Jump to content

After a rootkit piece of malware,


Recommended Posts

In fighting a piece of rootkit malware I ran a few many virus scans a few weeks back, to no avail. Today I ended up running combo, which worked great, got rid of it finally. But now the internet doesn't work on said computer. I don't have a malwarebytes scan because it never did find anything, but I have the combo log and what I've tried these past... oh 12 hours now the joy of 4am...

I have rebooted it, run winsockfix, looked at it with lspfix, re-attained the drivers for the network adapters from the manufacturer, disabled and re-enabled adapters in network management, uninstalled and re installed (search for new hardware) the adapters, looked at the properties, config, and status of the adapters, run netsh restart and similar, and combinations and many restarts and here I am appealing to those of higher skill than I in the matter. Sleep time, thanks for your time.

ComboFix 11-10-18.04 - Caseycc 10/18/2011 22:47:50.1.2 - x86 MINIMAL

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3071.2147 [GMT -6:00]

Running from: c:\users\Caseycc\Desktop\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

c:\windows\{2521BB91-29B1-4d7e-9137-AC9875D77735}

c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb

c:\windows\XSxS

D:\install.exe

.

c:\program files\SUPERAntiSpyware\SASCORE.EXE . . . is infected!!

c:\program files\SUPERAntiSpyware\SASCORE.EXE . . . was deleted!! You should re-install the program it pertains to

.

Infected copy of c:\windows\system32\AEADISRV.EXE was found and disinfected

Restored copy from - c:\windows\System32\DriverStore\FileRepository\adihdaud.inf_x86_neutral_d3f53446d4286aed\AEADISRV.EXE

.

Infected copy of c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe was found and disinfected

Restored copy from - c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

.

c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe . . . is infected!!

c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe . . . was deleted!! You should re-install the program it pertains to

.

c:\program files\Intel\WiFi\bin\EvtEng.exe . . . is infected!!

c:\program files\Intel\WiFi\bin\EvtEng.exe . . . was deleted!! You should re-install the program it pertains to

.

c:\program files\LogMeIn Hamachi\hamachi-2.exe . . . is infected!!

c:\program files\LogMeIn Hamachi\hamachi-2.exe . . . was deleted!! You should re-install the program it pertains to

.

c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe . . . is infected!!

c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe . . . was deleted!! You should re-install the program it pertains to

.

c:\program files\Motorola\MotoHelper\MotoHelperService.exe . . . is infected!!

c:\program files\Motorola\MotoHelper\MotoHelperService.exe . . . was deleted!! You should re-install the program it pertains to

.

c:\program files\Microsoft LifeCam\MSCamS32.exe . . . is infected!!

c:\program files\Microsoft LifeCam\MSCamS32.exe . . . was deleted!! You should re-install the program it pertains to

.

c:\windows\system32\nvvsvc.exe . . . is infected!!

c:\windows\system32\nvvsvc.exe . . . was deleted!! You should re-install the program it pertains to

.

c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe . . . is infected!!

c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe . . . was deleted!! You should re-install the program it pertains to

.

c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe . . . is infected!!

c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe . . . was deleted!! You should re-install the program it pertains to

.

c:\program files\TeamViewer\Version6\TeamViewer_Service.exe . . . is infected!!

c:\program files\TeamViewer\Version6\TeamViewer_Service.exe . . . was deleted!! You should re-install the program it pertains to

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_e316ad30

.

.

((((((((((((((((((((((((( Files Created from 2011-09-19 to 2011-10-19 )))))))))))))))))))))))))))))))

.

.

2011-10-19 05:11 . 2011-10-19 05:16 -------- d-----w- c:\users\Caseycc\AppData\Local\temp

2011-10-19 05:11 . 2011-10-19 05:11 -------- d-----w- c:\users\mysql\AppData\Local\temp

2011-10-19 05:11 . 2011-10-19 05:11 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-10-18 23:22 . 2011-10-18 23:24 -------- d-----w- c:\users\Caseycc\AppData\Local\LogMeIn Hamachi

2011-10-18 23:11 . 2011-10-18 23:11 -------- d-----w- c:\users\Caseycc\AppData\Local\LogMeIn Hamachi - Copy

2011-10-18 15:27 . 2011-10-18 15:27 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0BFFFE8C-CBF4-4A55-BF4F-9BE781AC605A}\offreg.dll

2011-10-18 04:04 . 2011-10-18 04:04 -------- d-----w- c:\program files\Paradox Interactive

2011-10-18 01:57 . 2011-10-18 01:57 -------- d-----w- c:\windows\system32\SPReview

2011-10-18 01:55 . 2011-10-18 01:55 -------- d-----w- c:\windows\system32\EventProviders

2011-10-18 01:54 . 2011-09-21 15:00 7269712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0BFFFE8C-CBF4-4A55-BF4F-9BE781AC605A}\mpengine.dll

2011-10-18 01:32 . 2011-10-18 01:32 -------- d-----w- C:\fa6eb41e7436ee1aac95d5

2011-10-18 00:42 . 2010-11-20 12:18 1555456 ----a-w- c:\windows\system32\certmgr.dll

2011-10-18 00:41 . 2010-11-20 12:21 541184 ----a-w- c:\windows\system32\WMVSDECD.DLL

2011-10-18 00:40 . 2010-11-20 12:18 323072 ----a-w- c:\windows\system32\drvstore.dll

2011-10-18 00:40 . 2010-11-20 12:18 257024 ----a-w- c:\windows\system32\dpx.dll

2011-10-18 00:35 . 2011-09-06 02:28 2334720 ----a-w- c:\windows\system32\win32k.sys

2011-10-18 00:09 . 2011-10-18 00:09 -------- d-sh--w- c:\windows\system32\%APPDATA%

2011-10-10 22:13 . 2011-10-10 22:13 -------- d-----w- c:\users\Caseycc\AppData\Local\Zachtronics Industries

2011-10-10 15:44 . 2011-10-10 15:44 -------- d-----w- c:\program files\BYOND

2011-10-09 23:32 . 2011-10-09 23:47 -------- d-----w- c:\users\Caseycc\AppData\Roaming\.minecraft

2011-10-09 23:28 . 2011-10-09 23:30 -------- d-----w- c:\users\Caseycc\AppData\Roaming\.minecraft - 1.9

2011-10-07 13:19 . 2011-10-16 04:18 -------- d-----w- c:\program files\Electronic Arts

2011-10-07 05:18 . 2011-10-07 05:20 -------- d-----w- c:\users\Caseycc\AppData\Local\Trapped Dead

2011-10-07 05:18 . 2011-10-07 05:18 -------- d-----w- c:\users\Caseycc\AppData\Local\CrashRpt

2011-10-05 23:00 . 2011-10-05 23:22 -------- d-----w- c:\program files\Patrician IV

2011-10-03 20:30 . 2011-10-09 23:32 -------- d-----w- c:\users\Caseycc\AppData\Roaming\.minecraft - Copy

2011-10-01 00:53 . 2011-10-01 00:53 -------- d-----w- c:\users\Caseycc\AppData\Roaming\Prism

2011-10-01 00:53 . 2011-10-01 00:53 -------- d-----w- c:\users\Caseycc\AppData\Local\Prism

2011-09-26 22:48 . 2011-09-27 12:37 -------- d-----w- c:\program files\AVWW

2011-09-25 21:35 . 2011-10-18 00:04 48016 --sha-w- c:\windows\system32\c_82453.nl_

2011-09-25 21:15 . 2011-09-25 21:15 -------- d-----w- c:\users\Caseycc\AppData\Roaming\SUPERAntiSpyware.com

2011-09-25 21:15 . 2011-10-19 05:07 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-09-25 21:15 . 2011-09-25 21:15 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2011-09-25 20:00 . 2011-09-25 20:00 -------- d--h--w- c:\programdata\Common Files

2011-09-25 20:00 . 2011-09-25 21:27 -------- d-----w- c:\programdata\MFAData

2011-09-25 17:21 . 2011-06-21 04:09 200976 ----a-w- c:\windows\system32\drivers\tmcomm.sys

2011-09-24 12:57 . 2011-06-13 22:32 3981816 ----a-w- c:\windows\system32\GameMon.des

2011-09-24 12:55 . 2005-01-02 21:43 4682 ----a-w- c:\windows\system32\npptNT2.sys

2011-09-24 12:55 . 2003-07-19 06:17 5174 ----a-w- c:\windows\system32\nppt9x.vxd

2011-09-24 12:53 . 2011-09-24 12:53 -------- d-----w- c:\program files\Common Files\INCA Shared

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-19 00:14 . 2009-07-13 23:53 36352 ----a-w- c:\windows\system32\drivers\netbios.sys

2011-10-18 05:46 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll

2011-10-18 02:23 . 2011-01-25 20:01 2480064 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll

2011-08-29 19:55 . 2011-06-30 23:25 444952 ----a-w- c:\windows\system32\wrap_oal.dll

2011-08-29 19:55 . 2011-06-30 23:25 109080 ----a-w- c:\windows\system32\OpenAL32.dll

2011-08-15 16:35 . 2011-08-15 16:35 52736 ----a-w- c:\windows\ipuninst.exe

2011-07-26 15:31 . 2011-07-26 15:31 53248 ----a-r- c:\users\Caseycc\AppData\Roaming\Microsoft\Installer\{41EE7FB7-9CED-42FD-8FB8-72E3B6E2B480}\_DE312BB18161_4886_99BE_9DC71557DBD0.exe

2011-05-05 14:39 . 2011-03-29 21:42 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]

@="{C5994560-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]

2010-04-24 02:50 66312 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]

@="{C5994561-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]

2010-04-24 02:50 66312 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]

@="{C5994562-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]

2010-04-24 02:50 66312 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]

@="{C5994563-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]

2010-04-24 02:50 66312 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]

@="{C5994564-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]

2010-04-24 02:50 66312 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]

@="{C5994565-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]

2010-04-24 02:50 66312 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]

@="{C5994566-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]

2010-04-24 02:50 66312 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]

@="{C5994567-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]

2010-04-24 02:50 66312 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]

@="{C5994568-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]

2010-04-24 02:50 66312 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-27 15026056]

"Steam"="c:\program files\Steam\steam.exe" [2011-08-02 1242448]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-11 287800]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-02-22 1183744]

"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-15 1955208]

.

c:\users\Caseycc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

RivaTuner.lnk - c:\program files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe [2009-8-22 24576]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-03-30 17:29 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-01-30 15:45 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]

2010-03-13 22:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2011-01-20 09:20 1305408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2011-09-26 00:58 136176 ----atw- c:\users\Caseycc\AppData\Local\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2009-11-18 23:13 54576 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]

2010-12-13 21:37 135536 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]

2011-08-15 22:18 1955208 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-10-29 21:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

2011-08-12 21:37 4603264 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

.

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-02-12 717296]

R1 sgarelno;sgarelno;c:\windows\system32\drivers\sgarelno.sys [x]

R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [x]

R2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [x]

R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]

R3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [2009-12-18 11336]

R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]

R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-07-15 14216]

R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-07-15 8456]

R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena Classic\safedrv.sys [x]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]

R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [2009-07-10 25856]

R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]

R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]

R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys [2011-01-18 54144]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-12 1343400]

R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]

R3 XDva346;XDva346;c:\windows\system32\XDva346.sys [x]

R4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]

R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-23 47128]

R4 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2011-06-13 3981816]

R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]

R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]

R4 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-02-12 218688]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2009-06-10 66384]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2010-07-16 26168]

S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]

S3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-12-04 625224]

S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 45736]

S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-12-13 30576]

S3 NETwLv32; Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETwLv32.sys [2010-10-07 6639616]

S3 RICOH SmartCard Reader;RICOH SmartCard Reader;c:\windows\system32\DRIVERS\rismc32.sys [2006-10-03 47488]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPService REG_MULTI_SZ HPSLPSVC

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HsfXAudioService REG_MULTI_SZ HsfXAudioService

.

Contents of the 'Scheduled Tasks' folder

.

2011-10-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3113634881-2101703135-2998492111-1000Core.job

- c:\users\Caseycc\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-26 00:58]

.

2011-10-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3113634881-2101703135-2998492111-1000UA.job

- c:\users\Caseycc\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-26 00:58]

.

.

------- Supplementary Scan -------

.

uStart Page = about:blank

uInternet Settings,ProxyOverride = local;192.168.*.*

IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 64.251.173.40 64.251.191.5

FF - ProfilePath - c:\users\Caseycc\AppData\Roaming\Mozilla\Firefox\Profiles\iza324kl.default\

.

- - - - ORPHANS REMOVED - - - -

.

MSConfigStartUp-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe

AddRemove-1602 A.D - c:\program files\1602 A.D. 2\Uninst.isu

AddRemove-Axis and Allies - c:\program files\Hasbro Interactive\Axis and Allies\Uninst.isu

AddRemove-LostSagaUS - c:\program files\OGPlanet\LostSaga\uninstall.exe

AddRemove-M.A.X. 1 and 2_is1 - c:\program files\GOG.com\MAX 1 and 2\unins000.exe

AddRemove-Nintendo DS Emulator - c:\program files\Daniel Corp\Nintendo DS Emulator\Uninstall.exe

AddRemove-OGPlanet Game Launcher US - c:\program files\OGPlanet\USLauncher\uninst.exe

AddRemove-Orcs Must Die!_is1 - c:\program files\Robot Entertainment\Orcs Must Die!\unins000.exe

AddRemove-Revenge of the Titans - c:\program files\Revenge of the Titans\uninstall.exe

AddRemove-Shogun Total War - Warlord Edition - d:\tempdata\Total War\Shogun - Total War - Warlord Edition\Uninst.isu

AddRemove-Starscape_is1 - c:\program files\Starscape\unins000.exe

AddRemove-War! Age of Imperialism 1.0 - c:\program files\war-aoi\UninstallerData\Uninstall war.exe

AddRemove-UnityWebPlayer - c:\users\Caseycc\AppData\Local\Unity\WebPlayer\Uninstall.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.cdrom]

"ImagePath"="\*"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3113634881-2101703135-2998492111-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-3113634881-2101703135-2998492111-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(2200)

c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

c:\program files\TortoiseSVN\bin\TortoiseStub.dll

c:\program files\TortoiseSVN\bin\TortoiseSVN.dll

c:\program files\TortoiseSVN\bin\intl3_tsvn.dll

c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\WLANExt.exe

c:\windows\system32\conhost.exe

c:\windows\system32\AEADISRV.EXE

c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe

c:\windows\system32\conhost.exe

c:\program files\Synaptics\SynTP\SynTPHelper.exe

c:\program files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe

c:\program files\TortoiseSVN\bin\TSVNCache.exe

c:\program files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe

c:\users\Caseycc\AppData\Local\Microsoft\Windows Sidebar\Gadgets\GPUMonitor[1].gadget\GPUMonitor.exe

c:\windows\system32\sppsvc.exe

.

**************************************************************************

.

Completion time: 2011-10-18 23:24:10 - machine was rebooted

ComboFix-quarantined-files.txt 2011-10-19 05:24

.

Pre-Run: 5,727,764,480 bytes free

Post-Run: 13,674,397,696 bytes free

.

- - End Of File - - 07BE4FC28BB460C4921A152760EBDDB3

Oh, the error I get from the adapter upon its troubleshoot is that "Windows can not automatically detect the networks proxy settings". I've tried to manually put in similar settings to this computer on the same network (with a different given ip address).

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.