Click Start-->Control Panel-->Programs and Features

Click on the program name AskBarDis and/or Ask Toolbar to highlight it

From the menu at the top, select Uninstall or Remove.

Please reboot the computer.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

  • 2 weeks later...
  • 1 month later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.