johnnyvan Posted November 10, 2011 ID:493345 Share Posted November 10, 2011 Hello,I thought I was rid of a bug that hid my programs and redirected searches. But Now I'm getting redirects again and an unknown internet radio source. Attached are the requested DDS logs.thanks,John.DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_22Run by John at 5:31:58 on 2011-11-10Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3765.1317 [GMT -8:00].AV: Sunbelt VIPRE *Enabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Sunbelt VIPRE *Enabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedc:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exeC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Program Files\Dell\DellDock\DockLogin.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\WLANExt.exeC:\Windows\system32\conhost.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files (x86)\Bonjour\mDNSResponder.exec:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exeC:\Program Files\Intel\WiFi\bin\EvtEng.exeC:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exeC:\Windows\system32\spool\DRIVERS\x64\3\lxebserv.exeC:\Windows\system32\lxebcoms.exeC:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exec:\Program Files\Microsoft SQL Server\MSSQL10.ADCENTERDESKTOP\MSSQL\Binn\sqlservr.exeC:\Windows\system32\DRIVERS\o2flash.exeC:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exeC:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMSvc.exeC:\Program Files (x86)\Sunbelt Software\VIPRE\SBPIMSvc.exeC:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exeC:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXEC:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXEc:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\wbem\unsecapp.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\svchost.exe -k bthsvcsC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXEC:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXEC:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\IDT\WDM\sttray64.exeC:\Windows\System32\igfxtray.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exeC:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exeC:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exeC:\Program Files\Synaptics\SynTP\SynTPHelper.exeC:\Program Files (x86)\Invention Pilot\Speed Typing\STyping.exeC:\Program Files (x86)\TechSmith\Jing\Jing.exeC:\Program Files (x86)\TimeLeft3\TimeLeft.exeC:\Program Files (x86)\OpenOffice.org 3\program\soffice.exeC:\Program Files (x86)\OpenOffice.org 3\program\soffice.binC:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exeC:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exeC:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exeC:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exeC:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exeC:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exeC:\Windows\system32\wbem\unsecapp.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMTray.exeC:\Program Files (x86)\Memeo\Memeo Send\MemeoSend.exeC:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files\iPod\bin\iPodService.exeC:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exeC:\Program Files (x86)\Memeo\AutoBackup\MemeoUpdater.exeC:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exeC:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exeC:\Windows\system32\wuauclt.exeC:\Program Files (x86)\Microsoft\BingBar\BingBar.exeC:\Program Files (x86)\Microsoft\BingBar\BingApp.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exeC:\Windows\system32\taskhost.exeC:\Users\John\Desktop\Legal\AutoWebLaw\awlSP4.exeC:\Program Files (x86)\Stephen Hawkins\SEOLinkRobotPro\fastindexer.exeC:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\firefox.exeC:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugin-container.exeC:\Windows\system32\REGSVR32.exeC:\Windows\SysWOW64\cmd.exeC:\Windows\system32\conhost.exeC:\Windows\SysWOW64\cscript.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://google.com/uInternet Settings,ProxyServer = 171.66.3.181:3128uInternet Settings,ProxyOverride = <local>;*.localBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: FAIESSOHelper Class: {a2f122da-055f-4df7-8f24-7354dbdba85b} - c:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dllBHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllBHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLLBHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllTB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No FileuRun: [speed Typing] "C:\Program Files (x86)\Invention Pilot\Speed Typing\STyping.exe"uRun: [Jing] C:\Program Files (x86)\TechSmith\Jing\Jing.exemRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /mmRun: [FATrayAlert] c:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exemRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCentermRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exemRun: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_uimRun: [Memeo AutoSync] C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe --silentmRun: [Memeo Send] C:\Program Files (x86)\Memeo\Memeo Send\MemeoLauncher.exe --silentmRun: [seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_uimRun: [iolo Startup] "C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe"mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"mRun: [sBAMTray] "C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMTray.exe"mRun: [FAStartup] mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silentStartupFolder: C:\Users\John\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exeStartupFolder: C:\Users\John\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\TimeLeft.lnk - C:\Program Files (x86)\TimeLeft3\TimeLeft.exeStartupFolder: C:\Users\John\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\_uninst_.lnk - C:\Users\John\AppData\Local\Temp\_uninst_.batmPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)mPolicies-system: EnableLUA = 0 (0x0)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)mPolicies-system: PromptOnSecureDesktop = 0 (0x0)IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmIE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmIE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllIE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cabTCP: DhcpNameServer = 192.168.0.1TCP: Interfaces\{825E93D2-38BE-4C33-BDC1-753D8A9F7F60} : DhcpNameServer = 192.168.0.1TCP: Interfaces\{825E93D2-38BE-4C33-BDC1-753D8A9F7F60}\5534448435D27455543545 : DhcpNameServer = 68.87.76.182 68.87.78.134 8.8.8.8TCP: Interfaces\{825E93D2-38BE-4C33-BDC1-753D8A9F7F60}\564646F6E6E616 : DhcpNameServer = 192.168.1.2 68.94.156.1 68.94.157.1Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLLHandler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllNotify: FastAccess - c:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dllBHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO-X64: AcroIEHelperStub - No FileBHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO-X64: FAIESSOHelper Class: {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - c:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dllBHO-X64: FAIESSO Helper Object - No FileBHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllBHO-X64: SkypeIEPluginBHO - No FileBHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLLBHO-X64: URLRedirectionBHO - No FileBHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllTB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No FilemRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /mmRun-x64: [FATrayAlert] c:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exemRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2mRun-x64: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCentermRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exemRun-x64: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_uimRun-x64: [Memeo AutoSync] C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe --silentmRun-x64: [Memeo Send] C:\Program Files (x86)\Memeo\Memeo Send\MemeoLauncher.exe --silentmRun-x64: [seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_uimRun-x64: [iolo Startup] "C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe"mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"mRun-x64: [sBAMTray] "C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMTray.exe"mRun-x64: [FAStartup] mRunOnce-x64: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silentIE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm.================= FIREFOX ===================.FF - ProfilePath - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\1lze15yw.default\FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=FF - prefs.js: network.proxy.http - 211.222.202.109FF - prefs.js: network.proxy.http_port - 80FF - prefs.js: network.proxy.ssl - 72.44.82.146FF - prefs.js: network.proxy.ssl_port - 3128FF - prefs.js: network.proxy.type - 0FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLLFF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLLFF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dllFF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dllFF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllFF - plugin: C:\Users\John\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll.============= SERVICES / DRIVERS ===============.R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]R1 ElRawDisk;ElRawDisk;\??\C:\Windows\system32\drivers\ElRawDsk.sys --> C:\Windows\system32\drivers\ElRawDsk.sys [?]R1 SBRE;SBRE;C:\Windows\System32\drivers\SBREDrv.sys [2011-8-29 101720]R1 SbTis;SbTis;C:\Windows\system32\drivers\sbtis.sys --> C:\Windows\system32\drivers\sbtis.sys [?]R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2010-4-30 89600]R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]R2 FAService;FAService;C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe [2010-2-22 2409800]R2 ioloSystemService;iolo System Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2011-8-25 722616]R2 lxeb_device;lxeb_device;C:\Windows\system32\lxebcoms.exe -service --> C:\Windows\system32\lxebcoms.exe -service [?]R2 lxebCATSCustConnectService;lxebCATSCustConnectService;C:\Windows\System32\spool\DRIVERS\x64\3\lxebserv.exe [2011-5-9 45736]R2 MemeoBackgroundService;MemeoBackgroundService;C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-1-24 25824]R2 MSSQL$ADCENTERDESKTOP;SQL Server (ADCENTERDESKTOP);C:\Program Files\Microsoft SQL Server\MSSQL10.ADCENTERDESKTOP\MSSQL\Binn\sqlservr.exe [2009-3-30 57617752]R2 SBAMSvc;VIPRE Antivirus;C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMSvc.exe [2011-9-6 2804280]R2 sbapifs;sbapifs;C:\Windows\system32\DRIVERS\sbapifs.sys --> C:\Windows\system32\DRIVERS\sbapifs.sys [?]R2 SBPIMSvc;SB Recovery Service;C:\Program Files (x86)\Sunbelt Software\VIPRE\SBPIMSvc.exe [2011-9-6 181584]R2 SeagateDashboardService;Seagate Dashboard Service;C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-6-1 14088]R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-6-20 1692480]R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Acceler.sys --> C:\Windows\system32\DRIVERS\Acceler.sys [?]R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]R3 O2MDGRDR;O2MDGRDR;C:\Windows\system32\DRIVERS\o2mdgx64.sys --> C:\Windows\system32\DRIVERS\o2mdgx64.sys [?]R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-15 183560]S3 FACAP;facap, FastAccess Video Capture;C:\Windows\system32\DRIVERS\facap.sys --> C:\Windows\system32\DRIVERS\facap.sys [?]S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2009-9-21 315664]S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-3-30 61976]S4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys --> C:\Windows\system32\DRIVERS\RsFx0103.sys [?]S4 SQLAgent$ADCENTERDESKTOP;SQL Server Agent (ADCENTERDESKTOP);C:\Program Files\Microsoft SQL Server\MSSQL10.ADCENTERDESKTOP\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880].=============== File Associations ===============.JSEFile=NOTEPAD.EXE %1.=============== Created Last 30 ================.2011-11-10 13:10:32 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys2011-11-10 01:29:35 -------- d-----w- C:\Users\John\AppData\Roaming\YourLocalShorcut2011-11-10 01:29:30 -------- d-----w- C:\Program Files (x86)\ Your Local Shortcut2011-11-09 17:51:58 -------- d-sh--w- C:\$RECYCLE.BIN2011-11-09 15:38:13 98816 ----a-w- C:\Windows\sed.exe2011-11-09 15:38:13 518144 ----a-w- C:\Windows\SWREG.exe2011-11-09 15:38:13 256000 ----a-w- C:\Windows\PEV.exe2011-11-09 15:38:13 208896 ----a-w- C:\Windows\MBR.exe2011-11-09 15:37:03 -------- d-----w- C:\ComboFix2011-11-09 04:23:51 -------- d-----w- C:\ProgramData\Kaspersky Lab2011-11-04 20:46:04 -------- d-----w- C:\Program Files (x86)\Market Samurai2011-10-28 04:38:08 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys2011-10-28 04:38:08 265088 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys2011-10-28 04:38:08 144384 ----a-w- C:\Windows\System32\cdd.dll2011-10-25 18:38:07 -------- d-----w- C:\Program Files (x86)\KeywordBlueprint22011-10-24 02:23:53 -------- d-----w- C:\Program Files (x86)\Aruhat Technologies Pvt. Ltd2011-10-22 01:05:11 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll2011-10-22 01:04:48 4283672 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll2011-10-22 01:04:19 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll2011-10-21 19:34:27 -------- d-----w- C:\Users\John\AppData\Local\{2865715D-57F6-4183-B334-D5D5F0DCC203}2011-10-21 19:34:15 -------- d-----w- C:\Users\John\AppData\Local\{B9AAC002-5CE9-4226-81BA-E62FCBA3D5E3}2011-10-19 16:50:17 -------- d-----w- C:\Users\John\AppData\Roaming\CommissionBlueprint.KeywordBlueprint2.E611A7DFA7A14643DD636F3114ECD771F85A61E0.12011-10-14 14:40:33 -------- d-----w- C:\Users\John\AppData\Local\{62C2AE11-9588-4AB3-9A6F-FE6F66095388}2011-10-14 13:23:24 -------- d-----w- C:\Users\John\AppData\Local\{2D588960-01EB-4D40-8DA7-035C971A51E6}2011-10-14 13:22:08 -------- d-----w- C:\Users\John\AppData\Local\{B53D1843-D3DF-45B0-852A-EDC4214FF009}2011-10-14 13:21:56 -------- d-----w- C:\Users\John\AppData\Local\{4C6DD6EB-B4AB-4F69-902F-F716F600B91B}2011-10-14 07:09:56 -------- d-----w- C:\Users\John\AppData\Local\{4DB9D253-8ED7-4FE4-A69B-7DC00E3B8DAE}2011-10-12 05:57:20 3134976 ----a-w- C:\Windows\System32\win32k.sys2011-10-12 00:38:33 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll2011-10-12 00:38:18 4283672 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll2011-10-12 00:37:53 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll2011-10-12 00:37:50 539968 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll2011-10-12 00:37:12 -------- d-----w- C:\Users\John\AppData\Local\PowerDVD DX.==================== Find3M ====================.2011-10-28 04:18:49 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2011-09-06 19:30:48 45904 ----a-w- C:\Windows\SysWow64\sbbd.exe2011-09-06 19:30:48 45904 ----a-w- C:\Windows\System32\sbbd.exe2011-08-30 00:36:34 71256 ----a-w- C:\Windows\System32\drivers\sbapifs.sys2011-08-30 00:36:34 55384 ----a-w- C:\Windows\System32\drivers\sbredrv.sys2011-08-30 00:36:34 101720 ----a-w- C:\Windows\SysWow64\drivers\SBREDrv.sys2011-08-27 05:40:28 861184 ----a-w- C:\Windows\System32\oleaut32.dll2011-08-27 05:40:28 331776 ----a-w- C:\Windows\System32\oleacc.dll2011-08-27 04:43:07 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll2011-08-27 04:43:06 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll2011-08-17 05:32:24 613888 ----a-w- C:\Windows\System32\psisdecd.dll2011-08-17 05:27:46 75776 ----a-w- C:\Windows\System32\MSDvbNP.ax2011-08-17 05:27:46 288256 ----a-w- C:\Windows\System32\MSNP.ax2011-08-17 05:27:46 108032 ----a-w- C:\Windows\System32\psisrndr.ax2011-08-17 05:27:46 104960 ----a-w- C:\Windows\System32\Mpeg2Data.ax2011-08-17 04:26:02 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll2011-08-17 04:22:23 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax2011-08-17 04:22:23 72704 ----a-w- C:\Windows\SysWow64\Mpeg2Data.ax2011-08-17 04:22:23 59904 ----a-w- C:\Windows\SysWow64\MSDvbNP.ax2011-08-17 04:22:23 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax.============= FINISH: 5:40:24.28 ===============.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2011-08-26.01).Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2Install Date: 6/30/2010 10:10:58 AMSystem Uptime: 11/9/2011 4:31:55 PM (13 hours ago).Motherboard: Dell Inc. | | 029DYCProcessor: Intel® Core i3 CPU M 350 @ 2.27GHz | U2E1 | 929/1333mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 283 GiB total, 219.745 GiB free.D: is CDROM ().==== Disabled Device Manager Items =============.Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}Description: facap, FastAccess Video CaptureDevice ID: ROOT\IMAGE\0000Manufacturer: Sensible VisionName: facap, FastAccess Video CapturePNP Device ID: ROOT\IMAGE\0000Service: FACAP.==== System Restore Points ===================.RP132: 11/7/2011 3:54:38 PM - Scheduled CheckpointRP133: 11/9/2011 7:38:50 AM - ComboFix created restore point.==== Installed Programs ======================.7-Zip 4.65aaaABBYY FineReader 6.0 SprintAdobe AIRAdobe Reader 9.2Adobe Shockwave Player 11.5Advanced Audio FX EngineApple Application SupportApple Software UpdateAuto Traffic Xploit Keyword ToolAutomotix (remove only)Bing BarCherryPickerCoffeeCup Free HTML EditorCompatibility Pack for the 2007 Office systemContent NotifierCore FTP LED3DX10Definition update for Microsoft Office 2010 (KB982726) 32-Bit EditionDell DataSafe Local BackupDell DataSafe Local Backup - Support SoftwareDell DataSafe OnlineDell DockDell Getting Started GuideDell Support Center (Support Software)Dell Webcam CentralDHTML Editing ComponentDirectory Submitter 1.0.29Domain Name DominatorDomain SamuraiElite Proxy Switcher 1.10Facebook iframe Made EZFast Content ProducerFencesFileZilla Client 3.5.2Google ChromeGoogle Instant Scraper version 1.2Google Maps Scraper - DemoGoToAssist 8.0.0.514GoToMeeting 5.0.0.799Hot Item FinderHTML ExecutableInstant Blog Feeder Demo v2.01InstantBannerPRO v2.01Intel® Graphics Media Accelerator Driveriolo technologies' System MechanicJava Auto UpdaterJava 6 Update 22JingJunk Mail filter updateKcast for Windows 7Keyword Blueprint 2Keyword SwarmLive! Cam Avatar CreatorLoJack Factory InstallerMalwarebytes' Anti-Malware version 1.51.2.1300Market SamuraiMassArticleCreatorMassArticleSubmitterMemeo AutoSyncMemeo Instant BackupMemeo SendMemeo ShareMicro Niche Finder 5.0Microsoft adCenter DesktopMicrosoft Office 2007 Service Pack 2 (SP2)Microsoft Office Access MUI (English) 2010Microsoft Office Access Setup Metadata MUI (English) 2010Microsoft Office Excel MUI (English) 2007Microsoft Office Excel MUI (English) 2010Microsoft Office Home and Student 2010Microsoft Office OneNote MUI (English) 2007Microsoft Office OneNote MUI (English) 2010Microsoft Office Outlook MUI (English) 2010Microsoft Office PowerPoint MUI (English) 2007Microsoft Office PowerPoint MUI (English) 2010Microsoft Office PowerPoint Viewer 2007 (English)Microsoft Office Proof (English) 2007Microsoft Office Proof (English) 2010Microsoft Office Proof (French) 2007Microsoft Office Proof (French) 2010Microsoft Office Proof (Spanish) 2007Microsoft Office Proof (Spanish) 2010Microsoft Office Proofing (English) 2007Microsoft Office Proofing (English) 2010Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)Microsoft Office Publisher MUI (English) 2010Microsoft Office Shared MUI (English) 2007Microsoft Office Shared MUI (English) 2010Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2010Microsoft Office Single Image 2010Microsoft Office Suite Activation AssistantMicrosoft Office Word MUI (English) 2007Microsoft Office Word MUI (English) 2010Microsoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft SQL Server 2008 BrowserMicrosoft SQL Server Compact 3.5 SP2 ENUMicrosoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2005 Redistributable - KB2467175Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319Microsoft WorksMozilla Firefox 8.0 (x86 en-US)MPT Domain Tool 1.0MPT Keyword Tool 1.0MSVCRTMSVCRT_amd64MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)OpenOffice.org 3.3PowerDVD DXPromoSoft 1.81Proxy ScraperQuickTimeRoxio BurnSeagate DashboardSecurity Update for CAPICOM (KB931906)Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Extended (KB2416472)Security Update for Microsoft .NET Framework 4 Extended (KB2487367)Security Update for Microsoft Excel 2010 (KB2553070)Security Update for Microsoft Office 2010 (KB2289078)Security Update for Microsoft Office 2010 (KB2553091)Security Update for Microsoft Office 2010 (KB2553096)Security Update for Microsoft Office 2010 (KB2584066)Security Update for Microsoft PowerPoint 2010 (KB2519975)Security Update for Microsoft Publisher 2010 (KB2409055)Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)Security Update for Microsoft Word 2010 (KB2345000)SEO Link RobotSEO SpyGlassSEO TrackBacks SuiteSetup1Sick SubmitterSkype Click to CallSkype™ 5.5SocialBotSpeed TypingSpelling Dictionaries Support For Adobe Reader 9Spin Writer Pro version 1.6SubmitterTextPad 5TheBestSpinnerTimeLeftTraffic EqualizerUltimate Diamond BacklinksUpdate for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2473228)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Extended (KB2468871)Update for Microsoft .NET Framework 4 Extended (KB2533523)Update for Microsoft Office 2007 Help for Common Features (KB963673)Update for Microsoft Office 2010 (KB2202188)Update for Microsoft Office 2010 (KB2413186)Update for Microsoft Office 2010 (KB2494150)Update for Microsoft Office 2010 (KB2523113)Update for Microsoft Office 2010 (KB2553065)Update for Microsoft Office 2010 (KB2566458)Update for Microsoft Office Excel 2007 Help (KB963678)Update for Microsoft Office OneNote 2007 Help (KB963670)Update for Microsoft Office Powerpoint 2007 Help (KB963669)Update for Microsoft Office Script Editor Help (KB963671)Update for Microsoft Office Word 2007 Help (KB963665)Update for Microsoft OneNote 2010 (KB2493983)Update for Microsoft Outlook Social Connector (KB2583935)VIPRE AntivirusViral Article PublisherWeb CEO 8.1WEB20BotWebsite IndexerWildTangent GamesWindows Live Communications PlatformWindows Live EssentialsWindows Live InstallerWindows Live MailWindows Live MessengerWindows Live Movie MakerWindows Live Photo CommonWindows Live Photo GalleryWindows Live PIMT PlatformWindows Live SOXEWindows Live SOXE DefinitionsWindows Live SyncWindows Live UX PlatformWindows Live UX Platform Language PackWindows Live WriterWindows Live Writer ResourcesWondershare PPT2Video Pro 6.1.10Word WizardXara Xtreme 5Xara Xtreme Pro 5XHeaderXMindYour Local Shortcut.==== Event Viewer Messages From Past Week ========.11/9/2011 8:25:46 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.11/9/2011 8:20:56 AM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.11/9/2011 6:12:42 PM, Error: Service Control Manager [7023] - The Background Intelligent Transfer Service service terminated with the following error: Access is denied.11/8/2011 9:53:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}11/8/2011 9:53:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}11/8/2011 9:53:41 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache ElRawDisk spldr Wanarpv611/8/2011 9:53:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}11/8/2011 9:53:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}11/8/2011 9:53:40 PM, Error: Service Control Manager [7022] - The iolo System Service service hung on starting.11/8/2011 9:52:24 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 2111/8/2011 10:20:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}11/8/2011 10:20:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}11/8/2011 10:04:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}11/6/2011 6:30:46 PM, Error: Service Control Manager [7011] - A timeout (120000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.11/6/2011 2:20:03 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.11/10/2011 4:54:46 AM, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.11/10/2011 4:54:34 AM, Error: Service Control Manager [7011] - A timeout (120000 milliseconds) was reached while waiting for a transaction response from the SftService service..==== End Of File ===========================DDS.txtAttach.txt Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted November 14, 2011 ID:494423 Share Posted November 14, 2011 Hello johnnyvan and welcome to Malwarebytes! I sincerely apologize for the delay.I am D-FRED-BROWN and I will be helping you. Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps. -------------Please download to your Desktop:TDSSKiller.zip from here and extract it (right click on it => "Extract here").>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.Click on the Start Scan button and wait for the scan and disinfection process to be over.If an infected file is detected, the default action will be Cure, click on Continue If a suspicious file is detected, the default action will be Skip, click on Continue If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.In your next reply, please include the following (you may need to use two posts to get it all in):TDSSKiller_log.txthow the PC is running now?-------------Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofix***IMPORTANT: save ComboFix to your Desktop**** Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Please go here to see a list of programs that should be disabled.**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall** Please include the C:\ComboFix.txt in your next reply for further review.Also, please let me know if any problems still remain.-------------Please download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.-------------In your next reply, please include:TDSSKiller reportC:\ComboFix.txtcheckup.txtHow is your computer running now? Link to post Share on other sites More sharing options...
bigakita Posted November 15, 2011 ID:494691 Share Posted November 15, 2011 Thanks for your help D-FRED-BROWNComboFix 11-11-14.03 - John 11/14/2011 19:34:21.4.4 - x64Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3765.1681 [GMT -8:00]Running from: c:\users\John\Desktop\ComboFix.exeAV: Sunbelt VIPRE *Enabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}SP: Sunbelt VIPRE *Enabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point..((((((((((((((((((((((((( Files Created from 2011-10-15 to 2011-11-15 )))))))))))))))))))))))))))))))..2011-11-15 04:06 . 2011-11-15 04:06 -------- d-----w- c:\users\Default\AppData\Local\temp2011-11-15 01:27 . 2011-11-15 01:27 -------- d-----w- c:\users\John\AppData\Local\Traffic_Mystic_IM_Solutio2011-11-14 22:18 . 2011-11-14 22:18 -------- d-----w- c:\program files (x86)\Market Samurai2011-11-14 00:09 . 2011-11-14 00:09 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll2011-11-13 05:37 . 2011-11-13 05:37 -------- d-----w- c:\users\John\AppData\Roaming\SUPERAntiSpyware.com2011-11-13 05:37 . 2011-11-13 05:37 -------- d-----w- c:\program files\SUPERAntiSpyware2011-11-13 05:37 . 2011-11-13 05:37 -------- d-----w- c:\programdata\SUPERAntiSpyware.com2011-11-12 19:26 . 2011-10-01 05:28 886784 ----a-w- c:\program files\Common Files\System\wab32.dll2011-11-12 19:26 . 2011-10-01 04:43 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll2011-11-12 19:26 . 2011-09-29 16:24 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys2011-11-12 19:25 . 2011-09-29 04:09 3141120 ----a-w- c:\windows\system32\win32k.sys2011-11-10 01:29 . 2011-11-10 01:29 -------- d-----w- c:\users\John\AppData\Roaming\YourLocalShorcut2011-11-10 01:29 . 2011-11-10 01:29 -------- d-----w- c:\program files (x86)\ Your Local Shortcut2011-11-09 04:23 . 2011-11-12 22:17 -------- d-----w- c:\programdata\Kaspersky Lab2011-10-28 04:38 . 2011-10-28 04:38 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys2011-10-28 04:38 . 2011-10-28 04:38 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys2011-10-28 04:38 . 2011-10-28 04:38 144384 ----a-w- c:\windows\system32\cdd.dll2011-10-25 18:38 . 2011-10-25 18:38 -------- d-----w- c:\program files (x86)\KeywordBlueprint22011-10-24 02:23 . 2011-10-24 02:23 -------- d-----w- c:\program files (x86)\Aruhat Technologies Pvt. Ltd2011-10-22 01:05 . 2011-10-22 01:05 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll2011-10-22 01:04 . 2011-10-22 01:04 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll2011-10-22 01:04 . 2011-10-22 01:04 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll2011-10-19 16:50 . 2011-10-19 16:50 -------- d-----w- c:\users\John\AppData\Roaming\CommissionBlueprint.KeywordBlueprint2.E611A7DFA7A14643DD636F3114ECD771F85A61E0.12011-10-17 02:55 . 2011-10-17 02:55 18139008 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2011-11-14 00:10 . 2011-10-12 00:38 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll2011-11-14 00:10 . 2011-10-12 00:38 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll2011-11-14 00:09 . 2011-10-12 00:37 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll2011-10-28 04:18 . 2011-06-30 00:28 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2011-10-12 00:37 . 2011-10-12 00:37 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll2011-09-06 19:30 . 2011-09-06 19:30 45904 ----a-w- c:\windows\SysWow64\sbbd.exe2011-09-06 19:30 . 2011-05-10 22:27 45904 ----a-w- c:\windows\system32\sbbd.exe2011-08-30 00:36 . 2011-08-30 00:36 71256 ----a-w- c:\windows\system32\drivers\sbapifs.sys2011-08-30 00:36 . 2011-08-30 00:36 101720 ----a-w- c:\windows\SysWow64\drivers\SBREDrv.sys2011-08-30 00:36 . 2011-05-10 22:27 55384 ----a-w- c:\windows\system32\drivers\sbredrv.sys2011-08-27 05:40 . 2011-10-12 05:51 331776 ----a-w- c:\windows\system32\oleacc.dll2011-08-27 05:40 . 2011-10-12 05:51 861184 ----a-w- c:\windows\system32\oleaut32.dll2011-08-27 04:43 . 2011-10-12 05:51 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll2011-08-27 04:43 . 2011-10-12 05:51 233472 ----a-w- c:\windows\SysWow64\oleacc.dll2011-08-17 05:32 . 2011-10-12 05:51 613888 ----a-w- c:\windows\system32\psisdecd.dll2011-08-17 05:27 . 2011-10-12 05:51 108032 ----a-w- c:\windows\system32\psisrndr.ax2011-08-17 05:27 . 2011-10-12 05:51 75776 ----a-w- c:\windows\system32\MSDvbNP.ax2011-08-17 05:27 . 2011-10-12 05:51 288256 ----a-w- c:\windows\system32\MSNP.ax2011-08-17 05:27 . 2011-10-12 05:51 104960 ----a-w- c:\windows\system32\Mpeg2Data.ax2011-08-17 04:26 . 2011-10-12 05:51 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll2011-08-17 04:22 . 2011-10-12 05:51 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax2011-08-17 04:22 . 2011-10-12 05:51 72704 ----a-w- c:\windows\SysWow64\Mpeg2Data.ax2011-08-17 04:22 . 2011-10-12 05:51 59904 ----a-w- c:\windows\SysWow64\MSDvbNP.ax2011-08-17 04:22 . 2011-10-12 05:51 204288 ----a-w- c:\windows\SysWow64\MSNP.ax..((((((((((((((((((((((((((((( SnapShot@2011-11-13_07.15.26 ))))))))))))))))))))))))))))))))))))))))).+ 2009-07-14 04:54 . 2011-11-15 01:01 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat- 2009-07-14 04:54 . 2011-11-13 06:20 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat- 2009-07-14 04:54 . 2011-11-13 06:20 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat+ 2009-07-14 04:54 . 2011-11-15 01:01 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat- 2009-07-14 04:54 . 2011-11-13 06:20 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat+ 2009-07-14 04:54 . 2011-11-15 01:01 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat+ 2009-07-14 05:10 . 2011-11-15 01:01 38372 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin+ 2009-07-14 04:46 . 2011-11-14 04:08 80352 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat+ 2011-11-14 22:17 . 2011-11-14 22:17 74240 c:\windows\Installer\8956711.msi+ 2010-08-06 16:50 . 2011-11-15 00:57 3136 c:\windows\system32\wdi\ERCQueuedResolutions.dat- 2010-08-06 16:50 . 2011-11-09 03:01 3136 c:\windows\system32\wdi\ERCQueuedResolutions.dat- 2011-11-13 06:17 . 2011-11-13 06:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat+ 2011-11-15 00:59 . 2011-11-15 00:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat- 2011-11-13 06:17 . 2011-11-13 06:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat+ 2011-11-15 00:59 . 2011-11-15 00:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat+ 2010-07-01 05:57 . 2011-11-14 17:33 347196 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin- 2009-07-14 02:36 . 2011-11-12 23:12 727974 c:\windows\system32\perfh009.dat+ 2009-07-14 02:36 . 2011-11-15 01:05 727974 c:\windows\system32\perfh009.dat+ 2009-07-14 02:36 . 2011-11-15 01:05 147114 c:\windows\system32\perfc009.dat- 2009-07-14 02:36 . 2011-11-12 23:12 147114 c:\windows\system32\perfc009.dat- 2009-07-14 05:01 . 2011-11-13 01:27 438488 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat+ 2009-07-14 05:01 . 2011-11-15 00:57 438488 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat+ 2011-05-10 22:49 . 2011-11-15 00:57 3543172 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2888607521-20579777-1717240660-1000-12288.dat- 2009-07-14 02:34 . 2011-11-13 06:37 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT+ 2009-07-14 02:34 . 2011-11-15 01:29 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Speed Typing"="c:\program files (x86)\Invention Pilot\Speed Typing\STyping.exe" [2002-12-12 101376]"Jing"="c:\program files (x86)\TechSmith\Jing\Jing.exe" [2010-08-19 3069192]"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-07 5495680].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2010-02-22 95560]"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]"Memeo Instant Backup"="c:\program files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe" [2011-01-24 136416]"Memeo AutoSync"="c:\program files (x86)\Memeo\AutoSync\MemeoLauncher2.exe" [2010-04-16 144608]"Memeo Send"="c:\program files (x86)\Memeo\Memeo Send\MemeoLauncher.exe" [2010-07-20 236816]"Seagate Dashboard"="c:\program files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112]"iolo Startup"="c:\program files (x86)\iolo\Common\Lib\ioloLManager.exe" [2011-08-08 606392]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-19 421736]"SBAMTray"="c:\program files (x86)\Sunbelt Software\VIPRE\SBAMTray.exe" [2011-09-27 1357136]"FAStartup"="" [bU].c:\users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]TimeLeft.lnk - c:\program files (x86)\TimeLeft3\TimeLeft.exe [2011-10-5 2051880].c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableLUA"= 0 (0x0)"EnableUIADesktopToggle"= 0 (0x0)"PromptOnSecureDesktop"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]2010-02-22 20:24 144712 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll.[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]@="Service".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]@="Service".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]@="Service".R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-16 183560]R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [x]R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [x]R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2009-09-21 315664]R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-03-31 61976]R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]R4 SQLAgent$ADCENTERDESKTOP;SQL Server Agent (ADCENTERDESKTOP);c:\program files\Microsoft SQL Server\MSSQL10.ADCENTERDESKTOP\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [x]S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-08-30 55384]S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [x]S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2009-03-02 89600]S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]S2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [2010-02-22 2409800]S2 ioloSystemService;iolo System Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2011-08-08 722616]S2 lxeb_device;lxeb_device;c:\windows\system32\lxebcoms.exe [2010-04-14 1052328]S2 lxebCATSCustConnectService;lxebCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxebserv.exe [2010-04-14 45736]S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-01-24 25824]S2 MSSQL$ADCENTERDESKTOP;SQL Server (ADCENTERDESKTOP);c:\program files\Microsoft SQL Server\MSSQL10.ADCENTERDESKTOP\MSSQL\Binn\sqlservr.exe [2009-03-30 57617752]S2 SBAMSvc;VIPRE Antivirus;c:\program files (x86)\Sunbelt Software\VIPRE\SBAMSvc.exe [2011-09-06 2804280]S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [x]S2 SBPIMSvc;SB Recovery Service;c:\program files (x86)\Sunbelt Software\VIPRE\SBPIMSvc.exe [2011-09-06 181584]S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-06-01 14088]S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [x]S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]S3 O2MDGRDR;O2MDGRDR;c:\windows\system32\DRIVERS\o2mdgx64.sys [x]S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - 97033634*Deregistered* - 97033634.Contents of the 'Scheduled Tasks' folder.2011-11-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2888607521-20579777-1717240660-1000Core.job- c:\users\John\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-09 06:23]..--------- x86-64 -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-20 487424]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-07 166424]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-07 391192]"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-07 413720]"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-09-21 1926928]"lxebmon.exe"="c:\program files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe" [2010-05-05 770728]"EzPrint"="c:\program files (x86)\Lexmark Pro200-S500 Series\ezprint.exe" [2010-05-05 148280].[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2010-06-22 253288].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = hxxp://google.com/uInternet Settings,ProxyServer = 171.66.3.181:3128uInternet Settings,ProxyOverride = <local>;*.localIE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmIE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htmTCP: DhcpNameServer = 192.168.0.1FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\1lze15yw.default\FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=FF - prefs.js: network.proxy.http - 211.222.202.109FF - prefs.js: network.proxy.http_port - 80FF - prefs.js: network.proxy.ssl - 72.44.82.146FF - prefs.js: network.proxy.ssl_port - 3128FF - prefs.js: network.proxy.type - 0..------- File Associations -------.JSEFile=NOTEPAD.EXE %1.- - - - ORPHANS REMOVED - - - -.BHO-{0FE6B2D5-5183-42C0-B225-FAC1B9955366} - (no file)Toolbar-Locked - (no file)...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-2888607521-20579777-1717240660-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]@Denied: (2) (LocalSystem)"Progid"="WindowsLiveMail.Email.1".[HKEY_USERS\S-1-5-21-2888607521-20579777-1717240660-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]@Denied: (2) (LocalSystem)"Progid"="WindowsLiveMail.VCard.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.10".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]@Denied: (A) (Everyone)"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]@Denied: (A) (Everyone).[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]"Key"="ActionsPane3""Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2011-11-14 20:26:07ComboFix-quarantined-files.txt 2011-11-15 04:26ComboFix2.txt 2011-11-13 07:33ComboFix3.txt 2011-11-11 21:16ComboFix4.txt 2011-11-09 17:01.Pre-Run: 231,975,989,248 bytes freePost-Run: 231,599,415,296 bytes free.- - End Of File - - FC65B9BF594F05D46C01605CEAA82FD1 Link to post Share on other sites More sharing options...
bigakita Posted November 15, 2011 ID:494692 Share Posted November 15, 2011 19:07:36.0171 7012 TDSS rootkit removing tool 2.6.18.0 Nov 11 2011 15:47:1519:07:36.0507 7012 ============================================================19:07:36.0507 7012 Current date / time: 2011/11/14 19:07:36.050719:07:36.0507 7012 SystemInfo:19:07:36.0507 7012 19:07:36.0507 7012 OS Version: 6.1.7600 ServicePack: 0.019:07:36.0507 7012 Product type: Workstation19:07:36.0508 7012 ComputerName: JOHN-PC19:07:36.0508 7012 UserName: John19:07:36.0508 7012 Windows directory: C:\Windows19:07:36.0508 7012 System windows directory: C:\Windows19:07:36.0508 7012 Running under WOW6419:07:36.0508 7012 Processor architecture: Intel x6419:07:36.0508 7012 Number of processors: 419:07:36.0508 7012 Page size: 0x100019:07:36.0508 7012 Boot type: Normal boot19:07:36.0508 7012 ============================================================19:07:37.0926 7012 Initialize success19:08:03.0827 2708 ============================================================19:08:03.0827 2708 Scan started19:08:03.0827 2708 Mode: Manual; 19:08:03.0827 2708 ============================================================19:08:06.0890 2708 1394ohci (69aa89a20dee08bfa650aab6ce37bd10) C:\Windows\system32\DRIVERS\1394ohci.sys19:08:06.0899 2708 1394ohci - ok19:08:06.0936 2708 Acceler (c49c56b35bfc6cda8d1fdcad2885568f) C:\Windows\system32\DRIVERS\Acceler.sys19:08:06.0948 2708 Acceler - ok19:08:06.0987 2708 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys19:08:06.0993 2708 ACPI - ok19:08:07.0022 2708 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys19:08:07.0044 2708 AcpiPmi - ok19:08:07.0088 2708 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys19:08:07.0111 2708 adp94xx - ok19:08:07.0175 2708 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys19:08:07.0203 2708 adpahci - ok19:08:07.0213 2708 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys19:08:07.0251 2708 adpu320 - ok19:08:07.0300 2708 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys19:08:07.0303 2708 AFD - ok19:08:07.0313 2708 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys19:08:07.0329 2708 agp440 - ok19:08:07.0344 2708 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys19:08:07.0361 2708 aliide - ok19:08:07.0370 2708 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys19:08:07.0377 2708 amdide - ok19:08:07.0385 2708 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys19:08:07.0399 2708 AmdK8 - ok19:08:07.0409 2708 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys19:08:07.0435 2708 AmdPPM - ok19:08:07.0454 2708 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys19:08:07.0472 2708 amdsata - ok19:08:07.0487 2708 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys19:08:07.0518 2708 amdsbs - ok19:08:07.0567 2708 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys19:08:07.0573 2708 amdxata - ok19:08:07.0605 2708 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys19:08:07.0623 2708 AppID - ok19:08:07.0647 2708 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys19:08:07.0653 2708 arc - ok19:08:07.0664 2708 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys19:08:07.0675 2708 arcsas - ok19:08:07.0700 2708 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys19:08:07.0714 2708 AsyncMac - ok19:08:07.0733 2708 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys19:08:07.0740 2708 atapi - ok19:08:07.0788 2708 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys19:08:07.0802 2708 b06bdrv - ok19:08:07.0819 2708 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys19:08:07.0841 2708 b57nd60a - ok19:08:07.0867 2708 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys19:08:07.0878 2708 Beep - ok19:08:07.0911 2708 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys19:08:07.0915 2708 blbdrive - ok19:08:07.0958 2708 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys19:08:07.0963 2708 bowser - ok19:08:07.0972 2708 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys19:08:07.0985 2708 BrFiltLo - ok19:08:07.0994 2708 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys19:08:07.0997 2708 BrFiltUp - ok19:08:08.0011 2708 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys19:08:08.0028 2708 Brserid - ok19:08:08.0037 2708 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys19:08:08.0048 2708 BrSerWdm - ok19:08:08.0058 2708 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys19:08:08.0066 2708 BrUsbMdm - ok19:08:08.0077 2708 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys19:08:08.0086 2708 BrUsbSer - ok19:08:08.0123 2708 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys19:08:08.0129 2708 BthEnum - ok19:08:08.0143 2708 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys19:08:08.0160 2708 BTHMODEM - ok19:08:08.0185 2708 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys19:08:08.0188 2708 BthPan - ok19:08:08.0227 2708 BTHPORT (21084ceb85280468c9aca3c805c0f8cf) C:\Windows\system32\Drivers\BTHport.sys19:08:08.0251 2708 BTHPORT - ok19:08:08.0280 2708 BTHUSB (8504842634dd144c075b6b0c982ccec4) C:\Windows\system32\Drivers\BTHUSB.sys19:08:08.0286 2708 BTHUSB - ok19:08:08.0322 2708 btwaudio (6bcfdc2b5b7f66d484486d4bd4b39a6b) C:\Windows\system32\drivers\btwaudio.sys19:08:08.0330 2708 btwaudio - ok19:08:08.0356 2708 btwavdt (82dc8b7c626e526681c1bebed2bc3ff9) C:\Windows\system32\DRIVERS\btwavdt.sys19:08:08.0365 2708 btwavdt - ok19:08:08.0395 2708 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys19:08:08.0406 2708 btwl2cap - ok19:08:08.0427 2708 btwrchid (28e105ad3b79f440bf94780f507bf66a) C:\Windows\system32\DRIVERS\btwrchid.sys19:08:08.0430 2708 btwrchid - ok19:08:08.0551 2708 catchme - ok19:08:08.0569 2708 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys19:08:08.0587 2708 cdfs - ok19:08:08.0605 2708 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys19:08:08.0625 2708 cdrom - ok19:08:08.0654 2708 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys19:08:08.0671 2708 circlass - ok19:08:08.0713 2708 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys19:08:08.0718 2708 CLFS - ok19:08:08.0759 2708 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys19:08:08.0773 2708 CmBatt - ok19:08:08.0786 2708 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys19:08:08.0796 2708 cmdide - ok19:08:08.0834 2708 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys19:08:08.0852 2708 CNG - ok19:08:08.0875 2708 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys19:08:09.0249 2708 Compbatt - ok19:08:09.0264 2708 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys19:08:09.0277 2708 CompositeBus - ok19:08:09.0294 2708 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys19:08:09.0307 2708 crcdisk - ok19:08:09.0351 2708 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys19:08:09.0372 2708 CtClsFlt - ok19:08:09.0403 2708 dc3d (26c9db5fb11aa1c90ca4b7a986cca4f3) C:\Windows\system32\DRIVERS\dc3d.sys19:08:09.0424 2708 dc3d - ok19:08:09.0504 2708 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys19:08:09.0511 2708 DfsC - ok19:08:09.0551 2708 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys19:08:09.0557 2708 discache - ok19:08:09.0587 2708 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys19:08:09.0603 2708 Disk - ok19:08:09.0642 2708 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys19:08:09.0659 2708 drmkaud - ok19:08:09.0715 2708 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys19:08:09.0749 2708 DXGKrnl - ok19:08:09.0854 2708 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys19:08:09.0950 2708 ebdrv - ok19:08:09.0984 2708 ElRawDisk (d38a883309e04b9fbffe1aca60ea3bbf) C:\Windows\system32\drivers\ElRawDsk.sys19:08:09.0994 2708 ElRawDisk - ok19:08:10.0024 2708 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys19:08:10.0051 2708 elxstor - ok19:08:10.0063 2708 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys19:08:10.0074 2708 ErrDev - ok19:08:10.0112 2708 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys19:08:10.0126 2708 exfat - ok19:08:10.0154 2708 FACAP (2c1d443e14f376e8331f52f135dca9ef) C:\Windows\system32\DRIVERS\facap.sys19:08:10.0164 2708 FACAP - ok19:08:10.0192 2708 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys19:08:10.0207 2708 fastfat - ok19:08:10.0220 2708 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys19:08:10.0232 2708 fdc - ok19:08:10.0262 2708 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys19:08:10.0276 2708 FileInfo - ok19:08:10.0298 2708 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys19:08:10.0308 2708 Filetrace - ok19:08:10.0319 2708 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys19:08:10.0332 2708 flpydisk - ok19:08:10.0353 2708 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys19:08:10.0360 2708 FltMgr - ok19:08:10.0375 2708 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys19:08:10.0380 2708 FsDepends - ok19:08:10.0394 2708 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys19:08:10.0409 2708 Fs_Rec - ok19:08:10.0447 2708 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys19:08:10.0453 2708 fvevol - ok19:08:10.0466 2708 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys19:08:10.0480 2708 gagp30kx - ok19:08:10.0516 2708 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys19:08:10.0521 2708 GEARAspiWDM - ok19:08:10.0544 2708 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys19:08:10.0557 2708 hcw85cir - ok19:08:10.0588 2708 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys19:08:10.0593 2708 HDAudBus - ok19:08:10.0633 2708 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys19:08:10.0646 2708 HECIx64 - ok19:08:10.0654 2708 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys19:08:10.0666 2708 HidBatt - ok19:08:10.0676 2708 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys19:08:10.0681 2708 HidBth - ok19:08:10.0690 2708 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys19:08:10.0696 2708 HidIr - ok19:08:10.0717 2708 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys19:08:10.0722 2708 HidUsb - ok19:08:10.0740 2708 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys19:08:10.0751 2708 HpSAMD - ok19:08:10.0781 2708 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys19:08:10.0786 2708 HTTP - ok19:08:10.0803 2708 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys19:08:10.0804 2708 hwpolicy - ok19:08:10.0839 2708 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys19:08:10.0857 2708 i8042prt - ok19:08:10.0904 2708 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys19:08:10.0930 2708 iaStorV - ok19:08:11.0143 2708 igfx (09ce164afa8483e41808784d7fca154e) C:\Windows\system32\DRIVERS\igdkmd64.sys19:08:11.0664 2708 igfx - ok19:08:11.0834 2708 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys19:08:11.0855 2708 iirsp - ok19:08:11.0891 2708 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys19:08:11.0908 2708 Impcd - ok19:08:11.0948 2708 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\Windows\system32\DRIVERS\IntcDAud.sys19:08:11.0979 2708 IntcDAud - ok19:08:12.0004 2708 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys19:08:12.0020 2708 intelide - ok19:08:12.0042 2708 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys19:08:12.0044 2708 intelppm - ok19:08:12.0067 2708 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys19:08:12.0083 2708 IpFilterDriver - ok19:08:12.0096 2708 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys19:08:12.0108 2708 IPMIDRV - ok19:08:12.0118 2708 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys19:08:12.0129 2708 IPNAT - ok19:08:12.0142 2708 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys19:08:12.0151 2708 IRENUM - ok19:08:12.0161 2708 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys19:08:12.0170 2708 isapnp - ok19:08:12.0195 2708 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys19:08:12.0218 2708 iScsiPrt - ok19:08:12.0230 2708 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys19:08:12.0239 2708 kbdclass - ok19:08:12.0261 2708 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys19:08:12.0273 2708 kbdhid - ok19:08:12.0301 2708 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys19:08:12.0309 2708 KSecDD - ok19:08:12.0350 2708 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys19:08:12.0366 2708 KSecPkg - ok19:08:12.0388 2708 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys19:08:12.0402 2708 ksthunk - ok19:08:12.0439 2708 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys19:08:12.0455 2708 lltdio - ok19:08:12.0490 2708 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys19:08:12.0512 2708 LSI_FC - ok19:08:12.0522 2708 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys19:08:12.0527 2708 LSI_SAS - ok19:08:12.0536 2708 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys19:08:12.0551 2708 LSI_SAS2 - ok19:08:12.0562 2708 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys19:08:12.0567 2708 LSI_SCSI - ok19:08:12.0584 2708 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys19:08:12.0599 2708 luafv - ok19:08:12.0615 2708 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys19:08:12.0627 2708 megasas - ok19:08:12.0656 2708 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys19:08:12.0680 2708 MegaSR - ok19:08:12.0700 2708 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys19:08:12.0707 2708 Modem - ok19:08:12.0722 2708 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys19:08:12.0723 2708 monitor - ok19:08:12.0763 2708 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys19:08:12.0768 2708 mouclass - ok19:08:12.0781 2708 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys19:08:12.0788 2708 mouhid - ok19:08:12.0809 2708 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys19:08:12.0810 2708 mountmgr - ok19:08:12.0820 2708 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys19:08:12.0842 2708 mpio - ok19:08:12.0877 2708 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys19:08:12.0892 2708 mpsdrv - ok19:08:12.0905 2708 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys19:08:12.0921 2708 MRxDAV - ok19:08:12.0965 2708 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys19:08:12.0981 2708 mrxsmb - ok19:08:13.0013 2708 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys19:08:13.0032 2708 mrxsmb10 - ok19:08:13.0057 2708 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys19:08:13.0065 2708 mrxsmb20 - ok19:08:13.0107 2708 msahci (bccf16d5fb1109162380e3e28dc9e4e5) C:\Windows\system32\DRIVERS\msahci.sys19:08:13.0134 2708 msahci - ok19:08:13.0148 2708 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys19:08:13.0155 2708 msdsm - ok19:08:13.0199 2708 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys19:08:13.0211 2708 Msfs - ok19:08:13.0221 2708 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys19:08:13.0226 2708 mshidkmdf - ok19:08:13.0250 2708 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys19:08:13.0254 2708 msisadrv - ok19:08:13.0282 2708 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys19:08:13.0302 2708 MSKSSRV - ok19:08:13.0311 2708 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys19:08:13.0320 2708 MSPCLOCK - ok19:08:13.0331 2708 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys19:08:13.0341 2708 MSPQM - ok19:08:13.0372 2708 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys19:08:13.0384 2708 MsRPC - ok19:08:13.0402 2708 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys19:08:13.0404 2708 mssmbios - ok19:08:13.0417 2708 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys19:08:13.0423 2708 MSTEE - ok19:08:13.0444 2708 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys19:08:13.0468 2708 MTConfig - ok19:08:13.0492 2708 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys19:08:13.0505 2708 Mup - ok19:08:13.0537 2708 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys19:08:13.0545 2708 NativeWifiP - ok19:08:13.0572 2708 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys19:08:13.0577 2708 NDIS - ok19:08:13.0595 2708 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys19:08:13.0605 2708 NdisCap - ok19:08:13.0784 2708 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys19:08:13.0801 2708 NdisTapi - ok19:08:13.0826 2708 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys19:08:13.0832 2708 Ndisuio - ok19:08:13.0857 2708 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys19:08:13.0872 2708 NdisWan - ok19:08:13.0893 2708 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys19:08:13.0899 2708 NDProxy - ok19:08:13.0926 2708 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys19:08:13.0944 2708 NetBIOS - ok19:08:13.0975 2708 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys19:08:13.0977 2708 NetBT - ok19:08:14.0186 2708 NETw5s64 (4d85a450edef10c38882182753a49aae) C:\Windows\system32\DRIVERS\NETw5s64.sys19:08:14.0383 2708 NETw5s64 - ok19:08:14.0413 2708 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys19:08:14.0418 2708 nfrd960 - ok19:08:14.0448 2708 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys19:08:14.0458 2708 Npfs - ok19:08:14.0486 2708 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys19:08:14.0486 2708 nsiproxy - ok19:08:14.0561 2708 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys19:08:14.0617 2708 Ntfs - ok19:08:14.0649 2708 NuidFltr (d4012918d3a3847b44b888d56bc095d6) C:\Windows\system32\DRIVERS\NuidFltr.sys19:08:14.0662 2708 NuidFltr - ok19:08:14.0683 2708 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys19:08:14.0689 2708 Null - ok19:08:14.0702 2708 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys19:08:14.0714 2708 nvraid - ok19:08:14.0730 2708 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys19:08:14.0743 2708 nvstor - ok19:08:14.0759 2708 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys19:08:14.0775 2708 nv_agp - ok19:08:14.0811 2708 O2MDGRDR (8c2953537ca19dfaa67d612407e0f33e) C:\Windows\system32\DRIVERS\o2mdgx64.sys19:08:14.0819 2708 O2MDGRDR - ok19:08:14.0846 2708 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys19:08:14.0860 2708 ohci1394 - ok19:08:14.0884 2708 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys19:08:14.0898 2708 Parport - ok19:08:14.0918 2708 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys19:08:14.0924 2708 partmgr - ok19:08:14.0966 2708 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys19:08:14.0986 2708 pci - ok19:08:15.0008 2708 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys19:08:15.0024 2708 pciide - ok19:08:15.0040 2708 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys19:08:15.0052 2708 pcmcia - ok19:08:15.0101 2708 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys19:08:15.0111 2708 pcw - ok19:08:15.0160 2708 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys19:08:15.0176 2708 PEAUTH - ok19:08:15.0222 2708 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys19:08:15.0236 2708 PptpMiniport - ok19:08:15.0246 2708 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys19:08:15.0260 2708 Processor - ok19:08:15.0286 2708 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys19:08:15.0287 2708 Psched - ok19:08:15.0318 2708 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys19:08:15.0325 2708 PxHlpa64 - ok19:08:15.0377 2708 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys19:08:15.0425 2708 ql2300 - ok19:08:15.0438 2708 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys19:08:15.0443 2708 ql40xx - ok19:08:15.0457 2708 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys19:08:15.0463 2708 QWAVEdrv - ok19:08:15.0490 2708 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys19:08:15.0509 2708 RasAcd - ok19:08:15.0527 2708 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys19:08:15.0533 2708 RasAgileVpn - ok19:08:15.0563 2708 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys19:08:15.0579 2708 Rasl2tp - ok19:08:15.0600 2708 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys19:08:15.0613 2708 RasPppoe - ok19:08:15.0629 2708 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys19:08:15.0642 2708 RasSstp - ok19:08:15.0668 2708 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys19:08:15.0682 2708 rdbss - ok19:08:15.0697 2708 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys19:08:15.0705 2708 rdpbus - ok19:08:15.0727 2708 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys19:08:15.0728 2708 RDPCDD - ok19:08:15.0748 2708 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys19:08:15.0749 2708 RDPENCDD - ok19:08:15.0768 2708 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys19:08:15.0769 2708 RDPREFMP - ok19:08:15.0780 2708 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys19:08:15.0948 2708 RDPWD - ok19:08:15.0977 2708 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys19:08:15.0990 2708 rdyboost - ok19:08:16.0030 2708 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys19:08:16.0046 2708 RFCOMM - ok19:08:16.0102 2708 RsFx0103 (cd553b8633466a6d1c115812f2619f1f) C:\Windows\system32\DRIVERS\RsFx0103.sys19:08:16.0110 2708 RsFx0103 - ok19:08:16.0124 2708 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys19:08:16.0147 2708 rspndr - ok19:08:16.0176 2708 RTL8167 (3b01789ee4eaee97f5eb46b711387d5e) C:\Windows\system32\DRIVERS\Rt64win7.sys19:08:16.0187 2708 RTL8167 - ok19:08:16.0339 2708 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS19:08:16.0344 2708 SASDIFSV - ok19:08:16.0376 2708 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS19:08:16.0381 2708 SASKUTIL - ok19:08:16.0427 2708 sbapifs (cd50ffb4c803c06d21ce3569489b7929) C:\Windows\system32\DRIVERS\sbapifs.sys19:08:16.0441 2708 sbapifs - ok19:08:16.0458 2708 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys19:08:16.0475 2708 sbp2port - ok19:08:16.0516 2708 SBRE (2f58125ad1bb90959f9634c7ac36d230) C:\Windows\system32\drivers\SBREdrv.sys19:08:16.0523 2708 SBRE - ok19:08:16.0574 2708 SbTis (f9955774a6bf0a5ca696f591c7b80a79) C:\Windows\system32\drivers\sbtis.sys19:08:16.0587 2708 SbTis - ok19:08:16.0614 2708 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys19:08:16.0634 2708 scfilter - ok19:08:16.0669 2708 sdbus (84e00908975faf79e91282ed8fb88c2f) C:\Windows\system32\DRIVERS\sdbus.sys19:08:16.0849 2708 sdbus - ok19:08:16.0893 2708 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys19:08:16.0907 2708 secdrv - ok19:08:16.0933 2708 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys19:08:16.0940 2708 Serenum - ok19:08:16.0950 2708 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys19:08:16.0954 2708 Serial - ok19:08:16.0963 2708 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys19:08:16.0982 2708 sermouse - ok19:08:17.0002 2708 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys19:08:17.0012 2708 sffdisk - ok19:08:17.0026 2708 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys19:08:17.0030 2708 sffp_mmc - ok19:08:17.0039 2708 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys19:08:17.0042 2708 sffp_sd - ok19:08:17.0051 2708 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys19:08:17.0059 2708 sfloppy - ok19:08:17.0082 2708 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys19:08:17.0090 2708 SiSRaid2 - ok19:08:17.0099 2708 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys19:08:17.0111 2708 SiSRaid4 - ok19:08:17.0138 2708 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys19:08:17.0152 2708 Smb - ok19:08:17.0192 2708 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys19:08:17.0197 2708 spldr - ok19:08:17.0256 2708 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys19:08:17.0270 2708 srv - ok19:08:17.0310 2708 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys19:08:17.0326 2708 srv2 - ok19:08:17.0372 2708 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys19:08:17.0384 2708 srvnet - ok19:08:17.0407 2708 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys19:08:17.0411 2708 stexstor - ok19:08:17.0439 2708 STHDA (caf5a9708671b14b9670260735b22c4e) C:\Windows\system32\DRIVERS\stwrt64.sys19:08:17.0463 2708 STHDA - ok19:08:17.0479 2708 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys19:08:17.0485 2708 swenum - ok19:08:17.0530 2708 SynTP (39d4b4343ba70e4b32c4531bd075b9f6) C:\Windows\system32\DRIVERS\SynTP.sys19:08:17.0566 2708 SynTP - ok19:08:17.0646 2708 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys19:08:17.0768 2708 Tcpip - ok19:08:17.0808 2708 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys19:08:17.0826 2708 TCPIP6 - ok19:08:17.0846 2708 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys19:08:17.0861 2708 tcpipreg - ok19:08:17.0873 2708 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys19:08:17.0877 2708 TDPIPE - ok19:08:17.0887 2708 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys19:08:17.0899 2708 TDTCP - ok19:08:17.0915 2708 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys19:08:17.0930 2708 tdx - ok19:08:17.0948 2708 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys19:08:18.0126 2708 TermDD - ok19:08:18.0188 2708 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys19:08:18.0203 2708 tssecsrv - ok19:08:18.0222 2708 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys19:08:18.0234 2708 tunnel - ok19:08:18.0257 2708 TurboB (825e7a1f48fb8bcfba27c178aab4e275) C:\Windows\system32\DRIVERS\TurboB.sys19:08:18.0684 2708 TurboB - ok19:08:18.0695 2708 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys19:08:18.0699 2708 uagp35 - ok19:08:18.0729 2708 udfs (31ba4a33afab6a69ea092b18017f737f) C:\Windows\system32\DRIVERS\udfs.sys19:08:18.0953 2708 udfs - ok19:08:18.0969 2708 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys19:08:19.0002 2708 uliagpkx - ok19:08:19.0023 2708 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys19:08:19.0037 2708 umbus - ok19:08:19.0048 2708 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys19:08:19.0056 2708 UmPass - ok19:08:19.0093 2708 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys19:08:19.0110 2708 usbaudio - ok19:08:19.0149 2708 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys19:08:19.0166 2708 usbccgp - ok19:08:19.0190 2708 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys19:08:19.0197 2708 usbcir - ok19:08:19.0223 2708 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\drivers\usbehci.sys19:08:19.0229 2708 usbehci - ok19:08:19.0265 2708 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys19:08:19.0285 2708 usbhub - ok19:08:19.0312 2708 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys19:08:19.0319 2708 usbohci - ok19:08:19.0333 2708 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys19:08:19.0347 2708 usbprint - ok19:08:19.0373 2708 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys19:08:19.0390 2708 usbscan - ok19:08:19.0417 2708 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS19:08:19.0437 2708 USBSTOR - ok19:08:19.0450 2708 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys19:08:19.0464 2708 usbuhci - ok19:08:19.0496 2708 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys19:08:19.0513 2708 usbvideo - ok19:08:19.0571 2708 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys19:08:19.0575 2708 vdrvroot - ok19:08:19.0587 2708 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys19:08:19.0599 2708 vga - ok19:08:19.0614 2708 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys19:08:19.0617 2708 VgaSave - ok19:08:19.0629 2708 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys19:08:19.0643 2708 vhdmp - ok19:08:19.0653 2708 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys19:08:19.0665 2708 viaide - ok19:08:19.0684 2708 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys19:08:19.0699 2708 volmgr - ok19:08:19.0725 2708 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys19:08:19.0727 2708 volmgrx - ok19:08:19.0751 2708 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys19:08:19.0762 2708 volsnap - ok19:08:19.0775 2708 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys19:08:19.0783 2708 vsmraid - ok19:08:19.0805 2708 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys19:08:19.0817 2708 vwifibus - ok19:08:19.0841 2708 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys19:08:19.0847 2708 vwififlt - ok19:08:19.0868 2708 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys19:08:19.0869 2708 vwifimp - ok19:08:19.0887 2708 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys19:08:19.0892 2708 WacomPen - ok19:08:19.0911 2708 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys19:08:19.0924 2708 WANARP - ok19:08:19.0928 2708 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys19:08:19.0932 2708 Wanarpv6 - ok19:08:19.0953 2708 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys19:08:19.0961 2708 Wd - ok19:08:19.0989 2708 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys19:08:20.0016 2708 Wdf01000 - ok19:08:20.0053 2708 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys19:08:20.0058 2708 WfpLwf - ok19:08:20.0080 2708 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys19:08:20.0102 2708 WimFltr - ok19:08:20.0126 2708 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys19:08:20.0305 2708 WIMMount - ok19:08:20.0366 2708 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys19:08:20.0368 2708 WmiAcpi - ok19:08:20.0401 2708 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys19:08:20.0420 2708 ws2ifsl - ok19:08:20.0484 2708 WudfPf (c63907207b837a5c05cf6d1606aa0008) C:\Windows\system32\drivers\WudfPf.sys19:08:20.0707 2708 WudfPf - ok19:08:20.0747 2708 WUDFRd (d885a873d733020f8b9b9ff4b1666158) C:\Windows\system32\DRIVERS\WUDFRd.sys19:08:20.0946 2708 WUDFRd - ok19:08:20.0974 2708 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR019:08:20.0987 2708 \Device\Harddisk0\DR0 - ok19:08:20.0991 2708 Boot (0x1200) (47a2b6601a482770db82e6c7c1fb0314) \Device\Harddisk0\DR0\Partition019:08:20.0992 2708 \Device\Harddisk0\DR0\Partition0 - ok19:08:21.0004 2708 Boot (0x1200) (6a6b0afbb8807427dc183bf4c2febbff) \Device\Harddisk0\DR0\Partition119:08:21.0005 2708 \Device\Harddisk0\DR0\Partition1 - ok19:08:21.0006 2708 ============================================================19:08:21.0006 2708 Scan finished19:08:21.0006 2708 ============================================================19:08:21.0115 1092 Detected object count: 019:08:21.0115 1092 Actual detected object count: 0 Results of screen317's Security Check version 0.99.26 Windows 7 x64 (UAC is disabled!) Internet Explorer 9 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! VIPRE Antivirus iolo technologies' System Mechanic WMI entry may not exist for antivirus; attempting automatic update. ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware Java 6 Update 22 Out of date Java installed! Mozilla Firefox (8.0.) ```````````````````````````````` Process Check: objlist.exe by Laurent iolo Common Lib ioloServiceManager.exe ``````````End of Log```````````` I was getting unknown music and search hijacks before running the above. So symptoms as we speak.JV Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted November 15, 2011 ID:494989 Share Posted November 15, 2011 Thanks for your help D-FRED-BROWNNo problem! Please do the following:1. Close any open browsers.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. 3. Open notepad and copy/paste the text in the quotebox below into it:KILLALL::Driver::97033634File::c:\windows\system32\drivers\97033634.sysc:\windows\SYSWOW64\drivers\97033634.sysSave this as CFScript.txt, in the same location as ComboFix.exeRefering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.Please include the newly-created C:\ComboFix.txt in your next reply, and let me know how things are running now Link to post Share on other sites More sharing options...
bigakita Posted November 16, 2011 ID:495031 Share Posted November 16, 2011 Google searches are still getting redirected.ComboFix 11-11-15.06 - John 11/15/2011 16:12:54.5.4 - x64Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3765.2218 [GMT -8:00]Running from: c:\users\John\Desktop\ComboFix.exeCommand switches used :: c:\users\John\Desktop\CFScript.txtAV: Sunbelt VIPRE *Enabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}SP: Sunbelt VIPRE *Enabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.FILE ::"c:\windows\system32\drivers\97033634.sys""c:\windows\SYSWOW64\drivers\97033634.sys"..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))...((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))..-------\Legacy_97033634..((((((((((((((((((((((((( Files Created from 2011-10-16 to 2011-11-16 )))))))))))))))))))))))))))))))..2011-11-16 00:44 . 2011-11-16 00:44 -------- d-----w- c:\users\Default\AppData\Local\temp2011-11-15 01:27 . 2011-11-15 01:27 -------- d-----w- c:\users\John\AppData\Local\Traffic_Mystic_IM_Solutio2011-11-14 22:18 . 2011-11-14 22:18 -------- d-----w- c:\program files (x86)\Market Samurai2011-11-14 00:09 . 2011-11-14 00:09 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll2011-11-13 05:37 . 2011-11-13 05:37 -------- d-----w- c:\users\John\AppData\Roaming\SUPERAntiSpyware.com2011-11-13 05:37 . 2011-11-13 05:37 -------- d-----w- c:\program files\SUPERAntiSpyware2011-11-13 05:37 . 2011-11-13 05:37 -------- d-----w- c:\programdata\SUPERAntiSpyware.com2011-11-12 19:26 . 2011-10-01 05:28 886784 ----a-w- c:\program files\Common Files\System\wab32.dll2011-11-12 19:26 . 2011-10-01 04:43 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll2011-11-12 19:26 . 2011-09-29 16:24 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys2011-11-12 19:25 . 2011-09-29 04:09 3141120 ----a-w- c:\windows\system32\win32k.sys2011-11-10 01:29 . 2011-11-10 01:29 -------- d-----w- c:\users\John\AppData\Roaming\YourLocalShorcut2011-11-10 01:29 . 2011-11-10 01:29 -------- d-----w- c:\program files (x86)\ Your Local Shortcut2011-11-09 04:23 . 2011-11-12 22:17 -------- d-----w- c:\programdata\Kaspersky Lab2011-10-28 04:38 . 2011-10-28 04:38 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys2011-10-28 04:38 . 2011-10-28 04:38 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys2011-10-28 04:38 . 2011-10-28 04:38 144384 ----a-w- c:\windows\system32\cdd.dll2011-10-25 18:38 . 2011-10-25 18:38 -------- d-----w- c:\program files (x86)\KeywordBlueprint22011-10-24 02:23 . 2011-10-24 02:23 -------- d-----w- c:\program files (x86)\Aruhat Technologies Pvt. Ltd2011-10-22 01:05 . 2011-10-22 01:05 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll2011-10-22 01:04 . 2011-10-22 01:04 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll2011-10-22 01:04 . 2011-10-22 01:04 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll2011-10-19 16:50 . 2011-10-19 16:50 -------- d-----w- c:\users\John\AppData\Roaming\CommissionBlueprint.KeywordBlueprint2.E611A7DFA7A14643DD636F3114ECD771F85A61E0.12011-10-17 02:55 . 2011-10-17 02:55 18139008 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2011-11-14 00:10 . 2011-10-12 00:38 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll2011-11-14 00:10 . 2011-10-12 00:38 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll2011-11-14 00:09 . 2011-10-12 00:37 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll2011-10-28 04:18 . 2011-06-30 00:28 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2011-10-12 00:37 . 2011-10-12 00:37 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll2011-09-06 19:30 . 2011-09-06 19:30 45904 ----a-w- c:\windows\SysWow64\sbbd.exe2011-09-06 19:30 . 2011-05-10 22:27 45904 ----a-w- c:\windows\system32\sbbd.exe2011-08-30 00:36 . 2011-08-30 00:36 71256 ----a-w- c:\windows\system32\drivers\sbapifs.sys2011-08-30 00:36 . 2011-08-30 00:36 101720 ----a-w- c:\windows\SysWow64\drivers\SBREDrv.sys2011-08-30 00:36 . 2011-05-10 22:27 55384 ----a-w- c:\windows\system32\drivers\sbredrv.sys2011-08-27 05:40 . 2011-10-12 05:51 331776 ----a-w- c:\windows\system32\oleacc.dll2011-08-27 05:40 . 2011-10-12 05:51 861184 ----a-w- c:\windows\system32\oleaut32.dll2011-08-27 04:43 . 2011-10-12 05:51 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll2011-08-27 04:43 . 2011-10-12 05:51 233472 ----a-w- c:\windows\SysWow64\oleacc.dll..((((((((((((((((((((((((((((( SnapShot@2011-11-13_07.15.26 ))))))))))))))))))))))))))))))))))))))))).+ 2009-07-14 04:54 . 2011-11-16 00:50 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat- 2009-07-14 04:54 . 2011-11-13 06:20 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat- 2009-07-14 04:54 . 2011-11-13 06:20 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat+ 2009-07-14 04:54 . 2011-11-16 00:50 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat- 2009-07-14 04:54 . 2011-11-13 06:20 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat+ 2009-07-14 04:54 . 2011-11-16 00:50 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat+ 2009-07-14 05:10 . 2011-11-16 00:50 38468 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin+ 2010-07-04 07:13 . 2011-11-16 00:50 17552 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2888607521-20579777-1717240660-1000_UserData.bin+ 2009-07-14 04:46 . 2011-11-14 04:08 80352 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat+ 2011-11-14 22:17 . 2011-11-14 22:17 74240 c:\windows\Installer\8956711.msi+ 2010-08-06 16:50 . 2011-11-15 00:57 3136 c:\windows\system32\wdi\ERCQueuedResolutions.dat- 2010-08-06 16:50 . 2011-11-09 03:01 3136 c:\windows\system32\wdi\ERCQueuedResolutions.dat- 2011-11-13 06:17 . 2011-11-13 06:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat+ 2011-11-16 00:47 . 2011-11-16 00:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat+ 2011-11-16 00:47 . 2011-11-16 00:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat- 2011-11-13 06:17 . 2011-11-13 06:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat+ 2010-07-01 05:57 . 2011-11-15 12:54 347668 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin- 2009-07-14 02:36 . 2011-11-12 23:12 727974 c:\windows\system32\perfh009.dat+ 2009-07-14 02:36 . 2011-11-15 14:11 727974 c:\windows\system32\perfh009.dat+ 2009-07-14 02:36 . 2011-11-15 14:11 147114 c:\windows\system32\perfc009.dat- 2009-07-14 02:36 . 2011-11-12 23:12 147114 c:\windows\system32\perfc009.dat- 2009-07-14 05:01 . 2011-11-13 01:27 438488 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat+ 2009-07-14 05:01 . 2011-11-16 00:46 438488 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat+ 2011-05-10 22:49 . 2011-11-16 00:47 3979152 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2888607521-20579777-1717240660-1000-12288.dat- 2009-07-14 02:34 . 2011-11-13 06:37 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT+ 2009-07-14 02:34 . 2011-11-15 13:17 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Speed Typing"="c:\program files (x86)\Invention Pilot\Speed Typing\STyping.exe" [2002-12-12 101376]"Jing"="c:\program files (x86)\TechSmith\Jing\Jing.exe" [2010-08-19 3069192]"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-07 5495680].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2010-02-22 95560]"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]"Memeo Instant Backup"="c:\program files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe" [2011-01-24 136416]"Memeo AutoSync"="c:\program files (x86)\Memeo\AutoSync\MemeoLauncher2.exe" [2010-04-16 144608]"Memeo Send"="c:\program files (x86)\Memeo\Memeo Send\MemeoLauncher.exe" [2010-07-20 236816]"Seagate Dashboard"="c:\program files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112]"iolo Startup"="c:\program files (x86)\iolo\Common\Lib\ioloLManager.exe" [2011-08-08 606392]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-19 421736]"SBAMTray"="c:\program files (x86)\Sunbelt Software\VIPRE\SBAMTray.exe" [2011-09-27 1357136]"FAStartup"="" [bU].c:\users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]TimeLeft.lnk - c:\program files (x86)\TimeLeft3\TimeLeft.exe [2011-10-5 2051880].c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableLUA"= 0 (0x0)"EnableUIADesktopToggle"= 0 (0x0)"PromptOnSecureDesktop"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]2010-02-22 20:24 144712 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll.[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]@="Service".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]@="Service".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]@="Service".R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-16 183560]R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [x]R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [x]R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2009-09-21 315664]R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-03-31 61976]R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]R4 SQLAgent$ADCENTERDESKTOP;SQL Server Agent (ADCENTERDESKTOP);c:\program files\Microsoft SQL Server\MSSQL10.ADCENTERDESKTOP\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [x]S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-08-30 55384]S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [x]S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2009-03-02 89600]S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]S2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [2010-02-22 2409800]S2 ioloSystemService;iolo System Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2011-08-08 722616]S2 lxeb_device;lxeb_device;c:\windows\system32\lxebcoms.exe [2010-04-14 1052328]S2 lxebCATSCustConnectService;lxebCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxebserv.exe [2010-04-14 45736]S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-01-24 25824]S2 MSSQL$ADCENTERDESKTOP;SQL Server (ADCENTERDESKTOP);c:\program files\Microsoft SQL Server\MSSQL10.ADCENTERDESKTOP\MSSQL\Binn\sqlservr.exe [2009-03-30 57617752]S2 SBAMSvc;VIPRE Antivirus;c:\program files (x86)\Sunbelt Software\VIPRE\SBAMSvc.exe [2011-09-06 2804280]S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [x]S2 SBPIMSvc;SB Recovery Service;c:\program files (x86)\Sunbelt Software\VIPRE\SBPIMSvc.exe [2011-09-06 181584]S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-06-01 14088]S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [x]S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]S3 O2MDGRDR;O2MDGRDR;c:\windows\system32\DRIVERS\o2mdgx64.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]..Contents of the 'Scheduled Tasks' folder.2011-11-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2888607521-20579777-1717240660-1000Core.job- c:\users\John\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-09 06:23]..--------- x86-64 -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-20 487424]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-07 166424]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-07 391192]"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-07 413720]"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-09-21 1926928]"lxebmon.exe"="c:\program files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe" [2010-05-05 770728]"EzPrint"="c:\program files (x86)\Lexmark Pro200-S500 Series\ezprint.exe" [2010-05-05 148280]"combofix"="c:\combofix\CF22415.3XE" [2009-07-14 344576].[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2010-06-22 253288].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = hxxp://google.com/uInternet Settings,ProxyServer = 171.66.3.181:3128uInternet Settings,ProxyOverride = <local>;*.localIE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmIE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htmTCP: DhcpNameServer = 192.168.0.1FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\1lze15yw.default\FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=FF - prefs.js: network.proxy.http - 211.222.202.109FF - prefs.js: network.proxy.http_port - 80FF - prefs.js: network.proxy.ssl - 72.44.82.146FF - prefs.js: network.proxy.ssl_port - 3128FF - prefs.js: network.proxy.type - 0.- - - - ORPHANS REMOVED - - - -.BHO-{0FE6B2D5-5183-42C0-B225-FAC1B9955366} - (no file)Toolbar-Locked - (no file)...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-2888607521-20579777-1717240660-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]@Denied: (2) (LocalSystem)"Progid"="WindowsLiveMail.Email.1".[HKEY_USERS\S-1-5-21-2888607521-20579777-1717240660-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]@Denied: (2) (LocalSystem)"Progid"="WindowsLiveMail.VCard.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.10".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]@Denied: (A) (Everyone)"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]@Denied: (A) (Everyone).[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]"Key"="ActionsPane3""Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\program files (x86)\Bonjour\mDNSResponder.exec:\windows\system32\DRIVERS\o2flash.exec:\program files (x86)\Microsoft\BingBar\SeaPort.EXEc:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXEc:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exec:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXEc:\program files (x86)\Sensible Vision\Fast Access\FATrayAlert.exec:\program files (x86)\Memeo\Memeo Send\MemeoSend.exec:\program files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exec:\program files (x86)\Dell Support Center\bin\sprtsvc.exec:\program files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exec:\program files (x86)\Internet Explorer\iexplore.exec:\program files (x86)\Microsoft\BingBar\BingBar.exec:\program files (x86)\Microsoft\BingBar\BingApp.exe.**************************************************************************.Completion time: 2011-11-15 17:09:21 - machine was rebootedComboFix-quarantined-files.txt 2011-11-16 01:09ComboFix2.txt 2011-11-15 04:26ComboFix3.txt 2011-11-13 07:33ComboFix4.txt 2011-11-11 21:16ComboFix5.txt 2011-11-16 00:05.Pre-Run: 231,265,148,928 bytes freePost-Run: 231,351,111,680 bytes free.- - End Of File - - CF5F74289D0EEBC88E85D50272F0C2B7 Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted November 16, 2011 ID:495090 Share Posted November 16, 2011 Hello again,Do you recognize the following program names?Market SamuraiYour Local ShortcutAruhat Technologies Pvt. LtdTraffic Mystic IM SolutionsPlease let me know .------Please run a free online scan with the ESET Online ScannerNote: You will need to use Internet Explorer for this scan.Tick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the ActiveX control to installClick StartMake sure that the options Remove found threats is Unchecked and the option Scan unwanted applications is checkedClick ScanWait for the scan to finishUse Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txtCopy and paste that log as a reply to this topic------Download the latest version of Kaspersky Virus Removal ToolClose all other applications and double-click and run the installer.When the Kaspersky Virus Removal Tool starts, to the right of Security Level click Recommended, and select Settings.In the window that opens (Autoscan), in the Scope tab place a checkmark to the left of Parse email formats. Click the Additional tab and click to place a checkmark to the left of Deep scan, and click OK. Select all the scanable items except for CD-ROM drives and click the Start scan button.If malware is detected, place a checkmark in the Apply to all box, and click the Delete button (or Disinfect if the button is active).After the scan finishes, if any threat remains in the Scan window (Red exclamation point), click the Neutralize all buttonIn the window that opens, place a checkmark in the Apply to all box, and click the Delete button (or Disinfect if the button is active).If advised that a special disinfection procedure is required which demands system reboot: click the Ok button to close the window.In the Scan window click the Reports button and select Save to file.Name the report AVPT.txt, and save it to the Desktop.Close AVPTool.You will be prompted if you want to uninstall the program; click Yes.You will then be prompted that to complete the uninstallation, the computer must be restarted. Select Yes to restart the system.Copy and paste the first part of the report (Detected) that you saved in your next reply.------Please do the following:1. Close any open browsers.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. 3. Open notepad and copy/paste the text in the quotebox below into it:KILLALL::Reglock::[HKEY_USERS\S-1-5-21-2888607521-20579777-1717240660-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] [HKEY_USERS\S-1-5-21-2888607521-20579777-1717240660-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]Save this as CFScript.txt, in the same location as ComboFix.exeRefering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.Please include the newly-created C:\ComboFix.txt in your next reply, and let me know how things are running now ------In your next reply, please include:What programs from that list you recognizeESET Online Scan logKaspersky AVP Tool logThe newly-created C:\ComboFix.txtAlso, please let me know how things are running now. Link to post Share on other sites More sharing options...
bigakita Posted November 16, 2011 ID:495240 Share Posted November 16, 2011 Hello,I recognize the programs. Could not get ESET to run. Still getting hijacked in both IE and Firefox.thanks,JVComboFix 11-11-15.06 - John 11/16/2011 6:58.6.4 - x64Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3765.2144 [GMT -8:00]Running from: c:\users\John\Desktop\ComboFix.exeCommand switches used :: c:\users\John\Desktop\CFScript.txtAV: Sunbelt VIPRE *Enabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}SP: Sunbelt VIPRE *Enabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\program files (x86)\LPc:\program files (x86)\LP\227F\464.tmpc:\program files (x86)\LP\227F\5169.tmpc:\program files (x86)\LP\227F\6C87.tmpc:\program files (x86)\LP\227F\77FE.tmpc:\program files (x86)\LP\227F\92A1.tmpc:\program files (x86)\LP\227F\F826.tmp..((((((((((((((((((((((((( Files Created from 2011-10-16 to 2011-11-16 )))))))))))))))))))))))))))))))..2011-11-16 15:33 . 2011-11-16 15:33 -------- d-----w- c:\users\Default\AppData\Local\temp2011-11-16 01:12 . 2011-11-16 14:15 -------- d-----w- c:\program files (x86)\CE8702011-11-16 01:12 . 2011-11-16 01:12 -------- d-----w- c:\users\John\AppData\Roaming\FA6CE2011-11-15 01:27 . 2011-11-15 01:27 -------- d-----w- c:\users\John\AppData\Local\Traffic_Mystic_IM_Solutio2011-11-14 22:18 . 2011-11-14 22:18 -------- d-----w- c:\program files (x86)\Market Samurai2011-11-14 00:09 . 2011-11-14 00:09 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll2011-11-13 05:37 . 2011-11-13 05:37 -------- d-----w- c:\users\John\AppData\Roaming\SUPERAntiSpyware.com2011-11-13 05:37 . 2011-11-13 05:37 -------- d-----w- c:\program files\SUPERAntiSpyware2011-11-13 05:37 . 2011-11-13 05:37 -------- d-----w- c:\programdata\SUPERAntiSpyware.com2011-11-12 19:26 . 2011-10-01 05:28 886784 ----a-w- c:\program files\Common Files\System\wab32.dll2011-11-12 19:26 . 2011-10-01 04:43 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll2011-11-12 19:26 . 2011-09-29 16:24 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys2011-11-12 19:25 . 2011-09-29 04:09 3141120 ----a-w- c:\windows\system32\win32k.sys2011-11-10 01:29 . 2011-11-10 01:29 -------- d-----w- c:\users\John\AppData\Roaming\YourLocalShorcut2011-11-10 01:29 . 2011-11-10 01:29 -------- d-----w- c:\program files (x86)\ Your Local Shortcut2011-11-09 04:23 . 2011-11-16 04:39 -------- d-----w- c:\programdata\Kaspersky Lab2011-10-28 04:38 . 2011-10-28 04:38 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys2011-10-28 04:38 . 2011-10-28 04:38 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys2011-10-28 04:38 . 2011-10-28 04:38 144384 ----a-w- c:\windows\system32\cdd.dll2011-10-25 18:38 . 2011-10-25 18:38 -------- d-----w- c:\program files (x86)\KeywordBlueprint22011-10-24 02:23 . 2011-10-24 02:23 -------- d-----w- c:\program files (x86)\Aruhat Technologies Pvt. Ltd2011-10-22 01:05 . 2011-11-16 01:31 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll2011-10-22 01:04 . 2011-11-16 01:31 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll2011-10-22 01:04 . 2011-11-16 01:30 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll2011-10-19 16:50 . 2011-10-19 16:50 -------- d-----w- c:\users\John\AppData\Roaming\CommissionBlueprint.KeywordBlueprint2.E611A7DFA7A14643DD636F3114ECD771F85A61E0.1...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2011-11-16 01:30 . 2011-10-12 00:37 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll2011-11-14 00:10 . 2011-10-12 00:38 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll2011-11-14 00:10 . 2011-10-12 00:38 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll2011-11-14 00:09 . 2011-10-12 00:37 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll2011-10-28 04:18 . 2011-06-30 00:28 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2011-09-06 19:30 . 2011-09-06 19:30 45904 ----a-w- c:\windows\SysWow64\sbbd.exe2011-09-06 19:30 . 2011-05-10 22:27 45904 ----a-w- c:\windows\system32\sbbd.exe2011-08-30 00:36 . 2011-08-30 00:36 71256 ----a-w- c:\windows\system32\drivers\sbapifs.sys2011-08-30 00:36 . 2011-08-30 00:36 101720 ----a-w- c:\windows\SysWow64\drivers\SBREDrv.sys2011-08-30 00:36 . 2011-05-10 22:27 55384 ----a-w- c:\windows\system32\drivers\sbredrv.sys2011-08-27 05:40 . 2011-10-12 05:51 331776 ----a-w- c:\windows\system32\oleacc.dll2011-08-27 05:40 . 2011-10-12 05:51 861184 ----a-w- c:\windows\system32\oleaut32.dll2011-08-27 04:43 . 2011-10-12 05:51 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll2011-08-27 04:43 . 2011-10-12 05:51 233472 ----a-w- c:\windows\SysWow64\oleacc.dll..((((((((((((((((((((((((((((( SnapShot@2011-11-13_07.15.26 ))))))))))))))))))))))))))))))))))))))))).+ 2009-07-14 04:54 . 2011-11-16 15:39 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat- 2009-07-14 04:54 . 2011-11-13 06:20 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat- 2009-07-14 04:54 . 2011-11-13 06:20 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat+ 2009-07-14 04:54 . 2011-11-16 15:39 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat- 2009-07-14 04:54 . 2011-11-13 06:20 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat+ 2009-07-14 04:54 . 2011-11-16 15:39 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat+ 2009-07-14 05:10 . 2011-11-16 14:19 38570 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin+ 2010-07-04 07:13 . 2011-11-16 00:50 17552 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2888607521-20579777-1717240660-1000_UserData.bin+ 2009-07-14 04:46 . 2011-11-14 04:08 80352 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat+ 2011-11-14 22:17 . 2011-11-14 22:17 74240 c:\windows\Installer\8956711.msi+ 2010-08-06 16:50 . 2011-11-15 00:57 3136 c:\windows\system32\wdi\ERCQueuedResolutions.dat- 2010-08-06 16:50 . 2011-11-09 03:01 3136 c:\windows\system32\wdi\ERCQueuedResolutions.dat- 2011-11-13 06:17 . 2011-11-13 06:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat+ 2011-11-16 15:36 . 2011-11-16 15:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat+ 2011-11-16 15:36 . 2011-11-16 15:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat- 2011-11-13 06:17 . 2011-11-13 06:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat+ 2010-07-01 05:57 . 2011-11-15 12:54 347668 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin- 2009-07-14 02:36 . 2011-11-12 23:12 727974 c:\windows\system32\perfh009.dat+ 2009-07-14 02:36 . 2011-11-15 14:11 727974 c:\windows\system32\perfh009.dat- 2009-07-14 02:36 . 2011-11-12 23:12 147114 c:\windows\system32\perfc009.dat+ 2009-07-14 02:36 . 2011-11-15 14:11 147114 c:\windows\system32\perfc009.dat- 2011-08-27 23:51 . 2011-11-09 03:02 266176 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat+ 2011-08-27 23:51 . 2011-11-16 14:12 266176 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat+ 2009-07-14 05:01 . 2011-11-16 15:35 438488 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat- 2009-07-14 05:01 . 2011-11-13 01:27 438488 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat+ 2011-05-10 22:49 . 2011-11-16 15:35 5118852 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2888607521-20579777-1717240660-1000-12288.dat- 2009-07-14 02:34 . 2011-11-13 06:37 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT+ 2009-07-14 02:34 . 2011-11-16 15:50 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Speed Typing"="c:\program files (x86)\Invention Pilot\Speed Typing\STyping.exe" [2002-12-12 101376]"Jing"="c:\program files (x86)\TechSmith\Jing\Jing.exe" [2010-08-19 3069192]"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-07 5495680].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2010-02-22 95560]"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]"Memeo Instant Backup"="c:\program files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe" [2011-01-24 136416]"Memeo AutoSync"="c:\program files (x86)\Memeo\AutoSync\MemeoLauncher2.exe" [2010-04-16 144608]"Memeo Send"="c:\program files (x86)\Memeo\Memeo Send\MemeoLauncher.exe" [2010-07-20 236816]"Seagate Dashboard"="c:\program files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112]"iolo Startup"="c:\program files (x86)\iolo\Common\Lib\ioloLManager.exe" [2011-08-08 606392]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-19 421736]"SBAMTray"="c:\program files (x86)\Sunbelt Software\VIPRE\SBAMTray.exe" [2011-09-27 1357136]"FAStartup"="" [bU].c:\users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]TimeLeft.lnk - c:\program files (x86)\TimeLeft3\TimeLeft.exe [2011-10-5 2051880]_uninst_42015122.lnk - c:\users\John\AppData\Local\Temp\_uninst_42015122.bat [N/A].c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableLUA"= 0 (0x0)"EnableUIADesktopToggle"= 0 (0x0)"PromptOnSecureDesktop"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]"HideSCAHealth"= 1 (0x1).[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]2010-02-22 20:24 144712 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll.[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]@="Service".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]@="Service".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]@="Service".R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-16 183560]R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [x]R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [x]R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2009-09-21 315664]R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-03-31 61976]R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]R4 SQLAgent$ADCENTERDESKTOP;SQL Server Agent (ADCENTERDESKTOP);c:\program files\Microsoft SQL Server\MSSQL10.ADCENTERDESKTOP\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [x]S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-08-30 55384]S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [x]S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2009-03-02 89600]S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]S2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [2010-02-22 2409800]S2 ioloSystemService;iolo System Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2011-08-08 722616]S2 lxeb_device;lxeb_device;c:\windows\system32\lxebcoms.exe [2010-04-14 1052328]S2 lxebCATSCustConnectService;lxebCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxebserv.exe [2010-04-14 45736]S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-01-24 25824]S2 MSSQL$ADCENTERDESKTOP;SQL Server (ADCENTERDESKTOP);c:\program files\Microsoft SQL Server\MSSQL10.ADCENTERDESKTOP\MSSQL\Binn\sqlservr.exe [2009-03-30 57617752]S2 SBAMSvc;VIPRE Antivirus;c:\program files (x86)\Sunbelt Software\VIPRE\SBAMSvc.exe [2011-09-06 2804280]S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [x]S2 SBPIMSvc;SB Recovery Service;c:\program files (x86)\Sunbelt Software\VIPRE\SBPIMSvc.exe [2011-09-06 181584]S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-06-01 14088]S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [x]S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]S3 O2MDGRDR;O2MDGRDR;c:\windows\system32\DRIVERS\o2mdgx64.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]..Contents of the 'Scheduled Tasks' folder.2011-11-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2888607521-20579777-1717240660-1000Core.job- c:\users\John\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-09 06:23]..--------- x86-64 -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-20 487424]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-07 166424]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-07 391192]"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-07 413720]"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-09-21 1926928]"lxebmon.exe"="c:\program files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe" [2010-05-05 770728]"EzPrint"="c:\program files (x86)\Lexmark Pro200-S500 Series\ezprint.exe" [2010-05-05 148280].[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2010-06-22 253288].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = hxxp://google.com/uInternet Settings,ProxyServer = http=127.0.0.1:50242uInternet Settings,ProxyOverride = <local>;*.localIE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmIE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htmTCP: DhcpNameServer = 192.168.0.1FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\1lze15yw.default\FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=FF - prefs.js: network.proxy.http - 127.0.0.1FF - prefs.js: network.proxy.http_port - 57050FF - prefs.js: network.proxy.ssl - 72.44.82.146FF - prefs.js: network.proxy.ssl_port - 3128FF - prefs.js: network.proxy.type - 1.- - - - ORPHANS REMOVED - - - -.BHO-{0FE6B2D5-5183-42C0-B225-FAC1B9955366} - (no file)Toolbar-Locked - (no file)...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\.------------------------ Other Running Processes ------------------------.c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\program files (x86)\Bonjour\mDNSResponder.exec:\windows\system32\DRIVERS\o2flash.exec:\program files (x86)\Microsoft\BingBar\SeaPort.EXEc:\program files (x86)\Dell Support Center\bin\sprtsvc.exec:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXEc:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exec:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXEc:\program files (x86)\Internet Explorer\iexplore.exec:\program files (x86)\Microsoft\BingBar\BingBar.exec:\program files (x86)\Microsoft\BingBar\BingApp.exec:\program files (x86)\Sensible Vision\Fast Access\FATrayAlert.exec:\program files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exec:\program files (x86)\Memeo\Memeo Send\MemeoSend.exe.**************************************************************************.Completion time: 2011-11-16 08:09:01 - machine was rebootedComboFix-quarantined-files.txt 2011-11-16 16:08ComboFix2.txt 2011-11-16 01:09ComboFix3.txt 2011-11-15 04:26ComboFix4.txt 2011-11-13 07:33ComboFix5.txt 2011-11-16 14:50.Pre-Run: 230,661,746,688 bytes freePost-Run: 230,775,173,120 bytes free.- - End Of File - - DEA3A5B74D51393E2F8803CA8220611CStatus: Deleted (events: 34) 11/15/2011 9:03:04 PM Deleted Trojan program Trojan.Win32.Jorik.Fraud.iat C:\Documents and Settings\All Users\Sunbelt\AntiMalware\Quarantine\{18034DC4-1A6D-4B18-A10D-FA445E0A8064}_ENC2 High 11/15/2011 9:03:04 PM Deleted Trojan program Trojan.Win32.Jorik.Fraud.iat C:\Documents and Settings\All Users\Sunbelt\AntiMalware\Quarantine\{18034DC4-1A6D-4B18-A10D-FA445E0A8064}_ENC2//PE-Crypt.XorPE High 11/15/2011 9:03:04 PM Deleted Trojan program Trojan.Win32.Jorik.Fraud.iat C:\Documents and Settings\All Users\Sunbelt\AntiMalware\Quarantine\{15B19923-CC84-4FB2-A452-3980F93B1061}_ENC2 High 11/15/2011 9:03:04 PM Deleted Trojan program Trojan.Win32.Jorik.Fraud.iat C:\Documents and Settings\All Users\Sunbelt\AntiMalware\Quarantine\{15B19923-CC84-4FB2-A452-3980F93B1061}_ENC2//PE-Crypt.XorPE High 11/15/2011 9:03:05 PM Deleted Trojan program Trojan.Win32.Jorik.Fraud.iat C:\Documents and Settings\All Users\Sunbelt\AntiMalware\Quarantine\{20D2A4F2-A097-434D-9D6C-D73A93829B51}_ENC2 High 11/15/2011 9:03:05 PM Deleted Trojan program Trojan.Win32.Jorik.Fraud.iat C:\Documents and Settings\All Users\Sunbelt\AntiMalware\Quarantine\{20D2A4F2-A097-434D-9D6C-D73A93829B51}_ENC2//PE-Crypt.XorPE High 11/15/2011 9:03:05 PM Deleted Trojan program Trojan.Win32.Jorik.Fraud.iat C:\Documents and Settings\All Users\Sunbelt\AntiMalware\Quarantine\{21ED7D59-E947-4EA2-863C-ECA945C0129B}_ENC2 High 11/15/2011 9:03:05 PM Deleted Trojan program Trojan.Win32.Jorik.Fraud.iat C:\Documents and Settings\All Users\Sunbelt\AntiMalware\Quarantine\{21ED7D59-E947-4EA2-863C-ECA945C0129B}_ENC2//PE-Crypt.XorPE High 11/15/2011 9:03:06 PM Deleted Trojan program Trojan.Win32.Jorik.Fraud.iat C:\Documents and Settings\All Users\Sunbelt\AntiMalware\Quarantine\{2A6E8C3D-0F80-4271-89C7-C8F5FC72A723}_ENC2 High 11/15/2011 9:03:06 PM Deleted Trojan program Trojan.Win32.Jorik.Fraud.iat C:\Documents and Settings\All Users\Sunbelt\AntiMalware\Quarantine\{2A6E8C3D-0F80-4271-89C7-C8F5FC72A723}_ENC2//PE-Crypt.XorPE High 11/15/2011 9:03:08 PM Deleted Trojan program Trojan.Win32.Jorik.Fraud.iat C:\Documents and Settings\All Users\Sunbelt\AntiMalware\Quarantine\{363EBE25-DA9F-4AFD-B0D0-81DF9E729142}_ENC2 High 11/15/2011 9:03:08 PM Deleted Trojan program Trojan.Win32.Jorik.Fraud.iat C:\Documents and Settings\All Users\Sunbelt\AntiMalware\Quarantine\{363EBE25-DA9F-4AFD-B0D0-81DF9E729142}_ENC2//PE-Crypt.XorPE High 11/15/2011 9:03:13 PM Deleted Trojan program Trojan.Win32.Jorik.Fraud.iat C:\Documents and Settings\All Users\Sunbelt\AntiMalware\Quarantine\{3FE6B6D0-A0D4-4681-B975-64FA365D1AE9}_ENC2 High 11/15/2011 9:03:13 PM Deleted Trojan program Trojan.Win32.Jorik.Fraud.iat C:\Documents and Settings\All Users\Sunbelt\AntiMalware\Quarantine\{3FE6B6D0-A0D4-4681-B975-64FA365D1AE9}_ENC2//PE-Crypt.XorPE High 11/15/2011 9:03:22 PM Deleted Trojan program Trojan.Win32.Jorik.Fraud.iat C:\Documents and Settings\All Users\Sunbelt\AntiMalware\Quarantine\{7ACDC400-3731-42F7-99C5-41122749B3BD}_ENC2 High 11/15/2011 9:03:18 PM Deleted Trojan program Trojan.Win32.Jorik.Fraud.iat C:\Documents and Settings\All Users\Sunbelt\AntiMalware\Quarantine\{A73A933C-A5EA-4994-AE64-261D7E62126E}_ENC2 High 11/15/2011 9:03:18 PM Deleted Trojan program Trojan.Win32.Jorik.Fraud.iat C:\Documents and Settings\All Users\Sunbelt\AntiMalware\Quarantine\{A73A933C-A5EA-4994-AE64-261D7E62126E}_ENC2//PE-Crypt.XorPE High 11/15/2011 9:09:21 PM Deleted Trojan program Trojan-Downloader.Java.Agent.oq C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\6587b9c1-1ba2c8d1 High 11/15/2011 9:09:22 PM Deleted Trojan program Trojan-Downloader.Java.Agent.oq C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\6587b9c1-4cbf6e44 High 11/15/2011 9:09:22 PM Deleted Trojan program Trojan-Downloader.Java.Agent.oq C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\6587b9c1-4de7a1c1 High 11/15/2011 9:09:23 PM Deleted Trojan program Trojan-Downloader.Java.Agent.oq C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\6587b9c1-58ab123e High 11/15/2011 9:09:23 PM Deleted Trojan program Trojan-Downloader.Java.Agent.oq C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\6587b9c1-704024e0 High 11/15/2011 9:09:23 PM Deleted Trojan program Trojan-Downloader.Java.Agent.oq C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\6587b9c1-72112017 High 11/15/2011 9:09:43 PM Deleted Trojan program Trojan.Win32.Jorik.Gbot.rsl C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\592c988d-390cff99 High 11/15/2011 9:09:51 PM Deleted Trojan program Trojan-Downloader.Java.Agent.oq C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\1afc2624-355d4be3 High 11/15/2011 9:09:51 PM Deleted Trojan program Trojan-Downloader.Java.Agent.oq C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\1afc2624-3d9f5d02 High 11/15/2011 9:09:51 PM Deleted Trojan program Trojan-Downloader.Java.Agent.oq C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\1afc2624-4c73f2ac High 11/15/2011 9:09:51 PM Deleted Trojan program Trojan-Downloader.Java.Agent.oq C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\1afc2624-5dffa626 High 11/15/2011 9:09:51 PM Deleted Trojan program Trojan-Downloader.Java.Agent.oq C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\1afc2624-5ec67f94 High 11/15/2011 9:09:51 PM Deleted Trojan program Trojan-Downloader.Java.Agent.oq C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\1afc2624-668b1e2a High 11/15/2011 9:09:52 PM Deleted Trojan program Exploit.Java.CVE-2010-4452.a C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\669c2aad-1b963022 High 11/15/2011 9:09:52 PM Deleted Trojan program Exploit.Java.CVE-2010-4452.a C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\669c2aad-435d9649 High 11/16/2011 6:23:45 AM Deleted Trojan program Trojan.Win32.Jorik.Gbot.rsv C:\Program Files (x86)\CE870\lvvm.exe High 11/16/2011 6:23:45 AM Deleted Trojan program Trojan.Win32.Jorik.Gbot.rsl C:\Program Files (x86)\LP\227F\619.exe High Status: Absent (events: 2) 11/15/2011 9:04:03 PM Not found Trojan program Trojan.Win32.Jorik.Fraud.iat C:\Documents and Settings\All Users\Sunbelt\AntiMalware\Quarantine\{7ACDC400-3731-42F7-99C5-41122749B3BD}_ENC2//PE-Crypt.XorPE High 11/16/2011 6:24:03 AM Not found Trojan program Trojan.Win32.Jorik.Downloader.lw C:\Program Files (x86)\LP\227F\704F.tmp High Status: Disinfected (events: 18) 11/15/2011 9:09:26 PM Disinfected Trojan program Exploit.Java.CVE-2010-0842.o C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\5767c64c-12ba39e9 High 11/15/2011 9:09:26 PM Disinfected Trojan program Exploit.Java.CVE-2010-0842.o C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\5767c64c-12ba39e9/a.class High 11/15/2011 9:09:50 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.df C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\3d237503-4b0d3fbf High 11/15/2011 9:09:50 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.df C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\3d237503-4b0d3fbf/bingo/nikon.class High 11/15/2011 9:09:52 PM Disinfected Trojan program Trojan-Downloader.Java.OpenConnection.cu C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\2dc5a3ae-72a6ec46 High 11/15/2011 9:09:52 PM Disinfected Trojan program Trojan-Downloader.Java.OpenConnection.cu C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\2dc5a3ae-72a6ec46/folder/Glocker.class High 11/15/2011 9:09:52 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.df C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5a220905-53ddb49f High 11/15/2011 9:09:52 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.df C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5a220905-53ddb49f/bingo/nikon.class High 11/15/2011 9:09:52 PM Disinfected Trojan program Trojan-Downloader.Java.Small.t C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\17390232-31e5b1b8 High 11/15/2011 9:09:52 PM Disinfected Trojan program Trojan-Downloader.Java.Small.t C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\17390232-31e5b1b8/Start.class High 11/15/2011 9:09:53 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.df C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\1fd93878-3d1b420a High 11/15/2011 9:09:53 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.df C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\1fd93878-3d1b420a/bingo/nikon.class High 11/15/2011 9:09:53 PM Disinfected Trojan program Trojan-Downloader.Java.Small.t C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\5ffcab9-41b244c1 High 11/15/2011 9:09:53 PM Disinfected Trojan program Trojan-Downloader.Java.Small.t C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\5ffcab9-41b244c1/Start.class High 11/15/2011 9:09:53 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.en C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\485c8386-5d59f05d High 11/15/2011 9:09:53 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.en C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\485c8386-5d59f05d/json/Parser.class High 11/15/2011 9:09:53 PM Disinfected Trojan program Trojan-Downloader.Java.Small.t C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\5fe2eefe-6a5b7262 High 11/15/2011 9:09:53 PM Disinfected Trojan program Trojan-Downloader.Java.Small.t C:\Documents and Settings\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\5fe2eefe-6a5b7262/Start.class High Status: Vulnerability (events: 3) 11/15/2011 10:46:18 PM Vulnerability vulnerability http://www.securelist.com/en/advisories/46512 C:\Program Files\Java\jre6\bin\java.exe Low 11/15/2011 10:52:00 PM Vulnerability vulnerability http://www.securelist.com/en/advisories/46512 C:\Program Files (x86)\Java\jre6\bin\java.exe Low 11/16/2011 6:00:35 AM Vulnerability vulnerability http://www.securelist.com/en/advisories/46339 c:\Program Files (x86)\iTunes\iTunes.exe Low Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted November 16, 2011 ID:495370 Share Posted November 16, 2011 Please do the following:1. Close any open browsers.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. 3. Open notepad and copy/paste the text in the quotebox below into it:KILLALL::Folder::c:\program files (x86)\CE870c:\users\John\AppData\Roaming\FA6CEReboot::Save this as CFScript.txt, in the same location as ComboFix.exeRefering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.Please include the newly-created C:\ComboFix.txt in your next reply, and let me know how things are running now Link to post Share on other sites More sharing options...
bigakita Posted November 17, 2011 ID:495402 Share Posted November 17, 2011 Still getting the occasional redirect.ComboFix 11-11-16.02 - John 11/16/2011 16:28:12.7.4 - x64Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3765.984 [GMT -8:00]Running from: c:\combofix\ComboFix.exeCommand switches used :: c:\users\John\Desktop\CFScript.txtAV: Sunbelt VIPRE *Enabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}SP: Sunbelt VIPRE *Enabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\program files (x86)\CE870c:\program files (x86)\CE870\lvvm.exec:\users\John\AppData\Roaming\FA6CEc:\users\John\AppData\Roaming\Google\{0B8D6FDE-D846-4DFD-A423-3F3D1E4BAA0A}\LicenseValidator.exe..((((((((((((((((((((((((( Files Created from 2011-10-17 to 2011-11-17 )))))))))))))))))))))))))))))))..2011-11-17 01:02 . 2011-11-17 01:02 -------- d-----w- c:\users\Default\AppData\Local\temp2011-11-16 23:51 . 2011-11-16 23:51 1117 ----a-w- c:\windows\~clD12D.tmp2011-11-16 22:47 . 2011-11-16 22:47 442368 --sh--w- c:\program files (x86)\Common Files\mhik.exe2011-11-15 01:27 . 2011-11-15 01:27 -------- d-----w- c:\users\John\AppData\Local\Traffic_Mystic_IM_Solutio2011-11-14 22:18 . 2011-11-14 22:18 -------- d-----w- c:\program files (x86)\Market Samurai2011-11-14 00:09 . 2011-11-14 00:09 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll2011-11-13 05:37 . 2011-11-13 05:37 -------- d-----w- c:\users\John\AppData\Roaming\SUPERAntiSpyware.com2011-11-13 05:37 . 2011-11-13 05:37 -------- d-----w- c:\program files\SUPERAntiSpyware2011-11-13 05:37 . 2011-11-13 05:37 -------- d-----w- c:\programdata\SUPERAntiSpyware.com2011-11-12 19:26 . 2011-10-01 05:28 886784 ----a-w- c:\program files\Common Files\System\wab32.dll2011-11-12 19:26 . 2011-10-01 04:43 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll2011-11-12 19:26 . 2011-09-29 16:24 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys2011-11-12 19:25 . 2011-09-29 04:09 3141120 ----a-w- c:\windows\system32\win32k.sys2011-11-10 01:29 . 2011-11-10 01:29 -------- d-----w- c:\users\John\AppData\Roaming\YourLocalShorcut2011-11-10 01:29 . 2011-11-10 01:29 -------- d-----w- c:\program files (x86)\ Your Local Shortcut2011-11-09 04:23 . 2011-11-16 04:39 -------- d-----w- c:\programdata\Kaspersky Lab2011-10-28 04:38 . 2011-10-28 04:38 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys2011-10-28 04:38 . 2011-10-28 04:38 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys2011-10-28 04:38 . 2011-10-28 04:38 144384 ----a-w- c:\windows\system32\cdd.dll2011-10-25 18:38 . 2011-10-25 18:38 -------- d-----w- c:\program files (x86)\KeywordBlueprint22011-10-24 02:23 . 2011-10-24 02:23 -------- d-----w- c:\program files (x86)\Aruhat Technologies Pvt. Ltd2011-10-22 01:05 . 2011-11-16 01:31 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll2011-10-22 01:04 . 2011-11-16 01:31 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll2011-10-22 01:04 . 2011-11-16 01:30 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll2011-10-19 16:50 . 2011-10-19 16:50 -------- d-----w- c:\users\John\AppData\Roaming\CommissionBlueprint.KeywordBlueprint2.E611A7DFA7A14643DD636F3114ECD771F85A61E0.1...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2011-11-16 01:30 . 2011-10-12 00:37 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll2011-11-14 00:10 . 2011-10-12 00:38 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll2011-11-14 00:10 . 2011-10-12 00:38 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll2011-11-14 00:09 . 2011-10-12 00:37 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll2011-10-28 04:18 . 2011-06-30 00:28 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2011-09-06 19:30 . 2011-09-06 19:30 45904 ----a-w- c:\windows\SysWow64\sbbd.exe2011-09-06 19:30 . 2011-05-10 22:27 45904 ----a-w- c:\windows\system32\sbbd.exe2011-08-30 00:36 . 2011-08-30 00:36 71256 ----a-w- c:\windows\system32\drivers\sbapifs.sys2011-08-30 00:36 . 2011-08-30 00:36 101720 ----a-w- c:\windows\SysWow64\drivers\SBREDrv.sys2011-08-30 00:36 . 2011-05-10 22:27 55384 ----a-w- c:\windows\system32\drivers\sbredrv.sys2011-08-27 05:40 . 2011-10-12 05:51 331776 ----a-w- c:\windows\system32\oleacc.dll2011-08-27 05:40 . 2011-10-12 05:51 861184 ----a-w- c:\windows\system32\oleaut32.dll2011-08-27 04:43 . 2011-10-12 05:51 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll2011-08-27 04:43 . 2011-10-12 05:51 233472 ----a-w- c:\windows\SysWow64\oleacc.dll..((((((((((((((((((((((((((((( SnapShot@2011-11-13_07.15.26 ))))))))))))))))))))))))))))))))))))))))).+ 2011-11-16 22:47 . 2011-11-16 22:47 49129 c:\windows\SysWOW64\winlog.dat+ 2009-07-14 04:54 . 2011-11-16 23:05 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat- 2009-07-14 04:54 . 2011-11-13 06:20 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat- 2009-07-14 04:54 . 2011-11-13 06:20 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat+ 2009-07-14 04:54 . 2011-11-16 23:05 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat+ 2009-07-14 04:54 . 2011-11-16 23:05 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat- 2009-07-14 04:54 . 2011-11-13 06:20 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat+ 2009-07-14 05:10 . 2011-11-17 01:07 38812 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin+ 2010-07-04 07:13 . 2011-11-17 01:07 17968 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2888607521-20579777-1717240660-1000_UserData.bin+ 2010-06-30 17:11 . 2011-11-16 21:08 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat- 2010-06-30 17:11 . 2011-11-11 23:56 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat- 2010-06-30 17:11 . 2011-11-11 23:56 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat+ 2010-06-30 17:11 . 2011-11-16 21:08 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat+ 2011-11-16 21:08 . 2011-11-16 21:08 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011111620111117\index.dat+ 2009-07-14 04:54 . 2011-11-16 21:08 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat+ 2011-11-16 21:08 . 2011-11-16 21:08 49120 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT+ 2009-07-14 04:46 . 2011-11-14 04:08 80352 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat+ 2011-11-14 22:17 . 2011-11-14 22:17 74240 c:\windows\Installer\8956711.msi+ 2010-08-06 16:50 . 2011-11-15 00:57 3136 c:\windows\system32\wdi\ERCQueuedResolutions.dat- 2010-08-06 16:50 . 2011-11-09 03:01 3136 c:\windows\system32\wdi\ERCQueuedResolutions.dat- 2011-11-13 06:17 . 2011-11-13 06:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat+ 2011-11-17 01:05 . 2011-11-17 01:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat+ 2011-11-17 01:05 . 2011-11-17 01:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat- 2011-11-13 06:17 . 2011-11-13 06:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat+ 2010-07-01 05:57 . 2011-11-16 22:29 347908 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin- 2009-07-14 02:36 . 2011-11-12 23:12 727974 c:\windows\system32\perfh009.dat+ 2009-07-14 02:36 . 2011-11-15 14:11 727974 c:\windows\system32\perfh009.dat- 2009-07-14 02:36 . 2011-11-12 23:12 147114 c:\windows\system32\perfc009.dat+ 2009-07-14 02:36 . 2011-11-15 14:11 147114 c:\windows\system32\perfc009.dat- 2011-08-27 23:51 . 2011-11-09 03:02 266176 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat+ 2011-08-27 23:51 . 2011-11-16 14:12 266176 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat- 2009-07-14 05:01 . 2011-11-13 01:27 438488 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat+ 2009-07-14 05:01 . 2011-11-17 01:04 438488 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat+ 2011-05-10 22:49 . 2011-11-17 01:04 5265292 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2888607521-20579777-1717240660-1000-12288.dat- 2009-07-14 02:34 . 2011-11-13 06:37 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT+ 2009-07-14 02:34 . 2011-11-16 23:40 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Speed Typing"="c:\program files (x86)\Invention Pilot\Speed Typing\STyping.exe" [2002-12-12 101376]"Jing"="c:\program files (x86)\TechSmith\Jing\Jing.exe" [2010-08-19 3069192]"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-07 5495680]"cftmon"="c:\program files (x86)\Common Files\mhik.exe" [2011-11-16 442368].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2010-02-22 95560]"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]"Memeo Instant Backup"="c:\program files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe" [2011-01-24 136416]"Memeo AutoSync"="c:\program files (x86)\Memeo\AutoSync\MemeoLauncher2.exe" [2010-04-16 144608]"Memeo Send"="c:\program files (x86)\Memeo\Memeo Send\MemeoLauncher.exe" [2010-07-20 236816]"Seagate Dashboard"="c:\program files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112]"iolo Startup"="c:\program files (x86)\iolo\Common\Lib\ioloLManager.exe" [2011-08-08 606392]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-19 421736]"SBAMTray"="c:\program files (x86)\Sunbelt Software\VIPRE\SBAMTray.exe" [2011-09-27 1357136]"FAStartup"="" [bU].c:\users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]TimeLeft.lnk - c:\program files (x86)\TimeLeft3\TimeLeft.exe [2011-10-5 2051880]_uninst_42015122.lnk - c:\users\John\AppData\Local\Temp\_uninst_42015122.bat [N/A].c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableLUA"= 0 (0x0)"EnableUIADesktopToggle"= 0 (0x0)"PromptOnSecureDesktop"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]"HideSCAHealth"= 1 (0x1).[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]2010-02-22 20:24 144712 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll.[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]@="Service".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]@="Service".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]@="Service".R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-16 183560]R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [x]R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [x]R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2009-09-21 315664]R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-03-31 61976]R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]R4 SQLAgent$ADCENTERDESKTOP;SQL Server Agent (ADCENTERDESKTOP);c:\program files\Microsoft SQL Server\MSSQL10.ADCENTERDESKTOP\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [x]S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-08-30 55384]S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [x]S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2009-03-02 89600]S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]S2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [2010-02-22 2409800]S2 ioloSystemService;iolo System Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2011-08-08 722616]S2 lxeb_device;lxeb_device;c:\windows\system32\lxebcoms.exe [2010-04-14 1052328]S2 lxebCATSCustConnectService;lxebCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxebserv.exe [2010-04-14 45736]S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-01-24 25824]S2 MSSQL$ADCENTERDESKTOP;SQL Server (ADCENTERDESKTOP);c:\program files\Microsoft SQL Server\MSSQL10.ADCENTERDESKTOP\MSSQL\Binn\sqlservr.exe [2009-03-30 57617752]S2 SBAMSvc;VIPRE Antivirus;c:\program files (x86)\Sunbelt Software\VIPRE\SBAMSvc.exe [2011-09-06 2804280]S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [x]S2 SBPIMSvc;SB Recovery Service;c:\program files (x86)\Sunbelt Software\VIPRE\SBPIMSvc.exe [2011-09-06 181584]S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-06-01 14088]S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [x]S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]S3 O2MDGRDR;O2MDGRDR;c:\windows\system32\DRIVERS\o2mdgx64.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]..Contents of the 'Scheduled Tasks' folder.2011-11-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2888607521-20579777-1717240660-1000Core.job- c:\users\John\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-09 06:23]..--------- x86-64 -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-20 487424]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-07 166424]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-07 391192]"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-07 413720]"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-09-21 1926928]"lxebmon.exe"="c:\program files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe" [2010-05-05 770728]"EzPrint"="c:\program files (x86)\Lexmark Pro200-S500 Series\ezprint.exe" [2010-05-05 148280].[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2010-06-22 253288].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = hxxp://google.com/uInternet Settings,ProxyServer = http=127.0.0.1:50242uInternet Settings,ProxyOverride = <local>;*.localIE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmIE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htmTCP: DhcpNameServer = 192.168.0.1FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\1lze15yw.default\FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=FF - prefs.js: network.proxy.http - 127.0.0.1FF - prefs.js: network.proxy.http_port - 50242FF - prefs.js: network.proxy.ssl - 72.44.82.146FF - prefs.js: network.proxy.ssl_port - 3128FF - prefs.js: network.proxy.type - 1.- - - - ORPHANS REMOVED - - - -.BHO-{0FE6B2D5-5183-42C0-B225-FAC1B9955366} - (no file)Toolbar-Locked - (no file)Wow6432Node-HKCU-Run-KeApplet - c:\users\John\AppData\Roaming\Google\{0B8D6FDE-D846-4DFD-A423-3F3D1E4BAA0A}\LicenseValidator.exe...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\.------------------------ Other Running Processes ------------------------.c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\program files (x86)\Bonjour\mDNSResponder.exec:\windows\system32\DRIVERS\o2flash.exec:\program files (x86)\Microsoft\BingBar\SeaPort.EXEc:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXEc:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exec:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXEc:\program files (x86)\Sensible Vision\Fast Access\FATrayAlert.exec:\program files (x86)\Memeo\Memeo Send\MemeoSend.exec:\program files (x86)\Dell Support Center\bin\sprtsvc.exec:\program files (x86)\Internet Explorer\iexplore.exec:\program files (x86)\Microsoft\BingBar\BingBar.exec:\program files (x86)\Microsoft\BingBar\BingApp.exe.**************************************************************************.Completion time: 2011-11-16 17:26:12 - machine was rebootedComboFix-quarantined-files.txt 2011-11-17 01:26ComboFix2.txt 2011-11-16 16:09ComboFix3.txt 2011-11-16 01:09ComboFix4.txt 2011-11-15 04:26ComboFix5.txt 2011-11-17 00:20.Pre-Run: 226,818,342,912 bytes freePost-Run: 229,659,213,824 bytes free.- - End Of File - - 452AEE5B867A26CAA83CCBF401FA53DC Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted November 17, 2011 ID:495426 Share Posted November 17, 2011 Please go to http://www.virustotal.com, click on Browse, and upload the following file/s for analysis: You will only be able to have one file scanned at a time. c:\program files (x86)\Common Files\mhik.exeThen click Submit. Allow the file to be scanned, and then please copy/paste the results here for me to see.If Jotti is busy, please go to http://virusscan.jotti.org Link to post Share on other sites More sharing options...
bigakita Posted November 17, 2011 ID:495434 Share Posted November 17, 2011 [ArcaVir] 2011-11-17 Found nothing [Frisk F-Prot Antivirus] 2011-11-16 Found nothing[Avast! antivirus] 2011-11-16 Found nothing [F-Secure Anti-Virus] 2011-11-16 Gen:Variant.Graftor.1148[Grisoft AVG Anti-Virus] 2011-11-16 Found nothing [ikarus] 2011-11-17 Win32.SuspectCrc[Avira AntiVir] 2011-11-16 Found nothing [Kaspersky Anti-Virus] 2011-11-17 Found nothing[softwin BitDefender] 2011-11-16 Gen:Variant.Graftor.1148 [Panda Antivirus] 2011-11-16 Found nothing[ClamAV] 2011-11-17 Found nothing [Quick Heal] 2011-11-16 Found nothing[CPsecure] 2011-11-17 Found nothing [sophos] 2011-11-17 Found nothing[Dr.Web] 2011-11-17 Found nothing [VirusBlokAda VBA32] 2011-11-15 Found nothing[Emsisoft Anti-Malware] 2011-11-17 Win32.SuspectCrc!IK [VirusBuster] 2011-11-16 Found nothing[ESET] 2011-11-16 Found nothing Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted November 17, 2011 ID:495435 Share Posted November 17, 2011 Can you please upload it to Virustotal.com, Jotti has very few scanners Link to post Share on other sites More sharing options...
bigakita Posted November 17, 2011 ID:495440 Share Posted November 17, 2011 Here's the page urlhttp://www.virustotal.com/file-scan/report.html?id=c256ee5580386b2a72112bd1b70cd95806f04e408402506353bc616181dd0fec-1321500335Antivirus Version Last Update ResultAhnLab-V3 2011.11.16.00 2011.11.16 Trojan/Win32.VBKryptAntiVir 7.11.17.203 2011.11.16 -Antiy-AVL 2.0.3.7 2011.11.16 -Avast 6.0.1289.0 2011.11.16 -AVG 10.0.0.1190 2011.11.16 -BitDefender 7.2 2011.11.16 Gen:Variant.Graftor.1148ByteHero 1.0.0.1 2011.11.14 -ClamAV 0.97.3.0 2011.11.16 -Commtouch 5.3.2.6 2011.11.16 -Comodo 10778 2011.11.14 -DrWeb 5.0.2.03300 2011.11.16 -Emsisoft 5.1.0.11 2011.11.16 -eSafe 7.0.17.0 2011.11.16 -eTrust-Vet 37.0.9569 2011.11.16 -F-Prot 4.6.5.141 2011.11.16 -F-Secure 9.0.16440.0 2011.11.16 Gen:Variant.Graftor.1148Fortinet 4.3.370.0 2011.11.16 -GData 22 2011.11.16 Gen:Variant.Graftor.1148Ikarus T3.1.1.109.0 2011.11.16 -Jiangmin 13.0.900 2011.11.16 -K7AntiVirus 9.119.5474 2011.11.16 -Kaspersky 9.0.0.837 2011.11.16 -McAfee 5.400.0.1158 2011.11.16 -McAfee-GW-Edition 2010.1D 2011.11.16 -Microsoft 1.7801 2011.11.16 -NOD32 6636 2011.11.16 -Norman 6.07.13 2011.11.16 -nProtect 2011-11-16.01 2011.11.16 Gen:Variant.Graftor.1148Panda 10.0.3.5 2011.11.16 -PCTools 8.0.0.5 2011.11.16 -Prevx 3.0 2011.11.17 -Rising 23.84.02.02 2011.11.16 -Sophos 4.71.0 2011.11.16 -SUPERAntiSpyware 4.40.0.1006 2011.11.16 -Symantec 20111.2.0.82 2011.11.16 -TheHacker 6.7.0.1.343 2011.11.16 -TrendMicro 9.500.0.1008 2011.11.16 -TrendMicro-HouseCall 9.500.0.1008 2011.11.16 -VBA32 3.12.16.4 2011.11.15 -VIPRE 11062 2011.11.16 -ViRobot 2011.11.16.4776 2011.11.16 -VirusBuster 14.1.66.1 2011.11.16 -Additional informationMD5 : 4109ba339dc84ed593bdd243fee3b9ecSHA1 : d072b3aa139f34409491dbc92b8b42873679d3feSHA256: c256ee5580386b2a72112bd1b70cd95806f04e408402506353bc616181dd0fecssdeep: 6144:IX82cOnzNAkQmCtLe9+OGiTvNq05GSYT6m1Az/Hr3o3x0qPjTuAX+FxdPWQ/NiW:wdfn5AHDti+XiTvNq0GxA2jTuAuFtnFile size : 442368 bytesFirst seen: 2011-11-17 03:25:35Last seen : 2011-11-17 03:25:35Magic: MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bitTrID:Win32 Executable Microsoft Visual Basic 6 (96.9%)Generic Win/DOS Executable (1.5%)DOS Executable Generic (1.5%)Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)sigcheck:publisher....: Durham Addressographcopyright....: Louise Rankin Bingham Canterbu Mongolia Nelson Frisian Laguerreproduct......: Tokyo Cunningham CeciliaDuffySelena Naomi SteinbergMcLeanMaodescription..: MuensterHimalaya Matthew MysoreKathy AmadeusHoytoriginal name: qqb.exeinternal name: qqbfile version.: 5.06.0005comments.....: n/asigners......: -signing date.: -verified.....: UnsignedPEiD: -PEInfo: PE structure information[[ basic data ]]entrypointaddress: 0x1478timedatestamp....: 0x4EC400C1 (Wed Nov 16 18:28:17 2011)machinetype......: 0x14C (Intel I386)[[ 3 section(s) ]]name, viradd, virsiz, rawdsiz, ntropy, md5.text, 0x1000, 0x68058, 0x69000, 7.9, 49be0b7f8d285b1d14dea0d64d5ff657.data, 0x6A000, 0xDAC, 0x1000, 0.0, 620f0b67a91f7f74151bc5be745b7110.rsrc, 0x6B000, 0x5D0, 0x1000, 1.39, 2cf0707697998edc3249bda08c0872d8[[ 1 import(s) ]]msvbvm60.dll: _CIcos, _adj_fptan, __vbaVarMove, __vbaVarVargNofree, __vbaFreeVar, __vbaStrVarMove, __vbaFreeVarList, _adj_fdiv_m64, _adj_fprem1, -, __vbaStrCat, __vbaSetSystemError, __vbaHresultCheckObj, _adj_fdiv_m32, -, __vbaAryDestruct, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, __vbaRefVarAry, _CIsin, __vbaChkstk, EVENT_SINK_AddRef, __vbaGenerateBoundsError, __vbaStrCmp, __vbaVarTstEq, __vbaAryConstruct2, DllFunctionCall, __vbaFpUI1, __vbaRedimPreserve, _adj_fpatan, __vbaRedim, EVENT_SINK_Release, __vbaUI1I2, _CIsqrt, EVENT_SINK_QueryInterface, __vbaUI1I4, __vbaExceptHandler, -, __vbaStrToUnicode, _adj_fprem, _adj_fdivr_m64, __vbaFPException, __vbaUbound, __vbaStrVarVal, __vbaVarCat, -, _CIlog, __vbaErrorOverflow, __vbaNew2, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, -, __vbaFreeStrList, __vbaDerefAry1, _adj_fdivr_m32, _adj_fdiv_r, -, __vbaI4Var, __vbaAryLock, __vbaVarDup, __vbaStrToAnsi, __vbaFpI4, _CIatan, __vbaStrMove, __vbaAryCopy, -, __vbaStrVarCopy, _allmul, _CItan, __vbaAryUnlock, _CIexp, __vbaFreeStr, __vbaFreeObj, __vbaI4ErrVarAndroguard:-ExifTool:file metadataCharacterSet: UnicodeCodeSize: 430080CompanyName: Durham AddressographEntryPoint: 0x1478FileDescription: MuensterHimalaya Matthew MysoreKathy AmadeusHoytFileFlagsMask: 0x0000FileOS: Win32FileSize: 432 kBFileSubtype: 0FileType: Win32 EXEFileVersion: 5.06.0005FileVersionNumber: 5.6.0.5ImageVersion: 5.6InitializedDataSize: 8192InternalName: qqbLanguageCode: English (U.S.)LegalCopyright: Louise Rankin Bingham Canterbu Mongolia Nelson Frisian LaguerreLinkerVersion: 6.0MIMEType: application/octet-streamMachineType: Intel 386 or later, and compatiblesOSVersion: 4.0ObjectFileType: Executable applicationOriginalFilename: qqb.exePEType: PE32ProductName: Tokyo Cunningham CeciliaDuffySelena Naomi SteinbergMcLeanMaoProductVersion: 5.06.0005ProductVersionNumber: 5.6.0.5Subsystem: Windows GUISubsystemVersion: 4.0TimeStamp: 2011:11:16 19:28:17+01:00UninitializedDataSize: 0 Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted November 17, 2011 ID:495651 Share Posted November 17, 2011 My apologies for the delay,please try the following:The Kaspersky Rescue Disk is a bootable CD based version of Kaspersky Antivirus.The download is in ISO format. If you are not sure how to burn an image, please read How to write a CD/DVD image or ISO. If you need a FREE utility to burn the ISO image, download and use ImgBurn.Download the Kaspersky Rescue Disk:http://rescuedisk.kaspersky-labs.com/rescuedisk/updatable/ .Burn the Kaspersky Rescue Disk ISO image to CD.Insert the Kaspersky Rescue Disk CD into your CD/DVD drive and boot the computer (you may need to change the boot sequence in your system's BIOS to boot from the CD/DVD drive).Follow the instructions in the initial text screen to press Enter to start Kaspersky AntiVirus.Select your language (or wait a few seconds for the default English to load).Your screen may go blank for several minutes while the program loads.After the Kaspersky Rescue Disk loads, the database will be updated (if you have network connectivity)Click the Update tab to view the update progress.When the update has completed, click the Scan tab.[*]Place a checkmark in all the available drives to scan the entire system.[*]Click the "Security level" option, and select options.Make sure "All Files" is selectedUnder "Scan of compound files" ensure all options are selected and click the OK button.[*]Click the "On threat detection" optionSelect "Do not prompt", "Disinfect", and "Delete if disinfection fails".[*]Click the "Start scan" button.[*]When the scan has completed, click the Reports button.Click the Save button, and select your System drive (normally your C: drive)In the "File name" box, name the file krd-log and click the Save button.Click Close to close the Reports window.[*]Click the Exit button to close the Rescue Disk program and confirm.In the lower left of the screen, left-click the red K button, select Logout, and confirm.[*]The computer will shut down.[*]Restart the computer and reboot normally.[*]Please post the log (krd-log.txt) in your next reply. Link to post Share on other sites More sharing options...
bigakita Posted November 19, 2011 ID:496059 Share Posted November 19, 2011 Hello D-Fred,Tried multiple times running the Kaspersky Disc . After loading on the last attempt the screen went blank for 30+ minutes before I ejected it. Let me know if this is this normal and I'll give it another shot.thanks,JV Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted November 19, 2011 ID:496065 Share Posted November 19, 2011 Give it another try. If it doesn't work, try one of these:These are links to Anti-virus vendors that offer free LiveCD or Rescue CD files that are used to boot from for repair of unbootable and damaged systems, rescue data, scan the system for virus infections. Burn it as an image to a disk to get a bootable CD. All (except Avira) are in the ISO Image file format. Avira uses an EXE that has built-in CD burning capability.Avira AntiVir Rescue System - Tutorial for Avira Rescue CD.If you encounter problems running the Rescue Disk, you can get further assistance at the Avira Support Forum.Dr Web LiveCD. Be sure to print out and follow the instructions provided in the User Manual.F-Secure Rescue CD - Rescue CD 3.01 released.Video: How to Remove Malware with F-Secure Rescue CDIf you encounter problems running the Rescue CD, you can get further assistance at the F-Secure Support Forum.BitDefender LiveCD - Index of /rescue_cdIf you encounter problems running the Rescue CD, you can get further assistance at the BitDefender Support Forum.Kaspersky RescueDisk - Index of /devbuilds/RescueDisk/If you encounter problems running the RescueDisk, you can get further assistance at the Kaspersky Support Forum.If you are not sure how to burn an image, please read How to write a CD/DVD image or ISO. If you need a FREE utility to burn the ISO image, download and use ImgBurn.Let me know how it goes. Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted November 24, 2011 ID:497688 Share Posted November 24, 2011 (bump)Are you still with me? If your problems still persist, let me know and we'll go about fixing them. If not, please let me know so I can close this topic.-DFB Link to post Share on other sites More sharing options...
bigakita Posted November 24, 2011 ID:497711 Share Posted November 24, 2011 Still with you D-Fred. Busy running around for the holiday. I'll send you the results soon.Appreciate your help & Happy Thanksgiving John Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted November 24, 2011 ID:497712 Share Posted November 24, 2011 No worries, take all the time you need. I wish you a happy Thanksgiving as well! Link to post Share on other sites More sharing options...
Staff screen317 Posted December 6, 2011 Staff ID:501903 Share Posted December 6, 2011 Are you still with us? This topic will be closed in a few days if we do not hear back from you. Link to post Share on other sites More sharing options...
Staff screen317 Posted December 19, 2011 Staff ID:506494 Share Posted December 19, 2011 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts